Kernel, FreeRDP, Dtrace, and more updates for Oracle Linux

Oracle Linux 6445 Published 2026-02-10 07:55 by Philipp Esselbach

News

ELSA-2026-50094 Important: Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50094

http://linux.oracle.com/errata/ELSA-2026-50094.html

The following updated rpms for have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-core-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-devel-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-doc-6.12.0-107.59.3.4.el10uek.noarch.rpm
kernel-uek-modules-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-tools-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-debug-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-107.59.3.4.el10uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-107.59.3.4.el10uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-core-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-devel-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-modules-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-tools-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-debug-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek64k-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek64k-core-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-107.59.3.4.el10uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-107.59.3.4.el10uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-uek-6.12.0-107.59.3.4.el10uek.src.rpm

Related CVEs:

CVE-2025-40149
CVE-2025-40257
CVE-2025-40258
CVE-2025-68209

Description of changes:

[6.12.0-107.59.3.4]
- mptcp: fix a race in mptcp_pm_del_add_timer() (Eric Dumazet) [Orabug: 38932996] {CVE-2025-40257}
- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (Kuniyuki Iwashima) [Orabug: 38932973] {CVE-2025-40149}
- mptcp: fix race condition in mptcp_schedule_work() (Eric Dumazet) [Orabug: 38932955] {CVE-2025-40258}
- mlx5: Fix default values in create CQ (Akiva Goldberger) [Orabug: 38932939]

ELSA-2026-2222 Important: Oracle Linux 10 freerdp security update

Oracle Linux Security Advisory ELSA-2026-2222

http://linux.oracle.com/errata/ELSA-2026-2222.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
freerdp-3.10.3-5.el10_1.1.x86_64.rpm
freerdp-devel-3.10.3-5.el10_1.1.x86_64.rpm
freerdp-libs-3.10.3-5.el10_1.1.x86_64.rpm
freerdp-server-3.10.3-5.el10_1.1.x86_64.rpm
libwinpr-3.10.3-5.el10_1.1.x86_64.rpm
libwinpr-devel-3.10.3-5.el10_1.1.x86_64.rpm

aarch64:
freerdp-3.10.3-5.el10_1.1.aarch64.rpm
freerdp-devel-3.10.3-5.el10_1.1.aarch64.rpm
freerdp-libs-3.10.3-5.el10_1.1.aarch64.rpm
freerdp-server-3.10.3-5.el10_1.1.aarch64.rpm
libwinpr-3.10.3-5.el10_1.1.aarch64.rpm
libwinpr-devel-3.10.3-5.el10_1.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/freerdp-3.10.3-5.el10_1.1.src.rpm

Related CVEs:

CVE-2026-23530
CVE-2026-23531
CVE-2026-23532
CVE-2026-23533
CVE-2026-23534
CVE-2026-23883
CVE-2026-23884

Description of changes:

[2:3.10.3-5.1]
- Backport several CVE fixes
Resolves: RHEL-142413, RHEL-142397, RHEL-142381, RHEL-142365, RHEL-142349
Resolves: RHEL-142333, RHEL-142317

ELBA-2026-50099 dtrace bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50099

http://linux.oracle.com/errata/ELBA-2026-50099.html

The following updated rpms for have been uploaded to the Unbreakable Linux Network:

x86_64:
dtrace-devel-2.0.5-2.el10.x86_64.rpm
dtrace-testsuite-2.0.5-2.el10.x86_64.rpm
dtrace-2.0.5-2.el10.x86_64.rpm

aarch64:
dtrace-devel-2.0.5-2.el10.aarch64.rpm
dtrace-testsuite-2.0.5-2.el10.aarch64.rpm
dtrace-2.0.5-2.el10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/dtrace-2.0.5-2.el10.src.rpm

Description of changes:

[2.0.5-1]
- Implement PID-specific uprobes. (Kris Van Hees)
- Allocate the buffers BPF map to fit highest CPU id. (Kris Van Hees)
- Fix argument handling for multi-location user probes.
(Kris Van Hees) [Orabug: 38922360]
- Change the "stack skip" to 3 for fbt (fprobe) and rawtp providers.
[Orabug: 38776929]
- Fix prvname so that both rawfbt and fbt probes are seen.
[Orabug: 38842114]
- Do not convert "__" to "-" for stapsdt provider names.
- Fix printf formatting with non-monetary grouping chars.
[Orabug: 30430270]
- Discontinue -xversion=V as an option. (Kris Van Hees) [Orabug: 38615307]
- Add the DTrace Tutorial to the git repo and install package.
- Add missing documentation: trunc(), stapsdt, usdt.h include path.
- Update LLM context files to forbid "if" statements.
- Test suite weakly pulls in kernel-uek-tools to get perf. (Nick Alcock)
[Orabug: 38064413]

ELSA-2026-2286 Important: Oracle Linux 10 thunderbird security update

Oracle Linux Security Advisory ELSA-2026-2286

http://linux.oracle.com/errata/ELSA-2026-2286.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-140.7.0-1.0.1.el10_1.x86_64.rpm

aarch64:
thunderbird-140.7.0-1.0.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/thunderbird-140.7.0-1.0.1.el10_1.src.rpm

Related CVEs:

CVE-2025-14327
CVE-2026-0877
CVE-2026-0878
CVE-2026-0879
CVE-2026-0880
CVE-2026-0882
CVE-2026-0883
CVE-2026-0884
CVE-2026-0885
CVE-2026-0886
CVE-2026-0887
CVE-2026-0890
CVE-2026-0891

Description of changes:

[140.7.0-1.0.1]
- Add Oracle prefs

[140.7.0-1]
- Update to 140.7.0 ESR

ELSA-2026-2271 Important: Oracle Linux 10 firefox security update

Oracle Linux Security Advisory ELSA-2026-2271

http://linux.oracle.com/errata/ELSA-2026-2271.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-140.7.0-1.0.1.el10_1.x86_64.rpm

aarch64:
firefox-140.7.0-1.0.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/firefox-140.7.0-1.0.1.el10_1.src.rpm

Related CVEs:

CVE-2025-14327
CVE-2026-0877
CVE-2026-0878
CVE-2026-0879
CVE-2026-0880
CVE-2026-0882
CVE-2026-0883
CVE-2026-0884
CVE-2026-0885
CVE-2026-0886
CVE-2026-0887
CVE-2026-0890
CVE-2026-0891

Description of changes:

[140.7.0-1.0.1]
- Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file

[140.7.0-1]
- Update to 140.7.0 ESR

ELSA-2026-2230 Important: Oracle Linux 10 fontforge security update

Oracle Linux Security Advisory ELSA-2026-2230

http://linux.oracle.com/errata/ELSA-2026-2230.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
fontforge-20230101-14.el10_1.x86_64.rpm

aarch64:
fontforge-20230101-14.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/fontforge-20230101-14.el10_1.src.rpm

Related CVEs:

CVE-2025-15269
CVE-2025-15275
CVE-2025-15279

Description of changes:

[20230101-14]
- Resolves: RHEL-138159
CVE-2025-15279 GUtils BMP File Parsing Heap-based Buffer Overflow
- Resolves: RHEL-138144
CVE-2025-15275 SFD File Parsing Heap-based Buffer Overflow
- Resolves: RHEL-138126
CVE-2025-15269 SFD File Parsing Use-After-Free

ELSA-2026-2225 Critical: Oracle Linux 10 keylime security update

Oracle Linux Security Advisory ELSA-2026-2225

http://linux.oracle.com/errata/ELSA-2026-2225.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
keylime-7.12.1-11.el10_1.4.x86_64.rpm
keylime-base-7.12.1-11.el10_1.4.x86_64.rpm
keylime-registrar-7.12.1-11.el10_1.4.x86_64.rpm
keylime-selinux-7.12.1-11.el10_1.4.noarch.rpm
keylime-tenant-7.12.1-11.el10_1.4.x86_64.rpm
keylime-tools-7.12.1-11.el10_1.4.x86_64.rpm
keylime-verifier-7.12.1-11.el10_1.4.x86_64.rpm
python3-keylime-7.12.1-11.el10_1.4.x86_64.rpm

aarch64:
keylime-7.12.1-11.el10_1.4.aarch64.rpm
keylime-base-7.12.1-11.el10_1.4.aarch64.rpm
keylime-registrar-7.12.1-11.el10_1.4.aarch64.rpm
keylime-selinux-7.12.1-11.el10_1.4.noarch.rpm
keylime-tenant-7.12.1-11.el10_1.4.aarch64.rpm
keylime-tools-7.12.1-11.el10_1.4.aarch64.rpm
keylime-verifier-7.12.1-11.el10_1.4.aarch64.rpm
python3-keylime-7.12.1-11.el10_1.4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/keylime-7.12.1-11.el10_1.4.src.rpm

Related CVEs:

CVE-2026-1709

Description of changes:

[7.12.1-16]
- CVE-2026-1709: Registrar authentication bypass

[7.12.1-15]
- Registrar allows identity takeover via duplicate UUID registration

[7.12.1-14]
- Properly fix malformed TPM certificates workaround

[7.12.1-13]
- Avoid opening /dev/stdout when printing

[7.12.1-12]
- Fix malformed TPM certificates workaround

ELSA-2026-50094 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50094

http://linux.oracle.com/errata/ELSA-2026-50094.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-core-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-debug-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-devel-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-doc-6.12.0-107.59.3.4.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-107.59.3.4.el9uek.x86_64.rpm
kernel-uek-tools-6.12.0-107.59.3.4.el9uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-core-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-debug-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-devel-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-modules-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek-tools-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek64k-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek64k-core-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-107.59.3.4.el9uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-107.59.3.4.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-6.12.0-107.59.3.4.el9uek.src.rpm

Related CVEs:

CVE-2025-40149
CVE-2025-40257
CVE-2025-40258
CVE-2025-68209

Description of changes:

[6.12.0-107.59.3.4]
- mptcp: fix a race in mptcp_pm_del_add_timer() (Eric Dumazet) [Orabug: 38932996] {CVE-2025-40257}
- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (Kuniyuki Iwashima) [Orabug: 38932973] {CVE-2025-40149}
- mptcp: fix race condition in mptcp_schedule_work() (Eric Dumazet) [Orabug: 38932955] {CVE-2025-40258}
- mlx5: Fix default values in create CQ (Akiva Goldberger) [Orabug: 38932939]

ELBA-2026-50099 Oracle Linux 9 dtrace bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50099

http://linux.oracle.com/errata/ELBA-2026-50099.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
dtrace-2.0.5-2.el9.x86_64.rpm
dtrace-devel-2.0.5-2.el9.x86_64.rpm
dtrace-testsuite-2.0.5-2.el9.x86_64.rpm

aarch64:
dtrace-2.0.5-2.el9.aarch64.rpm
dtrace-devel-2.0.5-2.el9.aarch64.rpm
dtrace-testsuite-2.0.5-2.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/dtrace-2.0.5-2.el9.src.rpm

Description of changes:

[2.0.5-1]
- Implement PID-specific uprobes. (Kris Van Hees)
- Allocate the buffers BPF map to fit highest CPU id. (Kris Van Hees)
- Fix argument handling for multi-location user probes.
(Kris Van Hees) [Orabug: 38922360]
- Change the "stack skip" to 3 for fbt (fprobe) and rawtp providers.
[Orabug: 38776929]
- Fix prvname so that both rawfbt and fbt probes are seen.
[Orabug: 38842114]
- Do not convert "__" to "-" for stapsdt provider names.
- Fix printf formatting with non-monetary grouping chars.
[Orabug: 30430270]
- Discontinue -xversion=V as an option. (Kris Van Hees) [Orabug: 38615307]
- Add the DTrace Tutorial to the git repo and install package.
- Add missing documentation: trunc(), stapsdt, usdt.h include path.
- Update LLM context files to forbid "if" statements.
- Test suite weakly pulls in kernel-uek-tools to get perf. (Nick Alcock)
[Orabug: 38064413]

ELBA-2026-50098 Oracle Linux 9 dtrace bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50098

http://linux.oracle.com/errata/ELBA-2026-50098.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
dtrace-2.0.5-2.el9.x86_64.rpm
dtrace-devel-2.0.5-2.el9.x86_64.rpm
dtrace-testsuite-2.0.5-2.el9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/dtrace-2.0.5-2.el9.src.rpm

Description of changes:

[2.0.5-1]
- Implement PID-specific uprobes. (Kris Van Hees)
- Allocate the buffers BPF map to fit highest CPU id. (Kris Van Hees)
- Fix argument handling for multi-location user probes.
(Kris Van Hees) [Orabug: 38922360]
- Change the "stack skip" to 3 for fbt (fprobe) and rawtp providers.
[Orabug: 38776929]
- Fix prvname so that both rawfbt and fbt probes are seen.
[Orabug: 38842114]
- Do not convert "__" to "-" for stapsdt provider names.
- Fix printf formatting with non-monetary grouping chars.
[Orabug: 30430270]
- Discontinue -xversion=V as an option. (Kris Van Hees) [Orabug: 38615307]
- Add the DTrace Tutorial to the git repo and install package.
- Add missing documentation: trunc(), stapsdt, usdt.h include path.
- Update LLM context files to forbid "if" statements.
- Test suite weakly pulls in kernel-uek-tools to get perf. (Nick Alcock)
[Orabug: 38064413]

ELSA-2026-2224 Critical: Oracle Linux 9 keylime security update

Oracle Linux Security Advisory ELSA-2026-2224

http://linux.oracle.com/errata/ELSA-2026-2224.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
keylime-7.12.1-11.el9_7.4.x86_64.rpm
keylime-base-7.12.1-11.el9_7.4.x86_64.rpm
keylime-registrar-7.12.1-11.el9_7.4.x86_64.rpm
keylime-selinux-7.12.1-11.el9_7.4.noarch.rpm
keylime-tenant-7.12.1-11.el9_7.4.x86_64.rpm
keylime-verifier-7.12.1-11.el9_7.4.x86_64.rpm
python3-keylime-7.12.1-11.el9_7.4.x86_64.rpm

aarch64:
keylime-7.12.1-11.el9_7.4.aarch64.rpm
keylime-base-7.12.1-11.el9_7.4.aarch64.rpm
keylime-registrar-7.12.1-11.el9_7.4.aarch64.rpm
keylime-selinux-7.12.1-11.el9_7.4.noarch.rpm
keylime-tenant-7.12.1-11.el9_7.4.aarch64.rpm
keylime-verifier-7.12.1-11.el9_7.4.aarch64.rpm
python3-keylime-7.12.1-11.el9_7.4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/keylime-7.12.1-11.el9_7.4.src.rpm

Related CVEs:

CVE-2026-1709

Description of changes:

[7.12.1-11.4]
- CVE-2026-1709: Registrar authentication bypass
Resolves: RHEL-145390

ELSA-2026-2216 Important: Oracle Linux 9 libsoup security update

Oracle Linux Security Advisory ELSA-2026-2216

http://linux.oracle.com/errata/ELSA-2026-2216.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
libsoup-2.72.0-12.el9_7.5.i686.rpm
libsoup-2.72.0-12.el9_7.5.x86_64.rpm
libsoup-devel-2.72.0-12.el9_7.5.i686.rpm
libsoup-devel-2.72.0-12.el9_7.5.x86_64.rpm

aarch64:
libsoup-2.72.0-12.el9_7.5.aarch64.rpm
libsoup-devel-2.72.0-12.el9_7.5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/libsoup-2.72.0-12.el9_7.5.src.rpm

Related CVEs:

CVE-2026-0719
CVE-2026-1761

Description of changes:

[2.72.0-12.5]
- Backport patch for CVE-2026-1761

[2.72.0-12.4]
- Backport patch for CVE-2026-0719
- Fix NTLM authentication test failures in FIPS mode

ELBA-2026-50098 Oracle Linux 9 dtrace bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50098

http://linux.oracle.com/errata/ELBA-2026-50098.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
dtrace-2.0.5-2.el9.aarch64.rpm
dtrace-devel-2.0.5-2.el9.aarch64.rpm
dtrace-testsuite-2.0.5-2.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/dtrace-2.0.5-2.el9.src.rpm

Description of changes:

[2.0.5-1]
- Implement PID-specific uprobes. (Kris Van Hees)
- Allocate the buffers BPF map to fit highest CPU id. (Kris Van Hees)
- Fix argument handling for multi-location user probes.
(Kris Van Hees) [Orabug: 38922360]
- Change the "stack skip" to 3 for fbt (fprobe) and rawtp providers.
[Orabug: 38776929]
- Fix prvname so that both rawfbt and fbt probes are seen.
[Orabug: 38842114]
- Do not convert "__" to "-" for stapsdt provider names.
- Fix printf formatting with non-monetary grouping chars.
[Orabug: 30430270]
- Discontinue -xversion=V as an option. (Kris Van Hees) [Orabug: 38615307]
- Add the DTrace Tutorial to the git repo and install package.
- Add missing documentation: trunc(), stapsdt, usdt.h include path.
- Update LLM context files to forbid "if" statements.
- Test suite weakly pulls in kernel-uek-tools to get perf. (Nick Alcock)
[Orabug: 38064413]

[2.0.4-1]
- TCP, UDP, and stapsdt providers implemented. (Alan Maguire)
- New learning materials: the User's Guide in Markdown format,
example scripts, and a context file for LLMs.
(Eugene Loh, Bruce McCulloch, Ruud van der Pas, Elena Zannoni).
- Allow [u]stack() to be used as a variable value. (Kris Van Hees)
[Orabug: 37950533]
- Comments using // are now supported. (Kris Van Hees)
- Scalability improvements. (Kris Van Hees)
- Error injection via return() action. (Kris Van Hees)
- Improved string handling. (Kris Van Hees)
- Various bug fixes. (Eugene Loh, Kris Van Hees)
- Fix dyn vars overwriting one another. [Orabug: 37994729]
- Fix regression: list fbt probes by default. [Orabug: 38249511]
- Various testsuite fixes and improvements.
(Nick Alcock, Eugene Loh, Alan Maguire, Kris Van Hees)
- Add test for preprocessor definitions. [Orabug: 28763074]
- Fix some stack tests. [Orabug: 37459289]

[2.0.3-1]
- This is only released on OL10.
- Redesigned USDT support to work for LTO compilations. [Orabug: 38011704]
- New builtin variable: execargs.
- Offset probes in pid provider. (Eugene Loh)
- Various bug fixes. (Nick Alcock, Eugene Loh, Kris Van Hees)
- Various testsuite fixes and improvements.
(Nick Alcock, Sam James, Eugene Loh, Kris Van Hees)

[2.0.2-1]
- Translators to support kernels 6.10 and later.
- FBT return probe argument support.
- The print() action is augmented with type information. (Alan Maguire)
- Support to discover and trace USDT probes after a tracing session has
started. (Eugene Loh, Nick Alcock)
- USDT probe argument support (translated types, mapping). (Nick Alcock)
- Installation locations are now configurable. (Nick Alcock)
- Valgrind is no longer a required build dependency. (Nick Alcock)
- Self-grabs have been improved. (Nick Alcock)
- New provider: rawfbt. (Kris Van Hees)
- Various bug fixes. (Nick Alcock, Eugene Loh, Alan Maguire, Kris Van Hees)
- Various testsuite fixes and improvements.
(Nick Alcock, Sam James, Eugene Loh, Kris Van Hees)
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)
[Orabug: 37274251]

[2.0.1-1]
- Implement FBT probes with fentry/fexit tracepoints
- Provide argument info for FBT probes.
- Provide pre-generated translator files sets. [Orabug: 36504847]

[2.0.0-1.14]
- Implement provider: io. (Eugene Loh, Kris Van Hees)
- Implement actions: print(). (Alan Maguire)
- Implement subroutines: link_ntop(), cleanpath(). (Eugene Loh)
- Implement options: -xcpu, -xaggpercpu. (Eugene Loh)
- Improve providers: pid (offset-based probes) and rawtp (arg info).
- Improve options: -xlockmem (improve default). (Eugene Loh)
- Ensure USDT probes can survive dtprobed restarts. (Nick Alcock)
- Improve USDT probe creation/deletion. (Nick Alcock)
- Improve support for DTrace with upstream kernels. (Nick Alcock)
- Improve support for compiling DTrace in older environments. (Kris Van Hees)
- Add support for aggregations of stacks. (Eugene Loh)
- Improve lexer parsing (top-level wildcard ambiguities and numerals).
(Nick Alcock)
- Fix END probe execution with multiple tracers. (Nick Alcock)
- Preemptive BPF program execution for DTrace probes is not allowed.
- Buffer overrun fix for systems with non-sequential online CPU ids.
(Kris Van Hees, Nick Alcock) [Orabug: 36356681]
- Various bug fixes. (Nick Alcock, Eugene Loh, Kris Van Hees)
- Various testsuite fixes and improvements.
(Nick Alcock, Eugene Loh, Kris Van Hees)
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)
[Orabug: 36329725]

ELSA-2026-50095 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50095

http://linux.oracle.com/errata/ELSA-2026-50095.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-316.196.4.2.el8uek.x86_64.rpm
kernel-uek-5.15.0-316.196.4.2.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-316.196.4.2.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-316.196.4.2.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-316.196.4.2.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-316.196.4.2.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-316.196.4.2.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-316.196.4.2.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-316.196.4.2.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-316.196.4.2.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-316.196.4.2.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-316.196.4.2.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-316.196.4.2.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-316.196.4.2.el8uek.x86_64.rpm

aarch64:
bpftool-5.15.0-316.196.4.2.el8uek.aarch64.rpm
kernel-uek-5.15.0-316.196.4.2.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-316.196.4.2.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-316.196.4.2.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-316.196.4.2.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-316.196.4.2.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-316.196.4.2.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-316.196.4.2.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-316.196.4.2.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-316.196.4.2.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-316.196.4.2.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-316.196.4.2.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-316.196.4.2.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-316.196.4.2.el8uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-316.196.4.2.el8uek.src.rpm

Related CVEs:

CVE-2025-38566
CVE-2025-38571
CVE-2025-40215
CVE-2025-40258
CVE-2025-68209

Description of changes:

[5.15.0-316.196.4.2]
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca)
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (Gopi Krishna Menon)
- ext4: clear i_state_flags when alloc inode (Haibo Chen)
- ext4: align max orphan file size with e2fsprogs limit (Baokun Li)
- PM: runtime: Do not clear needs_force_resume with enabled runtime PM (Rafael J. Wysocki)
- net: enetc: fix build warning when PAGE_SIZE is greater than 128K (Wei Fang)
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (Xiang Mei)
- block: fix comment for op_is_zone_mgmt() to include RESET_ALL (shechenglong)
- fuse: fix readahead reclaim deadlock (Joanne Koong)
- i40e: validate ring_len parameter against hardware-specific values (Gregory Herrero)
- fs/ntfs3: fix mount failure for sparse runs in run_unpack() (Konstantin Komarov)
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38933003] {CVE-2025-40215}
- mptcp: fix race condition in mptcp_schedule_work() (Eric Dumazet) [Orabug: 38932997] {CVE-2025-40258}
- mlx5: Fix default values in create CQ (Akiva Goldberger) [Orabug: 38932992]
- sunrpc: fix handling of server side tls alerts (Olga Kornievskaia) [Orabug: 38932991] {CVE-2025-38566}
- sunrpc: fix client side handling of tls alerts (Olga Kornievskaia) [Orabug: 38932988] {CVE-2025-38571}

ELBA-2026-50097 Oracle Linux 8 dtrace bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50097

http://linux.oracle.com/errata/ELBA-2026-50097.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
dtrace-2.0.5-2.el8.x86_64.rpm
dtrace-devel-2.0.5-2.el8.x86_64.rpm
dtrace-testsuite-2.0.5-2.el8.x86_64.rpm

aarch64:
dtrace-2.0.5-2.el8.aarch64.rpm
dtrace-devel-2.0.5-2.el8.aarch64.rpm
dtrace-testsuite-2.0.5-2.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/dtrace-2.0.5-2.el8.src.rpm

Description of changes:

[2.0.5-1]
- Implement PID-specific uprobes. (Kris Van Hees)
- Allocate the buffers BPF map to fit highest CPU id. (Kris Van Hees)
- Fix argument handling for multi-location user probes.
(Kris Van Hees) [Orabug: 38922360]
- Change the "stack skip" to 3 for fbt (fprobe) and rawtp providers.
[Orabug: 38776929]
- Fix prvname so that both rawfbt and fbt probes are seen.
[Orabug: 38842114]
- Do not convert "__" to "-" for stapsdt provider names.
- Fix printf formatting with non-monetary grouping chars.
[Orabug: 30430270]
- Discontinue -xversion=V as an option. (Kris Van Hees) [Orabug: 38615307]
- Add the DTrace Tutorial to the git repo and install package.
- Add missing documentation: trunc(), stapsdt, usdt.h include path.
- Update LLM context files to forbid "if" statements.
- Test suite weakly pulls in kernel-uek-tools to get perf. (Nick Alcock)
[Orabug: 38064413]

ELSA-2026-50100 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50100

http://linux.oracle.com/errata/ELSA-2026-50100.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.352.5.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.352.5.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.352.5.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.352.5.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.352.5.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.352.5.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.352.5.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.352.5.el8uek.src.rpm

Related CVEs:

CVE-2025-39964
CVE-2025-40022
CVE-2025-40083
CVE-2025-40211
CVE-2025-40248
CVE-2025-40254
CVE-2025-40259
CVE-2025-40263
CVE-2025-40264
CVE-2025-40271
CVE-2025-40275
CVE-2025-40277
CVE-2025-40280
CVE-2025-40281
CVE-2025-40283
CVE-2025-40304
CVE-2025-40308
CVE-2025-40309
CVE-2025-40321
CVE-2025-40322
CVE-2025-40331
CVE-2025-40363
CVE-2025-68185
CVE-2025-68192
CVE-2025-68194
CVE-2025-68229
CVE-2025-68241
CVE-2025-68245
CVE-2025-68312
CVE-2025-68734

Description of changes:

[5.4.17-2136.352.5]
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907] {CVE-2025-40022}

[5.4.17-2136.352.4]
- arm64: pensando: Must boot Ortano kernel with spin-table (Rob Gardner) [Orabug: 38821197]

[5.4.17-2136.352.3]
- net/sched: adjust device watchdog timer to detect stopped queue at right time (Praveen Kumar Kannoju) [Orabug: 38340278]
- net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change (Praveen Kumar Kannoju) [Orabug: 38252416]
- infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xsvnic_main: Remove unused functions (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_cm: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' (Siddh Raman Pant) [Orabug: 38418469]
- rds: Fix jiffies type in struct rds_conn_path (Siddh Raman Pant) [Orabug: 38418727]
- kernel: sysctl: Remove unused variable 'zero' (Siddh Raman Pant) [Orabug: 38418727]
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537469] {CVE-2025-39964}
- RDMA/cm: Base cm_id destruction timeout on CMA values (Håkon Bugge) [Orabug: 38753622]
- x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756954]

[5.4.17-2136.352.2]
- LTS tag: v5.4.302 (Sherry Yang)
- Input: pegasus-notetaker - fix potential out-of-bounds access (Seungjin Bae)
- Input: remove third argument of usb_maxpacket() (Vincent Mailhol)
- usb: deprecate the third argument of usb_maxpacket() (Vincent Mailhol)
- fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737034,38786776,38787139] {CVE-2025-40271}
- pmdomain: imx: Fix reference count leak in imx_gpc_remove (Miaoqian Lin)
- pmdomain: arm: scmi: Fix genpd leak on provider registration failure (Sudeep Holla)
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug: 38773510] {CVE-2025-68245}
- net: qede: Initialize qede_ll_ops with designated initializer (Nathan Chancellor)
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon)
- ALSA: usb-audio: fix uac2 clock source at terminal parser (René Rebe)
- mm/page_alloc: fix hash table order logging in alloc_large_system_hash() (Isaac J. Manjarres)
- kconfig/nconf: Initialize the default locale at startup (Jakub Horký)
- kconfig/mconf: Initialize the default locale at startup (Jakub Horký)
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730612] {CVE-2025-40248}
- s390/ctcm: Fix double-kfree (Aleksei Nikiforov)
- net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730650] {CVE-2025-40254}
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan)
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki)
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773441] {CVE-2025-68229}
- scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730664] {CVE-2025-40259}
- Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730681] {CVE-2025-40263}
- be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730691] {CVE-2025-40264}
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798908] {CVE-2025-68734}
- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection (Niravkumar L Rabara)
- EDAC/altera: Handle OCRAM ECC enable after warm reset (Niravkumar L Rabara)
- spi: Try to get ACPI GPIO IRQ earlier (Hans de Goede)
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773496] {CVE-2025-68241}
- strparser: Fix signed/unsigned mismatch bug (Nate Karstens)
- gcov: add support for GCC 15 (Peter Oberparleiter)
- mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs)
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug: 38737052] {CVE-2025-40275}
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737061] {CVE-2025-40277}
- ASoC: cs4271: Fix regulator leak on probe failure (Xu Wang)
- regulator: fixed: fix GPIO descriptor leak on register failure (Xu Wang)
- regulator: fixed: use dev_err_probe for register (Chris Morgan)
- Bluetooth: L2CAP: export l2cap_chan_hold for modules (Pauli Virtanen)
- net_sched: limit try_bulk_dequeue_skb() batches (Eric Dumazet)
- net_sched: remove need_resched() from qdisc_run() (Eric Dumazet)
- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps (Gal Pressman)
- net/mlx5e: Fix maxrate wraparound in threshold between units (Gal Pressman)
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (Ranganath V N)
- wifi: mac80211: skip rate verification for not captured PSDUs (Benjamin Berg)
- net: mdio: fix resource leak in mdiobus_register_device() (Csaba Buday)
- tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38737084] {CVE-2025-40280}
- tipc: simplify the finalize work queue (Xin Long)
- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug: 38737091] {CVE-2025-40281}
- sctp: get netns from asoc and ep base (Xin Long)
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (Pauli Virtanen)
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (Pauli Virtanen)
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (Pauli Virtanen)
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737104] {CVE-2025-40283}
- net: fec: correct rx_bytes statistic for the case SHIFT16 is set (Wei Fang)
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (Sharique Mohammad)
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (Tristan Lobb)
- NFS4: Fix state renewals missing after boot (Joshua Watt)
- compiler_types: Move unused static inline functions warning to W=2 (Peter Zijlstra)
- extcon: adc-jack: Cleanup wakeup source only if it was enabled (Krzysztof Kozlowski)
- tracing: Fix memory leaks in create_field_var() (Zilin Guan)
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773283] {CVE-2025-68192}
- sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747447] {CVE-2025-40331}
- sctp: Hold RCU read lock while iterating over address list (Stefan Wiehler)
- net: dsa: b53: stop reading ARL entries if search is done (Jonas Gorski)
- net: dsa: b53: fix enabling ip multicast (Jonas Gorski)
- net: dsa: b53: fix resetting speed and pause on forced link (Jonas Gorski)
- net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 (Álvaro Fernández Rojas)
- net: dsa/b53: change b53_force_port_config() pause argument (Russell King)
- net: vlan: sync VLAN features with lower device (Hangbin Liu)
- ceph: add checking of wait_for_completion_killable() return value (Viacheslav Dubeyko)
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug: 38737182] {CVE-2025-40304}
- ACPI: property: Return present device nodes only on fwnode interface (Sakari Ailus)
- 9p: sysfs_init: don't hardcode error to ENOMEM (Randall P. Embry)
- 9p: fix /sys/fs/9p/caches overwriting itself (Randall P. Embry)
- fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink (Yikang Yue)
- ACPICA: Update dsmethod.c to get rid of unused variable warning (Saket Dumbre)
- orangefs: fix xattr related buffer overflow... (Mike Marshall)
- page_pool: Clamp pool size to max 16K pages (Dragos Tatulea)
- Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737213] {CVE-2025-40308}
- Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737224] {CVE-2025-40309}
- net: macb: avoid dealing with endianness in macb_set_hwaddr() (Théo Lebrun)
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (Al Viro) [Orabug: 38773245] {CVE-2025-68185}
- NFSv4.1: fix mount hang after CREATE_SESSION failure (Anthony Iliopoulos)
- NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia)
- remoteproc: qcom: q6v5: Avoid handling handover twice (Stephan Gerhold)
- sparc/module: Add R_SPARC_UA64 relocation handling (Koakuma)
- net: intel: fm10k: Fix parameter idx set but not used (Brahmajit Das)
- jfs: fix uninitialized waitqueue in transaction manager (Shaurya Rane)
- jfs: Verify inode mode when loading from disk (Tetsuo Handa)
- ipv6: np->rxpmtu race annotation (Eric Dumazet)
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (Krishna Kurapati)
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (Forest Crossman)
- allow finish_no_open(file, ERR_PTR(-E...)) (Al Viro)
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (Justin Tee)
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (Justin Tee)
- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency (Nai-Chen Cheng)
- net/cls_cgroup: Fix task_get_classid() during qdisc run (Yafang Shao)
- selftests: Replace sleep with slowwait (David Ahern)
- selftests: Disable dad for ipv6 in fcnal-test.sh (David Ahern)
- media: redrat3: use int type to store negative error codes (Rong Qianfeng)
- net: sh_eth: Disable WoL if system can not suspend (Niklas Söderlund)
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy (Harikrishna Shenoy)
- usb: gadget: f_hid: Fix zero length packet transfer (William Wu)
- net: call cond_resched() less often in __release_sock() (Eric Dumazet)
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (Cryolitia Pukngae)
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (Juraj Šarinay)
- dmaengine: dw-edma: Set status for callback_result (Devendra K Verma)
- dmaengine: mv_xor: match alloc_wc and free_wc (Rosen Penev)
- dmaengine: sh: setup_xref error handling (Thomas Andreatta)
- scsi: pm8001: Use int instead of u32 to store error codes (Rong Qianfeng)
- mips: lantiq: xway: sysctrl: rename stp clock (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing device_type in pci node (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing properties to cpu node (Aleksander Jan Bajkowski)
- media: fix uninitialized symbol warnings (Chelsy Ratnawat)
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (Amber Lin)
- extcon: adc-jack: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (Sungho Kim)
- net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. (Kuniyuki Iwashima)
- net: When removing nexthops, don't call synchronize_net if it is not necessary (Christoph Paasch)
- char: misc: Does not request module for miscdevice with dynamic minor (Zijun Hu)
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (Raub Camaioni)
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (Rodrigo Gobbi)
- media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773298] {CVE-2025-68194}
- net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773141] {CVE-2025-40363}
- bridge: Redirect to backup port when port is administratively down (Ido Schimmel)
- powerpc/eeh: Use result of error_detected() in uevent (Niklas Schnelle)
- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall (Kirill A. Shutemov)
- media: pci: ivtv: Don't create fake v4l2_fh (Laurent Pinchart)
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs (Geoffrey Mcrae)
- selftests/net: Ensure assert() triggers in psock_tpacket.c (Wake Liu)
- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 (Wake Liu)
- PCI: Disable MSI on RDC PCI to PCIe bridges (Marcos Del Sol Vives)
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (Seyediman Seyedarab)
- mfd: madera: Work around false-positive -Wininitialized warning (Arnd Bergmann)
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (Alexander Stein)
- mfd: stmpe: Remove IRQ domain upon removal (Alexander Stein)
- tools/power x86_energy_perf_policy: Prefer driver HWP limits (Len Brown)
- tools/power x86_energy_perf_policy: Enhance HWP enable (Len Brown)
- tools/cpupower: Fix incorrect size in cpuidle_state_disable() (Kaushlendra Kumar)
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (Armin Wolf)
- uprobe: Do not emulate/sstep original instruction when ip is changed (Jiri Olsa)
- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel (Daniel Lezcano)
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (Svyatoslav Ryhel)
- tee: allow a driver to allocate a tee_device without a pool (Amirreza Zarrabi)
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (Hans de Goede)
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (Sarthak Garg)
- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment (Christian Bruel)
- arc: Fix __fls() const-foldability via __builtin_clzl() (Kees Cook)
- cpufreq/longhaul: handle NULL policy in longhaul_exit (Dennis Beier)
- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 (Ricardo B. Marlière)
- ACPI: video: force native for Lenovo 82K8 (Mario Limonciello)
- memstick: Add timeout to prevent indefinite waiting (Jiayi Li)
- mmc: host: renesas_sdhi: Fix the actual clock (Biju Das)
- bpf: Don't use %pK through printk (Thomas Weißschuh)
- spi: loopback-test: Don't use %pK through printk (Thomas Weißschuh)
- soc: qcom: smem: Fix endian-unaware access of num_entries (Jens Reidel)
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable. (Owen Gu)
- serial: 8250_dw: handle reset control deassert error (Artem Shimko)
- serial: 8250_dw: Use devm_add_action_or_reset() (Andy Shevchenko)
- serial: 8250_dw: Use devm_clk_get_optional() to get the input clock (Andy Shevchenko)
- can: gs_usb: increase max interface to U8_MAX (Celeste Liu)
- devcoredump: Fix circular locking dependency with devcd->mutex. (Maarten Lankhorst)
- net: ravb: Enforce descriptor type ordering (Lad Prabhakar)
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (Babu Moger)
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug: 38737292] {CVE-2025-40321}
- net: phy: dp83867: Disable EEE support as not implemented (Emanuele Ghidoli)
- regmap: slimbus: fix bus_context pointer in regmap init calls (Alexey Klimov)
- drm/etnaviv: fix flush sequence logic (Tomeu Vizoso)
- usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773784] {CVE-2025-68312}
- wifi: ath10k: Fix memory leak on unsupported WMI command (Loic Poulain)
- ASoC: qdsp6: q6asm: do not sleep while atomic (Srinivas Kandagatla)
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (Miaoqian Lin)
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (Florian Fuchs)
- fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737301] {CVE-2025-40322}
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687005] {CVE-2025-40211}
- fbdev: atyfb: Check if pll_ops->init_pll failed (Daniel Palmer)
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (Miaoqian Lin)
- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (Filipe Manana)
- x86/bugs: Fix reporting of LFENCE retpoline (David Kaplan)
- net/sched: sch_qfq: Fix null-deref in agg_dequeue (Xiang Mei) [Orabug: 38597085] {CVE-2025-40083}

[5.4.17-2136.352.1]
- RDMA/cm: Rate limit destroy CM ID timeout error message (Håkon Bugge) [Orabug: 38753401]
- soc/pensando: giglio: hack dts to make things right (Rob Gardner) [Orabug: 38688154]
- soc/pensando: Add AMD Pensando Giglio SoC support (Brad Larson) [Orabug: 38688154]
- soc/pensando: psci support (David Clear) [Orabug: 38688154]
- soc/pensando: Giglio SoC eMMC interrupt driver (Brad Larson) [Orabug: 38688154]

ELSA-2026-50100 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50100

http://linux.oracle.com/errata/ELSA-2026-50100.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.352.5.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.352.5.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.352.5.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.352.5.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.352.5.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.352.5.el8uek.src.rpm

Related CVEs:

CVE-2025-39964
CVE-2025-40022
CVE-2025-40083
CVE-2025-40211
CVE-2025-40248
CVE-2025-40254
CVE-2025-40259
CVE-2025-40263
CVE-2025-40264
CVE-2025-40271
CVE-2025-40275
CVE-2025-40277
CVE-2025-40280
CVE-2025-40281
CVE-2025-40283
CVE-2025-40304
CVE-2025-40308
CVE-2025-40309
CVE-2025-40321
CVE-2025-40322
CVE-2025-40331
CVE-2025-40363
CVE-2025-68185
CVE-2025-68192
CVE-2025-68194
CVE-2025-68229
CVE-2025-68241
CVE-2025-68245
CVE-2025-68312
CVE-2025-68734

Description of changes:

[5.4.17-2136.352.5]
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907] {CVE-2025-40022}

[5.4.17-2136.352.4]
- arm64: pensando: Must boot Ortano kernel with spin-table (Rob Gardner) [Orabug: 38821197]

[5.4.17-2136.352.3]
- net/sched: adjust device watchdog timer to detect stopped queue at right time (Praveen Kumar Kannoju) [Orabug: 38340278]
- net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change (Praveen Kumar Kannoju) [Orabug: 38252416]
- infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xsvnic_main: Remove unused functions (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_cm: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' (Siddh Raman Pant) [Orabug: 38418469]
- rds: Fix jiffies type in struct rds_conn_path (Siddh Raman Pant) [Orabug: 38418727]
- kernel: sysctl: Remove unused variable 'zero' (Siddh Raman Pant) [Orabug: 38418727]
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537469] {CVE-2025-39964}
- RDMA/cm: Base cm_id destruction timeout on CMA values (Håkon Bugge) [Orabug: 38753622]
- x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756954]

[5.4.17-2136.352.2]
- LTS tag: v5.4.302 (Sherry Yang)
- Input: pegasus-notetaker - fix potential out-of-bounds access (Seungjin Bae)
- Input: remove third argument of usb_maxpacket() (Vincent Mailhol)
- usb: deprecate the third argument of usb_maxpacket() (Vincent Mailhol)
- fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737034,38786776,38787139] {CVE-2025-40271}
- pmdomain: imx: Fix reference count leak in imx_gpc_remove (Miaoqian Lin)
- pmdomain: arm: scmi: Fix genpd leak on provider registration failure (Sudeep Holla)
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug: 38773510] {CVE-2025-68245}
- net: qede: Initialize qede_ll_ops with designated initializer (Nathan Chancellor)
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon)
- ALSA: usb-audio: fix uac2 clock source at terminal parser (René Rebe)
- mm/page_alloc: fix hash table order logging in alloc_large_system_hash() (Isaac J. Manjarres)
- kconfig/nconf: Initialize the default locale at startup (Jakub Horký)
- kconfig/mconf: Initialize the default locale at startup (Jakub Horký)
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730612] {CVE-2025-40248}
- s390/ctcm: Fix double-kfree (Aleksei Nikiforov)
- net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730650] {CVE-2025-40254}
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan)
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki)
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773441] {CVE-2025-68229}
- scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730664] {CVE-2025-40259}
- Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730681] {CVE-2025-40263}
- be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730691] {CVE-2025-40264}
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798908] {CVE-2025-68734}
- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection (Niravkumar L Rabara)
- EDAC/altera: Handle OCRAM ECC enable after warm reset (Niravkumar L Rabara)
- spi: Try to get ACPI GPIO IRQ earlier (Hans de Goede)
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773496] {CVE-2025-68241}
- strparser: Fix signed/unsigned mismatch bug (Nate Karstens)
- gcov: add support for GCC 15 (Peter Oberparleiter)
- mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs)
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug: 38737052] {CVE-2025-40275}
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737061] {CVE-2025-40277}
- ASoC: cs4271: Fix regulator leak on probe failure (Xu Wang)
- regulator: fixed: fix GPIO descriptor leak on register failure (Xu Wang)
- regulator: fixed: use dev_err_probe for register (Chris Morgan)
- Bluetooth: L2CAP: export l2cap_chan_hold for modules (Pauli Virtanen)
- net_sched: limit try_bulk_dequeue_skb() batches (Eric Dumazet)
- net_sched: remove need_resched() from qdisc_run() (Eric Dumazet)
- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps (Gal Pressman)
- net/mlx5e: Fix maxrate wraparound in threshold between units (Gal Pressman)
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (Ranganath V N)
- wifi: mac80211: skip rate verification for not captured PSDUs (Benjamin Berg)
- net: mdio: fix resource leak in mdiobus_register_device() (Csaba Buday)
- tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38737084] {CVE-2025-40280}
- tipc: simplify the finalize work queue (Xin Long)
- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug: 38737091] {CVE-2025-40281}
- sctp: get netns from asoc and ep base (Xin Long)
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (Pauli Virtanen)
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (Pauli Virtanen)
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (Pauli Virtanen)
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737104] {CVE-2025-40283}
- net: fec: correct rx_bytes statistic for the case SHIFT16 is set (Wei Fang)
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (Sharique Mohammad)
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (Tristan Lobb)
- NFS4: Fix state renewals missing after boot (Joshua Watt)
- compiler_types: Move unused static inline functions warning to W=2 (Peter Zijlstra)
- extcon: adc-jack: Cleanup wakeup source only if it was enabled (Krzysztof Kozlowski)
- tracing: Fix memory leaks in create_field_var() (Zilin Guan)
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773283] {CVE-2025-68192}
- sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747447] {CVE-2025-40331}
- sctp: Hold RCU read lock while iterating over address list (Stefan Wiehler)
- net: dsa: b53: stop reading ARL entries if search is done (Jonas Gorski)
- net: dsa: b53: fix enabling ip multicast (Jonas Gorski)
- net: dsa: b53: fix resetting speed and pause on forced link (Jonas Gorski)
- net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 (Álvaro Fernández Rojas)
- net: dsa/b53: change b53_force_port_config() pause argument (Russell King)
- net: vlan: sync VLAN features with lower device (Hangbin Liu)
- ceph: add checking of wait_for_completion_killable() return value (Viacheslav Dubeyko)
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug: 38737182] {CVE-2025-40304}
- ACPI: property: Return present device nodes only on fwnode interface (Sakari Ailus)
- 9p: sysfs_init: don't hardcode error to ENOMEM (Randall P. Embry)
- 9p: fix /sys/fs/9p/caches overwriting itself (Randall P. Embry)
- fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink (Yikang Yue)
- ACPICA: Update dsmethod.c to get rid of unused variable warning (Saket Dumbre)
- orangefs: fix xattr related buffer overflow... (Mike Marshall)
- page_pool: Clamp pool size to max 16K pages (Dragos Tatulea)
- Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737213] {CVE-2025-40308}
- Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737224] {CVE-2025-40309}
- net: macb: avoid dealing with endianness in macb_set_hwaddr() (Théo Lebrun)
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (Al Viro) [Orabug: 38773245] {CVE-2025-68185}
- NFSv4.1: fix mount hang after CREATE_SESSION failure (Anthony Iliopoulos)
- NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia)
- remoteproc: qcom: q6v5: Avoid handling handover twice (Stephan Gerhold)
- sparc/module: Add R_SPARC_UA64 relocation handling (Koakuma)
- net: intel: fm10k: Fix parameter idx set but not used (Brahmajit Das)
- jfs: fix uninitialized waitqueue in transaction manager (Shaurya Rane)
- jfs: Verify inode mode when loading from disk (Tetsuo Handa)
- ipv6: np->rxpmtu race annotation (Eric Dumazet)
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (Krishna Kurapati)
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (Forest Crossman)
- allow finish_no_open(file, ERR_PTR(-E...)) (Al Viro)
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (Justin Tee)
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (Justin Tee)
- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency (Nai-Chen Cheng)
- net/cls_cgroup: Fix task_get_classid() during qdisc run (Yafang Shao)
- selftests: Replace sleep with slowwait (David Ahern)
- selftests: Disable dad for ipv6 in fcnal-test.sh (David Ahern)
- media: redrat3: use int type to store negative error codes (Rong Qianfeng)
- net: sh_eth: Disable WoL if system can not suspend (Niklas Söderlund)
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy (Harikrishna Shenoy)
- usb: gadget: f_hid: Fix zero length packet transfer (William Wu)
- net: call cond_resched() less often in __release_sock() (Eric Dumazet)
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (Cryolitia Pukngae)
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (Juraj Šarinay)
- dmaengine: dw-edma: Set status for callback_result (Devendra K Verma)
- dmaengine: mv_xor: match alloc_wc and free_wc (Rosen Penev)
- dmaengine: sh: setup_xref error handling (Thomas Andreatta)
- scsi: pm8001: Use int instead of u32 to store error codes (Rong Qianfeng)
- mips: lantiq: xway: sysctrl: rename stp clock (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing device_type in pci node (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing properties to cpu node (Aleksander Jan Bajkowski)
- media: fix uninitialized symbol warnings (Chelsy Ratnawat)
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (Amber Lin)
- extcon: adc-jack: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (Sungho Kim)
- net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. (Kuniyuki Iwashima)
- net: When removing nexthops, don't call synchronize_net if it is not necessary (Christoph Paasch)
- char: misc: Does not request module for miscdevice with dynamic minor (Zijun Hu)
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (Raub Camaioni)
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (Rodrigo Gobbi)
- media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773298] {CVE-2025-68194}
- net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773141] {CVE-2025-40363}
- bridge: Redirect to backup port when port is administratively down (Ido Schimmel)
- powerpc/eeh: Use result of error_detected() in uevent (Niklas Schnelle)
- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall (Kirill A. Shutemov)
- media: pci: ivtv: Don't create fake v4l2_fh (Laurent Pinchart)
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs (Geoffrey Mcrae)
- selftests/net: Ensure assert() triggers in psock_tpacket.c (Wake Liu)
- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 (Wake Liu)
- PCI: Disable MSI on RDC PCI to PCIe bridges (Marcos Del Sol Vives)
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (Seyediman Seyedarab)
- mfd: madera: Work around false-positive -Wininitialized warning (Arnd Bergmann)
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (Alexander Stein)
- mfd: stmpe: Remove IRQ domain upon removal (Alexander Stein)
- tools/power x86_energy_perf_policy: Prefer driver HWP limits (Len Brown)
- tools/power x86_energy_perf_policy: Enhance HWP enable (Len Brown)
- tools/cpupower: Fix incorrect size in cpuidle_state_disable() (Kaushlendra Kumar)
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (Armin Wolf)
- uprobe: Do not emulate/sstep original instruction when ip is changed (Jiri Olsa)
- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel (Daniel Lezcano)
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (Svyatoslav Ryhel)
- tee: allow a driver to allocate a tee_device without a pool (Amirreza Zarrabi)
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (Hans de Goede)
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (Sarthak Garg)
- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment (Christian Bruel)
- arc: Fix __fls() const-foldability via __builtin_clzl() (Kees Cook)
- cpufreq/longhaul: handle NULL policy in longhaul_exit (Dennis Beier)
- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 (Ricardo B. Marlière)
- ACPI: video: force native for Lenovo 82K8 (Mario Limonciello)
- memstick: Add timeout to prevent indefinite waiting (Jiayi Li)
- mmc: host: renesas_sdhi: Fix the actual clock (Biju Das)
- bpf: Don't use %pK through printk (Thomas Weißschuh)
- spi: loopback-test: Don't use %pK through printk (Thomas Weißschuh)
- soc: qcom: smem: Fix endian-unaware access of num_entries (Jens Reidel)
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable. (Owen Gu)
- serial: 8250_dw: handle reset control deassert error (Artem Shimko)
- serial: 8250_dw: Use devm_add_action_or_reset() (Andy Shevchenko)
- serial: 8250_dw: Use devm_clk_get_optional() to get the input clock (Andy Shevchenko)
- can: gs_usb: increase max interface to U8_MAX (Celeste Liu)
- devcoredump: Fix circular locking dependency with devcd->mutex. (Maarten Lankhorst)
- net: ravb: Enforce descriptor type ordering (Lad Prabhakar)
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (Babu Moger)
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug: 38737292] {CVE-2025-40321}
- net: phy: dp83867: Disable EEE support as not implemented (Emanuele Ghidoli)
- regmap: slimbus: fix bus_context pointer in regmap init calls (Alexey Klimov)
- drm/etnaviv: fix flush sequence logic (Tomeu Vizoso)
- usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773784] {CVE-2025-68312}
- wifi: ath10k: Fix memory leak on unsupported WMI command (Loic Poulain)
- ASoC: qdsp6: q6asm: do not sleep while atomic (Srinivas Kandagatla)
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (Miaoqian Lin)
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (Florian Fuchs)
- fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737301] {CVE-2025-40322}
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687005] {CVE-2025-40211}
- fbdev: atyfb: Check if pll_ops->init_pll failed (Daniel Palmer)
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (Miaoqian Lin)
- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (Filipe Manana)
- x86/bugs: Fix reporting of LFENCE retpoline (David Kaplan)
- net/sched: sch_qfq: Fix null-deref in agg_dequeue (Xiang Mei) [Orabug: 38597085] {CVE-2025-40083}

[5.4.17-2136.352.1]
- RDMA/cm: Rate limit destroy CM ID timeout error message (Håkon Bugge) [Orabug: 38753401]
- soc/pensando: giglio: hack dts to make things right (Rob Gardner) [Orabug: 38688154]
- soc/pensando: Add AMD Pensando Giglio SoC support (Brad Larson) [Orabug: 38688154]
- soc/pensando: psci support (David Clear) [Orabug: 38688154]
- soc/pensando: Giglio SoC eMMC interrupt driver (Brad Larson) [Orabug: 38688154]

[5.4.17-2136.351.3]
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38715366]
- fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38702507]
- uek-rpm: Replace check-kabi tool with kabi (Yifei Liu) [Orabug: 38673382]
- uek-rpm: Introduce check function for uek-rpm/tools/kabi (Yifei Liu) [Orabug: 38673382]

[5.4.17-2136.351.2]
- uek-rpm: kabi: Remove the kabi protection for debug kernels (Yifei Liu) [Orabug: 38609548]
- rds: Add smp_rmb before reading c_destroy_in_prog (Håkon Bugge) [Orabug: 38352486]
- uio_hv_generic: Set event for all channels on the device (Long Li)
- ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel)
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng)

[5.4.17-2136.351.1]
- scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (Sumit Saxena) [Orabug: 38630482]

[5.4.17-2136.350.3]
- net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506370]

[5.4.17-2136.350.2]
- LTS tag: v5.4.301 (Alok Tiwari)
- net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg (Zhengchao Shao)
- media: s5p-mfc: remove an unused/uninitialized variable (Arnd Bergmann)
- NFSD: Fix last write offset handling in layoutcommit (Sergey Bashirov)
- NFSD: Minor cleanup in layoutcommit processing (Sergey Bashirov)
- padata: Reset next CPU when reorder sequence wraps around (Xiao Liang)
- KEYS: trusted_tpm1: Compare HMAC values in constant time (Eric Biggers)
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601819] {CVE-2025-40087}
- vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601924] {CVE-2025-40105}
- jbd2: ensure that all ongoing I/O complete before freeing blocks (Zhang Yi)
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination (Deepanshu Kartikey) [Orabug: 38649223] {CVE-2025-40167}
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (Gui-Dong Han)
- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (Theodore Ts'O) [Orabug: 38649412] {CVE-2025-40198}
- spi: cadence-quadspi: Flush posted register writes before DAC access (Pratyush Yadav)
- spi: cadence-quadspi: Flush posted register writes before INDAC access (Pratyush Yadav)
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (Zhen Ni)
- memory: samsung: exynos-srom: Correct alignment (Krzysztof Kozlowski)
- arm64: errata: Apply workarounds for Neoverse-V3AE (Mark Rutland)
- arm64: cputype: Add Neoverse-V3AE definitions (Mark Rutland)
- comedi: fix divide-by-zero in comedi_buf_munge() (Deepanshu Kartikey)
- binder: remove "invalid inc weak" check (Alice Ryhl)
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (Mathias Nyman)
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (Tim Guttzeit)
- USB: serial: option: add Telit FN920C04 ECM compositions (Li Qingwu)
- USB: serial: option: add Quectel RG255C (Reinhard Speyerer)
- USB: serial: option: add UNISOC UIS7720 (Renjun Wang)
- net: ravb: Ensure memory write completes before ringing TX doorbell (Lad Prabhakar)
- net: usb: rtl8150: Fix frame padding (Michał Pecio)
- ocfs2: clear extent cache after moving/defragmenting extents (Deepanshu Kartikey) [Orabug: 38730547] {CVE-2025-40233}
- MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering (Maciej W. Rozycki)
- Revert "cpuidle: menu: Avoid discarding useful information" (Rafael J. Wysocki)
- net: bonding: fix possible peer notify event loss or dup issue (Tonghao Zhang)
- sctp: avoid NULL dereference when chunk data buffer is missing (Alexey Simakov) [Orabug: 38730567] {CVE-2025-40240}
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (Huang, Ying)
- net: enetc: correct the value of ENETC_RXB_TRUESIZE (Wei Fang)
- rtnetlink: Allow deleting FDB entries in user namespace (Johannes Wiesboeck)
- net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del (Nikolay Aleksandrov)
- net: add ndo_fdb_del_bulk (Nikolay Aleksandrov)
- net: rtnetlink: add bulk delete support flag (Nikolay Aleksandrov)
- net: netlink: add NLM_F_BULK delete request modifier (Nikolay Aleksandrov)
- net: rtnetlink: use BIT for flag values (Nikolay Aleksandrov)
- net: rtnetlink: add helper to extract msg type's kind (Nikolay Aleksandrov)
- net: rtnetlink: add msg kind names (Nikolay Aleksandrov)
- net: rtnetlink: remove redundant assignment to variable err (Colin Ian King)
- m68k: bitops: Fix find_*_bit() signatures (Geert Uytterhoeven)
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (Yangtao Li)
- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() (Viacheslav Dubeyko)
- dlm: check for defined force value in dlm_lockspace_release (Alexander Aring)
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (Viacheslav Dubeyko)
- hfs: validate record offset in hfsplus_bmap_alloc (Yang Chenzhi)
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (Viacheslav Dubeyko)
- hfs: make proper initalization of struct hfs_find_data (Viacheslav Dubeyko)
- hfs: clear offset and space out of valid records in b-tree node (Viacheslav Dubeyko)
- exec: Fix incorrect type for ret (Xichao Zhao)
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (Viacheslav Dubeyko)
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (Randy Dunlap)
- sched/fair: Fix pelt lost idle time detection (Vincent Guittot)
- sched/balancing: Rename newidle_balance() => sched_balance_newidle() (Ingo Molnar)
- sched/fair: Trivial correction of the newidle_balance() comment (Barry Song)
- sched: Make newidle_balance() static again (Chen Yu)
- tls: don't rely on tx_work during send() (Sabrina Dubroca)
- tls: always set record_type in tls_process_cmsg (Sabrina Dubroca)
- tg3: prevent use of uninitialized remote_adv and local_adv variables (Alexey Simakov)
- tcp: fix tcp_tso_should_defer() vs large RTT (Eric Dumazet)
- amd-xgbe: Avoid spurious link down messages during interface toggle (Raju Rangoju)
- net/ip6_tunnel: Prevent perpetual tunnel growth (Dmitry Safonov) [Orabug: 38649261] {CVE-2025-40173}
- net: dlink: handle dma_map_single() failure properly (Moon Yeounsu)
- net: dl2k: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- media: pci: ivtv: Add missing check after DMA map (Thomas Fourier)
- media: pci/ivtv: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- xen/events: Update virq_to_irq on migration (Jason Andryuk)
- media: lirc: Fix error handling in lirc_register() (Ma Ke)
- media: rc: Directly use ida_free() (Keliu)
- drm/exynos: exynos7_drm_decon: remove ctx->suspended (Kaustabh Chakraborty)
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (Anderson Nascimento) [Orabug: 38649463] {CVE-2025-40205}
- pwm: berlin: Fix wrong register in suspend/resume (Jisheng Zhang)
- media: cx18: Add missing check after DMA map (Thomas Fourier)
- xen/events: Cleanup find_virq() return codes (Jason Andryuk)
- cramfs: Verify inode mode when loading from disk (Tetsuo Handa)
- fs: Add 'initramfs_options' to set initramfs mount options (Lichen Liu)
- pid: Add a judgment for ns null in pid_nr_ns (Gaoxiang17) [Orabug: 38649276] {CVE-2025-40178}
- minixfs: Verify inode mode when loading from disk (Tetsuo Handa)
- tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592033] {CVE-2025-40042}
- dm: fix NULL pointer dereference in __dm_suspend() (Zheng Qixing) [Orabug: 38649057] {CVE-2025-40134}
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (Hans de Goede)
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (Andy Shevchenko)
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (Hans de Goede)
- Squashfs: reject negative file sizes in squashfs_read_inode() (Phillip Lougher) [Orabug: 38649425] {CVE-2025-40200}
- Squashfs: add additional inode sanity checking (Phillip Lougher)
- media: mc: Clear minor number before put device (Edward Adam Davis) [Orabug: 38649399] {CVE-2025-40197}
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (Bartosz Golaszewski)
- fs: udf: fix OOB read in lengthAllocDescs handling (Larshin Sergey) [Orabug: 38592048] {CVE-2025-40044}
- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug: 38591959] {CVE-2025-40026}
- net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591965] {CVE-2025-40027}
- ext4: guard against EA inode refcount underflow in xattr update (Ahmet Eray Karadag) [Orabug: 38649330] {CVE-2025-40190}
- ext4: correctly handle queries for metadata mappings (Ojaswin Mujoo)
- ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() (Yongjian Sun)
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia)
- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) (Sean Christopherson)
- x86/umip: Check that the instruction opcode is at least two bytes (Sean Christopherson)
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (Siddharth Vadapalli)
- PCI/AER: Fix missing uevent on recovery when a reset is requested (Niklas Schnelle)
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (Niklas Schnelle) [Orabug: 38730513] {CVE-2025-40219}
- rseq/selftests: Use weak symbol reference, not definition, to link with glibc (Sean Christopherson)
- rtc: interface: Fix long-standing race when setting alarm (Esben Haabendal)
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (Esben Haabendal)
- mmc: core: SPI mode remove cmd7 (Rex Chen)
- mtd: rawnand: fsmc: Default to autodetect buswidth (Linus Walleij)
- sparc: fix error handling in scan_one_device() (Ma Ke)
- sparc64: fix hugetlb for sun4u (Anthony Yznaga)
- sctp: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 38649451] {CVE-2025-40204}
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (Thorsten Blum)
- parisc: don't reference obsolete termio struct for TC* constants (Sam James)
- lib/genalloc: fix device leak in of_gen_pool_get() (Johan Hovold)
- iio: frequency: adf4350: Fix prescaler usage. (Michael Hennerich)
- iio: dac: ad5421: use int type to store negative error codes (Rong Qianfeng)
- iio: dac: ad5360: use int type to store negative error codes (Rong Qianfeng)
- crypto: atmel - Fix dma_unmap_sg() direction (Thomas Fourier)
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (Rafael J. Wysocki) [Orabug: 38649367] {CVE-2025-40194}
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (Shuhao Fu)
- media: i2c: mt9v111: fix incorrect type for ret (Rong Qianfeng)
- firmware: meson_sm: fix device leak at probe (Johan Hovold)
- xen/manage: Fix suspend error path (Lukas Wunner)
- arm64: dts: qcom: msm8916: Add missing MDSS reset (Stephan Gerhold)
- ACPI: debug: fix signedness issues in read/write helpers (Amir Mohammad Jahangirzad)
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (Daniel Tang)
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (Gunnar Kudrjavets)
- tpm, tpm_tis: Claim locality before writing interrupt registers (Lino Sanfilippo)
- crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38581456,38705546] {CVE-2025-40019}
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (Harini T)
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (Harini T)
- tools build: Align warning options with perf (Leo Yan)
- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe (Erick Karanja)
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Kuniyuki Iwashima) [Orabug: 38649579] {CVE-2025-40186}
- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (Alexandr Sapozhnikov) [Orabug: 38649313] {CVE-2025-40187}
- drm/vmwgfx: Fix Use-after-free in validation (Ian Forbes) [Orabug: 38643546] {CVE-2025-40111}
- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() (Dan Carpenter)
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557654] {CVE-2025-40001}
- scsi: mvsas: Use sas_task_find_rq() for tagging (John Garry)
- scsi: mvsas: Delete mvs_tag_init() (John Garry)
- scsi: libsas: Add sas_task_find_rq() (John Garry)
- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver (Alok Tiwari)
- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() (Brian Masney)
- perf session: Fix handling when buffer exceeds 2 GiB (Leo Yan)
- rtc: x1205: Fix Xicor X1205 vendor prefix (Rob Herring)
- perf util: Fix compression checks returning -1 as bool (Yunseong Kim)
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (Michael Hennerich)
- clocksource/drivers/clps711x: Fix resource leaks in error paths (Zhen Ni)
- pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug: 38591981] {CVE-2025-40030}
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38592002] {CVE-2025-40035}
- mm: hugetlb: avoid soft lockup when mprotect to large memory area (Yang Shi) [Orabug: 38649150] {CVE-2025-40153}
- uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592067] {CVE-2025-40048}
- Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592077] {CVE-2025-40049}
- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable (Kohei Enju)
- nfp: fix RSS hash key size when RSS is not supported (Kohei Enju)
- drivers/base/node: fix double free in register_one_node() (Donet Tom)
- ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592110] {CVE-2025-40055}
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (I Viswanath) [Orabug: 38649096] {CVE-2025-40140}
- RDMA/siw: Always report immediate post SQ errors (Bernard Metzler)
- usb: vhci-hcd: Prevent suspending virtually attached devices (Cristian Ciocaltea)
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (Ranjan Kumar) [Orabug: 38648982] {CVE-2025-40115}
- ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug: 38581446] {CVE-2025-40018}
- NFSv4.1: fix backchannel max_resp_sz verification check (Anthony Iliopoulos)
- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice (Stephan Gerhold)
- sparc: fix accurate exception reporting in copy_{from,to}_user for M7 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_to_user for Niagara 4 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC (Michael Karcher)
- IB/sa: Fix sa_local_svc_timeout_ms read race (Vlad Dumitrescu)
- RDMA/core: Resolve MAC of next-hop device without ARP support (Parav Pandit)
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (Abdun Nihaal)
- drivers/base/node: handle error properly in register_one_node() (Donet Tom)
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (Christophe Leroy)
- netfilter: ipset: Remove unused htable_bits in macro ahash_region (Zhen Ni)
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (Hans de Goede)
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (Takashi Iwai)
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (Takashi Iwai)
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (Takashi Iwai)
- pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592170] {CVE-2025-40070}
- misc: genwqe: Fix incorrect cmd field being reported in error (Colin Ian King)
- usb: gadget: configfs: Correctly set use_os_string at bind (William Wu)
- usb: phy: twl6030: Fix incorrect type for ret (Xichao Zhao)
- tcp: fix __tcp_close() to only send RST when required (Eric Dumazet)
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (Alok Tiwari)
- wifi: mwifiex: send world regulatory domain to driver (Stefan Kerkmann)
- ALSA: lx_core: use int type to store negative error codes (Rong Qianfeng)
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (Zhang Shurong)
- scsi: myrs: Fix dma_alloc_coherent() error check (Thomas Fourier)
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (Niklas Cassel) [Orabug: 38649567] {CVE-2025-40118}
- serial: max310x: Add error checking in probe() (Dan Carpenter)
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (Dan Carpenter)
- drm/radeon/r600_cs: clean up of dead code in r600_cs (Brahmajit Das)
- i2c: designware: Add disabling clocks when probe fails (Kunihiko Hayashi)
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (Leilk Liu)
- bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592205] {CVE-2025-40078}
- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported (Akhilesh Patil)
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (Uwe Kleine-König)
- block: use int to store blk_stack_limits() return value (Rong Qianfeng)
- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (Li Nan) [Orabug: 38649026] {CVE-2025-40125}
- pinctrl: meson-gxl: add missing i2c_d pinmux (Da Xue)
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (Sneh Mankad)
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (Huisong Li)
- regmap: Remove superfluous check for !config in __regmap_init() (Geert Uytterhoeven)
- x86/vdso: Fix output operand size of RDPID (Uros Bizjak)
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592223] {CVE-2025-40081}
- driver core/PM: Set power.no_callbacks along with power.no_pm (Rafael J. Wysocki)
- staging: axis-fifo: flush RX FIFO on read errors (Ovidiu Panait)
- staging: axis-fifo: fix maximum TX packet length check (Ovidiu Panait)
- perf subcmd: avoid crash in exclude_cmds when excludes is empty (Hupu)
- dm-integrity: limit MAX_TAG_SIZE to 255 (Mikulas Patocka)
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 (Bitterblue Smith)
- USB: serial: option: add SIMCom 8230C compositions (Xiaowei Li)
- media: rc: fix races with imon_disconnect() (Larshin Sergey) [Orabug: 38548027] {CVE-2025-39993}
- media: imon: grab lock earlier in imon_ir_change_protocol() (Tetsuo Handa)
- media: imon: reorganize serialization (Tetsuo Handa)
- media: rc: Add support for another iMON 0xffdc device (Flavius Georgescu)
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (Duoming Zhou) [Orabug: 38548044] {CVE-2025-39995}
- media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou) [Orabug: 38548037] {CVE-2025-39994}
- media: tunner: xc5000: Refactor firmware load (Ricardo Ribalda)
- udp: Fix memory accounting leak. (Kuniyuki Iwashima) [Orabug: 37844325] {CVE-2025-22058}
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou) [Orabug: 38548051] {CVE-2025-39996}
- scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran) [Orabug: 38548059] {CVE-2025-39998}
- LTS tag: v5.4.300 (Alok Tiwari)
- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (Maciej S. Szmigiero)
- mm/hugetlb: fix folio is still mapped when deleted (Tu Jinjiang) [Orabug: 38560482] {CVE-2025-40006}
- i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik)
- i40e: fix validation of VF state in get resources (Lukasz Czapnik) [Orabug: 38547929] {CVE-2025-39969}
- i40e: fix idx validation in config queues msg (Lukasz Czapnik) [Orabug: 38547938] {CVE-2025-39971}
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38547952,38604168,38604171] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder)
- mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (David Hildenbrand)
- fbcon: Fix OOB access in font allocation (Thomas Zimmermann)
- fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda) [Orabug: 38547913] {CVE-2025-39967}
- i40e: add max boundary check for VF filters (Lukasz Czapnik) [Orabug: 38547923] {CVE-2025-39968}
- i40e: fix input validation logic for action_meta (Lukasz Czapnik) [Orabug: 38547933] {CVE-2025-39970}
- i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik) [Orabug: 38547946] {CVE-2025-39972}
- drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita) [Orabug: 38560496] {CVE-2025-40011}
- can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean) [Orabug: 38581463] {CVE-2025-40020}
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven)
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov)
- usb: core: Add 0x prefix to quirks debug output (Jiayi Li)
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai)
- ALSA: usb-audio: Convert comma to semicolon (Chen Ni)
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea)
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea)
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (Hans de Goede)
- net: rfkill: gpio: add DT support (Philipp Zabel)
- serial: sc16is7xx: fix bug in flow control levels init (Hugo Villeneuve)
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (Alan Stern)
- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body (Jakob Koschel)
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (Colin Ian King)
- ASoC: wm8974: Correct PLL rate rounding (Charles Keepax)
- ASoC: wm8940: Correct typo in control name (Charles Keepax)
- mmc: mvsdio: Fix dma_unmap_sg() nents value (Thomas Fourier)
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (Nathan Chancellor)
- cnic: Fix use-after-free bugs in cnic_delete_task (Duoming Zhou) [Orabug: 38503849] {CVE-2025-39945}
- net: liquidio: fix overflow in octeon_init_instr_queue() (Alexey Nepomnyashih)
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Kuniyuki Iwashima) [Orabug: 38526388] {CVE-2025-39955}
- i40e: remove redundant memory barrier when cleaning Tx descs (Maciej Fijalkowski)
- net: natsemi: fix rx_dropped double accounting on netif_rx() failure (Moon Yeounsu)
- cgroup: split cgroup_destroy_wq into 3 workqueues (Chen Ridong) [Orabug: 38503892] {CVE-2025-39953}
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch (Geert Uytterhoeven)
- wifi: mac80211: fix incorrect type for ret (Liao Yuanhong)
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (Takashi Sakamoto)
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Miaohe Lin) [Orabug: 38461848] {CVE-2025-39883}
- phy: ti-pipe3: fix device leak at unbind (Johan Hovold)
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (Stephan Gerhold) [Orabug: 38494822] {CVE-2025-39923}
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (Anders Roxell)
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (Tetsuo Handa)
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (Tetsuo Handa)
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (Michal Schmidt) [Orabug: 38494787] {CVE-2025-39911}
- i40e: Use irq_update_affinity_hint() (Nitesh Narayan Lal)
- genirq: Provide new interfaces for affinity hints (Thomas Gleixner)
- genirq: Export affinity setter for modules (Thomas Gleixner)
- genirq/affinity: Add irq_update_affinity_desc() (John Garry)
- igb: fix link test skipping when interface is admin down (Kohei Enju)
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (Stefan Wahren)
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (Fabio Porcedda)
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (Fabian Vogt)
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (Alexander Sverdlin)
- mtd: nand: raw: atmel: Fix comment in timings preparation (Alexander Dahl)
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (Christophe Kerello)
- mm/khugepaged: fix the address passed to notifier on testing young (Wei Yang)
- fuse: prevent overflow in copy_file_range return value (Miklos Szeredi)
- fuse: check if copy_file_range() returns larger than requested size (Miklos Szeredi)
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (Christophe Kerello)
- ocfs2: fix recursive semaphore deadlock in fiemap call (Mark Tinguely) [Orabug: 38461859] {CVE-2025-39885}
- EDAC/altera: Delete an inappropriate dma_free_coherent() call (Salah Triki)
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (Kuniyuki Iwashima) [Orabug: 38494797] {CVE-2025-39913}
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (Kuniyuki Iwashima) [Orabug: 37901604] {CVE-2025-23143}

ELBA-2026-50084 Oracle Linux 8 dtrace bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50084

http://linux.oracle.com/errata/ELBA-2026-50084.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
dtrace-2.0.5-2.el8.x86_64.rpm
dtrace-devel-2.0.5-2.el8.x86_64.rpm
dtrace-testsuite-2.0.5-2.el8.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/dtrace-2.0.5-2.el8.src.rpm

Description of changes:

[2.0.5-1]
- Implement PID-specific uprobes. (Kris Van Hees)
- Allocate the buffers BPF map to fit highest CPU id. (Kris Van Hees)
- Fix argument handling for multi-location user probes.
(Kris Van Hees) [Orabug: 38922360]
- Change the "stack skip" to 3 for fbt (fprobe) and rawtp providers.
[Orabug: 38776929]
- Fix prvname so that both rawfbt and fbt probes are seen.
[Orabug: 38842114]
- Do not convert "__" to "-" for stapsdt provider names.
- Fix printf formatting with non-monetary grouping chars.
[Orabug: 30430270]
- Discontinue -xversion=V as an option. (Kris Van Hees) [Orabug: 38615307]
- Add the DTrace Tutorial to the git repo and install package.
- Add missing documentation: trunc(), stapsdt, usdt.h include path.
- Update LLM context files to forbid "if" statements.
- Test suite weakly pulls in kernel-uek-tools to get perf. (Nick Alcock)
[Orabug: 38064413]

ELBA-2026-50085 Oracle Linux 8 dtrace bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50085

http://linux.oracle.com/errata/ELBA-2026-50085.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
dtrace-2.0.5-2.el8.aarch64.rpm
dtrace-devel-2.0.5-2.el8.aarch64.rpm
dtrace-testsuite-2.0.5-2.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/dtrace-2.0.5-2.el8.src.rpm

Description of changes:

[2.0.5-1]
- Implement PID-specific uprobes. (Kris Van Hees)
- Allocate the buffers BPF map to fit highest CPU id. (Kris Van Hees)
- Fix argument handling for multi-location user probes.
(Kris Van Hees) [Orabug: 38922360]
- Change the "stack skip" to 3 for fbt (fprobe) and rawtp providers.
[Orabug: 38776929]
- Fix prvname so that both rawfbt and fbt probes are seen.
[Orabug: 38842114]
- Do not convert "__" to "-" for stapsdt provider names.
- Fix printf formatting with non-monetary grouping chars.
[Orabug: 30430270]
- Discontinue -xversion=V as an option. (Kris Van Hees) [Orabug: 38615307]
- Add the DTrace Tutorial to the git repo and install package.
- Add missing documentation: trunc(), stapsdt, usdt.h include path.
- Update LLM context files to forbid "if" statements.
- Test suite weakly pulls in kernel-uek-tools to get perf. (Nick Alcock)
[Orabug: 38064413]

[2.0.4-1]
- TCP, UDP, and stapsdt providers implemented. (Alan Maguire)
- New learning materials: the User's Guide in Markdown format,
example scripts, and a context file for LLMs.
(Eugene Loh, Bruce McCulloch, Ruud van der Pas, Elena Zannoni).
- Allow [u]stack() to be used as a variable value. (Kris Van Hees)
[Orabug: 37950533]
- Comments using // are now supported. (Kris Van Hees)
- Scalability improvements. (Kris Van Hees)
- Error injection via return() action. (Kris Van Hees)
- Improved string handling. (Kris Van Hees)
- Various bug fixes. (Eugene Loh, Kris Van Hees)
- Fix dyn vars overwriting one another. [Orabug: 37994729]
- Fix regression: list fbt probes by default. [Orabug: 38249511]
- Various testsuite fixes and improvements.
(Nick Alcock, Eugene Loh, Alan Maguire, Kris Van Hees)
- Add test for preprocessor definitions. [Orabug: 28763074]
- Fix some stack tests. [Orabug: 37459289]

[2.0.3-1]
- This is only released on OL10.
- Redesigned USDT support to work for LTO compilations. [Orabug: 38011704]
- New builtin variable: execargs.
- Offset probes in pid provider. (Eugene Loh)
- Various bug fixes. (Nick Alcock, Eugene Loh, Kris Van Hees)
- Various testsuite fixes and improvements.
(Nick Alcock, Sam James, Eugene Loh, Kris Van Hees)

[2.0.2-1]
- Translators to support kernels 6.10 and later.
- FBT return probe argument support.
- The print() action is augmented with type information. (Alan Maguire)
- Support to discover and trace USDT probes after a tracing session has
started. (Eugene Loh, Nick Alcock)
- USDT probe argument support (translated types, mapping). (Nick Alcock)
- Installation locations are now configurable. (Nick Alcock)
- Valgrind is no longer a required build dependency. (Nick Alcock)
- Self-grabs have been improved. (Nick Alcock)
- New provider: rawfbt. (Kris Van Hees)
- Various bug fixes. (Nick Alcock, Eugene Loh, Alan Maguire, Kris Van Hees)
- Various testsuite fixes and improvements.
(Nick Alcock, Sam James, Eugene Loh, Kris Van Hees)
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)
[Orabug: 37274251]

[2.0.1-1]
- Implement FBT probes with fentry/fexit tracepoints
- Provide argument info for FBT probes.
- Provide pre-generated translator files sets. [Orabug: 36504847]

[2.0.0-1.14]
- Implement provider: io. (Eugene Loh, Kris Van Hees)
- Implement actions: print(). (Alan Maguire)
- Implement subroutines: link_ntop(), cleanpath(). (Eugene Loh)
- Implement options: -xcpu, -xaggpercpu. (Eugene Loh)
- Improve providers: pid (offset-based probes) and rawtp (arg info).
- Improve options: -xlockmem (improve default). (Eugene Loh)
- Ensure USDT probes can survive dtprobed restarts. (Nick Alcock)
- Improve USDT probe creation/deletion. (Nick Alcock)
- Improve support for DTrace with upstream kernels. (Nick Alcock)
- Improve support for compiling DTrace in older environments. (Kris Van Hees)
- Add support for aggregations of stacks. (Eugene Loh)
- Improve lexer parsing (top-level wildcard ambiguities and numerals).
(Nick Alcock)
- Fix END probe execution with multiple tracers. (Nick Alcock)
- Preemptive BPF program execution for DTrace probes is not allowed.
- Buffer overrun fix for systems with non-sequential online CPU ids.
(Kris Van Hees, Nick Alcock) [Orabug: 36356681]
- Various bug fixes. (Nick Alcock, Eugene Loh, Kris Van Hees)
- Various testsuite fixes and improvements.
(Nick Alcock, Eugene Loh, Kris Van Hees)
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)
[Orabug: 36329725]

[2.0.0-1.13.2]
- Support using DTrace with upstream kernels.
- Implement provider: ip.
- Implement actions: trunc(), pcap().
- Implement subroutines: inet_ntoa6().
- Implement subroutines: inet_ntop(). (Eugene Loh)
- Support modules.builtin.ranges for builtin module-symbol association.
- Provide a BTF-to-CTF convertor to provide (limited) kernel type information
when CTF is not available.
- Remove dependency on waitfd(). (Nick Alcock)
- Various testsuite fixes and improvements.
(Nick Alcock, Eugene Loh, Kris Van Hees)
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)

[2.0.0-1.13.1]
- Restart dtprobed when upgrading DTrace.
- Report and clean up orphaned tracing events after each test.

[2.0.0-1.13]
- Full support for is-enabled USDT probes. (Nick Alcock)
- Report error on programs that exceed aggsize or dynvarsize.
- Support for drop counters for principal, speculation, and aggregation buffers
and for dynamic variables.
- Implement probe: proc:::signal-clear.
- Implement provider: sched (partial implementation).
- Implement provider: lockstat (for kernels >= 5.10.0 and UEK6 with fix).
- Support NULL strings. (Eugene Loh)
- Support uregs[] on older kernels. (Eugene Loh)
- New option: lonknommap. (Nick Alcock)
- Support for USDT probes in programs in different fs namespaces. (Nick Alcock)
- Support for USDT probes in non-PIE executables. (Nick Alcock)
- Fix dtprobed to support DOF that exceeds 64KiB. (Nick Alcock)
[Orabug: 35411920]
- Do not modify input files with dtrace -G if unchanged. (Steven Sistare)
[Orabug: 35417184]
- Various testsuite fixes and improvements.
(Nick Alcock, Eugene Loh, Kris Van Hees) [Orabug: 35435195]
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)
[Orabug: 35435195]

[2.0.0-1.12]
- Fix evaluation order of bcopy() arguments and lift non-alloca restriction
on the source address. (Eugene Loh, Kris Van Hees)
- Implement actions: clear(), tracemem(). (Kris Van Hees, Eugene Loh)
- Implement subroutines: copyout(), copyinstr(). (Kris Van Hees, Eugene Loh)
- Implement options: switchrate, aggrate.
- Implement provider: cpc. (Eugene Loh)
- Implement provider: proc.
- Implement built-in variable: uregs. (Eugene Loh)
- Increase strtab maximum size.
- Support using indirect load instructions for pointers to alloca()'d and
DTrace managed memory. (Kris Van Hees, Eugene Loh)
- Fix arg0 and arg1 for profile-* and tick-* probes. (Eugene Loh)
- Implement runtime bounds checking for scalar array access. (Eugene Loh)
- Updated manpage and moved to dtrace.8.
- Support arbitrary address pointers for basename(), dirname(), strchr(),
strrchr(), and inet_ntoa(). (Eugene Loh) [Orabug: 34857846]
- Add runtime bounds checking for scalar array access. (Eugene Loh)
[Orabug: 35045463]
- Various testsuite fixes and improvements. [Orabug: 34829509]
- Various code improvements. [Orabug: 34829509]

ELSA-2026-50100 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50100

http://linux.oracle.com/errata/ELSA-2026-50100.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.352.5.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.352.5.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.352.5.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.352.5.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.352.5.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.352.5.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.352.5.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.352.5.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.352.5.el7uek.src.rpm

Related CVEs:

CVE-2025-39964
CVE-2025-40022
CVE-2025-40083
CVE-2025-40211
CVE-2025-40248
CVE-2025-40254
CVE-2025-40259
CVE-2025-40263
CVE-2025-40264
CVE-2025-40271
CVE-2025-40275
CVE-2025-40277
CVE-2025-40280
CVE-2025-40281
CVE-2025-40283
CVE-2025-40304
CVE-2025-40308
CVE-2025-40309
CVE-2025-40321
CVE-2025-40322
CVE-2025-40331
CVE-2025-40363
CVE-2025-68185
CVE-2025-68192
CVE-2025-68194
CVE-2025-68229
CVE-2025-68241
CVE-2025-68245
CVE-2025-68312
CVE-2025-68734

Description of changes:

[5.4.17-2136.352.5]
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907] {CVE-2025-40022}

[5.4.17-2136.352.4]
- arm64: pensando: Must boot Ortano kernel with spin-table (Rob Gardner) [Orabug: 38821197]

[5.4.17-2136.352.3]
- net/sched: adjust device watchdog timer to detect stopped queue at right time (Praveen Kumar Kannoju) [Orabug: 38340278]
- net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change (Praveen Kumar Kannoju) [Orabug: 38252416]
- infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xsvnic_main: Remove unused functions (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_cm: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' (Siddh Raman Pant) [Orabug: 38418469]
- rds: Fix jiffies type in struct rds_conn_path (Siddh Raman Pant) [Orabug: 38418727]
- kernel: sysctl: Remove unused variable 'zero' (Siddh Raman Pant) [Orabug: 38418727]
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537469] {CVE-2025-39964}
- RDMA/cm: Base cm_id destruction timeout on CMA values (Håkon Bugge) [Orabug: 38753622]
- x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756954]

[5.4.17-2136.352.2]
- LTS tag: v5.4.302 (Sherry Yang)
- Input: pegasus-notetaker - fix potential out-of-bounds access (Seungjin Bae)
- Input: remove third argument of usb_maxpacket() (Vincent Mailhol)
- usb: deprecate the third argument of usb_maxpacket() (Vincent Mailhol)
- fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737034,38786776,38787139] {CVE-2025-40271}
- pmdomain: imx: Fix reference count leak in imx_gpc_remove (Miaoqian Lin)
- pmdomain: arm: scmi: Fix genpd leak on provider registration failure (Sudeep Holla)
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug: 38773510] {CVE-2025-68245}
- net: qede: Initialize qede_ll_ops with designated initializer (Nathan Chancellor)
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon)
- ALSA: usb-audio: fix uac2 clock source at terminal parser (René Rebe)
- mm/page_alloc: fix hash table order logging in alloc_large_system_hash() (Isaac J. Manjarres)
- kconfig/nconf: Initialize the default locale at startup (Jakub Horký)
- kconfig/mconf: Initialize the default locale at startup (Jakub Horký)
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730612] {CVE-2025-40248}
- s390/ctcm: Fix double-kfree (Aleksei Nikiforov)
- net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730650] {CVE-2025-40254}
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan)
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki)
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773441] {CVE-2025-68229}
- scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730664] {CVE-2025-40259}
- Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730681] {CVE-2025-40263}
- be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730691] {CVE-2025-40264}
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798908] {CVE-2025-68734}
- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection (Niravkumar L Rabara)
- EDAC/altera: Handle OCRAM ECC enable after warm reset (Niravkumar L Rabara)
- spi: Try to get ACPI GPIO IRQ earlier (Hans de Goede)
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773496] {CVE-2025-68241}
- strparser: Fix signed/unsigned mismatch bug (Nate Karstens)
- gcov: add support for GCC 15 (Peter Oberparleiter)
- mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs)
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug: 38737052] {CVE-2025-40275}
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737061] {CVE-2025-40277}
- ASoC: cs4271: Fix regulator leak on probe failure (Xu Wang)
- regulator: fixed: fix GPIO descriptor leak on register failure (Xu Wang)
- regulator: fixed: use dev_err_probe for register (Chris Morgan)
- Bluetooth: L2CAP: export l2cap_chan_hold for modules (Pauli Virtanen)
- net_sched: limit try_bulk_dequeue_skb() batches (Eric Dumazet)
- net_sched: remove need_resched() from qdisc_run() (Eric Dumazet)
- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps (Gal Pressman)
- net/mlx5e: Fix maxrate wraparound in threshold between units (Gal Pressman)
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (Ranganath V N)
- wifi: mac80211: skip rate verification for not captured PSDUs (Benjamin Berg)
- net: mdio: fix resource leak in mdiobus_register_device() (Csaba Buday)
- tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38737084] {CVE-2025-40280}
- tipc: simplify the finalize work queue (Xin Long)
- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug: 38737091] {CVE-2025-40281}
- sctp: get netns from asoc and ep base (Xin Long)
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (Pauli Virtanen)
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (Pauli Virtanen)
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (Pauli Virtanen)
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737104] {CVE-2025-40283}
- net: fec: correct rx_bytes statistic for the case SHIFT16 is set (Wei Fang)
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (Sharique Mohammad)
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (Tristan Lobb)
- NFS4: Fix state renewals missing after boot (Joshua Watt)
- compiler_types: Move unused static inline functions warning to W=2 (Peter Zijlstra)
- extcon: adc-jack: Cleanup wakeup source only if it was enabled (Krzysztof Kozlowski)
- tracing: Fix memory leaks in create_field_var() (Zilin Guan)
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773283] {CVE-2025-68192}
- sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747447] {CVE-2025-40331}
- sctp: Hold RCU read lock while iterating over address list (Stefan Wiehler)
- net: dsa: b53: stop reading ARL entries if search is done (Jonas Gorski)
- net: dsa: b53: fix enabling ip multicast (Jonas Gorski)
- net: dsa: b53: fix resetting speed and pause on forced link (Jonas Gorski)
- net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 (Álvaro Fernández Rojas)
- net: dsa/b53: change b53_force_port_config() pause argument (Russell King)
- net: vlan: sync VLAN features with lower device (Hangbin Liu)
- ceph: add checking of wait_for_completion_killable() return value (Viacheslav Dubeyko)
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug: 38737182] {CVE-2025-40304}
- ACPI: property: Return present device nodes only on fwnode interface (Sakari Ailus)
- 9p: sysfs_init: don't hardcode error to ENOMEM (Randall P. Embry)
- 9p: fix /sys/fs/9p/caches overwriting itself (Randall P. Embry)
- fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink (Yikang Yue)
- ACPICA: Update dsmethod.c to get rid of unused variable warning (Saket Dumbre)
- orangefs: fix xattr related buffer overflow... (Mike Marshall)
- page_pool: Clamp pool size to max 16K pages (Dragos Tatulea)
- Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737213] {CVE-2025-40308}
- Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737224] {CVE-2025-40309}
- net: macb: avoid dealing with endianness in macb_set_hwaddr() (Théo Lebrun)
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (Al Viro) [Orabug: 38773245] {CVE-2025-68185}
- NFSv4.1: fix mount hang after CREATE_SESSION failure (Anthony Iliopoulos)
- NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia)
- remoteproc: qcom: q6v5: Avoid handling handover twice (Stephan Gerhold)
- sparc/module: Add R_SPARC_UA64 relocation handling (Koakuma)
- net: intel: fm10k: Fix parameter idx set but not used (Brahmajit Das)
- jfs: fix uninitialized waitqueue in transaction manager (Shaurya Rane)
- jfs: Verify inode mode when loading from disk (Tetsuo Handa)
- ipv6: np->rxpmtu race annotation (Eric Dumazet)
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (Krishna Kurapati)
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (Forest Crossman)
- allow finish_no_open(file, ERR_PTR(-E...)) (Al Viro)
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (Justin Tee)
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (Justin Tee)
- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency (Nai-Chen Cheng)
- net/cls_cgroup: Fix task_get_classid() during qdisc run (Yafang Shao)
- selftests: Replace sleep with slowwait (David Ahern)
- selftests: Disable dad for ipv6 in fcnal-test.sh (David Ahern)
- media: redrat3: use int type to store negative error codes (Rong Qianfeng)
- net: sh_eth: Disable WoL if system can not suspend (Niklas Söderlund)
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy (Harikrishna Shenoy)
- usb: gadget: f_hid: Fix zero length packet transfer (William Wu)
- net: call cond_resched() less often in __release_sock() (Eric Dumazet)
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (Cryolitia Pukngae)
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (Juraj Šarinay)
- dmaengine: dw-edma: Set status for callback_result (Devendra K Verma)
- dmaengine: mv_xor: match alloc_wc and free_wc (Rosen Penev)
- dmaengine: sh: setup_xref error handling (Thomas Andreatta)
- scsi: pm8001: Use int instead of u32 to store error codes (Rong Qianfeng)
- mips: lantiq: xway: sysctrl: rename stp clock (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing device_type in pci node (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing properties to cpu node (Aleksander Jan Bajkowski)
- media: fix uninitialized symbol warnings (Chelsy Ratnawat)
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (Amber Lin)
- extcon: adc-jack: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (Sungho Kim)
- net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. (Kuniyuki Iwashima)
- net: When removing nexthops, don't call synchronize_net if it is not necessary (Christoph Paasch)
- char: misc: Does not request module for miscdevice with dynamic minor (Zijun Hu)
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (Raub Camaioni)
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (Rodrigo Gobbi)
- media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773298] {CVE-2025-68194}
- net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773141] {CVE-2025-40363}
- bridge: Redirect to backup port when port is administratively down (Ido Schimmel)
- powerpc/eeh: Use result of error_detected() in uevent (Niklas Schnelle)
- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall (Kirill A. Shutemov)
- media: pci: ivtv: Don't create fake v4l2_fh (Laurent Pinchart)
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs (Geoffrey Mcrae)
- selftests/net: Ensure assert() triggers in psock_tpacket.c (Wake Liu)
- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 (Wake Liu)
- PCI: Disable MSI on RDC PCI to PCIe bridges (Marcos Del Sol Vives)
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (Seyediman Seyedarab)
- mfd: madera: Work around false-positive -Wininitialized warning (Arnd Bergmann)
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (Alexander Stein)
- mfd: stmpe: Remove IRQ domain upon removal (Alexander Stein)
- tools/power x86_energy_perf_policy: Prefer driver HWP limits (Len Brown)
- tools/power x86_energy_perf_policy: Enhance HWP enable (Len Brown)
- tools/cpupower: Fix incorrect size in cpuidle_state_disable() (Kaushlendra Kumar)
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (Armin Wolf)
- uprobe: Do not emulate/sstep original instruction when ip is changed (Jiri Olsa)
- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel (Daniel Lezcano)
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (Svyatoslav Ryhel)
- tee: allow a driver to allocate a tee_device without a pool (Amirreza Zarrabi)
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (Hans de Goede)
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (Sarthak Garg)
- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment (Christian Bruel)
- arc: Fix __fls() const-foldability via __builtin_clzl() (Kees Cook)
- cpufreq/longhaul: handle NULL policy in longhaul_exit (Dennis Beier)
- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 (Ricardo B. Marlière)
- ACPI: video: force native for Lenovo 82K8 (Mario Limonciello)
- memstick: Add timeout to prevent indefinite waiting (Jiayi Li)
- mmc: host: renesas_sdhi: Fix the actual clock (Biju Das)
- bpf: Don't use %pK through printk (Thomas Weißschuh)
- spi: loopback-test: Don't use %pK through printk (Thomas Weißschuh)
- soc: qcom: smem: Fix endian-unaware access of num_entries (Jens Reidel)
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable. (Owen Gu)
- serial: 8250_dw: handle reset control deassert error (Artem Shimko)
- serial: 8250_dw: Use devm_add_action_or_reset() (Andy Shevchenko)
- serial: 8250_dw: Use devm_clk_get_optional() to get the input clock (Andy Shevchenko)
- can: gs_usb: increase max interface to U8_MAX (Celeste Liu)
- devcoredump: Fix circular locking dependency with devcd->mutex. (Maarten Lankhorst)
- net: ravb: Enforce descriptor type ordering (Lad Prabhakar)
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (Babu Moger)
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug: 38737292] {CVE-2025-40321}
- net: phy: dp83867: Disable EEE support as not implemented (Emanuele Ghidoli)
- regmap: slimbus: fix bus_context pointer in regmap init calls (Alexey Klimov)
- drm/etnaviv: fix flush sequence logic (Tomeu Vizoso)
- usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773784] {CVE-2025-68312}
- wifi: ath10k: Fix memory leak on unsupported WMI command (Loic Poulain)
- ASoC: qdsp6: q6asm: do not sleep while atomic (Srinivas Kandagatla)
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (Miaoqian Lin)
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (Florian Fuchs)
- fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737301] {CVE-2025-40322}
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687005] {CVE-2025-40211}
- fbdev: atyfb: Check if pll_ops->init_pll failed (Daniel Palmer)
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (Miaoqian Lin)
- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (Filipe Manana)
- x86/bugs: Fix reporting of LFENCE retpoline (David Kaplan)
- net/sched: sch_qfq: Fix null-deref in agg_dequeue (Xiang Mei) [Orabug: 38597085] {CVE-2025-40083}

[5.4.17-2136.352.1]
- RDMA/cm: Rate limit destroy CM ID timeout error message (Håkon Bugge) [Orabug: 38753401]
- soc/pensando: giglio: hack dts to make things right (Rob Gardner) [Orabug: 38688154]
- soc/pensando: Add AMD Pensando Giglio SoC support (Brad Larson) [Orabug: 38688154]
- soc/pensando: psci support (David Clear) [Orabug: 38688154]
- soc/pensando: Giglio SoC eMMC interrupt driver (Brad Larson) [Orabug: 38688154]

[5.4.17-2136.351.3]
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38715366]
- fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38702507]
- uek-rpm: Replace check-kabi tool with kabi (Yifei Liu) [Orabug: 38673382]
- uek-rpm: Introduce check function for uek-rpm/tools/kabi (Yifei Liu) [Orabug: 38673382]

[5.4.17-2136.351.2]
- uek-rpm: kabi: Remove the kabi protection for debug kernels (Yifei Liu) [Orabug: 38609548]
- rds: Add smp_rmb before reading c_destroy_in_prog (Håkon Bugge) [Orabug: 38352486]
- uio_hv_generic: Set event for all channels on the device (Long Li)
- ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel)
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng)

[5.4.17-2136.351.1]
- scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (Sumit Saxena) [Orabug: 38630482]

[5.4.17-2136.350.3]
- net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506370]

[5.4.17-2136.350.2]
- LTS tag: v5.4.301 (Alok Tiwari)
- net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg (Zhengchao Shao)
- media: s5p-mfc: remove an unused/uninitialized variable (Arnd Bergmann)
- NFSD: Fix last write offset handling in layoutcommit (Sergey Bashirov)
- NFSD: Minor cleanup in layoutcommit processing (Sergey Bashirov)
- padata: Reset next CPU when reorder sequence wraps around (Xiao Liang)
- KEYS: trusted_tpm1: Compare HMAC values in constant time (Eric Biggers)
- NFSD: Define a proc_layoutcommit for the FlexFiles layout type (Chuck Lever) [Orabug: 38601819] {CVE-2025-40087}
- vfs: Don't leak disconnected dentries on umount (Jan Kara) [Orabug: 38601924] {CVE-2025-40105}
- jbd2: ensure that all ongoing I/O complete before freeing blocks (Zhang Yi)
- ext4: detect invalid INLINE_DATA + EXTENTS flag combination (Deepanshu Kartikey) [Orabug: 38649223] {CVE-2025-40167}
- drm/amdgpu: use atomic functions with memory barriers for vm fault info (Gui-Dong Han)
- ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() (Theodore Ts'O) [Orabug: 38649412] {CVE-2025-40198}
- spi: cadence-quadspi: Flush posted register writes before DAC access (Pratyush Yadav)
- spi: cadence-quadspi: Flush posted register writes before INDAC access (Pratyush Yadav)
- memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe (Zhen Ni)
- memory: samsung: exynos-srom: Correct alignment (Krzysztof Kozlowski)
- arm64: errata: Apply workarounds for Neoverse-V3AE (Mark Rutland)
- arm64: cputype: Add Neoverse-V3AE definitions (Mark Rutland)
- comedi: fix divide-by-zero in comedi_buf_munge() (Deepanshu Kartikey)
- binder: remove "invalid inc weak" check (Alice Ryhl)
- xhci: dbc: enable back DbC in resume if it was enabled before suspend (Mathias Nyman)
- usb/core/quirks: Add Huawei ME906S to wakeup quirk (Tim Guttzeit)
- USB: serial: option: add Telit FN920C04 ECM compositions (Li Qingwu)
- USB: serial: option: add Quectel RG255C (Reinhard Speyerer)
- USB: serial: option: add UNISOC UIS7720 (Renjun Wang)
- net: ravb: Ensure memory write completes before ringing TX doorbell (Lad Prabhakar)
- net: usb: rtl8150: Fix frame padding (Michał Pecio)
- ocfs2: clear extent cache after moving/defragmenting extents (Deepanshu Kartikey) [Orabug: 38730547] {CVE-2025-40233}
- MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering (Maciej W. Rozycki)
- Revert "cpuidle: menu: Avoid discarding useful information" (Rafael J. Wysocki)
- net: bonding: fix possible peer notify event loss or dup issue (Tonghao Zhang)
- sctp: avoid NULL dereference when chunk data buffer is missing (Alexey Simakov) [Orabug: 38730567] {CVE-2025-40240}
- arm64, mm: avoid always making PTE dirty in pte_mkwrite() (Huang, Ying)
- net: enetc: correct the value of ENETC_RXB_TRUESIZE (Wei Fang)
- rtnetlink: Allow deleting FDB entries in user namespace (Johannes Wiesboeck)
- net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del (Nikolay Aleksandrov)
- net: add ndo_fdb_del_bulk (Nikolay Aleksandrov)
- net: rtnetlink: add bulk delete support flag (Nikolay Aleksandrov)
- net: netlink: add NLM_F_BULK delete request modifier (Nikolay Aleksandrov)
- net: rtnetlink: use BIT for flag values (Nikolay Aleksandrov)
- net: rtnetlink: add helper to extract msg type's kind (Nikolay Aleksandrov)
- net: rtnetlink: add msg kind names (Nikolay Aleksandrov)
- net: rtnetlink: remove redundant assignment to variable err (Colin Ian King)
- m68k: bitops: Fix find_*_bit() signatures (Geert Uytterhoeven)
- hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() (Yangtao Li)
- hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() (Viacheslav Dubeyko)
- dlm: check for defined force value in dlm_lockspace_release (Alexander Aring)
- hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() (Viacheslav Dubeyko)
- hfs: validate record offset in hfsplus_bmap_alloc (Yang Chenzhi)
- hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() (Viacheslav Dubeyko)
- hfs: make proper initalization of struct hfs_find_data (Viacheslav Dubeyko)
- hfs: clear offset and space out of valid records in b-tree node (Viacheslav Dubeyko)
- exec: Fix incorrect type for ret (Xichao Zhao)
- hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() (Viacheslav Dubeyko)
- ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings (Randy Dunlap)
- sched/fair: Fix pelt lost idle time detection (Vincent Guittot)
- sched/balancing: Rename newidle_balance() => sched_balance_newidle() (Ingo Molnar)
- sched/fair: Trivial correction of the newidle_balance() comment (Barry Song)
- sched: Make newidle_balance() static again (Chen Yu)
- tls: don't rely on tx_work during send() (Sabrina Dubroca)
- tls: always set record_type in tls_process_cmsg (Sabrina Dubroca)
- tg3: prevent use of uninitialized remote_adv and local_adv variables (Alexey Simakov)
- tcp: fix tcp_tso_should_defer() vs large RTT (Eric Dumazet)
- amd-xgbe: Avoid spurious link down messages during interface toggle (Raju Rangoju)
- net/ip6_tunnel: Prevent perpetual tunnel growth (Dmitry Safonov) [Orabug: 38649261] {CVE-2025-40173}
- net: dlink: handle dma_map_single() failure properly (Moon Yeounsu)
- net: dl2k: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- media: pci: ivtv: Add missing check after DMA map (Thomas Fourier)
- media: pci/ivtv: switch from 'pci_' to 'dma_' API (Christophe Jaillet)
- xen/events: Update virq_to_irq on migration (Jason Andryuk)
- media: lirc: Fix error handling in lirc_register() (Ma Ke)
- media: rc: Directly use ida_free() (Keliu)
- drm/exynos: exynos7_drm_decon: remove ctx->suspended (Kaustabh Chakraborty)
- btrfs: avoid potential out-of-bounds in btrfs_encode_fh() (Anderson Nascimento) [Orabug: 38649463] {CVE-2025-40205}
- pwm: berlin: Fix wrong register in suspend/resume (Jisheng Zhang)
- media: cx18: Add missing check after DMA map (Thomas Fourier)
- xen/events: Cleanup find_virq() return codes (Jason Andryuk)
- cramfs: Verify inode mode when loading from disk (Tetsuo Handa)
- fs: Add 'initramfs_options' to set initramfs mount options (Lichen Liu)
- pid: Add a judgment for ns null in pid_nr_ns (Gaoxiang17) [Orabug: 38649276] {CVE-2025-40178}
- minixfs: Verify inode mode when loading from disk (Tetsuo Handa)
- tracing: Fix race condition in kprobe initialization causing NULL pointer dereference (Yuan Chen) [Orabug: 38592033] {CVE-2025-40042}
- dm: fix NULL pointer dereference in __dm_suspend() (Zheng Qixing) [Orabug: 38649057] {CVE-2025-40134}
- mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag (Hans de Goede)
- mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type (Andy Shevchenko)
- mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value (Hans de Goede)
- Squashfs: reject negative file sizes in squashfs_read_inode() (Phillip Lougher) [Orabug: 38649425] {CVE-2025-40200}
- Squashfs: add additional inode sanity checking (Phillip Lougher)
- media: mc: Clear minor number before put device (Edward Adam Davis) [Orabug: 38649399] {CVE-2025-40197}
- mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() (Bartosz Golaszewski)
- fs: udf: fix OOB read in lengthAllocDescs handling (Larshin Sergey) [Orabug: 38592048] {CVE-2025-40044}
- KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O (Sean Christopherson) [Orabug: 38591959] {CVE-2025-40026}
- net/9p: fix double req put in p9_fd_cancelled (Nalivayko Sergey) [Orabug: 38591965] {CVE-2025-40027}
- ext4: guard against EA inode refcount underflow in xattr update (Ahmet Eray Karadag) [Orabug: 38649330] {CVE-2025-40190}
- ext4: correctly handle queries for metadata mappings (Ojaswin Mujoo)
- ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() (Yongjian Sun)
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia)
- x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) (Sean Christopherson)
- x86/umip: Check that the instruction opcode is at least two bytes (Sean Christopherson)
- PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit (Siddharth Vadapalli)
- PCI/AER: Fix missing uevent on recovery when a reset is requested (Niklas Schnelle)
- PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV (Niklas Schnelle) [Orabug: 38730513] {CVE-2025-40219}
- rseq/selftests: Use weak symbol reference, not definition, to link with glibc (Sean Christopherson)
- rtc: interface: Fix long-standing race when setting alarm (Esben Haabendal)
- rtc: interface: Ensure alarm irq is enabled when UIE is enabled (Esben Haabendal)
- mmc: core: SPI mode remove cmd7 (Rex Chen)
- mtd: rawnand: fsmc: Default to autodetect buswidth (Linus Walleij)
- sparc: fix error handling in scan_one_device() (Ma Ke)
- sparc64: fix hugetlb for sun4u (Anthony Yznaga)
- sctp: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 38649451] {CVE-2025-40204}
- scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() (Thorsten Blum)
- parisc: don't reference obsolete termio struct for TC* constants (Sam James)
- lib/genalloc: fix device leak in of_gen_pool_get() (Johan Hovold)
- iio: frequency: adf4350: Fix prescaler usage. (Michael Hennerich)
- iio: dac: ad5421: use int type to store negative error codes (Rong Qianfeng)
- iio: dac: ad5360: use int type to store negative error codes (Rong Qianfeng)
- crypto: atmel - Fix dma_unmap_sg() direction (Thomas Fourier)
- cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() (Rafael J. Wysocki) [Orabug: 38649367] {CVE-2025-40194}
- drm/nouveau: fix bad ret code in nouveau_bo_move_prep (Shuhao Fu)
- media: i2c: mt9v111: fix incorrect type for ret (Rong Qianfeng)
- firmware: meson_sm: fix device leak at probe (Johan Hovold)
- xen/manage: Fix suspend error path (Lukas Wunner)
- arm64: dts: qcom: msm8916: Add missing MDSS reset (Stephan Gerhold)
- ACPI: debug: fix signedness issues in read/write helpers (Amir Mohammad Jahangirzad)
- ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT (Daniel Tang)
- tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single (Gunnar Kudrjavets)
- tpm, tpm_tis: Claim locality before writing interrupt registers (Lino Sanfilippo)
- crypto: essiv - Check ssize for decryption and in-place encryption (Herbert Xu) [Orabug: 38581456,38705546] {CVE-2025-40019}
- mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes (Harini T)
- mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call (Harini T)
- tools build: Align warning options with perf (Leo Yan)
- net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe (Erick Karanja)
- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Kuniyuki Iwashima) [Orabug: 38649579] {CVE-2025-40186}
- net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() (Alexandr Sapozhnikov) [Orabug: 38649313] {CVE-2025-40187}
- drm/vmwgfx: Fix Use-after-free in validation (Ian Forbes) [Orabug: 38643546] {CVE-2025-40111}
- net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() (Dan Carpenter)
- scsi: mvsas: Fix use-after-free bugs in mvs_work_queue (Duoming Zhou) [Orabug: 38557654] {CVE-2025-40001}
- scsi: mvsas: Use sas_task_find_rq() for tagging (John Garry)
- scsi: mvsas: Delete mvs_tag_init() (John Garry)
- scsi: libsas: Add sas_task_find_rq() (John Garry)
- clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver (Alok Tiwari)
- clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() (Brian Masney)
- perf session: Fix handling when buffer exceeds 2 GiB (Leo Yan)
- rtc: x1205: Fix Xicor X1205 vendor prefix (Rob Herring)
- perf util: Fix compression checks returning -1 as bool (Yunseong Kim)
- iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE (Michael Hennerich)
- clocksource/drivers/clps711x: Fix resource leaks in error paths (Zhen Ni)
- pinctrl: check the return value of pinmux_ops::get_function_name() (Bartosz Golaszewski) [Orabug: 38591981] {CVE-2025-40030}
- Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak (Zhen Ni) [Orabug: 38592002] {CVE-2025-40035}
- mm: hugetlb: avoid soft lockup when mprotect to large memory area (Yang Shi) [Orabug: 38649150] {CVE-2025-40153}
- uio_hv_generic: Let userspace take care of interrupt mask (Naman Jain) [Orabug: 38592067] {CVE-2025-40048}
- Squashfs: fix uninit-value in squashfs_get_parent (Phillip Lougher) [Orabug: 38592077] {CVE-2025-40049}
- net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable (Kohei Enju)
- nfp: fix RSS hash key size when RSS is not supported (Kohei Enju)
- drivers/base/node: fix double free in register_one_node() (Donet Tom)
- ocfs2: fix double free in user_cluster_connect() (Dan Carpenter) [Orabug: 38592110] {CVE-2025-40055}
- net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast (I Viswanath) [Orabug: 38649096] {CVE-2025-40140}
- RDMA/siw: Always report immediate post SQ errors (Bernard Metzler)
- usb: vhci-hcd: Prevent suspending virtually attached devices (Cristian Ciocaltea)
- scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() (Ranjan Kumar) [Orabug: 38648982] {CVE-2025-40115}
- ipvs: Defer ip_vs_ftp unregister during netns cleanup (Slavin Liu) [Orabug: 38581446] {CVE-2025-40018}
- NFSv4.1: fix backchannel max_resp_sz verification check (Anthony Iliopoulos)
- remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice (Stephan Gerhold)
- sparc: fix accurate exception reporting in copy_{from,to}_user for M7 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_to_user for Niagara 4 (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III (Michael Karcher)
- sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC (Michael Karcher)
- IB/sa: Fix sa_local_svc_timeout_ms read race (Vlad Dumitrescu)
- RDMA/core: Resolve MAC of next-hop device without ARP support (Parav Pandit)
- wifi: mt76: fix potential memory leak in mt76_wmac_probe() (Abdun Nihaal)
- drivers/base/node: handle error properly in register_one_node() (Donet Tom)
- watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog (Christophe Leroy)
- netfilter: ipset: Remove unused htable_bits in macro ahash_region (Zhen Ni)
- iio: consumers: Fix offset handling in iio_convert_raw_to_processed() (Hans de Goede)
- ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping (Takashi Iwai)
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (Takashi Iwai)
- ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping (Takashi Iwai)
- pps: fix warning in pps_register_cdev when register device fail (Wang Liang) [Orabug: 38592170] {CVE-2025-40070}
- misc: genwqe: Fix incorrect cmd field being reported in error (Colin Ian King)
- usb: gadget: configfs: Correctly set use_os_string at bind (William Wu)
- usb: phy: twl6030: Fix incorrect type for ret (Xichao Zhao)
- tcp: fix __tcp_close() to only send RST when required (Eric Dumazet)
- PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation (Alok Tiwari)
- wifi: mwifiex: send world regulatory domain to driver (Stefan Kerkmann)
- ALSA: lx_core: use int type to store negative error codes (Rong Qianfeng)
- media: rj54n1cb0c: Fix memleak in rj54n1_probe() (Zhang Shurong)
- scsi: myrs: Fix dma_alloc_coherent() error check (Thomas Fourier)
- scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod (Niklas Cassel) [Orabug: 38649567] {CVE-2025-40118}
- serial: max310x: Add error checking in probe() (Dan Carpenter)
- usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup (Dan Carpenter)
- drm/radeon/r600_cs: clean up of dead code in r600_cs (Brahmajit Das)
- i2c: designware: Add disabling clocks when probe fails (Kunihiko Hayashi)
- i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD (Leilk Liu)
- bpf: Explicitly check accesses to bpf_sock_addr (Paul Chaignon) [Orabug: 38592205] {CVE-2025-40078}
- selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported (Akhilesh Patil)
- pwm: tiehrpwm: Fix corner case in clock divisor calculation (Uwe Kleine-König)
- block: use int to store blk_stack_limits() return value (Rong Qianfeng)
- blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx (Li Nan) [Orabug: 38649026] {CVE-2025-40125}
- pinctrl: meson-gxl: add missing i2c_d pinmux (Da Xue)
- soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS (Sneh Mankad)
- ACPI: processor: idle: Fix memory leak when register cpuidle device failed (Huisong Li)
- regmap: Remove superfluous check for !config in __regmap_init() (Geert Uytterhoeven)
- x86/vdso: Fix output operand size of RDPID (Uros Bizjak)
- perf: arm_spe: Prevent overflow in PERF_IDX2OFF() (Leo Yan) [Orabug: 38592223] {CVE-2025-40081}
- driver core/PM: Set power.no_callbacks along with power.no_pm (Rafael J. Wysocki)
- staging: axis-fifo: flush RX FIFO on read errors (Ovidiu Panait)
- staging: axis-fifo: fix maximum TX packet length check (Ovidiu Panait)
- perf subcmd: avoid crash in exclude_cmds when excludes is empty (Hupu)
- dm-integrity: limit MAX_TAG_SIZE to 255 (Mikulas Patocka)
- wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 (Bitterblue Smith)
- USB: serial: option: add SIMCom 8230C compositions (Xiaowei Li)
- media: rc: fix races with imon_disconnect() (Larshin Sergey) [Orabug: 38548027] {CVE-2025-39993}
- media: imon: grab lock earlier in imon_ir_change_protocol() (Tetsuo Handa)
- media: imon: reorganize serialization (Tetsuo Handa)
- media: rc: Add support for another iMON 0xffdc device (Flavius Georgescu)
- media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe (Duoming Zhou) [Orabug: 38548044] {CVE-2025-39995}
- media: tuner: xc5000: Fix use-after-free in xc5000_release (Duoming Zhou) [Orabug: 38548037] {CVE-2025-39994}
- media: tunner: xc5000: Refactor firmware load (Ricardo Ribalda)
- udp: Fix memory accounting leak. (Kuniyuki Iwashima) [Orabug: 37844325] {CVE-2025-22058}
- media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove (Duoming Zhou) [Orabug: 38548051] {CVE-2025-39996}
- scsi: target: target_core_configfs: Add length check to avoid buffer overflow (Wang Haoran) [Orabug: 38548059] {CVE-2025-39998}
- LTS tag: v5.4.300 (Alok Tiwari)
- KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active (Maciej S. Szmigiero)
- mm/hugetlb: fix folio is still mapped when deleted (Tu Jinjiang) [Orabug: 38560482] {CVE-2025-40006}
- i40e: add mask to apply valid bits for itr_idx (Lukasz Czapnik)
- i40e: fix validation of VF state in get resources (Lukasz Czapnik) [Orabug: 38547929] {CVE-2025-39969}
- i40e: fix idx validation in config queues msg (Lukasz Czapnik) [Orabug: 38547938] {CVE-2025-39971}
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38547952,38604168,38604171] {CVE-2025-39973}
- i40e: increase max descriptors for XL710 (Justin Bronder)
- mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (David Hildenbrand)
- fbcon: Fix OOB access in font allocation (Thomas Zimmermann)
- fbcon: fix integer overflow in fbcon_do_set_font (Samasth Norway Ananda) [Orabug: 38547913] {CVE-2025-39967}
- i40e: add max boundary check for VF filters (Lukasz Czapnik) [Orabug: 38547923] {CVE-2025-39968}
- i40e: fix input validation logic for action_meta (Lukasz Czapnik) [Orabug: 38547933] {CVE-2025-39970}
- i40e: fix idx validation in i40e_validate_queue_map (Lukasz Czapnik) [Orabug: 38547946] {CVE-2025-39972}
- drm/gma500: Fix null dereference in hdmi teardown (Zabelin Nikita) [Orabug: 38560496] {CVE-2025-40011}
- can: peak_usb: fix shift-out-of-bounds issue (Stephane Grosjean) [Orabug: 38581463] {CVE-2025-40020}
- can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: hi311x: populate ndo_change_mtu() to prevent buffer overflow (Vincent Mailhol)
- can: rcar_can: rcar_can_resume(): fix s2ram with PSCI (Geert Uytterhoeven)
- IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions (Or Har-Toov)
- usb: core: Add 0x prefix to quirks debug output (Jiayi Li)
- ALSA: usb-audio: Fix build with CONFIG_INPUT=n (Takashi Iwai)
- ALSA: usb-audio: Convert comma to semicolon (Chen Ni)
- ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 (Cristian Ciocaltea)
- ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Simplify NULL comparison in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Avoid multiple assignments in mixer_quirks (Cristian Ciocaltea)
- ALSA: usb-audio: Fix block comments in mixer_quirks (Cristian Ciocaltea)
- net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer (Hans de Goede)
- net: rfkill: gpio: add DT support (Philipp Zabel)
- serial: sc16is7xx: fix bug in flow control levels init (Hugo Villeneuve)
- USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels (Alan Stern)
- usb: gadget: dummy_hcd: remove usage of list iterator past the loop body (Jakob Koschel)
- ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message (Colin Ian King)
- ASoC: wm8974: Correct PLL rate rounding (Charles Keepax)
- ASoC: wm8940: Correct typo in control name (Charles Keepax)
- mmc: mvsdio: Fix dma_unmap_sg() nents value (Thomas Fourier)
- nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* (Nathan Chancellor)
- cnic: Fix use-after-free bugs in cnic_delete_task (Duoming Zhou) [Orabug: 38503849] {CVE-2025-39945}
- net: liquidio: fix overflow in octeon_init_instr_queue() (Alexey Nepomnyashih)
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Kuniyuki Iwashima) [Orabug: 38526388] {CVE-2025-39955}
- i40e: remove redundant memory barrier when cleaning Tx descs (Maciej Fijalkowski)
- net: natsemi: fix rx_dropped double accounting on netif_rx() failure (Moon Yeounsu)
- cgroup: split cgroup_destroy_wq into 3 workqueues (Chen Ridong) [Orabug: 38503892] {CVE-2025-39953}
- pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch (Geert Uytterhoeven)
- wifi: mac80211: fix incorrect type for ret (Liao Yuanhong)
- ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported (Takashi Sakamoto)
- mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (Miaohe Lin) [Orabug: 38461848] {CVE-2025-39883}
- phy: ti-pipe3: fix device leak at unbind (Johan Hovold)
- dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees (Stephan Gerhold) [Orabug: 38494822] {CVE-2025-39923}
- dmaengine: ti: edma: Fix memory allocation size for queue_priority_map (Anders Roxell)
- can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails (Tetsuo Handa)
- can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed (Tetsuo Handa)
- i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path (Michal Schmidt) [Orabug: 38494787] {CVE-2025-39911}
- i40e: Use irq_update_affinity_hint() (Nitesh Narayan Lal)
- genirq: Provide new interfaces for affinity hints (Thomas Gleixner)
- genirq: Export affinity setter for modules (Thomas Gleixner)
- genirq/affinity: Add irq_update_affinity_desc() (John Garry)
- igb: fix link test skipping when interface is admin down (Kohei Enju)
- net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() (Stefan Wahren)
- USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FN990A w/audio compositions (Fabio Porcedda)
- tty: hvc_console: Call hvc_kick in hvc_write unconditionally (Fabian Vogt)
- mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing (Alexander Sverdlin)
- mtd: nand: raw: atmel: Fix comment in timings preparation (Alexander Dahl)
- mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer (Christophe Kerello)
- mm/khugepaged: fix the address passed to notifier on testing young (Wei Yang)
- fuse: prevent overflow in copy_file_range return value (Miklos Szeredi)
- fuse: check if copy_file_range() returns larger than requested size (Miklos Szeredi)
- mtd: rawnand: stm32_fmc2: fix ECC overwrite (Christophe Kerello)
- ocfs2: fix recursive semaphore deadlock in fiemap call (Mark Tinguely) [Orabug: 38461859] {CVE-2025-39885}
- EDAC/altera: Delete an inappropriate dma_free_coherent() call (Salah Triki)
- tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. (Kuniyuki Iwashima) [Orabug: 38494797] {CVE-2025-39913}
- net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. (Kuniyuki Iwashima) [Orabug: 37901604] {CVE-2025-23143}

ELSA-2026-1537 Moderate: Oracle Linux 7 python security update

Oracle Linux Security Advisory ELSA-2026-1537

http://linux.oracle.com/errata/ELSA-2026-1537.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
python-2.7.5-94.0.3.el7_9.x86_64.rpm
python-debug-2.7.5-94.0.3.el7_9.x86_64.rpm
python-devel-2.7.5-94.0.3.el7_9.x86_64.rpm
python-libs-2.7.5-94.0.3.el7_9.i686.rpm
python-libs-2.7.5-94.0.3.el7_9.x86_64.rpm
python-test-2.7.5-94.0.3.el7_9.x86_64.rpm
python-tools-2.7.5-94.0.3.el7_9.x86_64.rpm
tkinter-2.7.5-94.0.3.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/python-2.7.5-94.0.3.el7_9.src.rpm

Related CVEs:

CVE-2025-12084

Description of changes:

[2.7.5-94.0.3]
- Fix for CVE-2025-12084 [Orabug: 38902314]

Fontforge, NodeJS, Thunderbird, and more updates for AlmaLinux

Govulncheck-Vulndb and Chromium updates for SUSE

Kernel, FreeRDP, Dtrace, and more updates for Oracle Linux

ELSA-2026-50094 Important: Unbreakable Enterprise kernel security update

ELSA-2026-2222 Important: Oracle Linux 10 freerdp security update

ELBA-2026-50099 dtrace bug fix update

ELSA-2026-2286 Important: Oracle Linux 10 thunderbird security update

ELSA-2026-2271 Important: Oracle Linux 10 firefox security update

ELSA-2026-2230 Important: Oracle Linux 10 fontforge security update

ELSA-2026-2225 Critical: Oracle Linux 10 keylime security update

ELSA-2026-50094 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

ELBA-2026-50099 Oracle Linux 9 dtrace bug fix update

ELBA-2026-50098 Oracle Linux 9 dtrace bug fix update

ELSA-2026-2224 Critical: Oracle Linux 9 keylime security update

ELSA-2026-2216 Important: Oracle Linux 9 libsoup security update

ELBA-2026-50098 Oracle Linux 9 dtrace bug fix update

ELSA-2026-50095 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELBA-2026-50097 Oracle Linux 8 dtrace bug fix update

ELSA-2026-50100 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELSA-2026-50100 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELBA-2026-50084 Oracle Linux 8 dtrace bug fix update

ELBA-2026-50085 Oracle Linux 8 dtrace bug fix update

ELSA-2026-50100 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

ELSA-2026-1537 Moderate: Oracle Linux 7 python security update

Windows

Linux

macOS

Community