Kernel, GnuTLS, NSS, an dmore updates for Oracle Linux

Oracle Linux 6455 Published 2026-03-10 07:34 by Philipp Esselbach

News

ELBA-2026-3530 Oracle Linux 10 kernel bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2026-3530

http://linux.oracle.com/errata/ELBA-2026-3530.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-abi-stablelists-6.12.0-124.40.1.el10_1.noarch.rpm
kernel-core-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-cross-headers-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-debug-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-debug-core-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-debug-devel-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-debug-devel-matched-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-debug-modules-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-debug-modules-core-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-debug-modules-extra-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-debug-uki-virt-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-devel-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-devel-matched-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-doc-6.12.0-124.40.1.el10_1.noarch.rpm
kernel-headers-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-modules-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-modules-core-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-modules-extra-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-modules-extra-matched-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-tools-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-tools-libs-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-tools-libs-devel-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-uki-virt-6.12.0-124.40.1.el10_1.x86_64.rpm
kernel-uki-virt-addons-6.12.0-124.40.1.el10_1.x86_64.rpm
libperf-6.12.0-124.40.1.el10_1.x86_64.rpm
perf-6.12.0-124.40.1.el10_1.x86_64.rpm
python3-perf-6.12.0-124.40.1.el10_1.x86_64.rpm
rtla-6.12.0-124.40.1.el10_1.x86_64.rpm
rv-6.12.0-124.40.1.el10_1.x86_64.rpm

aarch64:
kernel-cross-headers-6.12.0-124.40.1.el10_1.aarch64.rpm
kernel-headers-6.12.0-124.40.1.el10_1.aarch64.rpm
kernel-tools-6.12.0-124.40.1.el10_1.aarch64.rpm
kernel-tools-libs-6.12.0-124.40.1.el10_1.aarch64.rpm
kernel-tools-libs-devel-6.12.0-124.40.1.el10_1.aarch64.rpm
libperf-6.12.0-124.40.1.el10_1.aarch64.rpm
perf-6.12.0-124.40.1.el10_1.aarch64.rpm
python3-perf-6.12.0-124.40.1.el10_1.aarch64.rpm
rtla-6.12.0-124.40.1.el10_1.aarch64.rpm
rv-6.12.0-124.40.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-124.40.1.el10_1.src.rpm

Description of changes:

[6.12.0-124.40.1]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 Mountains)
- Run javap with the disassembled code (-c) option now required for -l by JDK-8345145
- Remove default.policy and java.policy following JDK-8338411: "Permanently Disable the Security Manager"
- Make man page handling dependent on pandoc being available during the portable build
- Handle new CDS archive variants (*_coh*) added by Compact Object Headers (JDK-8305895)
- Add missing man page alternatives for jdeprscan, jfr, jhsdb, jimage, jlink & jmod and fix alphabetical ordering
- Support jnativescan added by JDK-8317611: "Add a tool like jdeprscan to find usage of restricted methods"
- Add recent native libraries to _privatelibs (libjsvml.so, libsimdsort.so, libsyslookup.so)
- Support libsleef on AArch64 & RISC-V added by JDK-8329816, JDK-8320500 (RISC-V) & JDK-8312425 (AArch64)
- Remove superfluous backslashes that cause two alternative commands to be combined
- Sync the copy of the portable specfile with the latest update
- Resolves: RHEL-126022

ELSA-2026-3516 Important: Oracle Linux 9 thunderbird security update

Oracle Linux Security Advisory ELSA-2026-3516

http://linux.oracle.com/errata/ELSA-2026-3516.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-140.8.0-1.0.1.el9_7.x86_64.rpm

aarch64:
thunderbird-140.8.0-1.0.1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/thunderbird-140.8.0-1.0.1.el9_7.src.rpm

Related CVEs:

CVE-2026-2447
CVE-2026-2757
CVE-2026-2758
CVE-2026-2759
CVE-2026-2760
CVE-2026-2761
CVE-2026-2762
CVE-2026-2763
CVE-2026-2764
CVE-2026-2765
CVE-2026-2766
CVE-2026-2767
CVE-2026-2768
CVE-2026-2769
CVE-2026-2770
CVE-2026-2771
CVE-2026-2772
CVE-2026-2773
CVE-2026-2774
CVE-2026-2775
CVE-2026-2776
CVE-2026-2777
CVE-2026-2778
CVE-2026-2779
CVE-2026-2780
CVE-2026-2781
CVE-2026-2782
CVE-2026-2783
CVE-2026-2784
CVE-2026-2785
CVE-2026-2786
CVE-2026-2787
CVE-2026-2788
CVE-2026-2789
CVE-2026-2790
CVE-2026-2791
CVE-2026-2792
CVE-2026-2793

Description of changes:

[140.8.0-1.0.1]
- Fix prefs for new nss [Orabug: 37079813]
- Add Oracle prefs

[140.8.0]
- Add OpenELA debranding

[140.8.0-1]
- Update to 140.8.0 ESR

ELBA-2026-1353 Oracle Linux 9 linux-firmware bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2026-1353

http://linux.oracle.com/errata/ELBA-2026-1353.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.46.el9.noarch.rpm
iwl100-firmware-39.31.5.1-999.46.el9.noarch.rpm
iwl105-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl135-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl2000-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl2030-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl3160-firmware-25.30.13.0-999.46.el9.noarch.rpm
iwl3945-firmware-15.32.2.9-999.46.el9.noarch.rpm
iwl4965-firmware-228.61.2.24-999.46.el9.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.46.el9.noarch.rpm
iwl5150-firmware-8.24.2.2-999.46.el9.noarch.rpm
iwl6000-firmware-9.221.4.1-999.46.el9.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl6050-firmware-41.28.5.1-999.46.el9.noarch.rpm
iwl7260-firmware-25.30.13.0-999.46.el9.noarch.rpm
iwlax2xx-firmware-20260209-999.46.el9.noarch.rpm
libertas-sd8686-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-sd8787-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-usb8388-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-usb8388-olpc-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-core-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-whence-20260209-999.46.gitd87f4693.el9.noarch.rpm
liquidio-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
netronome-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.46.el9.noarch.rpm
iwl100-firmware-39.31.5.1-999.46.el9.noarch.rpm
iwl105-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl135-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl2000-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl2030-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl3160-firmware-25.30.13.0-999.46.el9.noarch.rpm
iwl3945-firmware-15.32.2.9-999.46.el9.noarch.rpm
iwl4965-firmware-228.61.2.24-999.46.el9.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.46.el9.noarch.rpm
iwl5150-firmware-8.24.2.2-999.46.el9.noarch.rpm
iwl6000-firmware-9.221.4.1-999.46.el9.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl6050-firmware-41.28.5.1-999.46.el9.noarch.rpm
iwl7260-firmware-25.30.13.0-999.46.el9.noarch.rpm
iwlax2xx-firmware-20260209-999.46.el9.noarch.rpm
libertas-sd8686-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-sd8787-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-usb8388-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-usb8388-olpc-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-core-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-whence-20260209-999.46.gitd87f4693.el9.noarch.rpm
liquidio-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
netronome-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/linux-firmware-20260209-999.46.gitd87f4693.el9.src.rpm

Description of changes:

[20260209-999.46.gitd87f4693.el9]
- Rebase to latest upstream [Orabug: 38858080]

ELSA-2026-3507 Important: Oracle Linux 9 valkey security update

Oracle Linux Security Advisory ELSA-2026-3507

http://linux.oracle.com/errata/ELSA-2026-3507.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
valkey-8.0.7-1.el9_7.x86_64.rpm
valkey-devel-8.0.7-1.el9_7.x86_64.rpm

aarch64:
valkey-8.0.7-1.el9_7.aarch64.rpm
valkey-devel-8.0.7-1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/valkey-8.0.7-1.el9_7.src.rpm

Related CVEs:

CVE-2025-67733
CVE-2026-21863

Description of changes:

[8.0.7-1]
- Rebase to 8.0.7 for CVE-2026-21863 CVE-2025-67733

ELBA-2026-3474 Oracle Linux 9 selinux-policy bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2026-3474

http://linux.oracle.com/errata/ELBA-2026-3474.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
selinux-policy-38.1.65-1.0.1.el9_7.1.noarch.rpm
selinux-policy-devel-38.1.65-1.0.1.el9_7.1.noarch.rpm
selinux-policy-doc-38.1.65-1.0.1.el9_7.1.noarch.rpm
selinux-policy-mls-38.1.65-1.0.1.el9_7.1.noarch.rpm
selinux-policy-sandbox-38.1.65-1.0.1.el9_7.1.noarch.rpm
selinux-policy-targeted-38.1.65-1.0.1.el9_7.1.noarch.rpm

aarch64:
selinux-policy-38.1.65-1.0.1.el9_7.1.noarch.rpm
selinux-policy-devel-38.1.65-1.0.1.el9_7.1.noarch.rpm
selinux-policy-doc-38.1.65-1.0.1.el9_7.1.noarch.rpm
selinux-policy-mls-38.1.65-1.0.1.el9_7.1.noarch.rpm
selinux-policy-sandbox-38.1.65-1.0.1.el9_7.1.noarch.rpm
selinux-policy-targeted-38.1.65-1.0.1.el9_7.1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/selinux-policy-38.1.65-1.0.1.el9_7.1.src.rpm

Description of changes:

[38.1.65-1.0.1.el9_7.1]
- Fixed avc for agetty checkpoint restore denied [Orabug: 36893425]
- Change reference in /etc/selinux/config to point to Oracle doc [Orabug: 36899915]
- Allow user_mail_domain to manage exim_log_t and exim_spool_t link files [Orabug: 36617121]
- Allow exim read network sysctls [Orabug: 36606051]
- Allow exim_t to read exim_log_t and manage exim_spool_t link files [Orabug: 36430005]
- Allow cgred_t to get attributes of cgroup filesystems [Orabug: 36176655]
- Allow kdumpctl_t to execmem [Orabug: 35381156]
- Allow NetworkManager_dispatcher_dhclient_t to execute shells without a domain transition [Orabug: 35091334]
- Allow NetworkManager_dispatcher_dhclient_t to read the DHCP configuration files [Orabug: 35122619]
- Label /var/log/kdump.log with kdump_log_t [Orabug: 33810371]
- Allow rpm_t sys_admin capability [Orabug: 34250651]
- Make systemd_tmpfiles_t MLS trusted for lowering the level of files [Orabug: 33841245]
- Allow nfsd_t to list exports_t dirs [Orabug: 33844301]
- Allow fsadm_t to get attributes of cgroup filesystems [Orabug: 33841268]
- Make import-state work with mls policy [Orabug: 32636699]
- Add map permission to lvm_t on lvm_metadata_t. [Orabug: 31405325]
- Add comment for map on lvm_metadata_t. [Orabug: 31405325]
- Make iscsiadm work with mls policy [Orabug: 32725411]
- Make cloud-init work with mls policy [Orabug: 32430460]
- Allow systemd-pstore to transfer files from /sys/fs/pstore [Orabug: 31594666]
- Make smartd work with mls policy [Orabug: 32430379]
- Allow sysadm_t to mmap modules_object_t files [Orabug: 32411855]
- Make udev work with mls policy [Orabug: 31405299]
- Make lsmd, rngd, and kdumpctl work with mls policy [Orabug: 31405378]
- Allow virt_domain to mmap virt_content_t files [Orabug: 30932671]
- Enable NetworkManager and dhclient to use initramfs-configured DHCP connection [Orabug: 30537515]
- Allow udev_t to load modules [Orabug: 28260775]
- Add vhost-scsi to be vhost_device_t type [Orabug: 27774921]
- Fix container selinux policy [Orabug: 26427364]
- Allow ocfs2_dlmfs to be mounted with ocfs2_dlmfs_t type. [Orabug: 13333429]

[38.1.65-1.1]
- Allow nfsd_t domain setuid and setgid capability for rpc.mountd
Resolves: RHEL-148246

ELBA-2026-2789 Oracle Linux 9 linux-firmware bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2026-2789

http://linux.oracle.com/errata/ELBA-2026-2789.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.46.el9.noarch.rpm
iwl100-firmware-39.31.5.1-999.46.el9.noarch.rpm
iwl105-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl135-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl2000-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl2030-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl3160-firmware-25.30.13.0-999.46.el9.noarch.rpm
iwl3945-firmware-15.32.2.9-999.46.el9.noarch.rpm
iwl4965-firmware-228.61.2.24-999.46.el9.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.46.el9.noarch.rpm
iwl5150-firmware-8.24.2.2-999.46.el9.noarch.rpm
iwl6000-firmware-9.221.4.1-999.46.el9.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl6050-firmware-41.28.5.1-999.46.el9.noarch.rpm
iwl7260-firmware-25.30.13.0-999.46.el9.noarch.rpm
iwlax2xx-firmware-20260209-999.46.el9.noarch.rpm
libertas-sd8686-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-sd8787-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-usb8388-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-usb8388-olpc-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-core-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-whence-20260209-999.46.gitd87f4693.el9.noarch.rpm
liquidio-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
netronome-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.46.el9.noarch.rpm
iwl100-firmware-39.31.5.1-999.46.el9.noarch.rpm
iwl105-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl135-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl2000-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl2030-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl3160-firmware-25.30.13.0-999.46.el9.noarch.rpm
iwl3945-firmware-15.32.2.9-999.46.el9.noarch.rpm
iwl4965-firmware-228.61.2.24-999.46.el9.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.46.el9.noarch.rpm
iwl5150-firmware-8.24.2.2-999.46.el9.noarch.rpm
iwl6000-firmware-9.221.4.1-999.46.el9.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl6050-firmware-41.28.5.1-999.46.el9.noarch.rpm
iwl7260-firmware-25.30.13.0-999.46.el9.noarch.rpm
iwlax2xx-firmware-20260209-999.46.el9.noarch.rpm
libertas-sd8686-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-sd8787-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-usb8388-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-usb8388-olpc-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-core-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-whence-20260209-999.46.gitd87f4693.el9.noarch.rpm
liquidio-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
netronome-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/linux-firmware-20260209-999.46.gitd87f4693.el9.src.rpm

Description of changes:

[20260209-999.46.gitd87f4693.el9]
- Rebase to latest upstream [Orabug: 38858080]

ELBA-2025-23338 Oracle Linux 9 linux-firmware bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-23338

http://linux.oracle.com/errata/ELBA-2025-23338.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.46.el9.noarch.rpm
iwl100-firmware-39.31.5.1-999.46.el9.noarch.rpm
iwl105-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl135-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl2000-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl2030-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl3160-firmware-25.30.13.0-999.46.el9.noarch.rpm
iwl3945-firmware-15.32.2.9-999.46.el9.noarch.rpm
iwl4965-firmware-228.61.2.24-999.46.el9.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.46.el9.noarch.rpm
iwl5150-firmware-8.24.2.2-999.46.el9.noarch.rpm
iwl6000-firmware-9.221.4.1-999.46.el9.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl6050-firmware-41.28.5.1-999.46.el9.noarch.rpm
iwl7260-firmware-25.30.13.0-999.46.el9.noarch.rpm
iwlax2xx-firmware-20260209-999.46.el9.noarch.rpm
libertas-sd8686-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-sd8787-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-usb8388-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-usb8388-olpc-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-core-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-whence-20260209-999.46.gitd87f4693.el9.noarch.rpm
liquidio-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
netronome-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.46.el9.noarch.rpm
iwl100-firmware-39.31.5.1-999.46.el9.noarch.rpm
iwl105-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl135-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl2000-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl2030-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl3160-firmware-25.30.13.0-999.46.el9.noarch.rpm
iwl3945-firmware-15.32.2.9-999.46.el9.noarch.rpm
iwl4965-firmware-228.61.2.24-999.46.el9.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.46.el9.noarch.rpm
iwl5150-firmware-8.24.2.2-999.46.el9.noarch.rpm
iwl6000-firmware-9.221.4.1-999.46.el9.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.46.el9.noarch.rpm
iwl6050-firmware-41.28.5.1-999.46.el9.noarch.rpm
iwl7260-firmware-25.30.13.0-999.46.el9.noarch.rpm
iwlax2xx-firmware-20260209-999.46.el9.noarch.rpm
libertas-sd8686-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-sd8787-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-usb8388-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
libertas-usb8388-olpc-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-core-20260209-999.46.gitd87f4693.el9.noarch.rpm
linux-firmware-whence-20260209-999.46.gitd87f4693.el9.noarch.rpm
liquidio-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm
netronome-firmware-20260209-999.46.gitd87f4693.el9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/linux-firmware-20260209-999.46.gitd87f4693.el9.src.rpm

Description of changes:

[20260209-999.46.gitd87f4693.el9]
- Rebase to latest upstream [Orabug: 38858080]

ELSA-2026-50133 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50133

http://linux.oracle.com/errata/ELSA-2026-50133.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
bpftool-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-317.197.5.2.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek64k-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek64k-core-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek64k-devel-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek64k-modules-5.15.0-317.197.5.2.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-5.15.0-317.197.5.2.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-317.197.5.2.el9uek.src.rpm

Related CVEs:

CVE-2025-40149
CVE-2025-40256

Description of changes:

[5.15.0-317.197.5.2]
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca) [Orabug: 39016261]
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 39016261]
- Revert "xfrm: destroy xfrm_state synchronously on net exit path" (Sabrina Dubroca) [Orabug: 39016261]
- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (Kuniyuki Iwashima) [Orabug: 39016219] {CVE-2025-40149}
- net: Add locking to protect skb->dev access in ip_output (Sharath Chandra Vurukala) [Orabug: 39016219]

[5.15.0-317.197.5.1]
- Revert "net/rds: fix crash by expanding kref coverage to rds_incoming.i_conn" (Vijayendra Suman) [Orabug: 38961010]
- Revert "net/rds: expand kref coverage to rds_notifier->n_conn" (Sharath Srinivasan) [Orabug: 38961010]

[5.15.0-317.197.5]
- KVM: x86: conditionally clear masterclock request for uek=exadata (Dongli Zhang) [Orabug: 38801641]
- Partial backport of "KVM: x86: Fix software TSC upscaling in kvm_update_guest_time()" (Dongli Zhang) [Orabug: 38801641]
- uek-rpm: pensando: Move crashkernel to cnic-image-builder (Henry Willard) [Orabug: 38851137]
- ext4: drop dio overwrite only flag and associated warning (Brian Foster) [Orabug: 38381010]
- ext4: fix racy may inline data check in dio write (Brian Foster) [Orabug: 38381010]
- ext4: allow concurrent unaligned dio overwrites (Brian Foster) [Orabug: 38381010]
- ext4: dio take shared inode lock when overwriting preallocated blocks (Zhang Yi) [Orabug: 38381010]
- net: mana: Reduce waiting time if HWC not responding (Haiyang Zhang) [Orabug: 38172423]
- uek-rpm: hnic: add unique hnic signing certs (Tom Saeger) [Orabug: 38894488]
- drivers/soc/pensando/sbus: Secure mode support. (Hiren Mehta) [Orabug: 38894106]
- drivers/soc/pensando/pen_secure: Report register address on access errors (Maciej S. Szmigiero) [Orabug: 38894106]
- drivers/edac/elba_edac: Secure mode support (Hiren Mehta) [Orabug: 38894106]
- drivers/soc/pensando/bsm: Add secure-mode support. (Hiren Mehta) [Orabug: 38894106]
- drivers/soc/pensando/rstcause: Add secure mode support. (Hiren Mehta) [Orabug: 38894106]
- drivers/soc/pensando/penfw: New SMC support for secure-mode. (Hiren Mehta) [Orabug: 38894106]
- drivers/soc/pensando/sbus: Secure mode support (Hiren Mehta) [Orabug: 38894106]
- sunrpc: fix client side handling of tls alerts (Olga Kornievskaia) [Orabug: 38334981] {CVE-2025-38571}
- sunrpc: fix handling of server side tls alerts (Olga Kornievskaia) [Orabug: 38334968] {CVE-2025-38566}
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38730492] {CVE-2025-40215}

[5.15.0-317.197.4]
- gpio: mlxbf3: use platform_get_irq_optional() (David Thompson) [Orabug: 38755419]
- platform/mellanox: mlxbf-pmc: Fix duplicate event ID for CACHE_DATA1 (Alok Tiwari) [Orabug: 38755419]
- pinctrl: mlxbf3: Fix return value check for devm_platform_ioremap_resource (Chen Ni) [Orabug: 38755419]
- net/mlx5e: Query FW for buffer ownership (Alexei Lazar) [Orabug: 38755419]
- net/mlx5: Add IFC bits and enums for buf_ownership (Oren Sidi) [Orabug: 38755419]
- net/mlx5: Update mlx5_ifc to support FEC for 200G per lane link modes (Jianbo Liu) [Orabug: 38755419]
- net/mlx5e: Support FEC settings for 100G/lane modes (Cosmin Ratiu) [Orabug: 38755419]
- net/mlx5e: Extract checking of FEC support for a link mode (Cosmin Ratiu) [Orabug: 38755419]
- tcp: Set pingpong threshold via sysctl (Haiyang Zhang) [Orabug: 38853979]
- arm64: hnic: config: Add NBD driver (Patrick Colp) [Orabug: 38858773]
- arm64: pensando: Fix spec file for HNIC (Rob Gardner) [Orabug: 38858773]
- Enable additional drivers needed to support MIPS64 SmartNic (Vijay Kumar) [Orabug: 38846771]
- MIPS: Fix build error for mips ARCH_ATOMIC (Vijay Kumar) [Orabug: 38846771]
- Added atomic addition,subtraction functions. (Anagha K J) [Orabug: 38846771]
- Allocate the required IV size referenced by the cypher handle in init_state (Anagha K J) [Orabug: 38846771]
- Setting up numa system and memory initializations (Anagha K J) [Orabug: 38846771]
- Implemented clocksource provider driven by node-0 FPA_CLK_COUNT (Anagha K J) [Orabug: 38846771]
- Processor cache information made available to userspace (Anagha K J) [Orabug: 38846771]
- MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow (Thomas Bogendoerfer) [Orabug: 38851582]
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (Gopi Krishna Menon)
- ext4: clear i_state_flags when alloc inode (Haibo Chen)
- ext4: align max orphan file size with e2fsprogs limit (Baokun Li)
- PM: runtime: Do not clear needs_force_resume with enabled runtime PM (Rafael J. Wysocki)
- net: enetc: fix build warning when PAGE_SIZE is greater than 128K (Wei Fang)
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (Xiang Mei) [Orabug: 38783137] {CVE-2025-68325}
- block: fix comment for op_is_zone_mgmt() to include RESET_ALL (Shechenglong)
- fuse: fix readahead reclaim deadlock (Joanne Koong) [Orabug: 38847946] {CVE-2025-68821}
- i40e: validate ring_len parameter against hardware-specific values (Gregory Herrero)
- fs/ntfs3: fix mount failure for sparse runs in run_unpack() (Konstantin Komarov)
- ntfs3: init run lock for extend inode (Edward Adam Davis)

[5.15.0-317.197.3]
- kpcimgr: Enable loading firmware via kernel infrastructure (Joseph Dobosenski) [Orabug: 38546110]
- Move hnic crashkernel to cnic-image-builder (Henry Willard) [Orabug: 38546110]
- Bump supported capmem range count from 64 to 256 (Jan Setje-Eilers) [Orabug: 38546110]
- irqchip/pensando: Fix partial of_iomap() leak on error (#505) (Brad Larson) [Orabug: 38546110]
- pensando: Allow sparse allowed ranges in cap_mem (Maciej S. Szmigiero) [Orabug: 38546110]
- soc/pensando/cap-pcie: Handle zero-ed out MS_CFG_WDT_IDX/WDT_IDX (Joao Martins) [Orabug: 38546110]
- pensando: Enable penfw driver for smartnic (Jan Setje-Eilers) [Orabug: 38546110]
- irqchip/gic-v3-its: remove WARN_ON gic_reserve_range (Tom Saeger) [Orabug: 38546110]
- hnic: Disable CONFIG_OVERLAY_FS_INDEX (Patrick Colp) [Orabug: 38546110]
- pensando: missing diffs from AMD (Jan Setje-Eilers) [Orabug: 38546110]
- hnic: config: Build FUSE into the kernel (not as a module) (Patrick Colp) [Orabug: 38546110]
- hnic: config: Add DM_VERITY support (Patrick Colp) [Orabug: 38546110]
- hnic config: Add LOCKDOWN_LSM support (Patrick Colp) [Orabug: 38546110]
- Subject: uek-rpm: Build hostnic kernel for Pensando (Dave Kleikamp) [Orabug: 38546110]
- pensando: kpcimgr: support pcie port bifurcation (Darshan Prajapati) [Orabug: 38546110]
- Add changes for penfw and sbus.c for secureboot (Rahshekh) [Orabug: 38546110]
- arm64: GIC ITS MSI encapsulator address configured from device tree (Brad Larson) [Orabug: 38546110]
- perf/arm-cmn: Enable AMD Pensando Salina SoC CMN PMU driver (Brad Larson) [Orabug: 38546110]
- reset: salinasr: Add AMD Pensando Salina SoC reset (Brad Larson) [Orabug: 38546110]
- spi: dw-mmio: Add AMD Pensando Salina SoC support (Brad Larson) [Orabug: 38546110]
- EDAC/elba: Support AMD Pensando Giglio SoC (Brad Larson) [Orabug: 38546110]
- arm64: defconfig: Add AMD Pensando Salina SoC defconfig (Brad Larson) [Orabug: 38546110]
- soc/pensando: Support AMD Pensando Salina SoC (Brad Larson) [Orabug: 38546110]
- arm64: dts: Add AMD Pensando Salina SoC support (Brad Larson) [Orabug: 38546110]
- mmc: sdhci-cadence: Support AMD Salina SoC (Brad Larson) [Orabug: 38546110]
- PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() (Breno Leitao) [Orabug: 38597010] {CVE-2025-40034}
- mm/hugetlb: disable huge_pmd_unshare TLB sync by default on Exadata (Joe Jin) [Orabug: 38829889]
- vhost: Account for worker thread under owner's nproc (Mike Christie) [Orabug: 38770748]
- vhost: revert CAP_SYS restrictions on worker ioctls (Mike Christie) [Orabug: 38770748]
- RDMA/cm: Base cm_id destruction timeout on CMA values (Håkon Bugge) [Orabug: 38753654]
- mlx5: Fix default values in create CQ (Akiva Goldberger) [Orabug: 38420735,38773370] {CVE-2025-68209}
- uek-rpm: Allow disabling kabichk at command line (Yifei Liu) [Orabug: 38744825]

[5.15.0-317.197.2]
- x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756952]
- net/sched: adjust device watchdog timer to detect stopped queue at right time (Praveen Kumar Kannoju) [Orabug: 38341919]
- KVM: arm64: Add minimal handling for the ARMv8.7 PMU (Marc Zyngier) [Orabug: 38784458]
- scsi: megaraid_sas: Fix invalid node index (Chen Yu) [Orabug: 38175026] {CVE-2025-38239}
- Revert "iommu/amd: Skip enabling command/event buffers for kdump" (Dongli Zhang) [Orabug: 38790823]
- mm: list_lru: avoid using NULL list_lru_one. (Imran Khan) [Orabug: 38619860]
- mm: list_lru: fix UAF for memory cgroup (Muchun Song) [Orabug: 38619860]
- net/rds: improve conn destroy printk message (Sharath Srinivasan) [Orabug: 38728740]
- net/rds: expand kref coverage to rds_notifier->n_conn (Sharath Srinivasan) [Orabug: 38728740]
- net/rds: fix crash by expanding kref coverage to rds_incoming.i_conn (Sharath Srinivasan) [Orabug: 38728740]
- net/rds: rds_sendmsg must use rs_conn only when not being destroyed (Sharath Srinivasan) [Orabug: 38728743]
- net/mlx5e: Set default burst period for TX and RX reporters (Shahar Shitrit) [Orabug: 38512377]
- devlink: Make health reporter burst period configurable (Shahar Shitrit) [Orabug: 38512377]
- devlink: Introduce burst period for health reporter (Shahar Shitrit) [Orabug: 38512377]
- devlink: Move health reporter recovery abort logic to a separate function (Shahar Shitrit) [Orabug: 38512377]
- devlink: Move graceful period parameter to reporter ops (Shahar Shitrit) [Orabug: 38512377]
- devlink: introduce devlink_nl_put_u64() (Przemek Kitszel) [Orabug: 38512377]
- net/mlx5: remove fw reporter dump option for non PF (Moshe Shemesh) [Orabug: 38512377]
- net/mlx5: remove fw_fatal reporter dump option for non PF (Moshe Shemesh) [Orabug: 38512377]
- devlink: Hold devlink lock on health reporter dump get (Moshe Shemesh) [Orabug: 38512377]
- Revert "net/mlx5: set graceful_period to 0 to allow multiple transmission queue recovery" (Qing Huang) [Orabug: 38512377]
- NVIDIA: SAUCE: iommu/arm-smmu-v3: Allow default substream bypass with a pasid support (Nicolin Chen) [Orabug: 38463999]
- RDMA/mlx5: Fix a WARN during dereg_mr for DM type (Yishai Hadas) [Orabug: 37766291,38463999] {CVE-2025-21888}
- uek-rpm: replace CONFIG_IOMMU_SVA_LIB with CONFIG_IOMMU_SVA (Junxiao Bi) [Orabug: 38463999]
- iommu/sva: Rename CONFIG_IOMMU_SVA_LIB to CONFIG_IOMMU_SVA (Fenghua Yu) [Orabug: 38463999]

[5.15.0-317.197.1]
- LTS version: v5.15.197 (Vijayendra Suman)
- libbpf: Fix invalid return address register in s390 (Daniel T. Lee)
- libbpf, riscv: Use a0 for RC register (Yixun Lan)
- libbpf: Fix riscv register names (Ilya Leoshkevich)
- selftests/bpf: Don't rely on preserving volatile in PT_REGS macros in loop3 (Andrii Nakryiko)
- scsi: pm80xx: Set phy->enable_completion only when we (Igor Pylypiv) [Orabug: 37159744] {CVE-2024-47666}
- Bluetooth: Add more enc key size check (Alex Lu)
- usb: renesas_usbhs: Fix synchronous external abort on unbind (Claudiu Beznea) [Orabug: 38792571] {CVE-2025-68327}
- usb: renesas_usbhs: Convert to platform remove callback returning void (Uwe Kleine-König)
- smb: client: fix memory leak in cifs_construct_tcon() (Paulo Alcantara) [Orabug: 38773704] {CVE-2025-68295}
- mptcp: Fix proto fallback detection with BPF (Jiayuan Chen) [Orabug: 38773435] {CVE-2025-68227}
- mptcp: avoid unneeded subflow-level drops (Paolo Abeni)
- selftests: mptcp: join: rm: set backup flag (Matthieu Baerts)
- staging: rtl8712: Remove driver using deprecated API wext (Philipp Hortmann)
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (Ziming Zhang) [Orabug: 38773649] {CVE-2025-68284}
- libceph: fix potential use-after-free in have_mon_and_osd_map() (Ilya Dryomov) [Orabug: 38773655] {CVE-2025-68285}
- drm/amd/display: Check NULL before accessing (Alex Hung) [Orabug: 38773664] {CVE-2025-68286}
- drm: sti: fix device leaks at component probe (Johan Hovold)
- USB: serial: option: add support for Rolling RW101R-GL (Vanillan Wang)
- USB: serial: ftdi_sio: add support for u-blox EVK-M101 (Oleksandr Suvorov)
- xhci: dbgtty: Fix data corruption when transmitting data form DbC to host (Mathias Nyman)
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (Manish Nagar) [Orabug: 38773671] {CVE-2025-68287}
- usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (Owen Gu) [Orabug: 38792593] {CVE-2025-68331}
- usb: storage: sddr55: Reject out-of-bound new_pba (Tianchu Chen) [Orabug: 38762730] {CVE-2025-40345}
- usb: storage: Fix memory leak in USB bulk transport (Desnes Nunes) [Orabug: 38773677] {CVE-2018-1000204,CVE-2025-68288}
- usb: gadget: f_eem: Fix memory leak in eem_unwrap (Kuen-Han Tsai) [Orabug: 38773687] {CVE-2025-68289}
- usb: cdns3: Fix double resource release in cdns3_pci_probe (Miaoqian Lin)
- serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (Miaoqian Lin)
- firmware: stratix10-svc: fix bug in saving controller data (Khairul Anuar Romli)
- slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (Miaoqian Lin)
- thunderbolt: Add support for Intel Wildcat Lake (Alan Borzeszkowski)
- drivers/usb/dwc3: fix PCI parent check (Jamie Iles)
- dm-verity: fix unreliable memory allocation (Mikulas Patocka)
- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (Marc Kleine-Budde)
- can: sja1000: fix max irq loop handling (Thomas Mühlbacher)
- atm/fore200e: Fix possible data race in fore200e_open() (Gui-Dong Han)
- iio: accel: bmc150: Fix irq assumption regression (Linus Walleij) [Orabug: 38792587] {CVE-2025-68330}
- iio:common:ssp_sensors: Fix an error handling path ssp_probe() (Christophe Jaillet)
- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (Francesco Lavra)
- Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" (Jiri Olsa)
- spi: bcm63xx: fix premature CS deassertion on RX-only transactions (Hang Zhou)
- mailbox: mailbox-test: Fix debugfs_create_dir error checking (Xu Wang)
- net: atlantic: fix fragment overflow handling in RX path (Jiefeng Zhang) [Orabug: 38773729] {CVE-2025-68301}
- net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic (Vladimir Oltean)
- net: dsa: sja1105: simplify static configuration reload (Russell King)
- net: dsa: sja1105: Convert to mdiobus_c45_read (Andrew Lunn)
- net: sxgbe: fix potential NULL dereference in sxgbe_rx() (Alexey Kodanev)
- net/mlx5e: Fix validation logic in rate limiting (Danielle Costantino)
- net: aquantia: Add missing descriptor cache invalidation on ATL2 (Kai-Heng Feng)
- platform/x86: intel: punit_ipc: fix memory corruption (Dan Carpenter)
- Bluetooth: SMP: Fix not generating mackey and ltk when repairing (Luiz Augusto von Dentz)
- can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (Seungjin Bae) [Orabug: 38773760] {CVE-2025-68308}
- Revert "block: don't add or resize partition on the disk with GENHD_FL_NO_PART" (Gulam Mohamed) [Orabug: 38652797]
- Revert "block: Move checking GENHD_FL_NO_PART to bdev_add_partition()" (Gulam Mohamed) [Orabug: 38652797]
- mptcp: do not fallback when OoO is present (Paolo Abeni)
- mptcp: fix a race in mptcp_pm_del_add_timer() (Eric Dumazet) [Orabug: 38730656] {CVE-2025-40257}
- mptcp: fix premature close in case of fallback (Paolo Abeni)
- mptcp: fix ack generation for fallback msk (Paolo Abeni)
- dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups (Krzysztof Kozlowski)
- Input: pegasus-notetaker - fix potential out-of-bounds access (Seungjin Bae)
- Input: remove third argument of usb_maxpacket() (Vincent Mailhol)
- usb: deprecate the third argument of usb_maxpacket() (Vincent Mailhol)
- mptcp: Disallow MPTCP subflows from sockmap (Jiayuan Chen)
- selftests: mptcp: connect: fix fallback note due to OoO (Matthieu Baerts)
- pmdomain: samsung: plug potential memleak during probe (André Draszik)
- pmdomain: arm: scmi: Fix genpd leak on provider registration failure (Sudeep Holla)
- pmdomain: imx: Fix reference count leak in imx_gpc_remove (Miaoqian Lin)
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug: 38773509] {CVE-2025-68245}
- mmc: sdhci-of-dwcmshc: Change DLL_STRBIN_TAPNUM_DEFAULT to 0x4 (Shawn Lin)
- net: qede: Initialize qede_ll_ops with designated initializer (Nathan Chancellor)
- btrfs: fix crash on racing fsync and size-extending write into prealloc (Omar Sandoval) [Orabug: 36774582] {CVE-2024-37354}
- btrfs: add helper to truncate inode items when logging inode (Filipe Manana)
- Makefile.compiler: replace cc-ifversion with compiler-specific macros (Nick Desaulniers)
- tracing/tools: Fix incorrcet short option in usage text for --threads (Zhang Chujun)
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon)
- ALSA: usb-audio: fix uac2 clock source at terminal parser (René Rebe)
- mm/secretmem: fix use-after-free race in fault handler (Lance Yang) [Orabug: 38737039] {CVE-2025-40272}
- mm/mm_init: fix hash table order logging in alloc_large_system_hash() (Isaac J. Manjarres)
- kconfig/nconf: Initialize the default locale at startup (Jakub Horký)
- kconfig/mconf: Initialize the default locale at startup (Jakub Horký)
- net: tls: Cancel RX async resync request on rcd_delta overflow (Shahar Shitrit)
- selftests: net: use BASH for bareudp testing (Po-Hsu Lin)
- scsi: core: Fix a regression triggered by scsi_host_busy() (Bart Van Assche) [Orabug: 38773426]
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730611,38786193,38788594] {CVE-2025-40248}
- net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (Pavel Zhigulin) [Orabug: 38730629] {CVE-2025-40252}
- kernel.h: Move ARRAY_SIZE() to a separate header (Alejandro Colomar)
- platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (Xu Wang)
- s390/ctcm: Fix double-kfree (Aleksei Nikiforov)
- net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730648] {CVE-2025-40254}
- net: dsa: hellcreek: fix missing error handling in LED registration (Pavel Zhigulin)
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan)
- drm/tegra: dc: Fix reference leak in tegra_dc_couple() (Ma Ke)
- mptcp: fix race condition in mptcp_schedule_work() (Eric Dumazet) [Orabug: 38730659] {CVE-2025-40258}
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki)
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773440] {CVE-2025-68229}
- scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730663] {CVE-2025-40259}
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (Ewan D. Milne) [Orabug: 38730673] {CVE-2025-40261}
- Input: imx_sc_key - fix memory corruption on unload (Dan Carpenter)
- Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730680] {CVE-2025-40263}
- be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730689] {CVE-2025-40264}
- exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (Yongpeng Yang)
- mtd: rawnand: cadence: fix DMA device NULL pointer dereference (Niravkumar L Rabara)
- net/sched: act_connmark: handle errno on tcf_idr_check_alloc (Pedro Tammela)
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798907] {CVE-2025-68734}
- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection (Niravkumar L Rabara)
- EDAC/altera: Handle OCRAM ECC enable after warm reset (Niravkumar L Rabara)
- spi: Try to get ACPI GPIO IRQ earlier (Hans de Goede)
- ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check (Takashi Iwai)
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (Takashi Iwai) [Orabug: 38737023] {CVE-2025-40269}
- fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737033,38786194,38788587] {CVE-2025-40271}
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773495] {CVE-2025-68241}
- strparser: Fix signed/unsigned mismatch bug (Nate Karstens)
- gcov: add support for GCC 15 (Peter Oberparleiter)
- NFSD: free copynotify stateid in nfs4_free_ol_stateid() (Olga Kornievskaia) [Orabug: 38737042] {CVE-2025-40273}
- HID: hid-ntrig: Prevent memory leak in ntrig_report_version() (Masami Ichikawa)
- mtd: onenand: Pass correct pointer to IRQ handler (Dan Carpenter)
- lib/crypto: arm/curve25519: Disable on CPU_BIG_ENDIAN (Eric Biggers)
- mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs) [Orabug: 38592026] {CVE-2025-40040}
- bpf: Add bpf_prog_run_data_pointers() (Eric Dumazet) [Orabug: 38773327] {CVE-2025-68200}
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug: 38737051] {CVE-2025-40275}
- NFSv4: Fix an incorrect parameter when calling nfs4_call_sync() (Trond Myklebust)
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737060] {CVE-2025-40277}
- ASoC: cs4271: Fix regulator leak on probe failure (Xu Wang)
- regulator: fixed: fix GPIO descriptor leak on register failure (Xu Wang)
- acpi,srat: Fix incorrect device handle check for Generic Initiator (Shuai Xue)
- Bluetooth: L2CAP: export l2cap_chan_hold for modules (Pauli Virtanen)
- hsr: Fix supervision frame sending on HSRv0 (Felix Maurer)
- net_sched: limit try_bulk_dequeue_skb() batches (Eric Dumazet)
- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps (Gal Pressman)
- net/mlx5e: Fix maxrate wraparound in threshold between units (Gal Pressman)
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (Ranganath V N)
- net: sched: act_connmark: initialize struct tc_ife to fix kernel leak (Ranganath V N) [Orabug: 38737072] {CVE-2025-40279}
- net_sched: act_connmark: use RCU in tcf_connmark_dump() (Eric Dumazet)
- net/sched: act_connmark: transition to percpu stats and rcu (Pedro Tammela)
- net: sched: act_connmark: get rid of tcf_connmark_walker and tcf_connmark_search (Zhengchao Shao)
- net: sched: act: move global static variable net_id to tc_action_ops (Zhengchao Shao)
- wifi: mac80211: skip rate verification for not captured PSDUs (Benjamin Berg)
- net: mdio: fix resource leak in mdiobus_register_device() (Csaba Buday)
- tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38737082,38786195,38788585] {CVE-2025-40280}
- net/smc: fix mismatch between CLC header and proposal (D. Wythe)
- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug: 38737090] {CVE-2025-40281}
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (Pauli Virtanen)
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (Pauli Virtanen)
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (Pauli Virtanen)
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737103] {CVE-2025-40283}
- net: fec: correct rx_bytes statistic for the case SHIFT16 is set (Wei Fang)
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (Sharique Mohammad)
- NFS: check if suid/sgid was cleared after a write as needed (Scott Mayhew)
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (Tristan Lobb)
- NFS4: Fix state renewals missing after boot (Joshua Watt)
- RISC-V: clear hot-unplugged cores from all task mm_cpumasks to avoid rfence errors (Danil Skrebenkov)
- compiler_types: Move unused static inline functions warning to W=2 (Peter Zijlstra)
- drm/i915: Avoid lock inversion when pinning to GGTT on CHV/BXT+VTD (Janusz Krzysztofik) [Orabug: 38773506] {CVE-2025-68244}
- selftests: netdevsim: set test timeout to 10 minutes (Jakub Kicinski)
- extcon: adc-jack: Cleanup wakeup source only if it was enabled (Krzysztof Kozlowski)
- lib/crypto: curve25519-hacl64: Fix older clang KASAN workaround for GCC (Nathan Chancellor)
- rtc: rx8025: fix incorrect register reference (Yuta Hayama)
- tracing: Fix memory leaks in create_field_var() (Zilin Guan)
- bnxt_en: Fix a possible memory leak in bnxt_ptp_init (Kalesh Ap)
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773282] {CVE-2025-68192}
- sctp: Hold sock lock while iterating over address list (Stefan Wiehler)
- sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747446] {CVE-2025-40331}
- sctp: Hold RCU read lock while iterating over address list (Stefan Wiehler)
- net: dsa: b53: stop reading ARL entries if search is done (Jonas Gorski)
- net: dsa: b53: fix enabling ip multicast (Jonas Gorski)
- net: dsa: b53: fix resetting speed and pause on forced link (Jonas Gorski)
- net: vlan: sync VLAN features with lower device (Hangbin Liu)
- selftests: netdevsim: Fix ethtool-coalesce.sh fail by installing ethtool-common.sh (Wang Liang)
- netdevsim: add Makefile for selftests (David Wei)
- selftests/net: use destination options instead of hop-by-hop (Anubhav Singh)
- selftests/net: fix GRO coalesce test and add ext header coalesce tests (Richard Gobert)
- selftests/net: fix out-of-order delivery of FIN in gro:tcp test (Anubhav Singh)
- net: dsa: tag_brcm: legacy: fix untagged rx on unbridged ports for bcm63xx (Jonas Gorski)
- riscv: ptdump: use seq_puts() in pt_dump_seq_puts() macro (Josephine Pfeiffer)
- Revert "wifi: ath10k: avoid unnecessary wait for service ready message" (Baochen Qiang)
- ALSA: hda/realtek: Audio disappears on HP 15-fc000 after warm boot again (Kailang Yang)
- ceph: add checking of wait_for_completion_killable() return value (Viacheslav Dubeyko)
- ASoC: meson: aiu-encoder-i2s: fix bit clock polarity (Valerio Setti)
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug: 38737181] {CVE-2025-40304}
- ACPI: property: Return present device nodes only on fwnode interface (Sakari Ailus)
- 9p: sysfs_init: don't hardcode error to ENOMEM (Randall P. Embry)
- cpufreq: tegra186: Initialize all cores to max frequencies (Aaron Kling)
- 9p: fix /sys/fs/9p/caches overwriting itself (Randall P. Embry)
- clk: ti: am33xx: keep WKUP_DEBUGSS_CLKCTRL enabled (Matthias Schiffer)
- clk: at91: clk-master: Add check for divide by 3 (Ryan Wanner)
- ARM: at91: pm: save and restore ACR during PLL disable/enable (Nicolas Ferre)
- rtc: pcf2127: clear minute/second interrupt (Josua Mayer)
- um: Fix help message for ssl-non-raw (Tiwei Bie)
- fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink (Yikang Yue)
- btrfs: mark dirty extent range for out of bound prealloc extents (Austinchang)
- RDMA/hns: Fix wrong WQE data when QP wraps around (Junxian Huang)
- RDMA/irdma: Set irdma_cq cq_num field during CQ create (Jacob Moroni)
- RDMA/irdma: Remove unused struct irdma_cq fields (Jacob Moroni)
- RDMA/irdma: Fix SD index calculation (Jacob Moroni)
- ACPICA: Update dsmethod.c to get rid of unused variable warning (Saket Dumbre)
- orangefs: fix xattr related buffer overflow... (Mike Marshall)
- page_pool: Clamp pool size to max 16K pages (Dragos Tatulea)
- exfat: limit log print for IO error (Chi Zhiling)
- ALSA: usb-audio: add mono main switch to Presonus S1824c (Roy Vegard Ovesen)
- Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737212] {CVE-2025-40308}
- Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737223] {CVE-2025-40309}
- net: macb: avoid dealing with endianness in macb_set_hwaddr() (Théo Lebrun)
- fs: ext4: change GFP_KERNEL to GFP_NOFS to avoid deadlock (Chuguangqing) [Orabug: 38773127] {CVE-2025-40361}
- scsi: libfc: Fix potential buffer overflow in fc_ct_ms_fill() (Alok Tiwari)
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (Al Viro) [Orabug: 38773244] {CVE-2025-68185}
- NFSv4.1: fix mount hang after CREATE_SESSION failure (Anthony Iliopoulos)
- NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia)
- remoteproc: qcom: q6v5: Avoid handling handover twice (Stephan Gerhold)
- sparc/module: Add R_SPARC_UA64 relocation handling (Koakuma)
- PCI: cadence: Check for the existence of cdns_pcie::ops before using it (Chen Wang)
- r8169: set EEE speed down ratio to 1 (Chunhao Lin)
- net: intel: fm10k: Fix parameter idx set but not used (Brahmajit Das)
- wifi: ath10k: Fix connection after GTK rekeying (Loic Poulain)
- iommu/vt-d: Replace snprintf with scnprintf in dmar_latency_snapshot() (Seyediman Seyedarab)
- net: ethernet: microchip: sparx5: make it selectable for ARCH_LAN969X (Robert Marko)
- jfs: fix uninitialized waitqueue in transaction manager (Shaurya Rane)
- jfs: Verify inode mode when loading from disk (Tetsuo Handa)
- ipv6: np->rxpmtu race annotation (Eric Dumazet)
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (Krishna Kurapati)
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (Forest Crossman)
- allow finish_no_open(file, ERR_PTR(-E...)) (Al Viro)
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (Justin Tee)
- scsi: lpfc: Remove ndlp kref decrement clause for F_Port_Ctrl in lpfc_cleanup (Justin Tee)
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (Justin Tee)
- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency (Nai-Chen Cheng)
- page_pool: always add GFP_NOWARN for ATOMIC allocations (Jakub Kicinski) [Orabug: 38773835] {CVE-2025-68321}
- drm/amdgpu: Use memdup_array_user in amdgpu_cs_wait_fences_ioctl (Tvrtko Ursulin)
- net/cls_cgroup: Fix task_get_classid() during qdisc run (Yafang Shao)
- udp_tunnel: use netdev_warn() instead of netdev_WARN() (Alok Tiwari) [Orabug: 38773275] {CVE-2025-68191}
- selftests: Replace sleep with slowwait (David Ahern)
- eth: 8139too: Make 8139TOO_PIO depend on !NO_IOPORT_MAP (Daniel Palmer)
- selftests: Disable dad for ipv6 in fcnal-test.sh (David Ahern)
- x86/kvm: Prefer native qspinlock for dedicated vCPUs irrespective of PV_UNHALT (Li Rongqing)
- netfilter: nf_reject: don't reply to icmp error messages (Florian Westphal)
- selftests: traceroute: Use require_command() (Ido Schimmel)
- media: redrat3: use int type to store negative error codes (Rong Qianfeng)
- net: sh_eth: Disable WoL if system can not suspend (Niklas Söderlund)
- phy: rockchip: phy-rockchip-inno-csidphy: allow writes to grf register 0 (Michael Riesch)
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy (Harikrishna Shenoy)
- ntfs3: pretend $Extend records as regular files (Tetsuo Handa)
- net: phy: marvell: Fix 88e1510 downshift counter errata (Rohan G Thomas)
- drm/msm: make sure to not queue up recovery more than once (Antonino Maniscalco)
- usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget (Chen Yufeng)
- usb: gadget: f_hid: Fix zero length packet transfer (William Wu)
- iommu/amd: Skip enabling command/event buffers for kdump (Ashish Kalra)
- net: call cond_resched() less often in __release_sock() (Eric Dumazet)
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (Juraj Šarinay)
- ipv6: Add sanity checks on ipv6_devconf.rpl_seg_enabled (Yue Haibing)
- drm/msm/dsi/phy_7nm: Fix missing initial VCO rate (Krzysztof Kozlowski)
- drm/msm/dsi/phy: Toggle back buffer resync after preparing PLL (Krzysztof Kozlowski)
- dmaengine: dw-edma: Set status for callback_result (Devendra K Verma)
- dmaengine: mv_xor: match alloc_wc and free_wc (Rosen Penev)
- dmaengine: sh: setup_xref error handling (Thomas Andreatta)
- ptp: Limit time setting of PTP clocks (Miroslav Lichvar)
- scsi: pm8001: Use int instead of u32 to store error codes (Rong Qianfeng)
- mips: lantiq: xway: sysctrl: rename stp clock (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing device_type in pci node (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing properties to cpu node (Aleksander Jan Bajkowski)
- media: fix uninitialized symbol warnings (Chelsy Ratnawat)
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (Amber Lin)
- extcon: adc-jack: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- scsi: pm80xx: Fix race condition caused by static variables (Francisco Gutierrez)
- scsi: mpi3mr: Fix controller init failure on fault during queue creation (Chandrakanth Patil)
- ALSA: usb-audio: Add validation of UAC2/UAC3 effect units (Takashi Iwai)
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (Sungho Kim)
- net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. (Kuniyuki Iwashima)
- net: When removing nexthops, don't call synchronize_net if it is not necessary (Christoph Paasch)
- char: misc: Does not request module for miscdevice with dynamic minor (Zijun Hu)
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (Raub Camaioni)
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (Rodrigo Gobbi)
- drm/bridge: display-connector: don't set OP_DETECT for DisplayPorts (Dmitry Baryshkov)
- media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773297] {CVE-2025-68194}
- net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773140] {CVE-2025-40363}
- bridge: Redirect to backup port when port is administratively down (Ido Schimmel)
- powerpc/eeh: Use result of error_detected() in uevent (Niklas Schnelle)
- thunderbolt: Use is_pciehp instead of is_hotplug_bridge (Lukas Wunner)
- net: stmmac: Check stmmac_hw_setup() in stmmac_resume() (Tiezhu Yang)
- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall (Kirill A. Shutemov)
- drm/tidss: Set crtc modesetting parameters with adjusted mode (Jayesh Choudhary)
- drm/tidss: Use the crtc_* timings when programming the HW (Tomi Valkeinen)
- media: pci: ivtv: Don't create fake v4l2_fh (Laurent Pinchart)
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs (Geoffrey Mcrae)
- selftests/net: Ensure assert() triggers in psock_tpacket.c (Wake Liu)
- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 (Wake Liu)
- PCI: Disable MSI on RDC PCI to PCIe bridges (Marcos Del Sol Vives)
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (Seyediman Seyedarab)
- drm/amdgpu/jpeg: Hold pg_lock before jpeg poweroff (Sathishkumar S)
- drm/amd/pm: Use cached metrics data on arcturus (Lijo Lazar)
- drm/amd/pm: Use cached metrics data on aldebaran (Lijo Lazar)
- mfd: da9063: Split chip variant reading in two bus transactions (Jens Kehne)
- mfd: madera: Work around false-positive -Wininitialized warning (Arnd Bergmann)
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (Alexander Stein)
- mfd: stmpe: Remove IRQ domain upon removal (Alexander Stein)
- tools/power x86_energy_perf_policy: Prefer driver HWP limits (Len Brown)
- tools/power x86_energy_perf_policy: Enhance HWP enable (Len Brown)
- tools/power x86_energy_perf_policy: Fix incorrect fopen mode usage (Kaushlendra Kumar)
- tools/cpupower: Fix incorrect size in cpuidle_state_disable() (Kaushlendra Kumar)
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (Armin Wolf)
- uprobe: Do not emulate/sstep original instruction when ip is changed (Jiri Olsa)
- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel (Daniel Lezcano)
- cpuidle: Fail cpuidle device registration if there is one already (Rafael J. Wysocki)
- tools/cpupower: fix error return value in cpupower_write_sysfs() (Kaushlendra Kumar)
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (Svyatoslav Ryhel)
- nvme-fc: use lock accessing port_state and rport state (Daniel Wagner) [Orabug: 38747531] {CVE-2025-40342}
- nvmet-fc: avoid scheduling association deletion twice (Daniel Wagner) [Orabug: 38747538] {CVE-2025-40343}
- tee: allow a driver to allocate a tee_device without a pool (Amirreza Zarrabi)
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (Hans de Goede)
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (Sarthak Garg)
- power: supply: sbs-charger: Support multiple devices (Fabien Proriol)
- hwmon: (sbtsi_temp) AMD CPU extended temperature range support (Chuande Chen)
- ACPI: scan: Add Intel CVS ACPI HIDs to acpi_ignore_dep_ids[] (Hans de Goede)
- ACPI: PRM: Skip handlers with NULL handler_address or NULL VA (Shang Song)
- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment (Christian Bruel)
- arc: Fix __fls() const-foldability via __builtin_clzl() (Kees Cook)
- cpufreq/longhaul: handle NULL policy in longhaul_exit (Dennis Beier)
- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 (Ricardo B. Marlière)
- ACPI: video: force native for Lenovo 82K8 (Mario Limonciello)
- memstick: Add timeout to prevent indefinite waiting (Jiayi Li)
- mmc: host: renesas_sdhi: Fix the actual clock (Biju Das)
- pinctrl: single: fix bias pull up/down handling in pin_config_set (Chi Zhang)
- bpf: Don't use %pK through printk (Thomas Weißschuh)
- soc: ti: pruss: don't use %pK through printk (Thomas Weißschuh)
- spi: loopback-test: Don't use %pK through printk (Thomas Weißschuh)
- soc: qcom: smem: Fix endian-unaware access of num_entries (Jens Reidel)
- soc: aspeed: socinfo: Add AST27xx silicon IDs (Ryan Chen)
- block: make REQ_OP_ZONE_OPEN a write operation (Damien Le Moal)
- drm/sysfb: Do not dereference NULL pointer in plane reset (Thomas Zimmermann) [Orabug: 38773123] {CVE-2025-40360}
- drm/sched: Fix race in drm_sched_entity_select_rq() (Philipp Stanner)
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable. (Owen Gu)
- Revert "docs/process/howto: Replace C89 with C11" (Matthieu Baerts)
- arch: back to -std=gnu89 in < v5.18 (Matthieu Baerts)
- x86/boot: Compile boot code with -std=gnu11 too (Alexey Dobriyan)
- xhci: dbc: fix bogus 1024 byte prefix if ttyDBC read races with stall event (Mathias Nyman)
- xhci: dbc: Avoid event polling busyloop if pending rx transfers are inactive. (Mathias Nyman)
- xhci: dbc: Improve performance by removing delay in transfer event polling. (Mathias Nyman)
- xhci: dbc: Allow users to modify DbC poll interval via sysfs (Uday M Bhat)
- xhci: dbc: poll at different rate depending on data transfer activity (Mathias Nyman)
- xhci: dbc: Provide sysfs option to configure dbc descriptors (Mathias Nyman)
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (Babu Moger)
- net: phy: dp83867: Disable EEE support as not implemented (Emanuele Ghidoli)
- can: gs_usb: increase max interface to U8_MAX (Celeste Liu)
- net: ravb: Enforce descriptor type ordering (Lad Prabhakar)
- ravb: Exclude gPTP feature support for RZ/G2L (Biju Das)
- dt-bindings: usb: dwc3-imx8mp: dma-range is required only for imx8mp (Xu Yang)
- serial: 8250_dw: handle reset control deassert error (Artem Shimko)
- serial: 8250_dw: Use devm_add_action_or_reset() (Andy Shevchenko)
- block: fix op_is_zone_mgmt() to handle REQ_OP_ZONE_RESET_ALL (Damien Le Moal)
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Iceland (John Smith)
- drm/amd/pm/powerplay/smumgr: Fix PCIeBootLinkLevel value on Fiji (John Smith)
- drm/amd/pm: fix smu table id bound check issue in smu_cmn_update_table() (Yang Wang)
- net: hns3: return error code when function fails (Jijie Shao)
- drm/etnaviv: fix flush sequence logic (Tomeu Vizoso)
- usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773783] {CVE-2025-68312}
- libbpf: Fix powerpc's stack register definition in bpf_tracing.h (Andrii Nakryiko)
- libbpf: Normalize PT_REGS_xxx() macro definitions (Andrii Nakryiko)
- riscv, libbpf: Add RISC-V (RV64) support to bpf_tracing.h (Björn Töpel)
- bpf: Do not audit capability check in do_jit() (Ondrej Mosnacek)
- bpf: Sync pending IRQ work before freeing ring buffer (Noorain Eqbal) [Orabug: 38737284] {CVE-2025-40319}
- ALSA: usb-audio: fix control pipe direction (Roy Vegard Ovesen)
- drm/msm/a6xx: Fix GMU firmware parser (Akhil P Oommen)
- wifi: ath10k: Fix memory leak on unsupported WMI command (Loic Poulain)
- ASoC: qdsp6: q6asm: do not sleep while atomic (Srinivas Kandagatla)
- mptcp: restore window probe (Paolo Abeni)
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (Miaoqian Lin)
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (Florian Fuchs)
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug: 38737291] {CVE-2025-40321}
- fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737300] {CVE-2025-40322}
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687004] {CVE-2025-40211}
- fbdev: atyfb: Check if pll_ops->init_pll failed (Daniel Palmer)
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (Miaoqian Lin)
- NFSD: Fix crash in nfsd4_read_release() (Chuck Lever) [Orabug: 38737315] {CVE-2025-40324}
- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (Filipe Manana)
- btrfs: always drop log root tree reference in btrfs_replay_log() (Filipe Manana)
- btrfs: scrub: replace max_t()/min_t() with clamp() in scrub_throttle_dev_io() (Thorsten Blum)
- x86/bugs: Fix reporting of LFENCE retpoline (David Kaplan)
- net/sched: sch_qfq: Fix null-deref in agg_dequeue (Xiang Mei) [Orabug: 38597084] {CVE-2025-40083}

[5.15.0-316.196.4]
- vhost_scsi: Sync up cmd completion locking with upstream (Mike Christie) [Orabug: 38545946]
- vhost_scsi: add support for worker ioctls (Mike Christie) [Orabug: 38545946]
- vhost: Limit access to vhost worker ioctls (Mike Christie) [Orabug: 38545946]
- vhost: allow userspace to create workers (Mike Christie) [Orabug: 38545946]
- vhost: replace single worker pointer with xarray (Mike Christie) [Orabug: 38545946]
- vhost: add helper to parse userspace vring state/file (Mike Christie) [Orabug: 38545946]
- vhost: remove vhost_work_queue (Mike Christie) [Orabug: 38545946]
- vhost_scsi: flush IO vqs then send TMF rsp (Mike Christie) [Orabug: 38545946]
- vhost_scsi: convert to vhost_vq_work_queue (Mike Christie) [Orabug: 38545946]
- vhost_scsi: make SCSI cmd completion per vq (Mike Christie) [Orabug: 38545946]
- vhost_sock: convert to vhost_vq_work_queue (Mike Christie) [Orabug: 38545946]
- vhost: convert poll work to be vq based (Mike Christie) [Orabug: 38545946]
- vhost: take worker or vq for flushing (Mike Christie) [Orabug: 38545946]
- vhost: take worker or vq instead of dev for queueing (Mike Christie) [Orabug: 38545946]
- vhost, vhost_net: add helper to check if vq has work (Mike Christie) [Orabug: 38545946]
- vhost: add vhost_worker pointer to vhost_virtqueue (Mike Christie) [Orabug: 38545946]
- vhost: dynamically allocate vhost_worker (Mike Christie) [Orabug: 38545946]
- vhost: create worker at end of vhost_dev_set_owner (Mike Christie) [Orabug: 38545946]
- vhost-scsi: Fix crash during LUN unmapping (Mike Christie) [Orabug: 38545946]
- vhost: move worker thread fields to new struct (Mike Christie) [Orabug: 38545946]
- vhost: Fix livepatch timeouts in vhost_worker() (Josh Poimboeuf) [Orabug: 38545946]
- vhost: rename vhost_work_dev_flush (Mike Christie) [Orabug: 38545946]
- vhost-test: drop flush after vhost_dev_cleanup (Mike Christie) [Orabug: 38545946]
- vhost/test: fix memory leak of vhost virtqueues (Xianting Tian) [Orabug: 38545946]
- vhost-scsi: drop flush after vhost_dev_cleanup (Mike Christie) [Orabug: 38545946]
- vhost_vsock: simplify vhost_vsock_flush() (Andrey Ryabinin) [Orabug: 38545946]
- vhost_test: remove vhost_test_flush_vq() (Andrey Ryabinin) [Orabug: 38545946]
- vhost_net: get rid of vhost_net_flush_vq() and extra flush calls (Andrey Ryabinin) [Orabug: 38545946]
- vhost: flush dev once during vhost_dev_stop (Mike Christie) [Orabug: 38545946]
- vhost: get rid of vhost_poll_flush() wrapper (Andrey Ryabinin) [Orabug: 38545946]
- net/mlx5e: Add a miss level for ipsec crypto offload (Lama Kayal) [Orabug: 38600056]
- net/mlx5e: Add new prio for promiscuous mode (Jianbo Liu) [Orabug: 38600056]
- mm/hugetlb: add option to allows disabling CVE-2025-38085 mitigation (Joe Jin) [Orabug: 38728358] {CVE-2025-38085}
- uek-rpm: Replace check-kabi tool with kabi (Yifei Liu) [Orabug: 38673381]
- uek-rpm: Introduce check function for uek-rpm/tools/kabi (Yifei Liu) [Orabug: 38673381]
- rtc: expose RTC_FEATURE_UPDATE_INTERRUPT (Alexandre Belloni) [Orabug: 38708842]
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38710346]
- netfilter: nf_tables: reject duplicate device on updates (Pablo Neira Ayuso) [Orabug: 38389767,38744086] {CVE-2025-38678}
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng)
- mptcp: pm: in-kernel: C-flag: handle late ADD_ADDR (Matthieu Baerts)
- USB: storage: Remove subclass and protocol overrides from Novatek quirk (Alan Stern)
- most: usb: fix double free on late probe failure (Johan Hovold)
- uio_hv_generic: Set event for all channels on the device (Long Li)
- regmap: slimbus: fix bus_context pointer in regmap init calls (Alexey Klimov)
- usb: typec: ucsi: psy: Set max current to zero when disconnected (Jameson Thies)
- ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel)
- MIPS: mm: Prevent a TLB shutdown on initial uniquification (Maciej W. Rozycki)

[5.15.0-316.196.3]
- rds: Add smp_rmb before reading c_destroy_in_prog (Håkon Bugge) [Orabug: 38352484]
- Revert "block: don't add or resize partition on the disk with GENHD_FL_NO_PART" (Gulam Mohamed) [Orabug: 38652797]
- Revert "block: Move checking GENHD_FL_NO_PART to bdev_add_partition()" (Gulam Mohamed) [Orabug: 38652797]

[5.15.0-316.196.2]
- net/mlx5: Clean up only new IRQ glue on request_irq() failure (Pradyumn Rahar) [Orabug: 37961220,38730620] {CVE-2025-40250}

ELBA-2026-50136 Oracle Linux 9 smartmontools bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50136

http://linux.oracle.com/errata/ELBA-2026-50136.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
smartmontools-7.2-9.0.2.el9.x86_64.rpm

aarch64:
smartmontools-7.2-9.0.2.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/smartmontools-7.2-9.0.2.el9.src.rpm

Description of changes:

[1:7.2-9.0.2]
- smartmontools: scsiprint.cpp: in scsiPrintPendingDefectsLPage() printf() -->
jout(). [Orabug: 39018980]

ELSA-2026-50133 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50133

http://linux.oracle.com/errata/ELSA-2026-50133.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-317.197.5.2.el8uek.x86_64.rpm
kernel-uek-5.15.0-317.197.5.2.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-317.197.5.2.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-317.197.5.2.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-317.197.5.2.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-317.197.5.2.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-317.197.5.2.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-317.197.5.2.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-317.197.5.2.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-317.197.5.2.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-317.197.5.2.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-317.197.5.2.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-317.197.5.2.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-317.197.5.2.el8uek.x86_64.rpm

aarch64:
bpftool-5.15.0-317.197.5.2.el8uek.aarch64.rpm
kernel-uek-5.15.0-317.197.5.2.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-317.197.5.2.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-317.197.5.2.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-317.197.5.2.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-317.197.5.2.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-317.197.5.2.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-317.197.5.2.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-317.197.5.2.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-317.197.5.2.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-317.197.5.2.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-317.197.5.2.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-317.197.5.2.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-317.197.5.2.el8uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-317.197.5.2.el8uek.src.rpm

Related CVEs:

CVE-2025-40149
CVE-2025-40256

Description of changes:

[5.15.0-317.197.5.2]
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca) [Orabug: 39016261]
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 39016261]
- Revert "xfrm: destroy xfrm_state synchronously on net exit path" (Sabrina Dubroca) [Orabug: 39016261]
- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (Kuniyuki Iwashima) [Orabug: 39016219] {CVE-2025-40149}
- net: Add locking to protect skb->dev access in ip_output (Sharath Chandra Vurukala) [Orabug: 39016219]

ELSA-2026-50142 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50142

http://linux.oracle.com/errata/ELSA-2026-50142.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.353.3.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.353.3.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.353.3.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.353.3.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.353.3.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.353.3.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.353.3.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.353.3.el8uek.src.rpm

Related CVEs:

CVE-2025-40215

Description of changes:

[5.4.17-2136.353.3]
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca) [Orabug: 38934000]
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 38934000]
- Revert "xfrm: destroy xfrm_state synchronously on net exit path" (Sabrina Dubroca) [Orabug: 38934000]
- Revert "IB/mlx5: Implement clear counters" (Sharath Srinivasan) [Orabug: 38923520]
- Revert "IB/core: Implement clear counters" (Sharath Srinivasan) [Orabug: 38923520]
- Revert "ib/core: add SET_DEVICE_OP call for clear_hw_stats()" (Sharath Srinivasan) [Orabug: 38923520]
- fs: proc: inode: delay put_pid() by RCU (Stephen Brennan) [Orabug: 38766812]

[5.4.17-2136.353.2]
- Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" (Jiri Olsa) [Orabug: 38893604]
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38730493] {CVE-2025-40215}

ELSA-2026-50134 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50134

http://linux.oracle.com/errata/ELSA-2026-50134.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.352.5.1.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.352.5.1.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.352.5.1.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.352.5.1.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.352.5.1.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.352.5.1.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.352.5.1.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.352.5.1.el8uek.src.rpm

Related CVEs:

CVE-2025-40215
CVE-2025-40256

Description of changes:

[5.4.17-2136.352.5.1]
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca) [Orabug: 39016499]
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 39016499]
- Revert "xfrm: destroy xfrm_state synchronously on net exit path" (Sabrina Dubroca) [Orabug: 39016499]
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 39016501] {CVE-2025-40215}

ELBA-2026-3464-1 Oracle Linux 8 kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-3464-1

http://linux.oracle.com/errata/ELBA-2026-3464-1.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.109.1.0.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.109.1.0.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
perf-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.109.1.0.1.el8_10.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.109.1.0.1.el8_10.src.rpm

Description of changes:

[4.18.0-553.109.1.0.1]
- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230]

[4.18.0-553.109.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 tunnel as we delete x (Sabrina Dubroca) [Orabug: 39016501] {CVE-2025-40215}

[5.4.17-2136.352.5]
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907] {CVE-2025-40022}

[5.4.17-2136.352.4]
- arm64: pensando: Must boot Ortano kernel with spin-table (Rob Gardner) [Orabug: 38821197]

[5.4.17-2136.352.3]
- net/sched: adjust device watchdog timer to detect stopped queue at right time (Praveen Kumar Kannoju) [Orabug: 38340278]
- net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change (Praveen Kumar Kannoju) [Orabug: 38252416]
- infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xsvnic_main: Remove unused functions (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_cm: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' (Siddh Raman Pant) [Orabug: 38418469]
- rds: Fix jiffies type in struct rds_conn_path (Siddh Raman Pant) [Orabug: 38418727]
- kernel: sysctl: Remove unused variable 'zero' (Siddh Raman Pant) [Orabug: 38418727]
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537469] {CVE-2025-39964}
- RDMA/cm: Base cm_id destruction timeout on CMA values (Håkon Bugge) [Orabug: 38753622]
- x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756954]

[5.4.17-2136.352.2]
- LTS tag: v5.4.302 (Sherry Yang)
- Input: pegasus-notetaker - fix potential out-of-bounds access (Seungjin Bae)
- Input: remove third argument of usb_maxpacket() (Vincent Mailhol)
- usb: deprecate the third argument of usb_maxpacket() (Vincent Mailhol)
- fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737034,38786776,38787139] {CVE-2025-40271}
- pmdomain: imx: Fix reference count leak in imx_gpc_remove (Miaoqian Lin)
- pmdomain: arm: scmi: Fix genpd leak on provider registration failure (Sudeep Holla)
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug: 38773510] {CVE-2025-68245}
- net: qede: Initialize qede_ll_ops with designated initializer (Nathan Chancellor)
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon)
- ALSA: usb-audio: fix uac2 clock source at terminal parser (René Rebe)
- mm/page_alloc: fix hash table order logging in alloc_large_system_hash() (Isaac J. Manjarres)
- kconfig/nconf: Initialize the default locale at startup (Jakub Horký)
- kconfig/mconf: Initialize the default locale at startup (Jakub Horký)
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730612] {CVE-2025-40248}
- s390/ctcm: Fix double-kfree (Aleksei Nikiforov)
- net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730650] {CVE-2025-40254}
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan)
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki)
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773441] {CVE-2025-68229}
- scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730664] {CVE-2025-40259}
- Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730681] {CVE-2025-40263}
- be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730691] {CVE-2025-40264}
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798908] {CVE-2025-68734}
- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection (Niravkumar L Rabara)
- EDAC/altera: Handle OCRAM ECC enable after warm reset (Niravkumar L Rabara)
- spi: Try to get ACPI GPIO IRQ earlier (Hans de Goede)
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773496] {CVE-2025-68241}
- strparser: Fix signed/unsigned mismatch bug (Nate Karstens)
- gcov: add support for GCC 15 (Peter Oberparleiter)
- mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs)
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug: 38737052] {CVE-2025-40275}
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737061] {CVE-2025-40277}
- ASoC: cs4271: Fix regulator leak on probe failure (Xu Wang)
- regulator: fixed: fix GPIO descriptor leak on register failure (Xu Wang)
- regulator: fixed: use dev_err_probe for register (Chris Morgan)
- Bluetooth: L2CAP: export l2cap_chan_hold for modules (Pauli Virtanen)
- net_sched: limit try_bulk_dequeue_skb() batches (Eric Dumazet)
- net_sched: remove need_resched() from qdisc_run() (Eric Dumazet)
- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps (Gal Pressman)
- net/mlx5e: Fix maxrate wraparound in threshold between units (Gal Pressman)
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (Ranganath V N)
- wifi: mac80211: skip rate verification for not captured PSDUs (Benjamin Berg)
- net: mdio: fix resource leak in mdiobus_register_device() (Csaba Buday)
- tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38737084] {CVE-2025-40280}
- tipc: simplify the finalize work queue (Xin Long)
- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug: 38737091] {CVE-2025-40281}
- sctp: get netns from asoc and ep base (Xin Long)
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (Pauli Virtanen)
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (Pauli Virtanen)
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (Pauli Virtanen)
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737104] {CVE-2025-40283}
- net: fec: correct rx_bytes statistic for the case SHIFT16 is set (Wei Fang)
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (Sharique Mohammad)
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (Tristan Lobb)
- NFS4: Fix state renewals missing after boot (Joshua Watt)
- compiler_types: Move unused static inline functions warning to W=2 (Peter Zijlstra)
- extcon: adc-jack: Cleanup wakeup source only if it was enabled (Krzysztof Kozlowski)
- tracing: Fix memory leaks in create_field_var() (Zilin Guan)
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773283] {CVE-2025-68192}
- sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747447] {CVE-2025-40331}
- sctp: Hold RCU read lock while iterating over address list (Stefan Wiehler)
- net: dsa: b53: stop reading ARL entries if search is done (Jonas Gorski)
- net: dsa: b53: fix enabling ip multicast (Jonas Gorski)
- net: dsa: b53: fix resetting speed and pause on forced link (Jonas Gorski)
- net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 (Álvaro Fernández Rojas)
- net: dsa/b53: change b53_force_port_config() pause argument (Russell King)
- net: vlan: sync VLAN features with lower device (Hangbin Liu)
- ceph: add checking of wait_for_completion_killable() return value (Viacheslav Dubeyko)
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug: 38737182] {CVE-2025-40304}
- ACPI: property: Return present device nodes only on fwnode interface (Sakari Ailus)
- 9p: sysfs_init: don't hardcode error to ENOMEM (Randall P. Embry)
- 9p: fix /sys/fs/9p/caches overwriting itself (Randall P. Embry)
- fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink (Yikang Yue)
- ACPICA: Update dsmethod.c to get rid of unused variable warning (Saket Dumbre)
- orangefs: fix xattr related buffer overflow... (Mike Marshall)
- page_pool: Clamp pool size to max 16K pages (Dragos Tatulea)
- Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737213] {CVE-2025-40308}
- Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737224] {CVE-2025-40309}
- net: macb: avoid dealing with endianness in macb_set_hwaddr() (Théo Lebrun)
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (Al Viro) [Orabug: 38773245] {CVE-2025-68185}
- NFSv4.1: fix mount hang after CREATE_SESSION failure (Anthony Iliopoulos)
- NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia)
- remoteproc: qcom: q6v5: Avoid handling handover twice (Stephan Gerhold)
- sparc/module: Add R_SPARC_UA64 relocation handling (Koakuma)
- net: intel: fm10k: Fix parameter idx set but not used (Brahmajit Das)
- jfs: fix uninitialized waitqueue in transaction manager (Shaurya Rane)
- jfs: Verify inode mode when loading from disk (Tetsuo Handa)
- ipv6: np->rxpmtu race annotation (Eric Dumazet)
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (Krishna Kurapati)
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (Forest Crossman)
- allow finish_no_open(file, ERR_PTR(-E...)) (Al Viro)
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (Justin Tee)
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (Justin Tee)
- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency (Nai-Chen Cheng)
- net/cls_cgroup: Fix task_get_classid() during qdisc run (Yafang Shao)
- selftests: Replace sleep with slowwait (David Ahern)
- selftests: Disable dad for ipv6 in fcnal-test.sh (David Ahern)
- media: redrat3: use int type to store negative error codes (Rong Qianfeng)
- net: sh_eth: Disable WoL if system can not suspend (Niklas Söderlund)
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy (Harikrishna Shenoy)
- usb: gadget: f_hid: Fix zero length packet transfer (William Wu)
- net: call cond_resched() less often in __release_sock() (Eric Dumazet)
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (Cryolitia Pukngae)
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (Juraj Šarinay)
- dmaengine: dw-edma: Set status for callback_result (Devendra K Verma)
- dmaengine: mv_xor: match alloc_wc and free_wc (Rosen Penev)
- dmaengine: sh: setup_xref error handling (Thomas Andreatta)
- scsi: pm8001: Use int instead of u32 to store error codes (Rong Qianfeng)
- mips: lantiq: xway: sysctrl: rename stp clock (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing device_type in pci node (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing properties to cpu node (Aleksander Jan Bajkowski)
- media: fix uninitialized symbol warnings (Chelsy Ratnawat)
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (Amber Lin)
- extcon: adc-jack: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (Sungho Kim)
- net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. (Kuniyuki Iwashima)
- net: When removing nexthops, don't call synchronize_net if it is not necessary (Christoph Paasch)
- char: misc: Does not request module for miscdevice with dynamic minor (Zijun Hu)
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (Raub Camaioni)
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (Rodrigo Gobbi)
- media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773298] {CVE-2025-68194}
- net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773141] {CVE-2025-40363}
- bridge: Redirect to backup port when port is administratively down (Ido Schimmel)
- powerpc/eeh: Use result of error_detected() in uevent (Niklas Schnelle)
- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall (Kirill A. Shutemov)
- media: pci: ivtv: Don't create fake v4l2_fh (Laurent Pinchart)
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs (Geoffrey Mcrae)
- selftests/net: Ensure assert() triggers in psock_tpacket.c (Wake Liu)
- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 (Wake Liu)
- PCI: Disable MSI on RDC PCI to PCIe bridges (Marcos Del Sol Vives)
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (Seyediman Seyedarab)
- mfd: madera: Work around false-positive -Wininitialized warning (Arnd Bergmann)
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (Alexander Stein)
- mfd: stmpe: Remove IRQ domain upon removal (Alexander Stein)
- tools/power x86_energy_perf_policy: Prefer driver HWP limits (Len Brown)
- tools/power x86_energy_perf_policy: Enhance HWP enable (Len Brown)
- tools/cpupower: Fix incorrect size in cpuidle_state_disable() (Kaushlendra Kumar)
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (Armin Wolf)
- uprobe: Do not emulate/sstep original instruction when ip is changed (Jiri Olsa)
- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel (Daniel Lezcano)
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (Svyatoslav Ryhel)
- tee: allow a driver to allocate a tee_device without a pool (Amirreza Zarrabi)
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (Hans de Goede)
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (Sarthak Garg)
- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment (Christian Bruel)
- arc: Fix __fls() const-foldability via __builtin_clzl() (Kees Cook)
- cpufreq/longhaul: handle NULL policy in longhaul_exit (Dennis Beier)
- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 (Ricardo B. Marlière)
- ACPI: video: force native for Lenovo 82K8 (Mario Limonciello)
- memstick: Add timeout to prevent indefinite waiting (Jiayi Li)
- mmc: host: renesas_sdhi: Fix the actual clock (Biju Das)
- bpf: Don't use %pK through printk (Thomas Weißschuh)
- spi: loopback-test: Don't use %pK through printk (Thomas Weißschuh)
- soc: qcom: smem: Fix endian-unaware access of num_entries (Jens Reidel)
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable. (Owen Gu)
- serial: 8250_dw: handle reset control deassert error (Artem Shimko)
- serial: 8250_dw: Use devm_add_action_or_reset() (Andy Shevchenko)
- serial: 8250_dw: Use devm_clk_get_optional() to get the input clock (Andy Shevchenko)
- can: gs_usb: increase max interface to U8_MAX (Celeste Liu)
- devcoredump: Fix circular locking dependency with devcd->mutex. (Maarten Lankhorst)
- net: ravb: Enforce descriptor type ordering (Lad Prabhakar)
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (Babu Moger)
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug: 38737292] {CVE-2025-40321}
- net: phy: dp83867: Disable EEE support as not implemented (Emanuele Ghidoli)
- regmap: slimbus: fix bus_context pointer in regmap init calls (Alexey Klimov)
- drm/etnaviv: fix flush sequence logic (Tomeu Vizoso)
- usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773784] {CVE-2025-68312}
- wifi: ath10k: Fix memory leak on unsupported WMI command (Loic Poulain)
- ASoC: qdsp6: q6asm: do not sleep while atomic (Srinivas Kandagatla)
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (Miaoqian Lin)
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (Florian Fuchs)
- fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737301] {CVE-2025-40322}
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687005] {CVE-2025-40211}
- fbdev: atyfb: Check if pll_ops->init_pll failed (Daniel Palmer)
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (Miaoqian Lin)
- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (Filipe Manana)
- x86/bugs: Fix reporting of LFENCE retpoline (David Kaplan)
- net/sched: sch_qfq: Fix null-deref in agg_dequeue (Xiang Mei) [Orabug: 38597085] {CVE-2025-40083}

[5.4.17-2136.352.1]
- RDMA/cm: Rate limit destroy CM ID timeout error message (Håkon Bugge) [Orabug: 38753401]
- soc/pensando: giglio: hack dts to make things right (Rob Gardner) [Orabug: 38688154]
- soc/pensando: Add AMD Pensando Giglio SoC support (Brad Larson) [Orabug: 38688154]
- soc/pensando: psci support (David Clear) [Orabug: 38688154]
- soc/pensando: Giglio SoC eMMC interrupt driver (Brad Larson) [Orabug: 38688154]

[5.4.17-2136.351.3]
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38715366]
- fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38702507]
- uek-rpm: Replace check-kabi tool with kabi (Yifei Liu) [Orabug: 38673382]
- uek-rpm: Introduce check function for uek-rpm/tools/kabi (Yifei Liu) [Orabug: 38673382]

[5.4.17-2136.351.2]
- uek-rpm: kabi: Remove the kabi protection for debug kernels (Yifei Liu) [Orabug: 38609548]
- rds: Add smp_rmb before reading c_destroy_in_prog (Håkon Bugge) [Orabug: 38352486]
- uio_hv_generic: Set event for all channels on the device (Long Li)
- ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel)
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng)

[5.4.17-2136.351.1]
- scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (Sumit Saxena) [Orabug: 38630482]

[5.4.17-2136.350.3]
- net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506370]

ELBA-2026-50139 Oracle Linux 8 lvm2 bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50139

http://linux.oracle.com/errata/ELBA-2026-50139.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
device-mapper-1.02.181-15.0.2.el8_10.3.x86_64.rpm
device-mapper-event-1.02.181-15.0.2.el8_10.3.x86_64.rpm
device-mapper-event-libs-1.02.181-15.0.2.el8_10.3.i686.rpm
device-mapper-event-libs-1.02.181-15.0.2.el8_10.3.x86_64.rpm
device-mapper-libs-1.02.181-15.0.2.el8_10.3.i686.rpm
device-mapper-libs-1.02.181-15.0.2.el8_10.3.x86_64.rpm
lvm2-2.03.14-15.0.2.el8_10.3.x86_64.rpm
lvm2-dbusd-2.03.14-15.0.2.el8_10.3.noarch.rpm
lvm2-libs-2.03.14-15.0.2.el8_10.3.i686.rpm
lvm2-libs-2.03.14-15.0.2.el8_10.3.x86_64.rpm
lvm2-lockd-2.03.14-15.0.2.el8_10.3.x86_64.rpm
device-mapper-devel-1.02.181-15.0.2.el8_10.3.i686.rpm
device-mapper-devel-1.02.181-15.0.2.el8_10.3.x86_64.rpm
device-mapper-event-devel-1.02.181-15.0.2.el8_10.3.i686.rpm
device-mapper-event-devel-1.02.181-15.0.2.el8_10.3.x86_64.rpm
lvm2-devel-2.03.14-15.0.2.el8_10.3.i686.rpm
lvm2-devel-2.03.14-15.0.2.el8_10.3.x86_64.rpm

aarch64:
device-mapper-1.02.181-15.0.2.el8_10.3.aarch64.rpm
device-mapper-event-1.02.181-15.0.2.el8_10.3.aarch64.rpm
device-mapper-event-libs-1.02.181-15.0.2.el8_10.3.aarch64.rpm
device-mapper-libs-1.02.181-15.0.2.el8_10.3.aarch64.rpm
lvm2-2.03.14-15.0.2.el8_10.3.aarch64.rpm
lvm2-dbusd-2.03.14-15.0.2.el8_10.3.noarch.rpm
lvm2-libs-2.03.14-15.0.2.el8_10.3.aarch64.rpm
lvm2-lockd-2.03.14-15.0.2.el8_10.3.aarch64.rpm
device-mapper-devel-1.02.181-15.0.2.el8_10.3.aarch64.rpm
device-mapper-event-devel-1.02.181-15.0.2.el8_10.3.aarch64.rpm
lvm2-devel-2.03.14-15.0.2.el8_10.3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/lvm2-2.03.14-15.0.2.el8_10.3.src.rpm

Description of changes:

[2.03.14-15.0.2.el8_10.3]
- Remove symlink protection for /dev/disk/by-label symlinks [Orabug: 38850123]

ELBA-2026-2414 Oracle Linux 8 linux-firmware bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2026-2414

http://linux.oracle.com/errata/ELBA-2026-2414.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.46.el8.noarch.rpm
iwl100-firmware-39.31.5.1-999.46.el8.noarch.rpm
iwl105-firmware-18.168.6.1-999.46.el8.noarch.rpm
iwl135-firmware-18.168.6.1-999.46.el8.noarch.rpm
iwl2000-firmware-18.168.6.1-999.46.el8.noarch.rpm
iwl2030-firmware-18.168.6.1-999.46.el8.noarch.rpm
iwl3160-firmware-25.30.13.0-999.46.el8.noarch.rpm
iwl3945-firmware-15.32.2.9-999.46.el8.noarch.rpm
iwl4965-firmware-228.61.2.24-999.46.el8.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.46.el8.noarch.rpm
iwl5150-firmware-8.24.2.2-999.46.el8.noarch.rpm
iwl6000-firmware-9.221.4.1-999.46.el8.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.46.el8.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.46.el8.noarch.rpm
iwl6050-firmware-41.28.5.1-999.46.el8.noarch.rpm
iwl7260-firmware-25.30.13.0-999.46.el8.noarch.rpm
iwlax2xx-firmware-20260209-999.46.el8.noarch.rpm
libertas-sd8686-firmware-20260209-999.46.gitd87f4693.el8.noarch.rpm
libertas-sd8787-firmware-20260209-999.46.gitd87f4693.el8.noarch.rpm
libertas-usb8388-firmware-20260209-999.46.gitd87f4693.el8.noarch.rpm
libertas-usb8388-olpc-firmware-20260209-999.46.gitd87f4693.el8.noarch.rpm
linux-firmware-20260209-999.46.gitd87f4693.el8.noarch.rpm
linux-firmware-core-20260209-999.46.gitd87f4693.el8.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.46.el8.noarch.rpm
iwl100-firmware-39.31.5.1-999.46.el8.noarch.rpm
iwl105-firmware-18.168.6.1-999.46.el8.noarch.rpm
iwl135-firmware-18.168.6.1-999.46.el8.noarch.rpm
iwl2000-firmware-18.168.6.1-999.46.el8.noarch.rpm
iwl2030-firmware-18.168.6.1-999.46.el8.noarch.rpm
iwl3160-firmware-25.30.13.0-999.46.el8.noarch.rpm
iwl3945-firmware-15.32.2.9-999.46.el8.noarch.rpm
iwl4965-firmware-228.61.2.24-999.46.el8.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.46.el8.noarch.rpm
iwl5150-firmware-8.24.2.2-999.46.el8.noarch.rpm
iwl6000-firmware-9.221.4.1-999.46.el8.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.46.el8.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.46.el8.noarch.rpm
iwl6050-firmware-41.28.5.1-999.46.el8.noarch.rpm
iwl7260-firmware-25.30.13.0-999.46.el8.noarch.rpm
iwlax2xx-firmware-20260209-999.46.el8.noarch.rpm
libertas-sd8686-firmware-20260209-999.46.gitd87f4693.el8.noarch.rpm
libertas-sd8787-firmware-20260209-999.46.gitd87f4693.el8.noarch.rpm
libertas-usb8388-firmware-20260209-999.46.gitd87f4693.el8.noarch.rpm
libertas-usb8388-olpc-firmware-20260209-999.46.gitd87f4693.el8.noarch.rpm
linux-firmware-20260209-999.46.gitd87f4693.el8.noarch.rpm
linux-firmware-core-20260209-999.46.gitd87f4693.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/linux-firmware-20260209-999.46.gitd87f4693.el8.src.rpm

Description of changes:

[20260209-999.46.gitd87f4693.el8]
- Rebase to latest upstream [Orabug: 38858080]

ELBA-2026-50138 Oracle Linux 8 bcache-tools bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50138

http://linux.oracle.com/errata/ELBA-2026-50138.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bcache-tools-1.0.8-3.101.0.4.el8.x86_64.rpm

aarch64:
bcache-tools-1.0.8-3.101.0.4.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/bcache-tools-1.0.8-3.101.0.4.el8.src.rpm

Description of changes:

[1.0.8-3.101.0.4]
- Remove symlink protection for /dev/disk/by-label links [Orabug: 38850111]

ELBA-2026-50137 Oracle Linux 8 mdadm bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50137

http://linux.oracle.com/errata/ELBA-2026-50137.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
mdadm-4.2-19.0.2.el8_10.x86_64.rpm

aarch64:
mdadm-4.2-19.0.2.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/mdadm-4.2-19.0.2.el8_10.src.rpm

Description of changes:

[4.2-19.0.2]
- Remove symlink protection for /dev/disk/by-label symlinks [Orabug: 38850118]

ELBA-2026-50135 Oracle Linux 8 smartmontools bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50135

http://linux.oracle.com/errata/ELBA-2026-50135.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
smartmontools-7.1-3.0.2.el8.x86_64.rpm

aarch64:
smartmontools-7.1-3.0.2.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/smartmontools-7.1-3.0.2.el8.src.rpm

Description of changes:

[1:7.1-3.0.2]
- scsiprint.cpp: in scsiPrintPendingDefectsLPage() printf() --> jout(). [Orabug: 38992930]

ELSA-2026-50142 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50142

http://linux.oracle.com/errata/ELSA-2026-50142.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.353.3.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.353.3.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.353.3.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.353.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.353.3.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.353.3.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.353.3.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.353.3.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.353.3.el7uek.src.rpm

Related CVEs:

CVE-2025-40215

Description of changes:

[5.4.17-2136.353.3]
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca) [Orabug: 38934000]
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 38934000]
- Revert "xfrm: destroy xfrm_state synchronously on net exit path" (Sabrina Dubroca) [Orabug: 38934000]
- Revert "IB/mlx5: Implement clear counters" (Sharath Srinivasan) [Orabug: 38923520]
- Revert "IB/core: Implement clear counters" (Sharath Srinivasan) [Orabug: 38923520]
- Revert "ib/core: add SET_DEVICE_OP call for clear_hw_stats()" (Sharath Srinivasan) [Orabug: 38923520]
- fs: proc: inode: delay put_pid() by RCU (Stephen Brennan) [Orabug: 38766812]

[5.4.17-2136.353.2]
- Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" (Jiri Olsa) [Orabug: 38893604]
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38730493] {CVE-2025-40215}

[5.4.17-2136.352.5]
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907] {CVE-2025-40022}

[5.4.17-2136.352.4]
- arm64: pensando: Must boot Ortano kernel with spin-table (Rob Gardner) [Orabug: 38821197]

[5.4.17-2136.352.3]
- net/sched: adjust device watchdog timer to detect stopped queue at right time (Praveen Kumar Kannoju) [Orabug: 38340278]
- net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change (Praveen Kumar Kannoju) [Orabug: 38252416]
- infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xsvnic_main: Remove unused functions (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_cm: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' (Siddh Raman Pant) [Orabug: 38418469]
- rds: Fix jiffies type in struct rds_conn_path (Siddh Raman Pant) [Orabug: 38418727]
- kernel: sysctl: Remove unused variable 'zero' (Siddh Raman Pant) [Orabug: 38418727]
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537469] {CVE-2025-39964}
- RDMA/cm: Base cm_id destruction timeout on CMA values (Håkon Bugge) [Orabug: 38753622]
- x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756954]

[5.4.17-2136.352.2]
- LTS tag: v5.4.302 (Sherry Yang)
- Input: pegasus-notetaker - fix potential out-of-bounds access (Seungjin Bae)
- Input: remove third argument of usb_maxpacket() (Vincent Mailhol)
- usb: deprecate the third argument of usb_maxpacket() (Vincent Mailhol)
- fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737034,38786776,38787139] {CVE-2025-40271}
- pmdomain: imx: Fix reference count leak in imx_gpc_remove (Miaoqian Lin)
- pmdomain: arm: scmi: Fix genpd leak on provider registration failure (Sudeep Holla)
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug: 38773510] {CVE-2025-68245}
- net: qede: Initialize qede_ll_ops with designated initializer (Nathan Chancellor)
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon)
- ALSA: usb-audio: fix uac2 clock source at terminal parser (René Rebe)
- mm/page_alloc: fix hash table order logging in alloc_large_system_hash() (Isaac J. Manjarres)
- kconfig/nconf: Initialize the default locale at startup (Jakub Horký)
- kconfig/mconf: Initialize the default locale at startup (Jakub Horký)
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730612] {CVE-2025-40248}
- s390/ctcm: Fix double-kfree (Aleksei Nikiforov)
- net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730650] {CVE-2025-40254}
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan)
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki)
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773441] {CVE-2025-68229}
- scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730664] {CVE-2025-40259}
- Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730681] {CVE-2025-40263}
- be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730691] {CVE-2025-40264}
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798908] {CVE-2025-68734}
- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection (Niravkumar L Rabara)
- EDAC/altera: Handle OCRAM ECC enable after warm reset (Niravkumar L Rabara)
- spi: Try to get ACPI GPIO IRQ earlier (Hans de Goede)
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773496] {CVE-2025-68241}
- strparser: Fix signed/unsigned mismatch bug (Nate Karstens)
- gcov: add support for GCC 15 (Peter Oberparleiter)
- mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs)
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug: 38737052] {CVE-2025-40275}
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737061] {CVE-2025-40277}
- ASoC: cs4271: Fix regulator leak on probe failure (Xu Wang)
- regulator: fixed: fix GPIO descriptor leak on register failure (Xu Wang)
- regulator: fixed: use dev_err_probe for register (Chris Morgan)
- Bluetooth: L2CAP: export l2cap_chan_hold for modules (Pauli Virtanen)
- net_sched: limit try_bulk_dequeue_skb() batches (Eric Dumazet)
- net_sched: remove need_resched() from qdisc_run() (Eric Dumazet)
- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps (Gal Pressman)
- net/mlx5e: Fix maxrate wraparound in threshold between units (Gal Pressman)
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (Ranganath V N)
- wifi: mac80211: skip rate verification for not captured PSDUs (Benjamin Berg)
- net: mdio: fix resource leak in mdiobus_register_device() (Csaba Buday)
- tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38737084] {CVE-2025-40280}
- tipc: simplify the finalize work queue (Xin Long)
- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug: 38737091] {CVE-2025-40281}
- sctp: get netns from asoc and ep base (Xin Long)
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (Pauli Virtanen)
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (Pauli Virtanen)
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (Pauli Virtanen)
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737104] {CVE-2025-40283}
- net: fec: correct rx_bytes statistic for the case SHIFT16 is set (Wei Fang)
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (Sharique Mohammad)
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (Tristan Lobb)
- NFS4: Fix state renewals missing after boot (Joshua Watt)
- compiler_types: Move unused static inline functions warning to W=2 (Peter Zijlstra)
- extcon: adc-jack: Cleanup wakeup source only if it was enabled (Krzysztof Kozlowski)
- tracing: Fix memory leaks in create_field_var() (Zilin Guan)
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773283] {CVE-2025-68192}
- sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747447] {CVE-2025-40331}
- sctp: Hold RCU read lock while iterating over address list (Stefan Wiehler)
- net: dsa: b53: stop reading ARL entries if search is done (Jonas Gorski)
- net: dsa: b53: fix enabling ip multicast (Jonas Gorski)
- net: dsa: b53: fix resetting speed and pause on forced link (Jonas Gorski)
- net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 (Álvaro Fernández Rojas)
- net: dsa/b53: change b53_force_port_config() pause argument (Russell King)
- net: vlan: sync VLAN features with lower device (Hangbin Liu)
- ceph: add checking of wait_for_completion_killable() return value (Viacheslav Dubeyko)
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug: 38737182] {CVE-2025-40304}
- ACPI: property: Return present device nodes only on fwnode interface (Sakari Ailus)
- 9p: sysfs_init: don't hardcode error to ENOMEM (Randall P. Embry)
- 9p: fix /sys/fs/9p/caches overwriting itself (Randall P. Embry)
- fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink (Yikang Yue)
- ACPICA: Update dsmethod.c to get rid of unused variable warning (Saket Dumbre)
- orangefs: fix xattr related buffer overflow... (Mike Marshall)
- page_pool: Clamp pool size to max 16K pages (Dragos Tatulea)
- Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737213] {CVE-2025-40308}
- Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737224] {CVE-2025-40309}
- net: macb: avoid dealing with endianness in macb_set_hwaddr() (Théo Lebrun)
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (Al Viro) [Orabug: 38773245] {CVE-2025-68185}
- NFSv4.1: fix mount hang after CREATE_SESSION failure (Anthony Iliopoulos)
- NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia)
- remoteproc: qcom: q6v5: Avoid handling handover twice (Stephan Gerhold)
- sparc/module: Add R_SPARC_UA64 relocation handling (Koakuma)
- net: intel: fm10k: Fix parameter idx set but not used (Brahmajit Das)
- jfs: fix uninitialized waitqueue in transaction manager (Shaurya Rane)
- jfs: Verify inode mode when loading from disk (Tetsuo Handa)
- ipv6: np->rxpmtu race annotation (Eric Dumazet)
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (Krishna Kurapati)
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (Forest Crossman)
- allow finish_no_open(file, ERR_PTR(-E...)) (Al Viro)
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (Justin Tee)
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (Justin Tee)
- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency (Nai-Chen Cheng)
- net/cls_cgroup: Fix task_get_classid() during qdisc run (Yafang Shao)
- selftests: Replace sleep with slowwait (David Ahern)
- selftests: Disable dad for ipv6 in fcnal-test.sh (David Ahern)
- media: redrat3: use int type to store negative error codes (Rong Qianfeng)
- net: sh_eth: Disable WoL if system can not suspend (Niklas Söderlund)
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy (Harikrishna Shenoy)
- usb: gadget: f_hid: Fix zero length packet transfer (William Wu)
- net: call cond_resched() less often in __release_sock() (Eric Dumazet)
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (Cryolitia Pukngae)
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (Juraj Šarinay)
- dmaengine: dw-edma: Set status for callback_result (Devendra K Verma)
- dmaengine: mv_xor: match alloc_wc and free_wc (Rosen Penev)
- dmaengine: sh: setup_xref error handling (Thomas Andreatta)
- scsi: pm8001: Use int instead of u32 to store error codes (Rong Qianfeng)
- mips: lantiq: xway: sysctrl: rename stp clock (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing device_type in pci node (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing properties to cpu node (Aleksander Jan Bajkowski)
- media: fix uninitialized symbol warnings (Chelsy Ratnawat)
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (Amber Lin)
- extcon: adc-jack: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (Sungho Kim)
- net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. (Kuniyuki Iwashima)
- net: When removing nexthops, don't call synchronize_net if it is not necessary (Christoph Paasch)
- char: misc: Does not request module for miscdevice with dynamic minor (Zijun Hu)
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (Raub Camaioni)
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (Rodrigo Gobbi)
- media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773298] {CVE-2025-68194}
- net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773141] {CVE-2025-40363}
- bridge: Redirect to backup port when port is administratively down (Ido Schimmel)
- powerpc/eeh: Use result of error_detected() in uevent (Niklas Schnelle)
- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall (Kirill A. Shutemov)
- media: pci: ivtv: Don't create fake v4l2_fh (Laurent Pinchart)
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs (Geoffrey Mcrae)
- selftests/net: Ensure assert() triggers in psock_tpacket.c (Wake Liu)
- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 (Wake Liu)
- PCI: Disable MSI on RDC PCI to PCIe bridges (Marcos Del Sol Vives)
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (Seyediman Seyedarab)
- mfd: madera: Work around false-positive -Wininitialized warning (Arnd Bergmann)
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (Alexander Stein)
- mfd: stmpe: Remove IRQ domain upon removal (Alexander Stein)
- tools/power x86_energy_perf_policy: Prefer driver HWP limits (Len Brown)
- tools/power x86_energy_perf_policy: Enhance HWP enable (Len Brown)
- tools/cpupower: Fix incorrect size in cpuidle_state_disable() (Kaushlendra Kumar)
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (Armin Wolf)
- uprobe: Do not emulate/sstep original instruction when ip is changed (Jiri Olsa)
- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel (Daniel Lezcano)
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (Svyatoslav Ryhel)
- tee: allow a driver to allocate a tee_device without a pool (Amirreza Zarrabi)
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (Hans de Goede)
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (Sarthak Garg)
- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment (Christian Bruel)
- arc: Fix __fls() const-foldability via __builtin_clzl() (Kees Cook)
- cpufreq/longhaul: handle NULL policy in longhaul_exit (Dennis Beier)
- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 (Ricardo B. Marlière)
- ACPI: video: force native for Lenovo 82K8 (Mario Limonciello)
- memstick: Add timeout to prevent indefinite waiting (Jiayi Li)
- mmc: host: renesas_sdhi: Fix the actual clock (Biju Das)
- bpf: Don't use %pK through printk (Thomas Weißschuh)
- spi: loopback-test: Don't use %pK through printk (Thomas Weißschuh)
- soc: qcom: smem: Fix endian-unaware access of num_entries (Jens Reidel)
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable. (Owen Gu)
- serial: 8250_dw: handle reset control deassert error (Artem Shimko)
- serial: 8250_dw: Use devm_add_action_or_reset() (Andy Shevchenko)
- serial: 8250_dw: Use devm_clk_get_optional() to get the input clock (Andy Shevchenko)
- can: gs_usb: increase max interface to U8_MAX (Celeste Liu)
- devcoredump: Fix circular locking dependency with devcd->mutex. (Maarten Lankhorst)
- net: ravb: Enforce descriptor type ordering (Lad Prabhakar)
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (Babu Moger)
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug: 38737292] {CVE-2025-40321}
- net: phy: dp83867: Disable EEE support as not implemented (Emanuele Ghidoli)
- regmap: slimbus: fix bus_context pointer in regmap init calls (Alexey Klimov)
- drm/etnaviv: fix flush sequence logic (Tomeu Vizoso)
- usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773784] {CVE-2025-68312}
- wifi: ath10k: Fix memory leak on unsupported WMI command (Loic Poulain)
- ASoC: qdsp6: q6asm: do not sleep while atomic (Srinivas Kandagatla)
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (Miaoqian Lin)
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (Florian Fuchs)
- fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737301] {CVE-2025-40322}
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687005] {CVE-2025-40211}
- fbdev: atyfb: Check if pll_ops->init_pll failed (Daniel Palmer)
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (Miaoqian Lin)
- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (Filipe Manana)
- x86/bugs: Fix reporting of LFENCE retpoline (David Kaplan)
- net/sched: sch_qfq: Fix null-deref in agg_dequeue (Xiang Mei) [Orabug: 38597085] {CVE-2025-40083}

[5.4.17-2136.352.1]
- RDMA/cm: Rate limit destroy CM ID timeout error message (Håkon Bugge) [Orabug: 38753401]
- soc/pensando: giglio: hack dts to make things right (Rob Gardner) [Orabug: 38688154]
- soc/pensando: Add AMD Pensando Giglio SoC support (Brad Larson) [Orabug: 38688154]
- soc/pensando: psci support (David Clear) [Orabug: 38688154]
- soc/pensando: Giglio SoC eMMC interrupt driver (Brad Larson) [Orabug: 38688154]

[5.4.17-2136.351.3]
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38715366]
- fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38702507]
- uek-rpm: Replace check-kabi tool with kabi (Yifei Liu) [Orabug: 38673382]
- uek-rpm: Introduce check function for uek-rpm/tools/kabi (Yifei Liu) [Orabug: 38673382]

[5.4.17-2136.351.2]
- uek-rpm: kabi: Remove the kabi protection for debug kernels (Yifei Liu) [Orabug: 38609548]
- rds: Add smp_rmb before reading c_destroy_in_prog (Håkon Bugge) [Orabug: 38352486]
- uio_hv_generic: Set event for all channels on the device (Long Li)
- ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel)
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng)

[5.4.17-2136.351.1]
- scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (Sumit Saxena) [Orabug: 38630482]

ELSA-2026-50134 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50134

http://linux.oracle.com/errata/ELSA-2026-50134.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.352.5.1.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.352.5.1.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.352.5.1.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.352.5.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.352.5.1.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.352.5.1.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.352.5.1.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.352.5.1.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.352.5.1.el7uek.src.rpm

Related CVEs:

CVE-2025-40215
CVE-2025-40256

Description of changes:

[5.4.17-2136.352.5.1]
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca) [Orabug: 39016499]
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca) [Orabug: 39016499]
- Revert "xfrm: destroy xfrm_state synchronously on net exit path" (Sabrina Dubroca) [Orabug: 39016499]
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 39016501] {CVE-2025-40215}

[5.4.17-2136.352.5]
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38879907] {CVE-2025-40022}

[5.4.17-2136.352.4]
- arm64: pensando: Must boot Ortano kernel with spin-table (Rob Gardner) [Orabug: 38821197]

[5.4.17-2136.352.3]
- net/sched: adjust device watchdog timer to detect stopped queue at right time (Praveen Kumar Kannoju) [Orabug: 38340278]
- net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change (Praveen Kumar Kannoju) [Orabug: 38252416]
- infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xsvnic_main: Remove unused functions (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_cm: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_ib: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix mixed code warning (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xve_main: Fix misleading indentation (Siddh Raman Pant) [Orabug: 38418469]
- inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' (Siddh Raman Pant) [Orabug: 38418469]
- infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' (Siddh Raman Pant) [Orabug: 38418469]
- rds: Fix jiffies type in struct rds_conn_path (Siddh Raman Pant) [Orabug: 38418727]
- kernel: sysctl: Remove unused variable 'zero' (Siddh Raman Pant) [Orabug: 38418727]
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38537469] {CVE-2025-39964}
- RDMA/cm: Base cm_id destruction timeout on CMA values (Håkon Bugge) [Orabug: 38753622]
- x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756954]

[5.4.17-2136.352.2]
- LTS tag: v5.4.302 (Sherry Yang)
- Input: pegasus-notetaker - fix potential out-of-bounds access (Seungjin Bae)
- Input: remove third argument of usb_maxpacket() (Vincent Mailhol)
- usb: deprecate the third argument of usb_maxpacket() (Vincent Mailhol)
- fs/proc: fix uaf in proc_readdir_de() (Wei Yang) [Orabug: 38737034,38786776,38787139] {CVE-2025-40271}
- pmdomain: imx: Fix reference count leak in imx_gpc_remove (Miaoqian Lin)
- pmdomain: arm: scmi: Fix genpd leak on provider registration failure (Sudeep Holla)
- net: netpoll: fix incorrect refcount handling causing incorrect cleanup (Breno Leitao) [Orabug: 38773510] {CVE-2025-68245}
- net: qede: Initialize qede_ll_ops with designated initializer (Nathan Chancellor)
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon)
- ALSA: usb-audio: fix uac2 clock source at terminal parser (René Rebe)
- mm/page_alloc: fix hash table order logging in alloc_large_system_hash() (Isaac J. Manjarres)
- kconfig/nconf: Initialize the default locale at startup (Jakub Horký)
- kconfig/mconf: Initialize the default locale at startup (Jakub Horký)
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730612] {CVE-2025-40248}
- s390/ctcm: Fix double-kfree (Aleksei Nikiforov)
- net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730650] {CVE-2025-40254}
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan)
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki)
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773441] {CVE-2025-68229}
- scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730664] {CVE-2025-40259}
- Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730681] {CVE-2025-40263}
- be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730691] {CVE-2025-40264}
- isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() (Abdun Nihaal) [Orabug: 38798908] {CVE-2025-68734}
- EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection (Niravkumar L Rabara)
- EDAC/altera: Handle OCRAM ECC enable after warm reset (Niravkumar L Rabara)
- spi: Try to get ACPI GPIO IRQ earlier (Hans de Goede)
- ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe (Chuang Wang) [Orabug: 38773496] {CVE-2025-68241}
- strparser: Fix signed/unsigned mismatch bug (Nate Karstens)
- gcov: add support for GCC 15 (Peter Oberparleiter)
- mm/ksm: fix flag-dropping behavior in ksm_madvise (Jakub Acs)
- ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd (Haein Lee) [Orabug: 38737052] {CVE-2025-40275}
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (Ian Forbes) [Orabug: 38737061] {CVE-2025-40277}
- ASoC: cs4271: Fix regulator leak on probe failure (Xu Wang)
- regulator: fixed: fix GPIO descriptor leak on register failure (Xu Wang)
- regulator: fixed: use dev_err_probe for register (Chris Morgan)
- Bluetooth: L2CAP: export l2cap_chan_hold for modules (Pauli Virtanen)
- net_sched: limit try_bulk_dequeue_skb() batches (Eric Dumazet)
- net_sched: remove need_resched() from qdisc_run() (Eric Dumazet)
- net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps (Gal Pressman)
- net/mlx5e: Fix maxrate wraparound in threshold between units (Gal Pressman)
- net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak (Ranganath V N)
- wifi: mac80211: skip rate verification for not captured PSDUs (Benjamin Berg)
- net: mdio: fix resource leak in mdiobus_register_device() (Csaba Buday)
- tipc: Fix use-after-free in tipc_mon_reinit_self(). (Kuniyuki Iwashima) [Orabug: 38737084] {CVE-2025-40280}
- tipc: simplify the finalize work queue (Xin Long)
- sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto (Eric Dumazet) [Orabug: 38737091] {CVE-2025-40281}
- sctp: get netns from asoc and ep base (Xin Long)
- Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions (Pauli Virtanen)
- Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion (Pauli Virtanen)
- Bluetooth: 6lowpan: reset link-local header on ipv6 recv path (Pauli Virtanen)
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (Raphael Pinsonneault-Thibeault) [Orabug: 38737104] {CVE-2025-40283}
- net: fec: correct rx_bytes statistic for the case SHIFT16 is set (Wei Fang)
- ASoC: max98090/91: fixed max98091 ALSA widget powering up/down (Sharique Mohammad)
- HID: quirks: avoid Cooler Master MM712 dongle wakeup bug (Tristan Lobb)
- NFS4: Fix state renewals missing after boot (Joshua Watt)
- compiler_types: Move unused static inline functions warning to W=2 (Peter Zijlstra)
- extcon: adc-jack: Cleanup wakeup source only if it was enabled (Krzysztof Kozlowski)
- tracing: Fix memory leaks in create_field_var() (Zilin Guan)
- net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup (Qendrim Maxhuni) [Orabug: 38773283] {CVE-2025-68192}
- sctp: Prevent TOCTOU out-of-bounds write (Stefan Wiehler) [Orabug: 38747447] {CVE-2025-40331}
- sctp: Hold RCU read lock while iterating over address list (Stefan Wiehler)
- net: dsa: b53: stop reading ARL entries if search is done (Jonas Gorski)
- net: dsa: b53: fix enabling ip multicast (Jonas Gorski)
- net: dsa: b53: fix resetting speed and pause on forced link (Jonas Gorski)
- net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 (Álvaro Fernández Rojas)
- net: dsa/b53: change b53_force_port_config() pause argument (Russell King)
- net: vlan: sync VLAN features with lower device (Hangbin Liu)
- ceph: add checking of wait_for_completion_killable() return value (Viacheslav Dubeyko)
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (Albin Babu Varghese) [Orabug: 38737182] {CVE-2025-40304}
- ACPI: property: Return present device nodes only on fwnode interface (Sakari Ailus)
- 9p: sysfs_init: don't hardcode error to ENOMEM (Randall P. Embry)
- 9p: fix /sys/fs/9p/caches overwriting itself (Randall P. Embry)
- fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink (Yikang Yue)
- ACPICA: Update dsmethod.c to get rid of unused variable warning (Saket Dumbre)
- orangefs: fix xattr related buffer overflow... (Mike Marshall)
- page_pool: Clamp pool size to max 16K pages (Dragos Tatulea)
- Bluetooth: bcsp: receive data only if registered (Ivan Pravdin) [Orabug: 38737213] {CVE-2025-40308}
- Bluetooth: SCO: Fix UAF on sco_conn_free (Luiz Augusto von Dentz) [Orabug: 38737224] {CVE-2025-40309}
- net: macb: avoid dealing with endianness in macb_set_hwaddr() (Théo Lebrun)
- nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing (Al Viro) [Orabug: 38773245] {CVE-2025-68185}
- NFSv4.1: fix mount hang after CREATE_SESSION failure (Anthony Iliopoulos)
- NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia)
- remoteproc: qcom: q6v5: Avoid handling handover twice (Stephan Gerhold)
- sparc/module: Add R_SPARC_UA64 relocation handling (Koakuma)
- net: intel: fm10k: Fix parameter idx set but not used (Brahmajit Das)
- jfs: fix uninitialized waitqueue in transaction manager (Shaurya Rane)
- jfs: Verify inode mode when loading from disk (Tetsuo Handa)
- ipv6: np->rxpmtu race annotation (Eric Dumazet)
- usb: xhci: plat: Facilitate using autosuspend for xhci plat devices (Krishna Kurapati)
- usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs (Forest Crossman)
- allow finish_no_open(file, ERR_PTR(-E...)) (Al Viro)
- scsi: lpfc: Define size of debugfs entry for xri rebalancing (Justin Tee)
- scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET (Justin Tee)
- selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency (Nai-Chen Cheng)
- net/cls_cgroup: Fix task_get_classid() during qdisc run (Yafang Shao)
- selftests: Replace sleep with slowwait (David Ahern)
- selftests: Disable dad for ipv6 in fcnal-test.sh (David Ahern)
- media: redrat3: use int type to store negative error codes (Rong Qianfeng)
- net: sh_eth: Disable WoL if system can not suspend (Niklas Söderlund)
- phy: cadence: cdns-dphy: Enable lower resolutions in dphy (Harikrishna Shenoy)
- usb: gadget: f_hid: Fix zero length packet transfer (William Wu)
- net: call cond_resched() less often in __release_sock() (Eric Dumazet)
- ALSA: usb-audio: apply quirk for MOONDROP Quark2 (Cryolitia Pukngae)
- net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms (Juraj Šarinay)
- dmaengine: dw-edma: Set status for callback_result (Devendra K Verma)
- dmaengine: mv_xor: match alloc_wc and free_wc (Rosen Penev)
- dmaengine: sh: setup_xref error handling (Thomas Andreatta)
- scsi: pm8001: Use int instead of u32 to store error codes (Rong Qianfeng)
- mips: lantiq: xway: sysctrl: rename stp clock (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing device_type in pci node (Aleksander Jan Bajkowski)
- mips: lantiq: danube: add missing properties to cpu node (Aleksander Jan Bajkowski)
- media: fix uninitialized symbol warnings (Chelsy Ratnawat)
- drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption (Amber Lin)
- extcon: adc-jack: Fix wakeup source leaks on device unbind (Krzysztof Kozlowski)
- PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call (Sungho Kim)
- net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. (Kuniyuki Iwashima)
- net: When removing nexthops, don't call synchronize_net if it is not necessary (Christoph Paasch)
- char: misc: Does not request module for miscdevice with dynamic minor (Zijun Hu)
- usb: gadget: f_ncm: Fix MAC assignment NCM ethernet (Raub Camaioni)
- iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register (Rodrigo Gobbi)
- media: imon: make send_packet() more robust (Tetsuo Handa) [Orabug: 38773298] {CVE-2025-68194}
- net: ipv6: fix field-spanning memcpy warning in AH output (Charalampos Mitrodimas) [Orabug: 38773141] {CVE-2025-40363}
- bridge: Redirect to backup port when port is administratively down (Ido Schimmel)
- powerpc/eeh: Use result of error_detected() in uevent (Niklas Schnelle)
- x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall (Kirill A. Shutemov)
- media: pci: ivtv: Don't create fake v4l2_fh (Laurent Pinchart)
- drm/amdkfd: return -ENOTTY for unsupported IOCTLs (Geoffrey Mcrae)
- selftests/net: Ensure assert() triggers in psock_tpacket.c (Wake Liu)
- selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 (Wake Liu)
- PCI: Disable MSI on RDC PCI to PCIe bridges (Marcos Del Sol Vives)
- drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() (Seyediman Seyedarab)
- mfd: madera: Work around false-positive -Wininitialized warning (Arnd Bergmann)
- mfd: stmpe-i2c: Add missing MODULE_LICENSE (Alexander Stein)
- mfd: stmpe: Remove IRQ domain upon removal (Alexander Stein)
- tools/power x86_energy_perf_policy: Prefer driver HWP limits (Len Brown)
- tools/power x86_energy_perf_policy: Enhance HWP enable (Len Brown)
- tools/cpupower: Fix incorrect size in cpuidle_state_disable() (Kaushlendra Kumar)
- hwmon: (dell-smm) Add support for Dell OptiPlex 7040 (Armin Wolf)
- uprobe: Do not emulate/sstep original instruction when ip is changed (Jiri Olsa)
- clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel (Daniel Lezcano)
- video: backlight: lp855x_bl: Set correct EPROM start for LP8556 (Svyatoslav Ryhel)
- tee: allow a driver to allocate a tee_device without a pool (Amirreza Zarrabi)
- ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() (Hans de Goede)
- mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card (Sarthak Garg)
- irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment (Christian Bruel)
- arc: Fix __fls() const-foldability via __builtin_clzl() (Kees Cook)
- cpufreq/longhaul: handle NULL policy in longhaul_exit (Dennis Beier)
- selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 (Ricardo B. Marlière)
- ACPI: video: force native for Lenovo 82K8 (Mario Limonciello)
- memstick: Add timeout to prevent indefinite waiting (Jiayi Li)
- mmc: host: renesas_sdhi: Fix the actual clock (Biju Das)
- bpf: Don't use %pK through printk (Thomas Weißschuh)
- spi: loopback-test: Don't use %pK through printk (Thomas Weißschuh)
- soc: qcom: smem: Fix endian-unaware access of num_entries (Jens Reidel)
- usb: gadget: f_fs: Fix epfile null pointer access after ep enable. (Owen Gu)
- serial: 8250_dw: handle reset control deassert error (Artem Shimko)
- serial: 8250_dw: Use devm_add_action_or_reset() (Andy Shevchenko)
- serial: 8250_dw: Use devm_clk_get_optional() to get the input clock (Andy Shevchenko)
- can: gs_usb: increase max interface to U8_MAX (Celeste Liu)
- devcoredump: Fix circular locking dependency with devcd->mutex. (Maarten Lankhorst)
- net: ravb: Enforce descriptor type ordering (Lad Prabhakar)
- x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID (Babu Moger)
- wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode (Gokul Sivakumar) [Orabug: 38737292] {CVE-2025-40321}
- net: phy: dp83867: Disable EEE support as not implemented (Emanuele Ghidoli)
- regmap: slimbus: fix bus_context pointer in regmap init calls (Alexey Klimov)
- drm/etnaviv: fix flush sequence logic (Tomeu Vizoso)
- usbnet: Prevents free active kevent (Lizhi Xu) [Orabug: 38773784] {CVE-2025-68312}
- wifi: ath10k: Fix memory leak on unsupported WMI command (Loic Poulain)
- ASoC: qdsp6: q6asm: do not sleep while atomic (Srinivas Kandagatla)
- fbdev: valkyriefb: Fix reference count leak in valkyriefb_init (Miaoqian Lin)
- fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS (Florian Fuchs)
- fbdev: bitblit: bound-check glyph index in bit_putcs* (Junjie Cao) [Orabug: 38737301] {CVE-2025-40322}
- ACPI: video: Fix use-after-free in acpi_video_switch_brightness() (Yuhao Jiang) [Orabug: 38687005] {CVE-2025-40211}
- fbdev: atyfb: Check if pll_ops->init_pll failed (Daniel Palmer)
- net: usb: asix_devices: Check return value of usbnet_get_endpoints (Miaoqian Lin)
- btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() (Filipe Manana)
- x86/bugs: Fix reporting of LFENCE retpoline (David Kaplan)
- net/sched: sch_qfq: Fix null-deref in agg_dequeue (Xiang Mei) [Orabug: 38597085] {CVE-2025-40083}

[5.4.17-2136.352.1]
- RDMA/cm: Rate limit destroy CM ID timeout error message (Håkon Bugge) [Orabug: 38753401]
- soc/pensando: giglio: hack dts to make things right (Rob Gardner) [Orabug: 38688154]
- soc/pensando: Add AMD Pensando Giglio SoC support (Brad Larson) [Orabug: 38688154]
- soc/pensando: psci support (David Clear) [Orabug: 38688154]
- soc/pensando: Giglio SoC eMMC interrupt driver (Brad Larson) [Orabug: 38688154]

[5.4.17-2136.351.3]
- Reapply "cpuidle: menu: Avoid discarding useful information" (Harshvardhan Jha) [Orabug: 38715366]
- fbcon: fix integer overflow in font allocation (Samasth Norway Ananda) [Orabug: 38702507]
- uek-rpm: Replace check-kabi tool with kabi (Yifei Liu) [Orabug: 38673382]
- uek-rpm: Introduce check function for uek-rpm/tools/kabi (Yifei Liu) [Orabug: 38673382]

[5.4.17-2136.351.2]
- uek-rpm: kabi: Remove the kabi protection for debug kernels (Yifei Liu) [Orabug: 38609548]
- rds: Add smp_rmb before reading c_destroy_in_prog (Håkon Bugge) [Orabug: 38352486]
- uio_hv_generic: Set event for all channels on the device (Long Li)
- ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel)
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng)

[5.4.17-2136.351.1]
- scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt (Sumit Saxena) [Orabug: 38630482]

[5.4.17-2136.350.3]
- net/rds: Fix rs_recv_pending counting issue (Gerd Rausch) [Orabug: 38506370]

ELSA-2026-2628 Important: Oracle Linux 7 libsoup security update

Oracle Linux Security Advisory ELSA-2026-2628

http://linux.oracle.com/errata/ELSA-2026-2628.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
libsoup-2.62.2-2.0.11.el7.i686.rpm
libsoup-2.62.2-2.0.11.el7.x86_64.rpm
libsoup-devel-2.62.2-2.0.11.el7.i686.rpm
libsoup-devel-2.62.2-2.0.11.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libsoup-2.62.2-2.0.11.el7.src.rpm

Related CVEs:

CVE-2026-0719
CVE-2026-1761

Description of changes:

[2.62.2-2.0.11]
- Fixes CVE-2026-0719 CVE-2026-1761 [Orabug: 38958074]

[2.62.2-2.0.9]
- Fix CVE-2025-14523 [Orabug: 38873507]

[2.62.2-2.0.7]
- Backport patch for CVE-2025-4945 and CVE-2025-11021 [Orabug: 38664275]

[2.62.2-2.0.5]
- Fixes CVE-2025-2784 CVE-2025-4948 CVE-2025-32049 [Orabug: 38085184]
- CVE-2025-32906 CVE-2025-32911 CVE-2025-32913 CVE-2025-32914

[2.62.2-2.0.3]
- Fixed CVE-2024-52531 buffer overflow via UTF-8 conversion in
- soup_header_parse_param_list_strict [Orabug: 37557504]

ELSA-2026-1581 Important: Oracle Linux 7 kernel security update

Oracle Linux Security Advisory ELSA-2026-1581

http://linux.oracle.com/errata/ELSA-2026-1581.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1160.119.1.0.18.el7.x86_64.rpm
kernel-3.10.0-1160.119.1.0.18.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.119.1.0.18.el7.noarch.rpm
kernel-debug-3.10.0-1160.119.1.0.18.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.119.1.0.18.el7.x86_64.rpm
kernel-devel-3.10.0-1160.119.1.0.18.el7.x86_64.rpm
kernel-doc-3.10.0-1160.119.1.0.18.el7.noarch.rpm
kernel-headers-3.10.0-1160.119.1.0.18.el7.x86_64.rpm
kernel-tools-3.10.0-1160.119.1.0.18.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.119.1.0.18.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.119.1.0.18.el7.x86_64.rpm
perf-3.10.0-1160.119.1.0.18.el7.x86_64.rpm
python-perf-3.10.0-1160.119.1.0.18.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1160.119.1.0.18.el7.src.rpm

Related CVEs:

CVE-2025-39898
CVE-2025-39971
CVE-2025-40248

Description of changes:

[3.10.0-1160.119.1.0.18]
- e1000e: fix heap overflow in e1000_set_eeprom {CVE-2025-39898} [Orabug: 38904071]
- i40e: fix idx validation in config queues msg {CVE-2025-39971} [Orabug: 38904071]
- vsock: track pkt owner vsock [Orabug: 38904071]
- vhost-vsock: add pkt cancel capability [Orabug: 38904071]
- vsock: cancel packets when failing to connect [Orabug: 38904071]
- vsock: notify server to shutdown when client has pending
signal [Orabug: 38904071]
- vsock: remove vsock from connected table when connect is
interrupted by a signal [Orabug: 38904071]
- vsock: Ignore signal/timeout on connect() if already
established {CVE-2025-40248} [Orabug: 38904071]

[3.10.0-1160.119.1.0.17]
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses {CVE-2023-53675} [Orabug: 38860426]
- ipv6: Fix out-of-bounds access in ipv6_find_tlv() {CVE-2023-53705} [Orabug: 38860426]
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} [Orabug: 38860426]
- libceph: fix potential use-after-free in have_mon_and_osd_map() {CVE-2025-68285} [Orabug: 38860426]

[3.10.0-1160.119.1.0.16]
- net: sched: sfb: fix null pointer access issue when sfb_init() fails {CVE-2022-50356} [Orabug: 38790244]
- fs: fix UAF/GPF bug in nilfs_mdt_destroy {CVE-2022-50367} [Orabug: 38790244]
- iomap: iomap: fix memory corruption when recording {CVE-2022-50406} [Orabug: 38790244]
- mm: fix zswap writeback race condition {CVE-2023-53178} [Orabug: 38790244]
- Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp {CVE-2023-53297} [Orabug: 38790244]
- scsi: qla2xxx: Wait for io return on terminate rport {CVE-2023-53322} [Orabug: 38790244]
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} [Orabug: 38790244]
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757} [Orabug: 38790244]
- tcp: fix potential double free issue for fastopen_req [Orabug: 38790244]
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() {CVE-2025-39955} [Orabug: 38790244]
- NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-50410} [Orabug: 38790244]
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values {CVE-2022-50403} [Orabug: 38790244]

[3.10.0-1160.119.1.0.15]
- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() {CVE-2022-3640} [Orabug: 38742878]
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put [Orabug: 38742878]
- Bluetooth: L2CAP: Fix user-after-free {CVE-2022-50386} [Orabug: 38742878]
- wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() {CVE-2022-50408} [Orabug: 38742878]
- Bluetooth: L2CAP: Fix use-after-free {CVE-2023-53305} [Orabug: 38742878]
- ip6mr: Fix skb_under_panic in ip6mr_cache_report() {CVE-2023-53365} [Orabug: 38742878]
- sctp: linearize cloned gso packets in sctp_rcv {CVE-2025-38718} [Orabug: 38742878]

[3.10.0-1160.119.1.0.14]
- HID: core: fix shift-out-of-bounds in hid_report_raw_event {CVE-2022-48978} [Orabug: 38644370]
- crypto: seqiv - Handle EBUSY correctly {CVE-2023-53373} [Orabug: 38644370]
- nfsd: don't ignore the return code of svc_proc_register() {CVE-2025-22026} [Orabug: 38644370]
- net_sched: hfsc: Fix a UAF vulnerability in class handling {CVE-2025-37797} [Orabug: 38644370]
- HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} [Orabug: 38644370]
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control {CVE-2025-39751} [Orabug: 38644370]

[3.10.0-1160.119.1.0.13]
- ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() {CVE-2022-48701} [Orabug: 38493400]
- md-raid10: fix KASAN warning {CVE-2022-50211} [Orabug: 38493400]
- ALSA: bcd2000: Fix a UAF bug on the error path of probing {CVE-2022-50229} [Orabug: 38493400]
- net: usb: smsc75xx: Limit packet length to skb->len {CVE-2023-53125} [Orabug: 38493400]
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200} [Orabug: 38493400]
- net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477} [Orabug: 38493400]

[3.10.0-1160.119.1.0.12]
- scsi: lpfc: Use memcpy() for BIOS version (CVE-2025-38332) [Orabug: 38414589]
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CVE-2025-38352) [Orabug: 38414589]

[3.10.0-1160.119.1.0.11]
- kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)
- kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)
- kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150)
- kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)
- kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)
- kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)
- kernel: drivers:md:fix a potential use-after-free bug (CVE-2022-50022)
- kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)
- kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)
- crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)

[3.10.0-1160.119.1.0.10]
- net: atlantic: fix aq_vec index out of range error (Chia-Lin Kao) {CVE-2022-50066} [Orabug: 38201271]
- net: atm: fix use after free in lec_send() (Dan Carpenter) {CVE-2025-22004} [Orabug: 38201271]

[3.10.0-1160.119.1.0.9]
- netfilter: ipset: add missing range check in bitmap_ip_uadt (Jeongjun Park) {CVE-2024-53141} [Orabug: 37964173]
- Update OL SB certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985797]

ELBA-2026-50141 Oracle Linux 7 linux-firmware bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50141

http://linux.oracle.com/errata/ELBA-2026-50141.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.46.el7.noarch.rpm
iwl100-firmware-39.31.5.1-999.46.el7.noarch.rpm
iwl105-firmware-18.168.6.1-999.46.el7.noarch.rpm
iwl135-firmware-18.168.6.1-999.46.el7.noarch.rpm
iwl2000-firmware-18.168.6.1-999.46.el7.noarch.rpm
iwl2030-firmware-18.168.6.1-999.46.el7.noarch.rpm
iwl3160-firmware-22.0.7.0-999.46.el7.noarch.rpm
iwl3945-firmware-15.32.2.9-999.46.el7.noarch.rpm
iwl4965-firmware-228.61.2.24-999.46.el7.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.46.el7.noarch.rpm
iwl5150-firmware-8.24.2.2-999.46.el7.noarch.rpm
iwl6000-firmware-9.221.4.1-999.46.el7.noarch.rpm
iwl6000g2a-firmware-17.168.5.3-999.46.el7.noarch.rpm
iwl6000g2b-firmware-17.168.5.2-999.46.el7.noarch.rpm
iwl6050-firmware-41.28.5.1-999.46.el7.noarch.rpm
iwl7260-firmware-22.0.7.0-999.46.el7.noarch.rpm
iwlax2xx-firmware-20260209-999.46.el7.noarch.rpm
linux-firmware-20260209-999.46.gitd87f4693.el7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/linux-firmware-20260209-999.46.gitd87f4693.el7.src.rpm

Description of changes:

[20260209-999.46.gitd87f4693.el7]
- Rebase to latest upstream [Orabug: 38858080]

[20251110-999.45.gitc0af6c70.el7]
- Rebase to latest upstream [Orabug: 38523856]
- Include AMD ucode fix [Orabug: 38523856] {CVE-2025-62626}

[20251030-999.44.1.gite9292517.el7]
- Include AMD ucode fix [Orabug: 38523856] {CVE-2025-62626}

[20250909-999.44.git260ff424.el7]
- Rewrite the script to accomodate yum-based installs [Orabug: 38409589]

[20250909-999.42.1.git356f06bf.el10]
- Rewrite the script to accomodate yum-based installs [Orabug: 38410501]

[20250828-999.43.git260ff424.el7]
- Rebase to latest upstream [Orabug: 38200684]
- Solve conflicts caused by symbolic link changes [Orabug: 38206139]

[20250826-999.42.git356f06bf.el7]
- Handling downgrade issue for Nvidia firmware changes [Orabug: 38303112]

[20250611-999.41.git356f06bf.el7]
- Rebase to latest upstream [Orabug: 38028345]

[20250423-999.40.git32f3227b.el7]
- Rebase to latest upstream [Orabug: 37868435]

[20250319-999.39.git430633ec.el7]
- Rebase to latest upstream [Orabug: 37729115]

Chromium, MinGW-ZLIB, Polkit, and more updates for Fedora

Git-LFS, Thunderbird, Firefox, and more updates for RHEL

Kernel, GnuTLS, NSS, an dmore updates for Oracle Linux

ELBA-2026-3530 Oracle Linux 10 kernel bug fix and enhancement update

ELSA-2026-3516 Important: Oracle Linux 9 thunderbird security update

ELBA-2026-1353 Oracle Linux 9 linux-firmware bug fix and enhancement update

ELSA-2026-3507 Important: Oracle Linux 9 valkey security update

ELBA-2026-3474 Oracle Linux 9 selinux-policy bug fix and enhancement update

ELBA-2026-2789 Oracle Linux 9 linux-firmware bug fix and enhancement update

ELBA-2025-23338 Oracle Linux 9 linux-firmware bug fix and enhancement update

ELSA-2026-50133 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

ELBA-2026-50136 Oracle Linux 9 smartmontools bug fix update

ELSA-2026-50133 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELSA-2026-50142 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELSA-2026-50134 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

ELBA-2026-3464-1 Oracle Linux 8 kernel bug fix update

ELBA-2026-50139 Oracle Linux 8 lvm2 bug fix update

ELBA-2026-2414 Oracle Linux 8 linux-firmware bug fix and enhancement update

ELBA-2026-50138 Oracle Linux 8 bcache-tools bug fix update

ELBA-2026-50137 Oracle Linux 8 mdadm bug fix update

ELBA-2026-50135 Oracle Linux 8 smartmontools bug fix update

ELSA-2026-50142 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

ELSA-2026-50134 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

ELSA-2026-2628 Important: Oracle Linux 7 libsoup security update

ELSA-2026-1581 Important: Oracle Linux 7 kernel security update

ELBA-2026-50141 Oracle Linux 7 linux-firmware bug fix update

Windows

Linux

macOS

Community