ELSA-2026-50304 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2026-50304 Important: Unbreakable Enterprise kernel security update
ELSA-2026-50306 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELBA-2026-24588 Oracle Linux 8 sos bug fix and enhancement update
ELSA-2026-50306 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2026-50306 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2026-24545 Important: Oracle Linux 8 libyang security update
ELSA-2026-24365 Important: Oracle Linux 8 unbound security update
ELSA-2026-24340 Important: Oracle Linux 8 frr security update
ELSA-2026-50305 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2026-50305 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2026-50305 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2026-7675 Important: Oracle Linux 10 nodejs24 security update
New Ksplice updates for UEKR8 6.12.0 on OL9 and OL10 (ELSA-2026-50304)
New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2026-50306)
New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2026-50305)
ELSA-2026-50304 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50304
http://linux.oracle.com/errata/ELSA-2026-50304.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-core-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-debug-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-devel-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-doc-6.12.0-203.76.7.3.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-203.76.7.3.el9uek.x86_64.rpm
kernel-uek-tools-6.12.0-203.76.7.3.el9uek.x86_64.rpm
aarch64:
kernel-uek-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-core-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-debug-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-devel-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-doc-6.12.0-203.76.7.3.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek-tools-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek64k-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek64k-core-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-203.76.7.3.el9uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-203.76.7.3.el9uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-6.12.0-203.76.7.3.el9uek.src.rpm
Related CVEs:
CVE-2025-10263
Description of changes:
[6.12.0-203.76.7.3]
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39017589] {CVE-2025-10263}
- arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39017589]
- arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39017589]
- arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39017589]
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39017589]
[6.12.0-203.76.7.2]
- kabi: update FIPS kABI files (Saeed Mirzamohammadi) [Orabug: 39489008]
- KEYS: Reserve key usage values (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: keep FIPS MPI helpers private (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: keep FIPS compression helpers private (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: keep FIPS helper library symbols private (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: tcrypt - clamp num_mb to avoid divide-by-zero (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: tcrypt - stop ahash speed tests when setkey fails (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: add x86 GHASH CLMUL to FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: add fixed-time AES to FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- fips: add scatterwalk to FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: avoid auto-load for arch specific impls (Saeed Mirzamohammadi) [Orabug: 39489008]
- arm64/crypto: wire up FIPS aliases and helpers (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: share alg registry between FIPS and base kernel (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: keep crypto_user out of the FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: tcrypt - skip retest in FIPS mode (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: skip redundant FIPS self-module signature check (Saeed Mirzamohammadi) [Orabug: 39489008]
- scripts: fail cleanly on arm64 boot image formats (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto/hkdf: Skip tests with keys too short in FIPS mode (Saeed Mirzamohammadi) [Orabug: 39489008]
- uek-rpm: build module symvers before fips140.ko (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: add crc64_rocksoft_generic to the FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: add keywrap to the FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: add cts to the FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: convert kdf_sp800108 to CRYPTO_API() (Saeed Mirzamohammadi) [Orabug: 39489008]
- fips: drop ansi_cprng and revert ansi_cprng FIPS hooks (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto/testmgr: mark xxhash64 as fips disallowed (Saeed Mirzamohammadi) [Orabug: 39489008]
- Revert "fips: add xxhash64-generic to FIPS module" (Saeed Mirzamohammadi) [Orabug: 39489008]
- asm-generic/vmlinux.lds.h: remove unreachable FIPS140 branch (Saeed Mirzamohammadi) [Orabug: 39489008]
- btrfs: switch to library APIs for checksums (Eric Biggers) [Orabug: 39489008]
- lib/crypto: blake2b: Add BLAKE2b library functions (Eric Biggers) [Orabug: 39489008]
- byteorder: Add le64_to_cpu_array() and cpu_to_le64_array() (Eric Biggers) [Orabug: 39489008]
ELSA-2026-50304 Important: Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50304
http://linux.oracle.com/errata/ELSA-2026-50304.html
The following updated rpms for have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-core-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-devel-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-doc-6.12.0-203.76.7.3.el10uek.noarch.rpm
kernel-uek-modules-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-tools-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-debug-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-203.76.7.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-203.76.7.3.el10uek.x86_64.rpm
aarch64:
kernel-uek-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-core-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-devel-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-doc-6.12.0-203.76.7.3.el10uek.noarch.rpm
kernel-uek-modules-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-tools-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-debug-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek64k-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek64k-core-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-203.76.7.3.el10uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-203.76.7.3.el10uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-uek-6.12.0-203.76.7.3.el10uek.src.rpm
Related CVEs:
CVE-2025-10263
Description of changes:
[6.12.0-203.76.7.3]
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39017589] {CVE-2025-10263}
- arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39017589]
- arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39017589]
- arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39017589]
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39017589]
[6.12.0-203.76.7.2]
- kabi: update FIPS kABI files (Saeed Mirzamohammadi) [Orabug: 39489008]
- KEYS: Reserve key usage values (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: keep FIPS MPI helpers private (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: keep FIPS compression helpers private (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: keep FIPS helper library symbols private (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: tcrypt - clamp num_mb to avoid divide-by-zero (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: tcrypt - stop ahash speed tests when setkey fails (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: add x86 GHASH CLMUL to FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: add fixed-time AES to FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- fips: add scatterwalk to FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: avoid auto-load for arch specific impls (Saeed Mirzamohammadi) [Orabug: 39489008]
- arm64/crypto: wire up FIPS aliases and helpers (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: share alg registry between FIPS and base kernel (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: keep crypto_user out of the FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: tcrypt - skip retest in FIPS mode (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: skip redundant FIPS self-module signature check (Saeed Mirzamohammadi) [Orabug: 39489008]
- scripts: fail cleanly on arm64 boot image formats (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto/hkdf: Skip tests with keys too short in FIPS mode (Saeed Mirzamohammadi) [Orabug: 39489008]
- uek-rpm: build module symvers before fips140.ko (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: add crc64_rocksoft_generic to the FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: add keywrap to the FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: add cts to the FIPS module (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto: convert kdf_sp800108 to CRYPTO_API() (Saeed Mirzamohammadi) [Orabug: 39489008]
- fips: drop ansi_cprng and revert ansi_cprng FIPS hooks (Saeed Mirzamohammadi) [Orabug: 39489008]
- crypto/testmgr: mark xxhash64 as fips disallowed (Saeed Mirzamohammadi) [Orabug: 39489008]
- Revert "fips: add xxhash64-generic to FIPS module" (Saeed Mirzamohammadi) [Orabug: 39489008]
- asm-generic/vmlinux.lds.h: remove unreachable FIPS140 branch (Saeed Mirzamohammadi) [Orabug: 39489008]
- btrfs: switch to library APIs for checksums (Eric Biggers) [Orabug: 39489008]
- lib/crypto: blake2b: Add BLAKE2b library functions (Eric Biggers) [Orabug: 39489008]
- byteorder: Add le64_to_cpu_array() and cpu_to_le64_array() (Eric Biggers) [Orabug: 39489008]
ELSA-2026-50306 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50306
http://linux.oracle.com/errata/ELSA-2026-50306.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
aarch64:
kernel-uek-5.4.17-2136.356.4.2.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.356.4.2.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.356.4.2.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.356.4.2.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.356.4.2.el8uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.356.4.2.el8uek.src.rpm
Related CVEs:
CVE-2025-10263
Description of changes:
[5.4.17-2136.356.4.2]
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39017592] {CVE-2025-10263}
- arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39017592]
- ARM: uek: Disable CONFIG_QCOM_FALKOR_ERRATUM_1003 (Boris Ostrovsky) [Orabug: 39017592]
- arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39017592]
- arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39017592]
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39017592]
[5.4.17-2136.356.4.1]
- smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463669]
[5.4.17-2136.356.4]
- tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429147]
- tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429147]
- tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429147]
[5.4.17-2136.356.3]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384275,39391459] {CVE-2026-46333}
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368828,39441326] {CVE-2026-43503,CVE-2026-46300}
- net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368828] {CVE-2026-46300}
[5.4.17-2136.356.2]
- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167617,39368718] {CVE-2026-31402}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 38985173,39368732] {CVE-2026-23216}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 38970455,39368774] {CVE-2026-23193}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39334580,39367147] {CVE-2026-43284}
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39218897] {CVE-2025-54518}
[5.4.17-2136.356.1]
- arm64/kvm: Include linux/random.h in trng.c (Siddh Raman Pant) [Orabug: 39327096]
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Tam Nguyen) [Orabug: 39174662]
- i2c: designware: Handle invalid SMBus block data response length value (Tam Nguyen) [Orabug: 39174662]
- i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low (Yann Sionneau) [Orabug: 39174662]
[5.4.17-2136.355.3]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250687,39331106] {CVE-2026-43077}
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250687,39331111] {CVE-2026-43078}
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250687]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250687,39300911] {CVE-2026-43033}
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250687,39452217] {CVE-2026-46028}
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250687,39283868,39292250] {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687] {CVE-2026-31431}
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250687]
- crypto: doc - fix kernel-doc notation in chacha.c and af_alg.c (Randy Dunlap) [Orabug: 39250687]
[5.4.17-2136.355.2]
- Revert "rds: Drop rds conn in connect worker if not in down state." (Alok Tiwari) [Orabug: 39253770]
- x86/CPU: Fix FPDSS on Zen1 (Siddh Raman Pant) [Orabug: 39241225,39273723] {CVE-2026-31628}
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (Joshua Rogers) [Orabug: 38852342] {CVE-2025-71120}
[5.4.17-2136.355.1]
- net/sched: Enforce that teql can only be used as root qdisc (Jamal Hadi Salim) [Orabug: 38930950] {CVE-2026-23074}
[5.4.17-2136.354.4]
- macvlan: fix possible UAF in macvlan_forward_source() (Eric Dumazet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Use 'hash' iterators to simplify code (Christophe Jaillet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Add nodst option to macvlan type source (Jethro Beekman) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Eric Dumazet) [Orabug: 38970510,39188399] {CVE-2026-23209,CVE-2026-23273}
- macvlan: fix error recovery in macvlan_common_newlink() (Eric Dumazet) [Orabug: 38970510] {CVE-2026-23209}
ELBA-2026-24588 Oracle Linux 8 sos bug fix and enhancement update
Oracle Linux Bug Fix Advisory ELBA-2026-24588
http://linux.oracle.com/errata/ELBA-2026-24588.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
sos-4.11.0-1.0.1.el8_10.noarch.rpm
sos-audit-4.11.0-1.0.1.el8_10.noarch.rpm
aarch64:
sos-4.11.0-1.0.1.el8_10.noarch.rpm
sos-audit-4.11.0-1.0.1.el8_10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/sos-4.11.0-1.0.1.el8_10.src.rpm
Description of changes:
[4.11.0-1.0.1]
- Add optional proc/ and sys/ regular file de-duplication step and reduplication binary [Orabug: 38765115]
- Add kvm debugfs to sosreport [Orabug: 38869053]
- Add qtree pci,numa command to virsh-qemu-monitor command [Orabug: 38465950]
- Adding OSMH support information [Orabug: 38158377]
- Add Keyboard exception handler to collector [Orabug: 37874482]
- Print stack of all un-interrupted processes [Orabug: 37630111]
- Update the enabled and skipped plugins lists to match ExaData's
requirements. [Orabug: 37440315]
- Disable upload options [Orabug: 31969352]
- Disable upload option to sos report collector [Orabug: 36069764]
- Adding socket statistics command output [Orabug: 36491747]
- Add irq debugfs to sosreport [Orabug: 36511145]
- Added os detect string [Orabug: 28674897]
- Added sos-oraclelinux-vendor-vendorurl.patch
- Remove rpc_clnt directory from sunrpc debugfs [Orabug: 37097463]
- Disable ethtool EEPROM dump for link down interfaces [Orabug: 37050543]
- Modify sos.spec to make python3-magic as dependency for sos package [Orabug: 36826342]
- Add exadata plugin to collect exadata specific info [Orabug: 35312548]
- Append .txt extension to files rejected by MOS policy [Orabug: 35801795]
- Collecting last 50k lines of ftrace file trace [Orabug: 36448808]
- Adding socket statistics command output [Orabug: 36491747]
- Add IO queue depth of all the devices on node [Orabug: 35849258]
- Disable upload option to sos report collector [Orabug: 36069764]
- Add irq debugfs to sosreport [Orabug: 36511145]
- Collect all rsyslogs files for all-logs option [Orabug: 36264341]
- Set SIGPIPE to default action for BrokenPipeError [Orabug: 36016241]
- Modifying dnf history info remove empty files [Orabug: 35350237]
- Modifying dnf history info transaction index [Orabug: 35350237]
- Adding virsh guest cgroup configuration [Orabug: 35088964]
- Adding PluginOpt support for ksplice and btrfs [Orabug: 34993258]
- Adding virsh qemu-monitor info-tree command [Orabug: 34650374]
- append .txt to .com domain named files [Orabug: 34523347]
- Adding dmesg -T to show timestamp for syslog comparison [Orabug: 34250313]
- Adding uptrack-uname to show effective ksplice kernel version [Orabug: 33553351]
- Fix ksplice plugin does not show description [Orabug: 32886513]
- Adjusted ksplice plugin patches for path change [Orabug: 32881277]
- Fix patch for Orabug 31969352 [Orabug: 32822570]
- Add in some btrfs commands [Orabug: 32727607]
- Add /var/run/ksplice/debug to sos ksplice plugin [Orabug: 32618933]
- Do not exit on unknown plugin [Orabug: 32556170]
- Allow a journal log size to be smaller than 100M [Orabug: 32454362]
- Replace RH_FTP_HOST and RH_API_HOST with "_none_" [Orabug: 31975601]
- Disable upload options for OracleLinux [Orabug: 31969352]
- Added sos-oraclelinux-vendor-vendorurl.patch
- Fix os detect string for Oracle Linux [Orabug: 28674897]
- Add ksplice plugin [Orabug: 30273666] (Philippe Vanhaesendonck)
- [ovn_central] call podman exec without a timeout
Resolves: bz1767359
[= 4.11.0-1]
- Update to 4.11.0-1
Resolves: RHEL-157813
ELSA-2026-50306 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50306
http://linux.oracle.com/errata/ELSA-2026-50306.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2136.356.4.2.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.356.4.2.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.356.4.2.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.356.4.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.356.4.2.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.356.4.2.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.356.4.2.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.356.4.2.el7uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.356.4.2.el7uek.src.rpm
Related CVEs:
CVE-2025-10263
Description of changes:
[5.4.17-2136.356.4.2]
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39017592] {CVE-2025-10263}
- arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39017592]
- ARM: uek: Disable CONFIG_QCOM_FALKOR_ERRATUM_1003 (Boris Ostrovsky) [Orabug: 39017592]
- arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39017592]
- arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39017592]
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39017592]
[5.4.17-2136.356.4.1]
- smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463669]
[5.4.17-2136.356.4]
- tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429147]
- tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429147]
- tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429147]
[5.4.17-2136.356.3]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384275,39391459] {CVE-2026-46333}
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368828,39441326] {CVE-2026-43503,CVE-2026-46300}
- net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368828] {CVE-2026-46300}
[5.4.17-2136.356.2]
- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167617,39368718] {CVE-2026-31402}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 38985173,39368732] {CVE-2026-23216}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 38970455,39368774] {CVE-2026-23193}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39334580,39367147] {CVE-2026-43284}
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39218897] {CVE-2025-54518}
[5.4.17-2136.356.1]
- arm64/kvm: Include linux/random.h in trng.c (Siddh Raman Pant) [Orabug: 39327096]
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Tam Nguyen) [Orabug: 39174662]
- i2c: designware: Handle invalid SMBus block data response length value (Tam Nguyen) [Orabug: 39174662]
- i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low (Yann Sionneau) [Orabug: 39174662]
[5.4.17-2136.355.3]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250687,39331106] {CVE-2026-43077}
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250687,39331111] {CVE-2026-43078}
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250687]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250687,39300911] {CVE-2026-43033}
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250687,39452217] {CVE-2026-46028}
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250687,39283868,39292250] {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687] {CVE-2026-31431}
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250687]
- crypto: doc - fix kernel-doc notation in chacha.c and af_alg.c (Randy Dunlap) [Orabug: 39250687]
[5.4.17-2136.355.2]
- Revert "rds: Drop rds conn in connect worker if not in down state." (Alok Tiwari) [Orabug: 39253770]
- x86/CPU: Fix FPDSS on Zen1 (Siddh Raman Pant) [Orabug: 39241225,39273723] {CVE-2026-31628}
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (Joshua Rogers) [Orabug: 38852342] {CVE-2025-71120}
[5.4.17-2136.355.1]
- net/sched: Enforce that teql can only be used as root qdisc (Jamal Hadi Salim) [Orabug: 38930950] {CVE-2026-23074}
[5.4.17-2136.354.4]
- macvlan: fix possible UAF in macvlan_forward_source() (Eric Dumazet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Use 'hash' iterators to simplify code (Christophe Jaillet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Add nodst option to macvlan type source (Jethro Beekman) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Eric Dumazet) [Orabug: 38970510,39188399] {CVE-2026-23209,CVE-2026-23273}
- macvlan: fix error recovery in macvlan_common_newlink() (Eric Dumazet) [Orabug: 38970510] {CVE-2026-23209}
ELSA-2026-50306 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50306
http://linux.oracle.com/errata/ELSA-2026-50306.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2136.356.4.2.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.356.4.2.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.356.4.2.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.356.4.2.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.356.4.2.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.356.4.2.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.356.4.2.el8uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2136.356.4.2.el8uek.src.rpm
Related CVEs:
CVE-2025-10263
Description of changes:
[5.4.17-2136.356.4.2]
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39017592] {CVE-2025-10263}
- arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39017592]
- ARM: uek: Disable CONFIG_QCOM_FALKOR_ERRATUM_1003 (Boris Ostrovsky) [Orabug: 39017592]
- arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39017592]
- arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39017592]
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39017592]
ELSA-2026-24545 Important: Oracle Linux 8 libyang security update
Oracle Linux Security Advisory ELSA-2026-24545
http://linux.oracle.com/errata/ELSA-2026-24545.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
libyang-1.0.184-2.el8_10.i686.rpm
libyang-1.0.184-2.el8_10.x86_64.rpm
aarch64:
libyang-1.0.184-2.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libyang-1.0.184-2.el8_10.src.rpm
Related CVEs:
CVE-2026-44673
Description of changes:
[1.0.184-2]
- DoS or arbitrary code execution via maliciously crafted LYB binary blob
- Resolves: RHEL-177017 - CVE-2026-44673
ELSA-2026-24365 Important: Oracle Linux 8 unbound security update
Oracle Linux Security Advisory ELSA-2026-24365
http://linux.oracle.com/errata/ELSA-2026-24365.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
python3-unbound-1.16.2-5.11.el8_10.x86_64.rpm
unbound-1.16.2-5.11.el8_10.x86_64.rpm
unbound-devel-1.16.2-5.11.el8_10.i686.rpm
unbound-devel-1.16.2-5.11.el8_10.x86_64.rpm
unbound-libs-1.16.2-5.11.el8_10.i686.rpm
unbound-libs-1.16.2-5.11.el8_10.x86_64.rpm
aarch64:
python3-unbound-1.16.2-5.11.el8_10.aarch64.rpm
unbound-1.16.2-5.11.el8_10.aarch64.rpm
unbound-devel-1.16.2-5.11.el8_10.aarch64.rpm
unbound-libs-1.16.2-5.11.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/unbound-1.16.2-5.11.el8_10.src.rpm
Related CVEs:
CVE-2026-42944
CVE-2026-42959
Description of changes:
[1.16.2-5.11]
- Fix CVE-2026-42944 (RHEL‑177909)
- Fix CVE-2026-42959 (RHEL-177809)
ELSA-2026-24340 Important: Oracle Linux 8 frr security update
Oracle Linux Security Advisory ELSA-2026-24340
http://linux.oracle.com/errata/ELSA-2026-24340.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
frr-7.5.1-24.0.1.el8_10.x86_64.rpm
frr-selinux-7.5.1-24.0.1.el8_10.noarch.rpm
aarch64:
frr-7.5.1-24.0.1.el8_10.aarch64.rpm
frr-selinux-7.5.1-24.0.1.el8_10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/frr-7.5.1-24.0.1.el8_10.src.rpm
Related CVEs:
CVE-2026-37457
Description of changes:
[7.5.1-24.0.1]
- Fix POSTIN scriptlet [Orabug: 34712485]
[7.5.1-24]
- Fix off-by-one error in FlowSpec operator array bounds checking (CVE-2026-37457)
- Resolves: RHEL-174676
ELSA-2026-50305 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50305
http://linux.oracle.com/errata/ELSA-2026-50305.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-5.15.0-321.202.5.1.el8uek.x86_64.rpm
kernel-uek-5.15.0-321.202.5.1.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-321.202.5.1.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-321.202.5.1.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-321.202.5.1.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-321.202.5.1.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-321.202.5.1.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-321.202.5.1.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-321.202.5.1.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-321.202.5.1.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-321.202.5.1.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-321.202.5.1.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-321.202.5.1.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-321.202.5.1.el8uek.x86_64.rpm
aarch64:
bpftool-5.15.0-321.202.5.1.el8uek.aarch64.rpm
kernel-uek-5.15.0-321.202.5.1.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-321.202.5.1.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-321.202.5.1.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-321.202.5.1.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-321.202.5.1.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-321.202.5.1.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-321.202.5.1.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-321.202.5.1.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-321.202.5.1.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-321.202.5.1.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-321.202.5.1.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-321.202.5.1.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-321.202.5.1.el8uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-321.202.5.1.el8uek.src.rpm
Related CVEs:
CVE-2025-10263
Description of changes:
[5.15.0-321.202.5.1]
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39017590] {CVE-2025-10263}
- arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39017590]
- ARM: uek: Disable CONFIG_NVIDIA_CARMEL_CNP_ERRATUM (Boris Ostrovsky) [Orabug: 39017590]
- arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39017590]
- arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39017590]
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39017590]
ELSA-2026-50305 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50305
http://linux.oracle.com/errata/ELSA-2026-50305.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
aarch64:
bpftool-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-321.202.5.1.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek64k-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek64k-core-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek64k-devel-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek64k-modules-5.15.0-321.202.5.1.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-5.15.0-321.202.5.1.el9uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-321.202.5.1.el9uek.src.rpm
Related CVEs:
CVE-2025-10263
Description of changes:
[5.15.0-321.202.5.1]
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39017590] {CVE-2025-10263}
- arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39017590]
- ARM: uek: Disable CONFIG_NVIDIA_CARMEL_CNP_ERRATUM (Boris Ostrovsky) [Orabug: 39017590]
- arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39017590]
- arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39017590]
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39017590]
[5.15.0-321.202.5]
- Revert "ip6_tunnel: Fix usage of skb_vlan_inet_prepare()" (Harshit Mogalapalli) [Orabug: 39476647]
- smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463672]
[5.15.0-321.202.4]
- tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429143]
- tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429143]
- tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429143]
[5.15.0-321.202.3]
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368827] {CVE-2026-46300}
- net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368827]
- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384274] {CVE-2026-46333}
- mm/hugetlb: fix excessive IPI broadcasts when unsharing PMD tables using mmu_gather (David Hildenbrand (Red Hat)) [Orabug: 38474901]
- Revert "mm/hugetlb: add option to allows disabling CVE-2025-38085 mitigation" (Samasth Norway Ananda) [Orabug: 38474901]
- mm/rmap: fix two comments related to huge_pmd_unshare() (David Hildenbrand (Red Hat)) [Orabug: 38474901]
- mm/hugetlb: fix two comments related to huge_pmd_unshare() (David Hildenbrand (Red Hat)) [Orabug: 38474901]
- mm/hugetlb: fix hugetlb_pmd_shared() (David Hildenbrand (Red Hat)) [Orabug: 38474901]
[5.15.0-321.202.2]
- dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler (Guenter Roeck)
- Revert "arm64: dts: qcom: sdm845-oneplus: Mark l14a regulator as boot-on" (Sasha Levin)
- ip6_tunnel: Fix usage of skb_vlan_inet_prepare() (Ben Hutchings)
- hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (Gui-Dong Han)
- wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom (Guenter Roeck)
- sched: idle: Make skipping governor callbacks more consistent (Rafael J. Wysocki)
- nvmet-tcp: fix use-before-check of sg in bounds validation (Cengiz Can)
- remoteproc: mediatek: Unprepare SCP clock during system suspend (Tzung-Bi Shih)
- net: openvswitch: Avoid releasing netdev before teardown completes (Toke Høiland-Jørgensen)
- ACPI: processor: Fix previous acpi_processor_errata_piix4() fix (Rafael J. Wysocki)
- net: hsr: fix VLAN add unwind on slave errors (Luka Gejak)
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39327141] {CVE-2025-54518}
- xfrm: esp: ipv4: fix up flags setting (Greg Kroah-Hartman) [Orabug: 39342679] {CVE-2026-43284}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39342679] {CVE-2026-43284}
- KVM: x86: disable preemption around the call to kvm_arch_vcpu_{un|}blocking (Maxim Levitsky) [Orabug: 39334996]
- KVM: Don't block+unblock when halt-polling is successful (Sean Christopherson) [Orabug: 39334996]
- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167616] {CVE-2026-31402}
- net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (Victor Nogueira) [Orabug: 39103230] {CVE-2026-23270}
- exadata: tools: perf: update column to comm_nodigit (Stephen Brennan) [Orabug: 39327019]
- perf report: Add comm_nodigit sort key (Stephen Brennan) [Orabug: 39327019]
- Revert "tools: perf: add comm_ignore_digit column" (Stephen Brennan) [Orabug: 39327019]
[5.15.0-321.202.1]
- virtio-net: add cond_resched() to the command waiting loop (Jason Wang) [Orabug: 39291988]
- virtio-net: convert rx mode setting to use workqueue (Jason Wang) [Orabug: 39291988]
- x86: KVM: Add common feature flag for AMD's PSFD (Sean Christopherson) [Orabug: 35586248]
- KVM: x86: Insert "AMD" in KVM_X86_FEATURE_PSFD (Jim Mattson) [Orabug: 35586248]
- KVM: x86: Expose Predictive Store Forwarding Disable (Babu Moger) [Orabug: 35586248]
- i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low (Yann Sionneau) [Orabug: 39174661]
[5.15.0-320.202.8]
- iommu/arm-smmu-v3: Handle zeroed A4-2C HTTU override settings (Joao Martins) [Orabug: 39186453]
- iommu: Move IOMMU_DIRTY_NO_CLEAR define (Shameer Kolothum) [Orabug: 39186453]
- iommu/arm-smmu-v3: Enable HTTU for stage1 with io-pgtable mapping (Kunkun Jiang) [Orabug: 39186453]
- iommu/arm-smmu-v3: Add support for dirty tracking in domain alloc (Joao Martins) [Orabug: 39186453]
- iommu/io-pgtable-arm: Add read_and_clear_dirty() support (Shameer Kolothum) [Orabug: 39186453]
- iommu/arm-smmu-v3: Add feature detection for HTTU (Jean-Philippe Brucker) [Orabug: 39186453]
[5.15.0-320.202.7]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250686,39331104] {CVE-2026-43077}
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250686,39331109] {CVE-2026-43078}
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250686]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250686,39300910] {CVE-2026-43033}
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250686]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250686]
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250686,39283867,39291961] {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250686] {CVE-2026-31431}
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250686]
- uek-rpm: Enable FWCTL for aarch64 (Dave Kleikamp) [Orabug: 39252913]
[5.15.0-320.202.6]
- Revert "rds: Drop rds conn in connect worker if not in down state." (Vijayendra Suman) [Orabug: 39277795]
- uek-rpm: CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON should be set (Dave Kleikamp) [Orabug: 39109819]
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (Lu Baolu) [Orabug: 39109819]
- iommu/vt-d: Set variable intel_dirty_ops to static (Kunwu Chan) [Orabug: 39109819]
- iommu/vt-d: Access/Dirty bit support for SS domains (Joao Martins) [Orabug: 39109819]
- iommu/amd: reduce GA Log overflow printk noise (Alejandro Jimenez) [Orabug: 39209012]
- iommu/amd: add reschedule points to GA Log draining (Alejandro Jimenez) [Orabug: 39209012]
- iommu/amd: Rework GAInt handling in overflow case (Joao Martins) [Orabug: 39209012]
- iommu/amd: Disable GAInt while GA Log is processed (Joao Martins) [Orabug: 39209012]
- iommu/amd: Move helpers to update IOMMU features to amd_iommu.h (Alejandro Jimenez) [Orabug: 39209012]
- iommu/amd: Increase GA Log buffer size to 8192 entries (Joao Martins) [Orabug: 39209012]
- x86/CPU: Fix FPDSS on Zen1 (Borislav Petkov) [Orabug: 39241228,39273722] {CVE-2026-31628}
[5.15.0-320.202.5]
- Revert "PCI: Enable ACS after configuring IOMMU for OF platforms" (Manivannan Sadhasivam) [Orabug: 39187371]
- net/handshake: duplicate handshake cancellations leak socket (Scott Mayhew) [Orabug: 38847720] {CVE-2025-68775}
- ext4: show 'shutdown' hint when ext4 is forced to shutdown (Baokun Li) [Orabug: 39002346]
- ext4: show 'emergency_ro' when EXT4_FLAGS_EMERGENCY_RO is set (Baokun Li) [Orabug: 39002346]
- ext4: correct behavior under errors=remount-ro mode (Baokun Li) [Orabug: 39002346]
- ext4: add more ext4_emergency_state() checks around sb_rdonly() (Baokun Li) [Orabug: 39002346]
- ext4: add ext4_emergency_state() helper function (Baokun Li) [Orabug: 39002346]
- ext4: add EXT4_FLAGS_EMERGENCY_RO bit (Baokun Li) [Orabug: 39002346]
- ext4: convert EXT4_FLAGS_* defines to enum (Baokun Li) [Orabug: 39002346]
- ext4: make ext4_forced_shutdown() take struct super_block (Jan Kara) [Orabug: 39002346]
- ipv6: use RCU in ip6_xmit() (Eric Dumazet) [Orabug: 38649062] {CVE-2025-40135}
- memfd: move MFD_MF_KEEP_UE_MAPPED flag to higher bit (William Roche) [Orabug: 39109773]
- scsi: qla2xxx: Sanitize payload size to prevent member overflow (Jiasheng Jiang) [Orabug: 38930868] {CVE-2026-23059}
- bpf: Fix reference count leak in bpf_prog_test_run_xdp() (Tetsuo Handa) [Orabug: 38887702] {CVE-2026-22994}
- nfsd: check that server is running in unlock_filesystem (Olga Kornievskaia) [Orabug: 38887682] {CVE-2026-22989}
- net/mlx5e: TC, delete flows only for existing peers (Mark Bloch) [Orabug: 38970398] {CVE-2026-23173}
- net/handshake: restore destructor on submit failure (Caoping) [Orabug: 38887601] {CVE-2025-71148}
- scsi: qla2xxx: Fix improper freeing of purex item (Zilin Guan) [Orabug: 38798929] {CVE-2025-68741}
- bnxt_en: Fix XDP_TX path (Michael Chan) [Orabug: 38847684] {CVE-2025-68770}
- perf/x86/amd: Check event before enable to avoid GPF (George Kennedy) [Orabug: 38847849] {CVE-2025-68798}
- scsi: smartpqi: Fix device resources accessed after device removal (Mike Mcgowen) [Orabug: 38798848] {CVE-2025-68371}
- KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (Omar Sandoval) [Orabug: 38773579] {CVE-2025-68259}
- x86/fpu: Ensure XFD state on signal delivery (Chang S. Bae) [Orabug: 38773165] {CVE-2025-68171}
- virtio-net: fix received length check in big packets (Bui Quang Minh) [Orabug: 38737152] {CVE-2025-40292}
- ACPI: CPPC: Fix NULL pointer dereference when nosmp is used (Yunhui Cui) [Orabug: 38641284] {CVE-2025-38113}
- EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller (Qiuxu Zhuo) [Orabug: 38649173] {CVE-2025-40157}
- sunrpc: fix null pointer dereference on zero-length checksum (Lei Lu) [Orabug: 38649042] {CVE-2025-40129}
- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (Jinjie Ruan) [Orabug: 38641275] {CVE-2024-53230}
- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (Jinjie Ruan) [Orabug: 38641272] {CVE-2024-53231}
- vhost: vringh: Fix copy_to_iter return value check (Michael S. Tsirkin) [Orabug: 38592117] {CVE-2025-40056}
- crypto: qat - flush misc workqueue during device shutdown (Giovanni Cabiddu) [Orabug: 38401717] {CVE-2025-39721}
- vhost: vringh: Modify the return value check (Zhang Jiao) [Orabug: 38592085] {CVE-2025-40051}
- virtio-net: fix recursived rtnl_lock() during probe() (Zigit Zo) [Orabug: 38324330] {CVE-2025-38551}
- gve: prevent ethtool ops after shutdown (Jordan Rhee) [Orabug: 38401492] {CVE-2025-38735}
- KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight (Sean Christopherson) [Orabug: 38254140] {CVE-2025-38455}
- net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect (Oleksij Rempel) [Orabug: 38253871] {CVE-2025-38385}
- net/mlx5e: Disable MACsec offload for uplink representor profile (Carolina Jubran) [Orabug: 38094809] {CVE-2025-38020}
- dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (Shuai Xue) [Orabug: 38094794] {CVE-2025-38015}
- net/mlx5: Fix ECVF vports unload on shutdown flow (Amir Tzin) [Orabug: 38152903] {CVE-2025-38109}
- bnxt: properly flush XDP redirect lists (Yan Zhai) [Orabug: 38175054] {CVE-2025-38246}
- eth: bnxt: fix missing ring index trim on error path (Jakub Kicinski) [Orabug: 37937451] {CVE-2025-37873}
- net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() (Henry Martin) [Orabug: 37938078] {CVE-2025-37888}
- nfsd: fix possible badness in FREE_STATEID (Olga Kornievskaia) [Orabug: 37989102] {CVE-2024-50043}
- devlink: fix xa_alloc_cyclic() error handling (Michal Swiatkowski) [Orabug: 37828271] {CVE-2025-22017}
ELSA-2026-50305 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2026-50305
http://linux.oracle.com/errata/ELSA-2026-50305.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-5.15.0-321.202.5.1.el9uek.x86_64.rpm
kernel-uek-5.15.0-321.202.5.1.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-321.202.5.1.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-321.202.5.1.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-321.202.5.1.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-321.202.5.1.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-321.202.5.1.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-321.202.5.1.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-321.202.5.1.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-321.202.5.1.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-321.202.5.1.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-321.202.5.1.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-321.202.5.1.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-321.202.5.1.el9uek.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-321.202.5.1.el9uek.src.rpm
Related CVEs:
CVE-2025-10263
Description of changes:
[5.15.0-321.202.5.1]
- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland) [Orabug: 39017590] {CVE-2025-10263}
- arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland) [Orabug: 39017590]
- ARM: uek: Disable CONFIG_NVIDIA_CARMEL_CNP_ERRATUM (Boris Ostrovsky) [Orabug: 39017590]
- arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland) [Orabug: 39017590]
- arm64: cputype: Add C1-Premium definitions (Mark Rutland) [Orabug: 39017590]
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland) [Orabug: 39017590]
ELSA-2026-7675 Important: Oracle Linux 10 nodejs24 security update
Oracle Linux Security Advisory ELSA-2026-7675
http://linux.oracle.com/errata/ELSA-2026-7675.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
nodejs24-24.14.1-2.0.2.el10_1.x86_64.rpm
nodejs24-devel-24.14.1-2.0.2.el10_1.x86_64.rpm
nodejs24-docs-24.14.1-2.0.2.el10_1.noarch.rpm
nodejs24-full-i18n-24.14.1-2.0.2.el10_1.x86_64.rpm
nodejs24-libs-24.14.1-2.0.2.el10_1.x86_64.rpm
nodejs24-npm-11.11.0-1.24.14.1.2.0.2.el10_1.noarch.rpm
aarch64:
nodejs24-24.14.1-2.0.2.el10_1.aarch64.rpm
nodejs24-devel-24.14.1-2.0.2.el10_1.aarch64.rpm
nodejs24-docs-24.14.1-2.0.2.el10_1.noarch.rpm
nodejs24-full-i18n-24.14.1-2.0.2.el10_1.aarch64.rpm
nodejs24-libs-24.14.1-2.0.2.el10_1.aarch64.rpm
nodejs24-npm-11.11.0-1.24.14.1.2.0.2.el10_1.noarch.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/nodejs24-24.14.1-2.0.2.el10_1.src.rpm
Related CVEs:
CVE-2026-1525
CVE-2026-1526
CVE-2026-1527
CVE-2026-1528
CVE-2026-2229
CVE-2026-2581
CVE-2026-21637
CVE-2026-21710
CVE-2026-21711
CVE-2026-21712
CVE-2026-21713
CVE-2026-21714
CVE-2026-21715
CVE-2026-21716
CVE-2026-21717
CVE-2026-25547
CVE-2026-26996
CVE-2026-27135
Description of changes:
[1:24.14.1-2.0.2]
- Rebuild to correct NVR
[1:24.14.1-2.0.1]
- Update upstream references
New Ksplice updates for UEKR8 6.12.0 on OL9 and OL10 (ELSA-2026-50304)
Synopsis: ELSA-2026-50304 can now be patched using Ksplice
CVEs: CVE-2025-10263
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2026-50304.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2026-50304.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR8 6.12.0 on
OL9 and OL10 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2025-10263: Racy TLB invalidation on Arm64 CPUs.
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2026-50306)
Synopsis: ELSA-2026-50306 can now be patched using Ksplice
CVEs: CVE-2025-10263
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2026-50306.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2026-50306.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2025-10263: Racy TLB invalidation on Arm64 CPUs.
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2026-50305)
Synopsis: ELSA-2026-50305 can now be patched using Ksplice
CVEs: CVE-2025-10263
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2026-50305.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2026-50305.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2025-10263: Racy TLB invalidation on Arm64 CPUs.
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
