[El-errata] ELSA-2026-6153 Moderate: Oracle Linux 9 kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Apr 1 19:54:25 UTC 2026 

Oracle Linux Security Advisory ELSA-2026-6153

http://linux.oracle.com/errata/ELSA-2026-6153.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-abi-stablelists-5.14.0-611.45.1.el9_7.noarch.rpm
kernel-core-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-cross-headers-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-debug-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-debug-core-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-debug-devel-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-debug-devel-matched-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-debug-modules-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-debug-modules-core-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-debug-modules-extra-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-debug-uki-virt-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-devel-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-devel-matched-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-doc-5.14.0-611.45.1.el9_7.noarch.rpm
kernel-headers-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-modules-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-modules-core-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-modules-extra-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-tools-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-tools-libs-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-tools-libs-devel-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-uki-virt-5.14.0-611.45.1.el9_7.x86_64.rpm
kernel-uki-virt-addons-5.14.0-611.45.1.el9_7.x86_64.rpm
libperf-5.14.0-611.45.1.el9_7.x86_64.rpm
perf-5.14.0-611.45.1.el9_7.x86_64.rpm
python3-perf-5.14.0-611.45.1.el9_7.x86_64.rpm
rtla-5.14.0-611.45.1.el9_7.x86_64.rpm
rv-5.14.0-611.45.1.el9_7.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-611.45.1.el9_7.aarch64.rpm
kernel-headers-5.14.0-611.45.1.el9_7.aarch64.rpm
kernel-tools-5.14.0-611.45.1.el9_7.aarch64.rpm
kernel-tools-libs-5.14.0-611.45.1.el9_7.aarch64.rpm
kernel-tools-libs-devel-5.14.0-611.45.1.el9_7.aarch64.rpm
libperf-5.14.0-611.45.1.el9_7.aarch64.rpm
perf-5.14.0-611.45.1.el9_7.aarch64.rpm
python3-perf-5.14.0-611.45.1.el9_7.aarch64.rpm
rtla-5.14.0-611.45.1.el9_7.aarch64.rpm
rv-5.14.0-611.45.1.el9_7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-611.45.1.el9_7.src.rpm

Related CVEs:

CVE-2025-38180
CVE-2025-40096
CVE-2026-23144
CVE-2026-23171
CVE-2026-23191
CVE-2026-23193
CVE-2026-23204
CVE-2026-23209




Description of changes:

[5.14.0-611.45.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-611.45.1]
- net/sched: cls_u32: use skb_header_pointer_careful() (Paolo Abeni) [RHEL-150403] {CVE-2026-23204}
- net: add skb_header_pointer_careful() helper (Paolo Abeni) [RHEL-150403]
- iommu: Skip PASID validation for devices without PASID capability (Eder Zulian) [RHEL-95264]

[5.14.0-611.44.1]
- nfsd: add list_head nf_gc to struct nfsd_file (Roberto Bergantinos Corpas) [RHEL-152551]
- redhat: genlog: add new JIRA cloud server hostname (Jan Stancek)
- smb: client: fix oops due to uninitialised var in smb2_unlink() (Paulo Alcantara) [RHEL-154395]
- cifs: some missing initializations on replay (Paulo Alcantara) [RHEL-154395]
- smb: client: fix potential UAF and double free in smb2_open_file() (Paulo Alcantara) [RHEL-154395]
- smb/client: fix memory leak in smb2_open_file() (Paulo Alcantara) [RHEL-154395]
- smb: client: split cached_fid bitfields to avoid shared-byte RMW races (Paulo Alcantara) [RHEL-154395]
- bonding: fix use-after-free due to enslave fail after slave array update (CKI Backport Bot) [RHEL-152383] {CVE-2026-23171}
- mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (CKI Backport Bot) [RHEL-150477] {CVE-2026-23144}
- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Hangbin Liu) [RHEL-150226]
- macvlan: fix error recovery in macvlan_common_newlink() (CKI Backport Bot) [RHEL-150226] {CVE-2026-23209}
- dpll: zl3073x: Fix output pin phase adjustment sign (CKI Backport Bot) [RHEL-149764]
- scsi: s390: zfcp: Ensure synchronous unit_add (CKI Backport Bot) [RHEL-143736]

[5.14.0-611.43.1]
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CKI Backport Bot) [RHEL-150422] {CVE-2026-23193}
- ALSA: aloop: Fix racy access at PCM trigger (CKI Backport Bot) [RHEL-150130] {CVE-2026-23191}
- net: atm: fix /proc/net/atm/lec handling (Hangbin Liu) [RHEL-146421] {CVE-2025-38180}
- net: atm: add lec_mutex (Hangbin Liu) [RHEL-146421] {CVE-2025-38323}
- drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (Mika Penttilä) [RHEL-125460] {CVE-2025-40096}

More information about the El-errata mailing list