[El-errata] ELSA-2026-6632 Moderate: Oracle Linux 10 kernel security update

Tue Apr 14 04:55:57 UTC 2026

Oracle Linux Security Advisory ELSA-2026-6632

http://linux.oracle.com/errata/ELSA-2026-6632.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-abi-stablelists-6.12.0-124.49.1.el10_1.noarch.rpm
kernel-core-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-cross-headers-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-debug-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-debug-core-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-debug-devel-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-debug-devel-matched-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-debug-modules-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-debug-modules-core-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-debug-modules-extra-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-debug-uki-virt-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-devel-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-devel-matched-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-doc-6.12.0-124.49.1.el10_1.noarch.rpm
kernel-headers-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-modules-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-modules-core-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-modules-extra-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-modules-extra-matched-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-tools-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-tools-libs-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-tools-libs-devel-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-uki-virt-6.12.0-124.49.1.el10_1.x86_64.rpm
kernel-uki-virt-addons-6.12.0-124.49.1.el10_1.x86_64.rpm
libperf-6.12.0-124.49.1.el10_1.x86_64.rpm
perf-6.12.0-124.49.1.el10_1.x86_64.rpm
python3-perf-6.12.0-124.49.1.el10_1.x86_64.rpm
rtla-6.12.0-124.49.1.el10_1.x86_64.rpm
rv-6.12.0-124.49.1.el10_1.x86_64.rpm

aarch64:
kernel-cross-headers-6.12.0-124.49.1.el10_1.aarch64.rpm
kernel-headers-6.12.0-124.49.1.el10_1.aarch64.rpm
kernel-tools-6.12.0-124.49.1.el10_1.aarch64.rpm
kernel-tools-libs-6.12.0-124.49.1.el10_1.aarch64.rpm
kernel-tools-libs-devel-6.12.0-124.49.1.el10_1.aarch64.rpm
libperf-6.12.0-124.49.1.el10_1.aarch64.rpm
perf-6.12.0-124.49.1.el10_1.aarch64.rpm
python3-perf-6.12.0-124.49.1.el10_1.aarch64.rpm
rtla-6.12.0-124.49.1.el10_1.aarch64.rpm
rv-6.12.0-124.49.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-124.49.1.el10_1.src.rpm

Related CVEs:

CVE-2025-38109
CVE-2026-23144
CVE-2026-23171
CVE-2026-23191
CVE-2026-23193
CVE-2026-23204
CVE-2026-23209

Description of changes:

[6.12.0-124.49.1]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Update module name for cryptographic module [Orabug: 37400433]
- Clean git history at setup stage

[6.12.0-124.49.1]
- net/mlx5: Fix ECVF vports unload on shutdown flow (CKI Backport Bot) [RHEL-154540] {CVE-2025-38109}
- mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure (Rafael Aquini) [RHEL-150480] {CVE-2026-23144}
- ALSA: aloop: Fix racy access at PCM trigger (CKI Backport Bot) [RHEL-150132] {CVE-2026-23191}

[6.12.0-124.48.1]
- ice: fix page leak for zero-size Rx descriptors (CKI Backport Bot) [RHEL-154232]
- Bluetooth: MGMT: Fix memory leak in set_ssp_complete (David Marlin) [RHEL-151786]
- Bluetooth: hci_uart: fix null-ptr-deref in hci_uart_write_work (David Marlin) [RHEL-151786]
- Bluetooth: btusb: revert use of devm_kzalloc in btusb (David Marlin) [RHEL-151786]
- Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF (David Marlin) [RHEL-151786]
- net/sched: cls_u32: use skb_header_pointer_careful() (Paolo Abeni) [RHEL-150406] {CVE-2026-23204}
- net: add skb_header_pointer_careful() helper (Paolo Abeni) [RHEL-150406]
- bonding: fix use-after-free due to enslave fail after slave array update (CKI Backport Bot) [RHEL-152391] {CVE-2026-23171}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CKI Backport Bot) [RHEL-150426] {CVE-2026-23193}
- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Hangbin Liu) [RHEL-150229]
- macvlan: fix error recovery in macvlan_common_newlink() (CKI Backport Bot) [RHEL-150229] {CVE-2026-23209}
- media: uvcvideo: Drop stream->mutex (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Fix comments in uvc_meta_detect_msxu (Kate Hsuan) [RHEL-128622]
- media: usb: uvcvideo: Store v4l2_fh pointer in file->private_data (Kate Hsuan) [RHEL-128622]
- media: v4l2: Add support for NV12M tiled variants to v4l2_format_info() (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Use a count variable for meta_formats instead of 0 terminating (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Auto-set UVC_QUIRK_MSXU_META (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Introduce V4L2_META_FMT_UVC_MSXU_1_5 (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Introduce dev->meta_formats (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Do not mark valid metadata as invalid (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: uvc_v4l2_unlocked_ioctl: Invert PM logic (Kate Hsuan) [RHEL-128622]
- media: core: export v4l2_translate_cmd (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Turn on the camera if V4L2_EVENT_SUB_FL_SEND_INITIAL (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Remove stream->is_streaming field (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Split uvc_stop_streaming() (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Handle locks in uvc_queue_return_buffers (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Use vb2 ioctl and fop helpers (Kate Hsuan) [RHEL-128622]
- media: v4l2-common: Add the missing Raw Bayer pixel formats (Kate Hsuan) [RHEL-128622]
- media: v4l2-subdev: Add debug prints to v4l2_subdev_collect_streams() (Kate Hsuan) [RHEL-128622]
- media: v4l2-subdev: Print early in v4l2_subdev_{enable,disable}_streams() (Kate Hsuan) [RHEL-128622]
- media: v4l2: Add Renesas Camera Receiver Unit pixel formats (Kate Hsuan) [RHEL-128622]
- media: v4l2-subdev: Limit the number of active routes to V4L2_FRAME_DESC_ENTRY_MAX (Kate Hsuan) [RHEL-128622]
- media: v4l2-ctrls: Return the handler's error in v4l2_ctrl_handler_free() (Kate Hsuan) [RHEL-128622]
- media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() (Kate Hsuan) [RHEL-128622]
- media: v4l2-common: Reduce warnings about missing V4L2_CID_LINK_FREQ control (Kate Hsuan) [RHEL-128622]
- media: v4l2-ctrls: Fix H264 SEPARATE_COLOUR_PLANE check (Kate Hsuan) [RHEL-128622]
- media: v4l2-jpeg: Remove unused v4l2_jpeg_parse_* wrappers (Kate Hsuan) [RHEL-128622]
- media: v4l2-core: Replace the check for firmware registered I2C devices (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() (Kate Hsuan) [RHEL-128622] {CVE-2025-38680}
- media: uvcvideo: Add quirk for HP Webcam HD 2300 (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Refactor uvc_v4l2_compat_ioctl32 (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Refactor uvc_queue_streamon (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Refactor uvc_ctrl_set_handle() (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Populate all errors in uvc_probe() (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Set V4L2_CTRL_FLAG_DISABLED during queryctrl errors (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Fix bandwidth issue for Alcor camera (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Use dev_err_probe for devm_gpiod_get_optional (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Fix deferred probing error (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Rollback non processed entities on error (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Send control events for partial succeeds (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Return the number of processed controls (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Do not turn on the camera for some ioctls (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Make power management granular (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Avoid variable shadowing in uvc_ctrl_cleanup_fh (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Increase/decrease the PM counter per IOCTL (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Create uvc_pm_(get|put) functions (Kate Hsuan) [RHEL-128622]
- media: uvcvideo: Keep streaming state in the file handle (Kate Hsuan) [RHEL-128622]
- media: Add C3ISP_PARAMS and C3ISP_STATS meta formats (Kate Hsuan) [RHEL-128622]
- media: v4l: subdev: Fix coverity issue: Logically dead code (Kate Hsuan) [RHEL-128622]
- media: v4l2-dev: fix error handling in __video_register_device() (Kate Hsuan) [RHEL-128622]
- media: common: Add v4l2_find_nearest_size_conditional() (Kate Hsuan) [RHEL-128622]
- media: v4l2-common: Add RGBR format info (Kate Hsuan) [RHEL-128622]
- media: v4l2: Add NV15 and NV20 pixel formats (Kate Hsuan) [RHEL-128622]
- media: v4l2-common: Add helpers to calculate bytesperline and sizeimage (Kate Hsuan) [RHEL-128622]
- media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() (Kate Hsuan) [RHEL-128622]
- media: v4l2-core: use (t,l)/wxh format for rectangle (Kate Hsuan) [RHEL-128622]
- media: v4l2-core: Introduce v4l2_query_ext_ctrl_to_v4l2_queryctrl (Kate Hsuan) [RHEL-128622]
- media: v4l2: Remove vidioc_s_ctrl callback (Kate Hsuan) [RHEL-128622]
- media: v4l2: Remove vidioc_g_ctrl callback (Kate Hsuan) [RHEL-128622]
- media: v4l2: Remove vidioc_queryctrl callback (Kate Hsuan) [RHEL-128622]
- media: ioctl: Simulate v4l2_queryctrl with v4l2_query_ext_ctrl (Kate Hsuan) [RHEL-128622]
- media: v4l2-dv-timings: add v4l2_num_edid_blocks() helper (Kate Hsuan) [RHEL-128622]
- media: v4l: Memset argument to 0 before calling get_mbus_config pad op (Kate Hsuan) [RHEL-128622]
- media: v4l: Support obtaining link frequency via get_mbus_config (Kate Hsuan) [RHEL-128622]
- media: v4l: Support passing media pad argument to v4l2_get_link_freq() (Kate Hsuan) [RHEL-128622]