[El-errata] ELSA-2026-1662 Moderate: Oracle Linux 8 kernel security update

Tue Feb 3 22:07:49 UTC 2026

Oracle Linux Security Advisory ELSA-2026-1662

http://linux.oracle.com/errata/ELSA-2026-1662.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.100.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.100.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.100.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.100.1.el8_10.x86_64.rpm
perf-4.18.0-553.100.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.100.1.el8_10.x86_64.rpm

aarch64:
bpftool-4.18.0-553.100.1.el8_10.aarch64.rpm
kernel-cross-headers-4.18.0-553.100.1.el8_10.aarch64.rpm
kernel-headers-4.18.0-553.100.1.el8_10.aarch64.rpm
kernel-tools-4.18.0-553.100.1.el8_10.aarch64.rpm
kernel-tools-libs-4.18.0-553.100.1.el8_10.aarch64.rpm
kernel-tools-libs-devel-4.18.0-553.100.1.el8_10.aarch64.rpm
perf-4.18.0-553.100.1.el8_10.aarch64.rpm
python3-perf-4.18.0-553.100.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.100.1.el8_10.src.rpm

Related CVEs:

CVE-2022-50865
CVE-2024-26766
CVE-2025-38022
CVE-2025-38024
CVE-2025-38415
CVE-2025-38459
CVE-2025-39760
CVE-2025-40258
CVE-2025-40271
CVE-2025-40322

Description of changes:

[4.18.0-553.100.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

[4.18.0-553.100.1]
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (Kamal Heib) [RHEL-138396] {CVE-2024-26766}

[4.18.0-553.99.1]
- fbdev: bitblit: bound-check glyph index in bit_putcs* (Jocelyn Falempe) [RHEL-136937] {CVE-2025-40322}
- atm: clip: Fix infinite recursive call of clip_push(). (Guillaume Nault) [RHEL-137591] {CVE-2025-38459}
- squashfs: fix memory leak in squashfs_fill_super (Abhi Das) [RHEL-138010] {CVE-2025-38415}
- Squashfs: check return result of sb_min_blocksize (CKI Backport Bot) [RHEL-138010] {CVE-2025-38415}
- usb: core: config: Prevent OOB read in SS endpoint companion parsing (CKI Backport Bot) [RHEL-137362] {CVE-2025-39760}
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (CKI Backport Bot) [RHEL-137058] {CVE-2025-38024}

[4.18.0-553.98.1]
- vfs: use READ_ONCE() to access ->i_link (Jay Shin) [RHEL-141790]
- fold generic_readlink() into its only caller (Jay Shin) [RHEL-141790]
- fs/proc: fix uaf in proc_readdir_de() (Pavel Reichl) [RHEL-137093] {CVE-2025-40271}
- Backport 'create an empty changelog file when changing its name' (Alexandra Hájková)
- mptcp: fix race condition in mptcp_schedule_work() (Paolo Abeni) [RHEL-134443] {CVE-2025-40258}
- mptcp: use mptcp_schedule_work instead of open-coding it (Paolo Abeni) [RHEL-134443]
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Guillaume Nault) [RHEL-137976] {CVE-2022-50865}
- tcp: minor optimization in tcp_add_backlog() (Guillaume Nault) [RHEL-137976] {CVE-2022-50865}
- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (Kamal Heib) [RHEL-134347] {CVE-2025-38022}