[El-errata] ELSA-2026-2722 Moderate: Oracle Linux 9 kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Feb 18 14:03:56 UTC 2026 

Oracle Linux Security Advisory ELSA-2026-2722

http://linux.oracle.com/errata/ELSA-2026-2722.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-abi-stablelists-5.14.0-611.34.1.el9_7.noarch.rpm
kernel-core-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-cross-headers-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-core-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-devel-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-devel-matched-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-modules-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-modules-core-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-modules-extra-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-debug-uki-virt-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-devel-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-devel-matched-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-doc-5.14.0-611.34.1.el9_7.noarch.rpm
kernel-headers-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-modules-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-modules-core-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-modules-extra-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-tools-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-tools-libs-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-tools-libs-devel-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-uki-virt-5.14.0-611.34.1.el9_7.x86_64.rpm
kernel-uki-virt-addons-5.14.0-611.34.1.el9_7.x86_64.rpm
libperf-5.14.0-611.34.1.el9_7.x86_64.rpm
perf-5.14.0-611.34.1.el9_7.x86_64.rpm
python3-perf-5.14.0-611.34.1.el9_7.x86_64.rpm
rtla-5.14.0-611.34.1.el9_7.x86_64.rpm
rv-5.14.0-611.34.1.el9_7.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-611.34.1.el9_7.aarch64.rpm
kernel-headers-5.14.0-611.34.1.el9_7.aarch64.rpm
kernel-tools-5.14.0-611.34.1.el9_7.aarch64.rpm
kernel-tools-libs-5.14.0-611.34.1.el9_7.aarch64.rpm
kernel-tools-libs-devel-5.14.0-611.34.1.el9_7.aarch64.rpm
libperf-5.14.0-611.34.1.el9_7.aarch64.rpm
perf-5.14.0-611.34.1.el9_7.aarch64.rpm
python3-perf-5.14.0-611.34.1.el9_7.aarch64.rpm
rtla-5.14.0-611.34.1.el9_7.aarch64.rpm
rv-5.14.0-611.34.1.el9_7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-611.34.1.el9_7.src.rpm

Related CVEs:

CVE-2023-53034
CVE-2025-40064
CVE-2025-40304
CVE-2025-40322
CVE-2025-68349
CVE-2025-68811
CVE-2026-22998




Description of changes:

[5.14.0-611.34.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-611.34.1]
- scsi: storvsc: Process unsupported MODE_SENSE_10 (Li Tian) [RHEL-145183]
- smb: client: Add tracepoint for krb5 auth (Paulo Alcantara) [RHEL-127498]
- smb: client: improve error message when creating SMB session (Paulo Alcantara) [RHEL-127498]
- smb: client: relax session and tcon reconnect attempts (Paulo Alcantara) [RHEL-127498]
- cifs: #include cifsglob.h before trace.h to allow structs in tracepoints (Paulo Alcantara) [RHEL-127498]
- smc: Fix use-after-free in __pnet_find_base_ndev(). (Mete Durlu) [RHEL-126890] {CVE-2025-40064}

[5.14.0-611.33.1]
- i40e: avoid redundant VF link state updates (CKI Backport Bot) [RHEL-141877]
- x86/sev: Guard sev_evict_cache() with CONFIG_AMD_MEM_ENCRYPT (Paolo Bonzini) [RHEL-128030]
- x86/sev: Evict cache lines during SNP memory validation (Paolo Bonzini) [RHEL-128030]
- ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans (Myron Stowe) [RHEL-132891] {CVE-2023-53034}
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CKI Backport Bot) [RHEL-137683] {CVE-2025-40304}
- crypto: iaa - Optimize rebalance_wq_table() (Jay Shin) [RHEL-137272]
- fbdev: bitblit: bound-check glyph index in bit_putcs* (CKI Backport Bot) [RHEL-136942] {CVE-2025-40322}
- bpf: Do not audit capability check in do_jit() (Jay Shin) [RHEL-135137]

[5.14.0-611.32.1]
- svcrdma: use rc_pageoff for memcpy byte offset (CKI Backport Bot) [RHEL-142790] {CVE-2025-68811}
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CKI Backport Bot) [RHEL-140260] {CVE-2025-68349}

[5.14.0-611.31.1]
- nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CKI Backport Bot) [RHEL-144332] {CVE-2026-22998}

More information about the El-errata mailing list