[El-errata] ELSA-2026-0453 Important: Oracle Linux 10 kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Jan 14 00:04:15 UTC 2026 

Oracle Linux Security Advisory ELSA-2026-0453

http://linux.oracle.com/errata/ELSA-2026-0453.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-abi-stablelists-6.12.0-124.27.1.el10_1.noarch.rpm
kernel-core-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-cross-headers-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-debug-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-debug-core-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-debug-devel-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-debug-devel-matched-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-debug-modules-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-debug-modules-core-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-debug-modules-extra-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-debug-uki-virt-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-devel-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-devel-matched-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-doc-6.12.0-124.27.1.el10_1.noarch.rpm
kernel-headers-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-modules-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-modules-core-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-modules-extra-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-modules-extra-matched-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-tools-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-tools-libs-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-tools-libs-devel-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-uki-virt-6.12.0-124.27.1.el10_1.x86_64.rpm
kernel-uki-virt-addons-6.12.0-124.27.1.el10_1.x86_64.rpm
libperf-6.12.0-124.27.1.el10_1.x86_64.rpm
perf-6.12.0-124.27.1.el10_1.x86_64.rpm
python3-perf-6.12.0-124.27.1.el10_1.x86_64.rpm
rtla-6.12.0-124.27.1.el10_1.x86_64.rpm
rv-6.12.0-124.27.1.el10_1.x86_64.rpm

aarch64:
kernel-cross-headers-6.12.0-124.27.1.el10_1.aarch64.rpm
kernel-headers-6.12.0-124.27.1.el10_1.aarch64.rpm
kernel-tools-6.12.0-124.27.1.el10_1.aarch64.rpm
kernel-tools-libs-6.12.0-124.27.1.el10_1.aarch64.rpm
kernel-tools-libs-devel-6.12.0-124.27.1.el10_1.aarch64.rpm
libperf-6.12.0-124.27.1.el10_1.aarch64.rpm
perf-6.12.0-124.27.1.el10_1.aarch64.rpm
python3-perf-6.12.0-124.27.1.el10_1.aarch64.rpm
rtla-6.12.0-124.27.1.el10_1.aarch64.rpm
rv-6.12.0-124.27.1.el10_1.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-124.27.1.el10_1.src.rpm

Related CVEs:

CVE-2025-39806
CVE-2025-39840
CVE-2025-39843
CVE-2025-39905
CVE-2025-39966
CVE-2025-40176
CVE-2025-40240
CVE-2025-40277
CVE-2025-68287




Description of changes:

[6.12.0-124.27.1]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Update module name for cryptographic module [Orabug: 37400433]
- Clean git history at setup stage

[6.12.0-124.27.1]
- arm64: errata: Expand speculative SSBS workaround for Cortex-A720AE (Waiman Long) [RHEL-120684]
- arm64: cputype: Add Cortex-A720AE definitions (Waiman Long) [RHEL-120684]
- arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays (Waiman Long) [RHEL-120684]
- arm64: Add support for HIP09 Spectre-BHB mitigation (Waiman Long) [RHEL-120684]
- arm64: errata: Add newer ARM cores to the spectre_bhb_loop_affected() lists (Waiman Long) [RHEL-120684]
- arm64: cputype: Add MIDR_CORTEX_A76AE (Waiman Long) [RHEL-120684]
- arm64: errata: Add KRYO 2XX/3XX/4XX silver cores to Spectre BHB safe list (Waiman Long) [RHEL-120684]
- kmem/tracing: add kmem name to kmem_cache_alloc tracepoint (Charles Haithcock) [RHEL-129882]
- mm: memory-tiering: fix PGPROMOTE_CANDIDATE counting (Rafael Aquini) [RHEL-128383]

[6.12.0-124.26.1]
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (CKI Backport Bot) [RHEL-137150] {CVE-2025-68287}
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (CKI Backport Bot) [RHEL-134431] {CVE-2025-40277}
- net: phylink: add lock for serializing concurrent pl->phydev writes with resolver (CKI Backport Bot) [RHEL-129812] {CVE-2025-39905}

[6.12.0-124.25.1]
- sctp: avoid NULL dereference when chunk data buffer is missing (CKI Backport Bot) [RHEL-134010] {CVE-2025-40240}
- HID: i2c-hid: Resolve touchpad issues on Dell systems during S4 (CKI Backport Bot) [RHEL-128281]
- HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (CKI Backport Bot) [RHEL-124610] {CVE-2025-39806}
- inetpeer: do not get a refcount in inet_getpeer() (Guillaume Nault) [RHEL-115287]
- inetpeer: update inetpeer timestamp in inet_getpeer() (Guillaume Nault) [RHEL-115287]
- inetpeer: remove create argument of inet_getpeer() (Guillaume Nault) [RHEL-115287]
- inetpeer: remove create argument of inet_getpeer_v[46]() (Guillaume Nault) [RHEL-115287]

[6.12.0-124.24.1]
- audit: fix out-of-bounds read in audit_compare_dname_path() (Richard Guy Briggs) [RHEL-119185] {CVE-2025-39840}

[6.12.0-124.23.1]
- redhat: use RELEASE_LOCALVERSION also for dist-get-tag (Jan Stancek)
- redhat: introduce RELEASE_LOCALVERSION variable (Jan Stancek)
- iommufd: Fix race during abort for file descriptors (Eder Zulian) [RHEL-123789] {CVE-2025-39966}
- smb: client: handle lack of IPC in dfs_cache_refresh() (Paulo Alcantara) [RHEL-126227]
- mm: slub: avoid wake up kswapd in set_track_prepare (Audra Mitchell) [RHEL-125522] {CVE-2025-39843}
- dpll: zl3073x: Increase maximum size of flash utility (Ivan Vecera) [RHEL-116157]
- dpll: zl3073x: Fix double free in zl3073x_devlink_flash_update() (Ivan Vecera) [RHEL-116157]
- dpll: zl3073x: Implement devlink flash callback (Ivan Vecera) [RHEL-116157]
- dpll: zl3073x: Add firmware loading functionality (Ivan Vecera) [RHEL-116157]
- dpll: zl3073x: Add low-level flash functions (Ivan Vecera) [RHEL-116157]
- dpll: zl3073x: Add functions to access hardware registers (Ivan Vecera) [RHEL-116157]

[6.12.0-124.22.1]
- ASoC: Intel: sof_sdw: Add quirks for Lenovo P1 and P16 (CKI Backport Bot) [RHEL-130550]
- tls: wait for pending async decryptions if tls_strp_msg_hold fails (CKI Backport Bot) [RHEL-128866] {CVE-2025-40176}
- sched/deadline: Fix RT task potential starvation when expiry time passed (CKI Backport Bot) [RHEL-124660]

More information about the El-errata mailing list