[El-errata] ELSA-2026-1143 Important: Oracle Linux 9 kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Jan 29 00:41:12 UTC 2026 

Oracle Linux Security Advisory ELSA-2026-1143

http://linux.oracle.com/errata/ELSA-2026-1143.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-abi-stablelists-5.14.0-611.26.1.el9_7.noarch.rpm
kernel-core-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-cross-headers-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-debug-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-debug-core-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-debug-devel-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-debug-devel-matched-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-debug-modules-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-debug-modules-core-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-debug-modules-extra-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-debug-uki-virt-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-devel-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-devel-matched-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-doc-5.14.0-611.26.1.el9_7.noarch.rpm
kernel-headers-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-modules-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-modules-core-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-modules-extra-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-tools-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-tools-libs-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-tools-libs-devel-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-uki-virt-5.14.0-611.26.1.el9_7.x86_64.rpm
kernel-uki-virt-addons-5.14.0-611.26.1.el9_7.x86_64.rpm
libperf-5.14.0-611.26.1.el9_7.x86_64.rpm
perf-5.14.0-611.26.1.el9_7.x86_64.rpm
python3-perf-5.14.0-611.26.1.el9_7.x86_64.rpm
rtla-5.14.0-611.26.1.el9_7.x86_64.rpm
rv-5.14.0-611.26.1.el9_7.x86_64.rpm

aarch64:
kernel-cross-headers-5.14.0-611.26.1.el9_7.aarch64.rpm
kernel-headers-5.14.0-611.26.1.el9_7.aarch64.rpm
kernel-tools-5.14.0-611.26.1.el9_7.aarch64.rpm
kernel-tools-libs-5.14.0-611.26.1.el9_7.aarch64.rpm
kernel-tools-libs-devel-5.14.0-611.26.1.el9_7.aarch64.rpm
libperf-5.14.0-611.26.1.el9_7.aarch64.rpm
perf-5.14.0-611.26.1.el9_7.aarch64.rpm
python3-perf-5.14.0-611.26.1.el9_7.aarch64.rpm
rtla-5.14.0-611.26.1.el9_7.aarch64.rpm
rv-5.14.0-611.26.1.el9_7.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-5.14.0-611.26.1.el9_7.src.rpm

Related CVEs:

CVE-2025-38141
CVE-2025-38349
CVE-2025-38731
CVE-2025-40248
CVE-2025-40258
CVE-2025-40294
CVE-2025-68301
CVE-2025-68305




Description of changes:

[5.14.0-611.26.1]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

[5.14.0-611.26.1]
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (CKI Backport Bot) [RHEL-139462] {CVE-2025-68305}
- dm: fix dm_blk_report_zones (CKI Backport Bot) [RHEL-137949] {CVE-2025-38141}
- Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() (CKI Backport Bot) [RHEL-136964] {CVE-2025-40294}
- drm/xe: Fix vm_bind_ioctl double free bug (CKI Backport Bot) [RHEL-122309] {CVE-2025-38731}

[5.14.0-611.25.1]
- ice: Fix kernel panic due to page refcount underflow (Mohammad Heib) [RHEL-139731]
- net: atlantic: fix fragment overflow handling in RX path (CKI Backport Bot) [RHEL-139487] {CVE-2025-68301}
- KVM: arm64: Hide ID_AA64MMFR2_EL1.NV from guest and userspace (Donald Dutile) [RHEL-134767]
- Set fc_nlinfo in nh_create_ipv4, nh_create_ipv6 (Guillaume Nault) [RHEL-138493]
- vsock: Ignore signal/timeout on connect() if already established (CKI Backport Bot) [RHEL-139284] {CVE-2025-40248}
- eventpoll: don't decrement ep refcount while still holding the ep mutex (CKI Backport Bot) [RHEL-138035] {CVE-2025-38349}
- block: don't freeze queue for updating queue limits (Ming Lei) [RHEL-135268]
- mptcp: fix race condition in mptcp_schedule_work() (CKI Backport Bot) [RHEL-134448] {CVE-2025-40258}
- uprobes: Fix race in uprobe_free_utask (Jay Shin) [RHEL-133868]
- dpll: zl3073x: Specify phase adjustment granularity for pins (Ivan Vecera) [RHEL-129504]
- dpll: add phase-adjust-gran pin attribute (Ivan Vecera) [RHEL-129504]

More information about the El-errata mailing list