[ol10_appstream] kernel-headers-6.12.0-55.37.1.0.1.el10_0.aarch64

Name:	kernel-headers
Version:	6.12.0
Release:	55.37.1.0.1.el10_0
Architecture:	aarch64
Group:	Unspecified
Size:	7229437
License:	((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND 0BSD AND BSD-2-Clause AND (BSD-2-Clause OR Apache-2.0) AND BSD-3-Clause AND BSD-3-Clause-Clear AND CC0-1.0 AND GFDL-1.1-no-invariants-or-later AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR GFDL-1.1-no-invariants-or-later) AND (GPL-2.0-only OR GFDL-1.2-no-invariants-only) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR CC-BY-4.0) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND Linux-man-pages-copyleft AND MIT AND (MIT OR Apache-2.0) AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib AND (copyleft-next-0.3.1 OR GPL-2.0-or-later)
RPM:	kernel-headers-6.12.0-55.37.1.0.1.el10_0.aarch64.rpm
Source RPM:	kernel-6.12.0-55.37.1.0.1.el10_0.src.rpm
Build Date:	Wed Oct 01 2025
Build Host:	build-ol10-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://www.kernel.org/
Summary:	Header files for the Linux kernel for use by glibc
Description:	Kernel-headers includes the C header files that specify the interface between the Linux kernel and userspace libraries and programs. The header files define structures and constants that are needed for building most standard programs and are also needed for rebuilding the glibc package.

Changelog (Show File list) (Show related packages)

Wed Oct 01 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.37.1.0.1.el10_0.OL10]

- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Update module name for cryptographic module [Orabug: 37400433]

Wed Oct 01 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.37.1.el10_0]

- fix kABI build errors
- Adjust new tls selftest for current code
- Bump internal version to 55.37.1
- selftests: tls: add tests for zero-length records - CVE-2025-39682
- tls: fix handling of zero-length records on the rx_list - CVE-2025-39682
- fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass - CVE-2025-38396
- io_uring/futex: ensure io_futex_wait() cleans up properly on failure - CVE-2025-39698
- ice: use fixed adapter index for E825C embedded devices
- ice: use DSN instead of PCI BDF for ice_adapter index
- tcp: drop secpath at the same time as we currently drop dst
- cifs: Fix reading into an ITER_FOLIOQ from the smbdirect code
- cifs: Fix the smbd_response slab to allow usercopy - CVE-2025-38523
- smb: client: let smbd_post_send_iter() respect the peers max_send_size and transmit all data
- smb: client: fix max_sge overflow in smb_extract_folioq_to_rdma()
- smb: client: make use of common smbdirect_socket_parameters
- smb: smbdirect: introduce smbdirect_socket_parameters
- smb: client: make use of common smbdirect_socket
- smb: smbdirect: add smbdirect_socket.h
- smb: client: make use of common smbdirect.h
- smb: smbdirect: add smbdirect.h with public structures
- smb: client: make use of common smbdirect_pdu.h
- smb: smbdirect: add smbdirect_pdu.h with protocol definitions
- s390/sclp: Fix SCCB present check - CVE-2025-39694
- net: stmmac: fix TSO DMA API usage causing oops
- smb: client: fix use-after-free in cifs_oplock_break - CVE-2025-38527

Wed Sep 24 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.34.1.el10_0]

- Bump internal version to 55.34.1
- sunrpc: fix handling of server side tls alerts - CVE-2025-38566
- i40e: When removing VF MAC filters, only check PF-set MAC
- usb: dwc3: gadget: check that event count does not exceed event buffer length - CVE-2025-37810

Thu Sep 18 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.33.1.el10_0]

- Fix kABI for net_namespace.h
- Bump internal version to 55.33.1
- xfrm: interface: fix use-after-free after changing collect_md xfrm interface - CVE-2025-38500
- idpf: convert control queue mutex to a spinlock - CVE-2025-38392
- eth: bnxt: fix missing ring index trim on error path - CVE-2025-37873
- tcp: Correct signedness in skb remaining space calculation - CVE-2025-38463
- ipv6: mcast: Delay put pmc->idev in mld_del_delrec() - CVE-2025-38550
- redhat: selftests/bpf: Add cpuv4 variant
- i40e: report VF tx_dropped with tx_errors instead of tx_discards - CVE-2025-38200
- use uniform permission checks for all mount propagation changes - CVE-2025-38498
- do_change_type(): refuse to operate on unmounted/not ours mounts - CVE-2025-38498
- ublk: make sure ubq->canceling is set when queue is frozen - CVE-2025-22068
- net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM
- scsi: lpfc: Use memcpy() for BIOS version - CVE-2025-38332
- net: introduce per netns packet chains

Fri Sep 12 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.32.1.el10_0]

- Bump internal version to 55.32.1
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() - CVE-2025-38352

Wed Sep 10 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.31.1.el10_0]

- Adjust sched/fair: Adhere to place_entity() constraints
- Bump internal version to 55.31.1
- sched/fair: Adhere to place_entity() constraints
- sched/fair: Fix update_cfs_group() vs DELAY_DEQUEUE
- sched/fair: Fix EEVDF entity placement bug causing scheduling lag
- sched/fair: optimize the PLACE_LAG when se->vlag is zero
- net/sched: ets: use old 'nbands' while purging unused classes - CVE-2025-38350
- net/sched: Always pass notifications when child class becomes empty - CVE-2025-38350
- net_sched: ets: fix a race in ets_qdisc_change() - CVE-2025-38107
- sch_htb: make htb_deactivate() idempotent - CVE-2025-37953
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() - CVE-2025-37798
- sch_qfq: make qfq_qlen_notify() idempotent - CVE-2025-38350
- sch_drr: make drr_qlen_notify() idempotent - CVE-2025-38350
- sch_htb: make htb_qlen_notify() idempotent - CVE-2025-37932
- drm/vkms: Fix use after free and double free on init error - CVE-2025-22097
- Revert "cxl/acpi: Fix load failures due to single window creation failure"
- udmabuf: fix a buf size overflow issue during udmabuf creation - CVE-2025-37803
- drm/framebuffer: Acquire internal references on GEM handles - CVE-2025-38449
- drm/gem: Acquire references on GEM handles for framebuffers - CVE-2025-38449
- nvme/ioctl: don't warn on vectorized uring_cmd with fixed buffer
- nvme-ioctl: fix leaked requests on mapping error

Wed Sep 03 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.30.1.el10_0]

- tipc: Fix use-after-free in tipc_conn_close(). - CVE-2025-38464
- Bump internal version to 55.30.1
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too - CVE-2025-37823
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs
- s390/pci: Fix handling of isolated VFs
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn()
- s390/pci: Fix SR-IOV for PFs initially in standby
- RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction - CVE-2025-38211
- udp: Fix memory accounting leak. - CVE-2025-22058
- udp: Fix multiple wraparounds of sk->sk_rmem_alloc.
- ext4: only dirty folios when data journaling regular files - CVE-2025-38220
- vsock: Fix transport_* TOCTOU - CVE-2025-38461
- netfilter: nf_conntrack: fix crash due to removal of uninitialised entry - CVE-2025-38472

Tue Aug 26 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.29.1.el10_0]

- Bump internal version to 55.29.1
- ice: fix eswitch code memory leak in reset scenario - CVE-2025-38417
- net/sched: Abort __tc_modify_qdisc if parent class does not exist
- net_sched: ets: Fix double list add in class with netem as child qdisc - CVE-2025-37914
- sch_ets: make est_qlen_notify() idempotent
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw - CVE-2025-38200
- cxgb4: use port number to set mac addr

Wed Aug 20 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.28.1.el10_0]

- Conflict with xdp-tools < 1.5.4
- Bump internal version to 55.28.1
- tls: always refresh the queue when reading sock - CVE-2025-38471
- selftests: net: bpf_offload: add 'libbpf_global' to ignored maps
- selftests: net: fix error message in bpf_offload
- selftests: net: add more info to error in bpf_offload
- net: fix udp gso skb_segment after pull from frag_list - CVE-2025-38124
- powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
- s390/pci: Serialize device addition and removal
- s390/pci: Allow re-add of a reserved but not yet removed device
- s390/pci: Prevent self deletion in disable_slot()
- s390/pci: Remove redundant bus removal and disable from zpci_release_device()
- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs
- s390/pci: Fix missing check for zpci_create_device() error return
- s390/pci: Fix potential double remove of hotplug slot
- s390/topology: Improve topology detection
- Bluetooth: hci_core: Fix use-after-free in vhci_flush() - CVE-2025-38250
- selftests/bpf: Adjust data size to have ETH_HLEN - CVE-2025-21867
- bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() - CVE-2025-21867
- i2c/designware: Fix an initialization issue - CVE-2025-38380

Thu Aug 14 2025 Alex Burmashev <alexander.burmashev@oracle.com> [6.12.0-55.27.1.el10_0]

- Bump internal version to 55.27.1
- Fix includes for mm: fix copy_vma() error handling for hugetlb mappings
- Revert sch_htb: make htb_qlen_notify() idempotent
- Revert sch_drr: make drr_qlen_notify() idempotent
- Revert sch_qfq: make qfq_qlen_notify() idempotent
- Revert codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
- Revert sch_htb: make htb_deactivate() idempotent
- Revert net/sched: Always pass notifications when child class becomes empty
- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds - CVE-2025-38159
- Documentation: Fix pci=config_acs= example
- PCI/ACS: Fix 'pci=config_acs=' parameter
- Revert "smb: client: fix TCP timers deadlock after rmmod" - CVE-2025-22077
- Revert smb: client: Fix netns refcount imbalance causing leaks and use-after-free 
- smb: client: Fix netns refcount imbalance causing leaks and use-after-free
- wifi: ath12k: fix invalid access to memory - CVE-2025-38292
- x86/CPU/AMD: Terminate the erratum_1386_microcode array - CVE-2024-56721
- crypto: algif_hash - fix double free in hash_accept - CVE-2025-38079
- net/sched: Always pass notifications when child class becomes empty - CVE-2025-38350
- sch_htb: make htb_deactivate() idempotent - CVE-2025-38350
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() - CVE-2025-38350
- sch_qfq: make qfq_qlen_notify() idempotent - CVE-2025-38350
- sch_drr: make drr_qlen_notify() idempotent - CVE-2025-38350
- sch_htb: make htb_qlen_notify() idempotent - CVE-2025-38350
- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race - CVE-2025-38085
- mm/hugetlb: unshare page tables during VMA split, not before - CVE-2025-38084
- tools/testing/vma: add missing function stub
- mm: fix copy_vma() error handling for hugetlb mappings
- PCI: Use downstream bridges for distributing resources
- PCI/pwrctrl: Cancel outstanding rescan work when unregistering - CVE-2025-38137
- bnxt_en: Skip MAC loopback selftest if it is unsupported by FW
- bnxt_en: Skip PHY loopback ethtool selftest if unsupported by FW