[ol8_baseos_latest] kernel-headers-4.18.0-553.107.1.el8_10.aarch64

Kernel-headers includes the C header files that specify the interface
between the Linux kernel and userspace libraries and programs.  The
header files define structures and constants that are needed for
building most standard programs and are also needed for rebuilding the
glibc package.

Changelog (Show File list) (Show related packages)

• Mon Feb 23 2026 EL Errata <el-errata_ww@oracle.com> [4.18.0-553.107.1.el8_10.OL8]

  - Update Oracle Linux certificates (Kevin Lyons)
  - Disable signing for aarch64 (Ilya Okomin)
  - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  - Update x509.genkey [Orabug: 24817676]
  - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
  - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
  - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

• Tue Feb 17 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.107.1.el8_10]

  - autofs: use wake_up() instead of wake_up_interruptible(() (Ian Kent) [RHEL-143685]
  - autofs: fix memory leak of waitqueues in autofs_catatonic_mode (Ian Kent) [RHEL-143685] {CVE-2023-54134}
  - i40e: validate ring_len parameter against hardware-specific values (CKI Backport Bot) [RHEL-141709]
  - xfs: set max_agbno to allow sparse alloc of last full inode chunk (Brian Foster) [RHEL-136693]
  - audit: merge loops in __audit_inode_child() (Ricardo Robaina) [RHEL-140442]

• Tue Feb 17 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.106.1.el8_10]

  - bridge: mcast: Fix use-after-free during router port configuration (Mohammad Heib) [RHEL-138422] {CVE-2025-38248}
  - net/sched: Enforce that teql can only be used as root qdisc (CKI Backport Bot) [RHEL-146992] {CVE-2026-23074}
  - page_pool: Fix use-after-free in page_pool_recycle_in_ring (Marc Milgram) [RHEL-137838] {CVE-2025-38129}
  - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CKI Backport Bot) [RHEL-143189] {CVE-2025-68800}
  - smc: Fix use-after-free in __pnet_find_base_ndev(). (Mete Durlu) [RHEL-126886] {CVE-2025-40064}

• Sat Feb 07 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.105.1.el8_10]

  - s390/ipl: Clear SBP flag when bootprog is set (Mete Durlu) [RHEL-145334]
  - Bluetooth: hci_event: Fix checking conn for le_conn_complete_evt (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: hci_conn: Consolidate code for aborting connections (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: Fix printing errors if LE Connection times out (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: hci_conn: Fix not cleaning up on LE Connection failure (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: hci_sync: hold hdev->lock when cleanup hci_conn (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: Move hci_abort_conn to hci_conn.c (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: mgmt: Fix using hci_conn_abort (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: hci_conn: Fix hci_connect_le_sync (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: hci_sync: Cleanup hci_conn if it cannot be aborted (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: hci_event: Fix checking for invalid handle on error status (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: hci_sync: fix undefined return of hci_disconnect_all_sync() (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: hci_event: Ignore multiple conn complete events (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (David Marlin) [RHEL-137111] {CVE-2023-53762}
  - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CKI Backport Bot) [RHEL-137678] {CVE-2025-40304}
  - gfs2: Fix duplicate should_fault_in_pages() call (Andreas Gruenbacher) [RHEL-130505]
  - smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). (Mete Durlu) [RHEL-130012] {CVE-2025-40168}

• Wed Feb 04 2026 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.104.1.el8_10]

  - Revert "audit: Avoid excessive dput/dget in audit_context setup and reset paths" (Alexandra Hájková) [RHEL-145856]

• Tue Feb 03 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.103.1.el8_10]

  - ext4: fix use-after-free in ext4_orphan_cleanup (CKI Backport Bot) [RHEL-136000] {CVE-2022-50673}
  - ext4: lost matching-pair of trace in ext4_truncate (CKI Backport Bot) [RHEL-136000] {CVE-2022-50673}
  - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (CKI Backport Bot) [RHEL-136904] {CVE-2025-40269}

• Sat Jan 31 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.102.1.el8_10]

  - nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CKI Backport Bot) [RHEL-144327] {CVE-2026-22998}
  - NFSv4: ensure the open stateid seqid doesn't go backwards (Scott Mayhew) [RHEL-121683]
  - audit: Avoid excessive dput/dget in audit_context setup and reset paths (Waiman Long) [RHEL-140776]
  - lockref: remove lockref_put_not_zero (Waiman Long) [RHEL-140776]
  - lockref: stop doing cpu_relax in the cmpxchg loop (Waiman Long) [RHEL-140776]
  - lockref: remove unused 'lockref_get_or_lock()' function (Waiman Long) [RHEL-140776]
  - lockref: Limit number of cmpxchg loop retries (Waiman Long) [RHEL-140776]
  - net: use dst_dev_rcu() in sk_setup_caps() (Hangbin Liu) [RHEL-129079] {CVE-2025-40170}
  - ipv6: use RCU in ip6_xmit() (Hangbin Liu) [RHEL-129004] {CVE-2025-40135}
  - ipv6: use RCU in ip6_output() (Hangbin Liu) [RHEL-128966] {CVE-2025-40158}
  - net: dst: introduce dst->dev_rcu (Hangbin Liu) [RHEL-128966]
  - net: Add locking to protect skb->dev access in ip_output (Hangbin Liu) [RHEL-128966]
  - net: dst: add four helpers to annotate data-races around dst->dev (Hangbin Liu) [RHEL-128966]
  - ipv4: use RCU protection in __ip_rt_update_pmtu() (Hangbin Liu) [RHEL-128966] {CVE-2025-21766}
  - net: gain ipv4 mtu when mtu is not locked (Hangbin Liu) [RHEL-128966]
  - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (Hangbin Liu) [RHEL-128966]
  - ipv4: add RCU protection to ip4_dst_hoplimit() (Hangbin Liu) [RHEL-128966]

• Thu Jan 29 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.101.1.el8_10]

  - i40e: avoid redundant VF link state updates (CKI Backport Bot) [RHEL-141878]
  - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CKI Backport Bot) [RHEL-140255] {CVE-2025-68349}
  - vsock/vmci: Clear the vmci transport packet properly when initializing it (CKI Backport Bot) [RHEL-137692] {CVE-2025-38403}
  - sched: Fix stop_one_cpu_nowait() vs hotplug (Herton R. Krzesinski) [RHEL-85625]

• Tue Jan 27 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.100.1.el8_10]

  - IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (Kamal Heib) [RHEL-138396] {CVE-2024-26766}

• Sat Jan 24 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.99.1.el8_10]

  - fbdev: bitblit: bound-check glyph index in bit_putcs* (Jocelyn Falempe) [RHEL-136937] {CVE-2025-40322}
  - atm: clip: Fix infinite recursive call of clip_push(). (Guillaume Nault) [RHEL-137591] {CVE-2025-38459}
  - squashfs: fix memory leak in squashfs_fill_super (Abhi Das) [RHEL-138010] {CVE-2025-38415}
  - Squashfs: check return result of sb_min_blocksize (CKI Backport Bot) [RHEL-138010] {CVE-2025-38415}
  - usb: core: config: Prevent OOB read in SS endpoint companion parsing (CKI Backport Bot) [RHEL-137362] {CVE-2025-39760}
  - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (CKI Backport Bot) [RHEL-137058] {CVE-2025-38024}