-
Thu May 21 2026 EL Errata <el-errata_ww@oracle.com> [4.18.0-553.125.1.el8_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]
-
Mon May 18 2026 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.125.1.el8_10]
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Sabrina Dubroca) [RHEL-176090] {CVE-2026-46300}
- net: skbuff: preserve shared-frag marker during coalescing (Sabrina Dubroca) [RHEL-176090] {CVE-2026-46300}
- ptrace: slightly saner 'get_dumpable()' logic (Rafael Aquini) [RHEL-176445] {CVE-2026-46333}
-
Mon May 11 2026 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.124.1.el8_10]
- xfrm: esp: avoid in-place decrypt on shared skb frags (Sabrina Dubroca) [RHEL-174586] {CVE-2026-43284}
-
Mon May 04 2026 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.123.1.el8_10]
- crypto: algif_aead - snapshot IV for async AEAD requests (Herbert Xu) [RHEL-172187]
- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [RHEL-172187]
- crypto: authencesn - reject short ahash digests during instance creation (Herbert Xu) [RHEL-172187]
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [RHEL-172187]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [RHEL-172187] {CVE-2026-31431}
- crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (Herbert Xu) [RHEL-172187] {CVE-2026-23060}
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [RHEL-172187]
- crypto: af_alg - limit RX SG extraction by receive buffer budget (Herbert Xu) [RHEL-172187] {CVE-2026-31677}
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [RHEL-172187] {CVE-2026-31431}
- crypto: af-alg - fix NULL pointer dereference in scatterwalk (Herbert Xu) [RHEL-172187]
- KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Paolo Bonzini) [RHEL-153727] {CVE-2026-23401}
-
Fri Apr 24 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.122.1.el8_10]
- nvme: avoid double free special payload (Maurizio Lombardi) [RHEL-51303] {CVE-2024-41073}
- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CKI Backport Bot) [RHEL-166921] {CVE-2025-68724}
- net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (Jay Shin) [RHEL-166155] {CVE-2025-40252}
- kernel.h: Move ARRAY_SIZE() to a separate header (Jay Shin) [RHEL-166155] {CVE-2025-40252}
-
Wed Apr 15 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.121.1.el8_10]
- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Scott Mayhew) [RHEL-167011] {CVE-2026-31402}
-
Wed Apr 08 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.120.1.el8_10]
- gfs2: bufdata allocation race (Andreas Gruenbacher) [RHEL-160075]
- gfs2: Get rid of gfs2_log_[un]lock helpers (Andreas Gruenbacher) [RHEL-160075]
- gfs2: Avoid unnecessary transactions in evict_linked_inode (Andreas Gruenbacher) [RHEL-160075]
- KVM: x86: Fix a semi theoretical bug in kvm_arch_async_page_present_queued() (Maxim Levitsky) [RHEL-152657]
- KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (Maxim Levitsky) [RHEL-152657]
-
Tue Apr 07 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.119.1.el8_10]
- s390/dasd: Copy detected format information to secondary device (Mete Durlu) [RHEL-161532]
- s390/dasd: Move quiesce state with pprc swap (Mete Durlu) [RHEL-161532]
- s390/dasd: Fix gendisk parent after copy pair swap (Mete Durlu) [RHEL-161532]
- redhat: kernel.spec: add missing sound/soc/sof/sof-audio.h to kernel-devel package (Jaroslav Kysela) [RHEL-152417]
- s390/virtio_ccw: Fix dma_parm pointer not set up (CKI Backport Bot) [RHEL-148307]
- dlm: fix recovery pending middle conversion (Alexander Aring) [RHEL-125538]
- dlm: check for undefined release_option values (Alexander Aring) [RHEL-136236]
- dlm: handle release_option as unsigned (Alexander Aring) [RHEL-136236]
- dlm: handle invalid lockspace member remove (Alexander Aring) [RHEL-136236]
- dlm: add new flag DLM_RELEASE_RECOVER for dlm_lockspace_release (Alexander Aring) [RHEL-136236]
- dlm: add new configfs entry release_recover for lockspace members (Alexander Aring) [RHEL-136236]
- dlm: add new RELEASE_RECOVER uevent attribute for release_lockspace (Alexander Aring) [RHEL-136236]
- dlm: use defines for force values in dlm_release_lockspace (Alexander Aring) [RHEL-136236]
- dlm: check for defined force value in dlm_lockspace_release (Alexander Aring) [RHEL-136236]
- dlm: disallow different configs nodeid storages (Alexander Aring) [RHEL-136236]
- dlm: prevent NPD when writing a positive value to event_done (Alexander Aring) [RHEL-136236] {CVE-2025-23131}
- dlm: Switch to using wait_event() (Alexander Aring) [RHEL-136236]
-
Wed Apr 01 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.118.1.el8_10]
- scsi: qla2xxx: Fix improper freeing of purex item (CKI Backport Bot) [RHEL-159219] {CVE-2025-68741}
- ALSA: aloop: Fix racy access at PCM trigger (Jaroslav Kysela) [RHEL-150125] {CVE-2026-23191}
- ALSA: aloop: Introduce a function to get if access is interleaved mode (CKI Backport Bot) [RHEL-150125] {CVE-2026-23191}
-
Fri Mar 27 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.117.1.el8_10]
- nvme-pci: do not directly handle subsys reset fallout (Maurizio Lombardi) [RHEL-136436]
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CKI Backport Bot) [RHEL-150417] {CVE-2026-23193}