[ol8_MODRHCK] kernel-debug-core-4.18.0-553.123.1.0.1.el8_10.x86_64

The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.

This variant of the kernel has numerous debugging options enabled.
It should only be installed when trying to gather additional information
on kernel bugs, as some of these options impact performance noticably.

Changelog (Show File list) (Show related packages)

• Tue May 05 2026 EL Errata <el-errata_ww@oracle.com> [4.18.0-553.123.1.0.1.el8_10.OL8]

  - scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230]

• Tue May 05 2026 EL Errata <el-errata_ww@oracle.com> [4.18.0-553.123.1.el8_10.OL8]

  - Update Oracle Linux certificates (Kevin Lyons)
  - Disable signing for aarch64 (Ilya Okomin)
  - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  - Update x509.genkey [Orabug: 24817676]
  - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
  - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
  - Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

• Mon May 04 2026 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.123.1.el8_10]

  - crypto: algif_aead - snapshot IV for async AEAD requests (Herbert Xu) [RHEL-172187]
  - crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [RHEL-172187]
  - crypto: authencesn - reject short ahash digests during instance creation (Herbert Xu) [RHEL-172187]
  - crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [RHEL-172187]
  - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [RHEL-172187] {CVE-2026-31431}
  - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec (Herbert Xu) [RHEL-172187] {CVE-2026-23060}
  - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [RHEL-172187]
  - crypto: af_alg - limit RX SG extraction by receive buffer budget (Herbert Xu) [RHEL-172187] {CVE-2026-31677}
  - crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [RHEL-172187] {CVE-2026-31431}
  - crypto: af-alg - fix NULL pointer dereference in scatterwalk (Herbert Xu) [RHEL-172187]
  - KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE (Paolo Bonzini) [RHEL-153727] {CVE-2026-23401}

• Fri Apr 24 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.122.1.el8_10]

  - nvme: avoid double free special payload (Maurizio Lombardi) [RHEL-51303] {CVE-2024-41073}
  - crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CKI Backport Bot) [RHEL-166921] {CVE-2025-68724}
  - net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (Jay Shin) [RHEL-166155] {CVE-2025-40252}
  - kernel.h: Move ARRAY_SIZE() to a separate header (Jay Shin) [RHEL-166155] {CVE-2025-40252}

• Wed Apr 15 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.121.1.el8_10]

  - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Scott Mayhew) [RHEL-167011] {CVE-2026-31402}

• Wed Apr 08 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.120.1.el8_10]

  - gfs2: bufdata allocation race (Andreas Gruenbacher) [RHEL-160075]
  - gfs2: Get rid of gfs2_log_[un]lock helpers (Andreas Gruenbacher) [RHEL-160075]
  - gfs2: Avoid unnecessary transactions in evict_linked_inode (Andreas Gruenbacher) [RHEL-160075]
  - KVM: x86: Fix a semi theoretical bug in kvm_arch_async_page_present_queued() (Maxim Levitsky) [RHEL-152657]
  - KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (Maxim Levitsky) [RHEL-152657]

• Tue Apr 07 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.119.1.el8_10]

  - s390/dasd: Copy detected format information to secondary device (Mete Durlu) [RHEL-161532]
  - s390/dasd: Move quiesce state with pprc swap (Mete Durlu) [RHEL-161532]
  - s390/dasd: Fix gendisk parent after copy pair swap (Mete Durlu) [RHEL-161532]
  - redhat: kernel.spec: add missing sound/soc/sof/sof-audio.h to kernel-devel package (Jaroslav Kysela) [RHEL-152417]
  - s390/virtio_ccw: Fix dma_parm pointer not set up (CKI Backport Bot) [RHEL-148307]
  - dlm: fix recovery pending middle conversion (Alexander Aring) [RHEL-125538]
  - dlm: check for undefined release_option values (Alexander Aring) [RHEL-136236]
  - dlm: handle release_option as unsigned (Alexander Aring) [RHEL-136236]
  - dlm: handle invalid lockspace member remove (Alexander Aring) [RHEL-136236]
  - dlm: add new flag DLM_RELEASE_RECOVER for dlm_lockspace_release (Alexander Aring) [RHEL-136236]
  - dlm: add new configfs entry release_recover for lockspace members (Alexander Aring) [RHEL-136236]
  - dlm: add new RELEASE_RECOVER uevent attribute for release_lockspace (Alexander Aring) [RHEL-136236]
  - dlm: use defines for force values in dlm_release_lockspace (Alexander Aring) [RHEL-136236]
  - dlm: check for defined force value in dlm_lockspace_release (Alexander Aring) [RHEL-136236]
  - dlm: disallow different configs nodeid storages (Alexander Aring) [RHEL-136236]
  - dlm: prevent NPD when writing a positive value to event_done (Alexander Aring) [RHEL-136236] {CVE-2025-23131}
  - dlm: Switch to using wait_event() (Alexander Aring) [RHEL-136236]

• Wed Apr 01 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.118.1.el8_10]

  - scsi: qla2xxx: Fix improper freeing of purex item (CKI Backport Bot) [RHEL-159219] {CVE-2025-68741}
  - ALSA: aloop: Fix racy access at PCM trigger (Jaroslav Kysela) [RHEL-150125] {CVE-2026-23191}
  - ALSA: aloop: Introduce a function to get if access is interleaved mode (CKI Backport Bot) [RHEL-150125] {CVE-2026-23191}

• Fri Mar 27 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.117.1.el8_10]

  - nvme-pci: do not directly handle subsys reset fallout (Maurizio Lombardi) [RHEL-136436]
  - scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (CKI Backport Bot) [RHEL-150417] {CVE-2026-23193}

• Wed Mar 25 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.116.1.el8_10]

  - nouveau: fix instmem race condition around ptr stores (Lyude Paul) [RHEL-111846] {CVE-2024-26984}
  - s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump (Mete Durlu) [RHEL-157930]
  - NFSv4/flexfiles: Fix layout merge mirror check. (Mike Snitzer) [RHEL-157242]
  - flexfiles/pNFS: fix NULL checks on result of ff_layout_choose_ds_for_read (Mike Snitzer) [RHEL-157242]
  - pnfs/flexfiles: retry getting layout segment for reads (Mike Snitzer) [RHEL-157242]
  - pNFS/flexfiles: don't attempt pnfs on fatal DS errors (Mike Snitzer) [RHEL-157242]
  - NFSv4/flexfiles: Fix handling of NFS level errors in I/O (Mike Snitzer) [RHEL-157242]
  - flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes (Mike Snitzer) [RHEL-157242]
  - pNFS/flexfiles: Record the RPC errors in the I/O tracepoints (Mike Snitzer) [RHEL-157242]
  - NFSv4/pnfs: Layoutreturn on close must handle fatal networking errors (Mike Snitzer) [RHEL-157242]
  - NFSv4: Handle fatal ENETDOWN and ENETUNREACH errors (Mike Snitzer) [RHEL-157242]
  - pNFS/flexfiles: Report ENETDOWN as a connection error (Mike Snitzer) [RHEL-157242]
  - pNFS/flexfiles: Treat ENETUNREACH errors as fatal in containers (Mike Snitzer) [RHEL-157242]
  - NFS: Treat ENETUNREACH errors as fatal in containers (Mike Snitzer) [RHEL-157242]
  - NFS: Add a mount option to make ENETUNREACH errors fatal (Mike Snitzer) [RHEL-157242]
  - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (Mike Snitzer) [RHEL-157242]
  - SUNRPC: ECONNRESET might require a rebind (Mike Snitzer) [RHEL-157242]
  - NFS/pNFS: Set the connect timeout for the pNFS flexfiles driver (Mike Snitzer) [RHEL-157242]
  - SUNRPC: Don't override connect timeouts in rpc_clnt_add_xprt() (Mike Snitzer) [RHEL-157242]
  - SUNRPC: Allow specification of TCP client connect timeout at setup (Mike Snitzer) [RHEL-157242]
  - SUNRPC: Refactor and simplify connect timeout (Mike Snitzer) [RHEL-157242]
  - SUNRPC: Set the TCP_SYNCNT to match the socket timeout (Mike Snitzer) [RHEL-157242]
  - NFS: discard NFS_RPC_SWAPFLAGS and RPC_TASK_ROOTCREDS (Mike Snitzer) [RHEL-157242]
  - NFS: O_DIRECT writes must check and adjust the file length (Mike Snitzer) [RHEL-156419]
  - nfs: properly protect nfs_direct_req fields (Mike Snitzer) [RHEL-156419]
  - pNFS: Fix the pnfs block driver's calculation of layoutget size (Mike Snitzer) [RHEL-156419]
  - NFS: More fixes for nfs_direct_write_reschedule_io() (Mike Snitzer) [RHEL-156419]
  - NFS: Use the correct commit info in nfs_join_page_group() (Mike Snitzer) [RHEL-156419]
  - NFS: More O_DIRECT accounting fixes for error paths (Mike Snitzer) [RHEL-156419]
  - NFS: Fix O_DIRECT locking issues (Mike Snitzer) [RHEL-156419]
  - NFS: Fix error handling for O_DIRECT write scheduling (Mike Snitzer) [RHEL-156419]
  - NFS: Fix a potential data corruption (Mike Snitzer) [RHEL-156419]
  - NFS: Fix a use after free in nfs_direct_join_group() (Mike Snitzer) [RHEL-156419]
  - NFS: Clean up O_DIRECT request allocation (Mike Snitzer) [RHEL-156419]
  - NFS: add nfs_page_create and nfs_page_assign_page as backport prereq (Mike Snitzer) [RHEL-156419]
  - nfs: only issue commit in DIO codepath if we have uncommitted data (Mike Snitzer) [RHEL-156419]
  - nfs: always check dreq->error after a commit (Mike Snitzer) [RHEL-156419]
  - nfs: add new nfs_direct_req tracepoint events (Mike Snitzer) [RHEL-156419]
  - scsi: qla2xxx: Fix bsg_done() causing double free (Ewan D. Milne) [RHEL-153405] {CVE-2025-71238}
  - netfilter: nf_tables: fix use-after-free in nf_tables_addchain() (Florian Westphal) [RHEL-153264] {CVE-2026-23231}
  - ACPI: processor: idle: Return an error if both P_LVL{2,3} idle states are invalid (Mark Langsdorf) [RHEL-123942]