[ol8_UEKR6] kernel-uek-container-5.4.17-2136.356.4.2.el8uek.x86_64

Name:	kernel-uek-container
Version:	5.4.17
Release:	2136.356.4.2.el8uek
Architecture:	x86_64
Group:	Development/System
Size:	51616488
License:	GPLv2
RPM:	kernel-uek-container-5.4.17-2136.356.4.2.el8uek.x86_64.rpm
Source RPM:	kernel-uek-5.4.17-2136.356.4.2.el8uek.src.rpm
Build Date:	Fri Jun 05 2026
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.kernel.org/
Summary:	The Linux kernel optimized for running inside a container
Description:	Container kernel

Changelog (Show File list) (Show related packages)

Thu Jun 04 2026 Samasth Norway Ananda <samasth.norway.ananda@oracle.com> [5.4.17-2136.356.4.2.el8uek]

- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Rutland)  [Orabug: 39017592]  {CVE-2025-10263} 
- arm64: tlb: Add ARM64_WORKAROUND_REPEAT_TLBI_SYNC (Mark Rutland)  [Orabug: 39017592]  
- ARM: uek: Disable CONFIG_QCOM_FALKOR_ERRATUM_1003 (Boris Ostrovsky)  [Orabug: 39017592]  
- arm64: tlb: allow XZR argument to TLBI ops (Mark Rutland)  [Orabug: 39017592]  
- arm64: cputype: Add C1-Premium definitions (Mark Rutland)  [Orabug: 39017592]  
- arm64: cputype: Add C1-Ultra definitions (Mark Rutland)  [Orabug: 39017592]

Mon Jun 01 2026 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.356.4.1.el8uek]

- smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada)  [Orabug: 39463669]

Thu May 28 2026 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.356.4.el8uek]

- tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429147]
- tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429147]
- tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429147]

Thu May 28 2026 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.356.3.el8uek]

- ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384275,39391459] {CVE-2026-46333}
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368828,39441326] {CVE-2026-43503,CVE-2026-46300}
- net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368828] {CVE-2026-46300}

Thu May 14 2026 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.356.2.el8uek]

- nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167617,39368718] {CVE-2026-31402}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (Maurizio Lombardi) [Orabug: 38985173,39368732] {CVE-2026-23216}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() (Maurizio Lombardi) [Orabug: 38970455,39368774] {CVE-2026-23193}
- xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39334580,39367147] {CVE-2026-43284}
- x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39218897] {CVE-2025-54518}

Thu May 07 2026 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.356.1.el8uek]

- arm64/kvm: Include linux/random.h in trng.c (Siddh Raman Pant) [Orabug: 39327096]
- i2c: designware: Disable TX_EMPTY irq while waiting for block length byte (Tam Nguyen) [Orabug: 39174662]
- i2c: designware: Handle invalid SMBus block data response length value (Tam Nguyen) [Orabug: 39174662]
- i2c: designware: fix __i2c_dw_disable() in case master is holding SCL low (Yann Sionneau) [Orabug: 39174662]

Fri May 01 2026 Sherry Yang <sherry.yang@oracle.com> [5.4.17-2136.355.3.el8uek]

- crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39250687,39331106] {CVE-2026-43077}
- crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250687,39331111] {CVE-2026-43078}
- crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250687]
- crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250687,39300911] {CVE-2026-43033}
- crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687]
- crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250687,39452217] {CVE-2026-46028}
- crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250687,39283868,39292250] {CVE-2026-31431}
- crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250687] {CVE-2026-31431}
- crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250687]
- crypto: doc - fix kernel-doc notation in chacha.c and af_alg.c (Randy Dunlap) [Orabug: 39250687]

Thu Apr 23 2026 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.355.2.el8uek]

- Revert "rds: Drop rds conn in connect worker if not in down state." (Alok Tiwari) [Orabug: 39253770]
- x86/CPU: Fix FPDSS on Zen1 (Siddh Raman Pant) [Orabug: 39241225,39273723] {CVE-2026-31628}
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (Joshua Rogers) [Orabug: 38852342] {CVE-2025-71120}

Thu Apr 09 2026 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.355.1.el8uek]

- net/sched: Enforce that teql can only be used as root qdisc (Jamal Hadi Salim) [Orabug: 38930950] {CVE-2026-23074}

Fri Mar 20 2026 Alok Tiwari <alok.a.tiwari@oracle.com> [5.4.17-2136.354.4.el8uek]

- macvlan: fix possible UAF in macvlan_forward_source() (Eric Dumazet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Use 'hash' iterators to simplify code (Christophe Jaillet) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: Add nodst option to macvlan type source (Jethro Beekman) [Orabug: 38887731] {CVE-2026-23001}
- macvlan: observe an RCU grace period in macvlan_common_newlink() error path (Eric Dumazet) [Orabug: 38970510,39188399] {CVE-2026-23209,CVE-2026-23273}
- macvlan: fix error recovery in macvlan_common_newlink() (Eric Dumazet) [Orabug: 38970510] {CVE-2026-23209}