-
Tue Jun 23 2026 EL Errata <el-errata_ww@oracle.com> [5.14.0-687.17.1.el9_8.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]
-
Thu Jun 18 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-687.17.1.el9_8]
- net/sched: fix pedit partial COW leading to page cache corruption (Ivan Vecera) [RHEL-177392] {CVE-2026-46331}
- gitlab-ci: use rhel9.8 builder image (Michael Krausch-Hofmann)
- rbd: eliminate a race in lock_dwork draining on unmap (CKI Backport Bot) [RHEL-183130]
- scsi: qla2xxx: Completely fix fcport double free (Ewan D. Milne) [RHEL-179754] {CVE-2026-43414}
- nvmet-tcp: fix race between ICReq handling and queue teardown (Chris Leech) [RHEL-180102] {CVE-2026-46135}
- RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() (CKI Backport Bot) [RHEL-180158] {CVE-2026-46117}
- exit: prevent preemption of oopsing TASK_DEAD task (CKI Backport Bot) [RHEL-180016] {CVE-2026-46173}
- ALSA: usb-audio: Add sanity check for OOB writes at silencing (CKI Backport Bot) [RHEL-173941] {CVE-2026-43279}
-
Tue Jun 16 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-687.16.1.el9_8]
- s390/mm: Add missing secure storage access fixups for donated memory (Jan Polensky) [RHEL-183317]
- ibmveth: Disable GSO for packets with small MSS (Mamatha Inamdar) [RHEL-178308]
- s390/ap: Expose ap_bindings_complete_count counter via sysfs (Jan Polensky) [RHEL-166048]
- gfs2: Fix use-after-free in iomap inline data write path (Andrew Price) [RHEL-179589] {CVE-2026-45984}
- gfs2: Add metapath_dibh helper (Andrew Price) [RHEL-179589] {CVE-2026-45984}
- bnxt_en: Fix RSS context delete logic (CKI Backport Bot) [RHEL-180308] {CVE-2026-43260}
- wifi: mac80211: remove station if connection prep fails (CKI Backport Bot) [RHEL-180121] {CVE-2026-46125}
- RDMA/mana: Validate rx_hash_key_len (CKI Backport Bot) [RHEL-180085] {CVE-2026-46145}
- wifi: mac80211: drop stray 'static' from fast-RX rx_result (CKI Backport Bot) [RHEL-180057] {CVE-2026-46152}
- wifi: mac80211: use safe list iteration in radar detect work (CKI Backport Bot) [RHEL-180025] {CVE-2026-46166}
- Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (CKI Backport Bot) [RHEL-179359] {CVE-2026-46056}
- ice: Fix NULL pointer dereference in ice_vsi_set_napi_queues (CKI Backport Bot) [RHEL-175699]
- mptcp: fix slab-use-after-free in __inet_lookup_established (Davide Caratti) [RHEL-171506] {CVE-2026-31669}
- dpll: zl3073x: report FFO as DPLL vs input reference offset (Ivan Vecera) [RHEL-175823]
- dpll: add fractional frequency offset to pin-parent-device (Ivan Vecera) [RHEL-175823]
- dpll: zl3073x: implement pin operational state reporting (Ivan Vecera) [RHEL-175820]
- dpll: add pin operational state (Ivan Vecera) [RHEL-175820]
- can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (CKI Backport Bot) [RHEL-175525] {CVE-2026-31474}
- Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync (CKI Backport Bot) [RHEL-172858] {CVE-2026-31772}
- xen/privcmd: fix double free via VMA splitting (CKI Backport Bot) [RHEL-172488] {CVE-2026-31787}
-
Wed Jun 10 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-687.15.1.el9_8]
- ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (Guillaume Nault) [RHEL-172646] {CVE-2026-43037}
- net: openvswitch: Avoid releasing netdev before teardown completes (CKI Backport Bot) [RHEL-170539] {CVE-2026-31508}
-
Tue Jun 09 2026 Tanishi Srivastava <tsrivast@redhat.com> [5.14.0-687.14.1.el9_8]
- RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (Kamal Heib) [RHEL-179988] {CVE-2026-46181}
- redhat: Remove the mlx5 symbols from kabi (Kamal Heib) [RHEL-181822]
- ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (Antoine Tenart) [RHEL-178408] {CVE-2026-43501}
- RDMA/rxe: Fix double free in rxe_srq_from_init (CKI Backport Bot) [RHEL-179712] {CVE-2026-45852}
- netfilter: ctnetlink: ensure safe access to master conntrack (Florian Westphal) [RHEL-173843] {CVE-2026-43116}
- ice: fix stats array overflow when VF requests more queues (Michal Schmidt) [RHEL-177526]
- ice: set max queues in alloc_etherdev_mqs() (Michal Schmidt) [RHEL-174336]
- ice: use netif_get_num_default_rss_queues() (Michal Schmidt) [RHEL-174336]
- ice: set default rss queues num to physical cores / 2 (Michal Schmidt) [RHEL-174336]
- dlm: fix buffer overflow from negative len in dlm_search_rsb_tree (Alexander Aring) [RHEL-173993] {CVE-2026-43125}
- dlm: validate length in dlm_search_rsb_tree (Alexander Aring) [RHEL-173993] {CVE-2026-43125}
- dpll: zl3073x: add ref-sync pair support (Ivan Vecera) [RHEL-167273]
- dpll: zl3073x: add ref sync and output clock type helpers (Ivan Vecera) [RHEL-167273]
- dpll: zl3073x: use FIELD_MODIFY() for clear-and-set patterns (Ivan Vecera) [RHEL-167273]
- dpll: zl3073x: clean up esync get/set and use zl3073x_out_is_ndiv() (Ivan Vecera) [RHEL-167273]
- dpll: zl3073x: implement frequency monitoring (Ivan Vecera) [RHEL-167833]
- dpll: add frequency monitoring callback ops (Ivan Vecera) [RHEL-167833]
- dpll: add frequency monitoring to netlink spec (Ivan Vecera) [RHEL-167833]
- dpll: zl3073x: drop selected and simplify connected ref getter (Ivan Vecera) [RHEL-172938]
- dpll: zl3073x: add reference priority to zl3073x_chan (Ivan Vecera) [RHEL-172938]
- dpll: zl3073x: add DPLL channel status fields to zl3073x_chan (Ivan Vecera) [RHEL-172938]
- dpll: zl3073x: introduce zl3073x_chan for DPLL channel state (Ivan Vecera) [RHEL-172938]
- dpll: zl3073x: add zl3073x_ref_state_update helper (Ivan Vecera) [RHEL-172938]
- dpll: zl3073x: use struct_group to partition states (Ivan Vecera) [RHEL-172938]
- dpll: zl3073x: add die temperature reporting for supported chips (Ivan Vecera) [RHEL-172938]
- dpll: zl3073x: detect DPLL channel count from chip ID at runtime (Ivan Vecera) [RHEL-172938]
- ALSA: 6fire: fix use-after-free on disconnect (CKI Backport Bot) [RHEL-172969] {CVE-2026-31581}
- net: mana: fix use-after-free in add_adev() error path (CKI Backport Bot) [RHEL-172768] {CVE-2026-43056}
- scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CKI Backport Bot) [RHEL-165564] {CVE-2026-23216}
- net: bonding: fix use-after-free in bond_xmit_broadcast() (CKI Backport Bot) [RHEL-168068] {CVE-2026-31419}
- x86/kvm: Avoid freeing stack-allocated node in kvm_async_pf_queue_task (Ryosuke Yasuoka) [RHEL-158916]
-
Tue Jun 02 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-687.13.1.el9_8]
- smb: client: reject userspace cifs.spnego descriptions (Paulo Alcantara) [RHEL-178944] {CVE-2026-46243}
- s390/dasd: Copy detected format information to secondary device (Ramesh Chhetri) [RHEL-176472]
- s390/dasd: Move quiesce state with pprc swap (Ramesh Chhetri) [RHEL-176472]
- s390/dasd: Fix gendisk parent after copy pair swap (Ramesh Chhetri) [RHEL-176472]
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (Ewan D. Milne) [RHEL-171745]
- nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (Ewan D. Milne) [RHEL-171745]
- Buffer overflow in drivers/xen/sys-hypervisor.c (Vitaly Kuznetsov) [RHEL-172510] {CVE-2026-31786}
- crypto: authenc - Correctly pass EINPROGRESS back up to the caller (Vladislav Dronov) [RHEL-172167]
- crypto: authenc - Fix sleep in atomic context in decrypt_tail (Vladislav Dronov) [RHEL-172167]
- smb: client: fix OOB reads parsing symlink error response (CKI Backport Bot) [RHEL-171471] {CVE-2026-31613}
- mm/page_alloc: add vm.thp_thisnode_reclaim sysctl to allow THP reclaim on local node (Nico Pache) [RHEL-164778]
- mm/page_alloc: simplify __alloc_pages_slowpath() flow (Nico Pache) [RHEL-164778]
- mm/page_alloc: refactor the initial compaction handling (Nico Pache) [RHEL-164778]
- mm/page_alloc: ignore the exact initial compaction result (Nico Pache) [RHEL-164778]
- mm, page_alloc, thp: prevent reclaim for __GFP_THISNODE THP allocations (Nico Pache) [RHEL-164778]
- mm/page_alloc.c: avoid infinite retries caused by cpuset race (Nico Pache) [RHEL-164778]
- mm: warn about illegal __GFP_NOFAIL usage in a more appropriate location and manner (Nico Pache) [RHEL-164778]
- mm: document __GFP_NOFAIL must be blockable (Nico Pache) [RHEL-164778]
-
Mon May 25 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-687.12.1.el9_8]
- dm-thin: fix metadata refcount underflow (Benjamin Marzinski) [RHEL-169626]
- netfilter: xt_tcpmss: check remaining length before reading optlen (CKI Backport Bot) [RHEL-174216] {CVE-2026-43190}
- wifi: brcmfmac: validate bsscfg indices in IF events (CKI Backport Bot) [RHEL-173848] {CVE-2026-43110}
- Bluetooth: SCO: fix race conditions in sco_sock_connect() (CKI Backport Bot) [RHEL-172599] {CVE-2026-43023}
- Bluetooth: MGMT: validate LTK enc_size on load (CKI Backport Bot) [RHEL-172572] {CVE-2026-43020}
- crypto: tegra - Disable softirqs before finalizing request (CKI Backport Bot) [RHEL-170914]
- proc: fix type confusion in pde_set_flags() (Abhi Das) [RHEL-163343] {CVE-2025-38653}
- proc: fix missing pde_set_flags() for net proc files (Abhi Das) [RHEL-163343] {CVE-2025-38653}
- proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CKI Backport Bot) [RHEL-163343] {CVE-2025-38653}
- pNFS: fix a missing wake up while waiting on NFS_LAYOUT_DRAIN (Olga Kornievskaia) [RHEL-157470]
-
Tue May 19 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-687.11.1.el9_8]
- mm/page_alloc: clear page->private in free_pages_prepare() (Rafael Aquini) [RHEL-174750] {CVE-2026-43303}
- ice: fix infinite recursion in ice_cfg_tx_topo via ice_init_dev_hw (CKI Backport Bot) [RHEL-175441]
- smb: client: validate dacloffset before building DACL pointers (Paulo Alcantara) [RHEL-172821]
- smb: client: use kzalloc to zero-initialize security descriptor buffer (Paulo Alcantara) [RHEL-172821]
- smb: client: scope end_of_dacl to CIFS_DEBUG2 use in parse_dacl (Paulo Alcantara) [RHEL-172821]
- smb: client: require a full NFS mode SID before reading mode bits (Paulo Alcantara) [RHEL-172821]
- smb: client: validate the whole DACL before rewriting it in cifsacl (Paulo Alcantara) [RHEL-172821] {CVE-2026-31709}
- Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (David Marlin) [RHEL-165063] {CVE-2026-31408}
- xfs: fix freemap adjustments when adding xattrs to leaf blocks (CKI Backport Bot) [RHEL-174058] {CVE-2026-43158}
- xfs: delete attr leaf freemap entries when empty (CKI Backport Bot) [RHEL-174058] {CVE-2026-43158}
- redhat/configs: enable CONFIG_SCLP_OFB for s390x (Jan Polensky) [RHEL-172927]
- HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CKI Backport Bot) [RHEL-172740] {CVE-2026-43051}
- netfilter: nf_conntrack_helper: pass helper to expect cleanup (CKI Backport Bot) [RHEL-172620] {CVE-2026-43027}
- s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump (Ramesh Chhetri) [RHEL-166859]
- ice: add dpll peer notification for paired SMA and U.FL pins (Petr Oros) [RHEL-171829]
- ice: fix missing dpll notifications for SW pins (Petr Oros) [RHEL-171829]
- dpll: export __dpll_pin_change_ntf() for use under dpll_lock (Petr Oros) [RHEL-171829]
- ice: fix SMA and U.FL pin state changes affecting paired pin (Petr Oros) [RHEL-162179]
- ice: fix missing SMA pin initialization in DPLL subsystem (Petr Oros) [RHEL-171832]
- ice: fix NULL pointer dereference in ice_reset_all_vfs() (Petr Oros) [RHEL-172257]
- dpll: zl3073x: Remove redundant cleanup in devm_dpll_init() (CKI Backport Bot) [RHEL-164442]
- dpll: zl3073x: fix REF_PHASE_OFFSET_COMP register width for some chip IDs (CKI Backport Bot) [RHEL-164442]
- dpll: zl3073x: Fix ref frequency setting (CKI Backport Bot) [RHEL-164442]
- dpll: zl3073x: Include current frequency in supported frequencies list (CKI Backport Bot) [RHEL-164442]
- dpll: zl3073x: Add output pin frequency helper (CKI Backport Bot) [RHEL-164442]
- scsi: storvsc: Handle PERSISTENT_RESERVE_IN truncation for Hyper-V vFC (Vitaly Kuznetsov) [RHEL-171378]
- netfilter: ip6t_eui64: reject invalid MAC header for all packets (CKI Backport Bot) [RHEL-171155] {CVE-2026-31685}
- net: sched: act_csum: validate nested VLAN headers (CKI Backport Bot) [RHEL-171138] {CVE-2026-31684}
- cifs: make default value of retrans as zero (Paulo Alcantara) [RHEL-170960]
- ice: fix ice_ptp_read_tx_hwtstamp_status_eth56g (Petr Oros) [RHEL-170701]
- ice: fix ready bitmap check for non-E822 devices (Petr Oros) [RHEL-170701]
- ice: perform PHY soft reset for E825C ports at initialization (Petr Oros) [RHEL-170701]
- ice: fix timestamp interrupt configuration for E825C (Petr Oros) [RHEL-170701]
- drm/mgag200: fix mgag200_bmc_stop_scanout() (Jocelyn Falempe) [RHEL-150179]
- nbd: defer config unlock in nbd_genl_connect (Jeff Moyer) [RHEL-166950] {CVE-2025-68366}
- x86/mm: flush IOMMU before freeing kernel page table pages (Jerry Snitselaar) [RHEL-167100] {CVE-2025-71089}
- iommu/sva: add kernel page table IOTLB flush notification (Jerry Snitselaar) [RHEL-167100] {CVE-2025-71089}
- netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CKI Backport Bot) [RHEL-166987] {CVE-2026-23455}
- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CKI Backport Bot) [RHEL-166927] {CVE-2025-68724}
- ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (Bruno Meneguele) [RHEL-169734] {CVE-2025-68183}
- i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" (David Arcari) [RHEL-155312]
- ice: fix PTP timestamping broken by SyncE code on E825C (Petr Oros) [RHEL-162182]
- ice: fix missing TX timestamps interrupts on E825 devices (CKI Backport Bot) [RHEL-162185]
- Revert "mm: pcp: increase pcp->free_count threshold to trigger free_high" (Luiz Capitulino) [RHEL-163464]
- netfilter: nf_tables: release flowtable after rcu grace period on error (CKI Backport Bot) [RHEL-160461] {CVE-2026-23392}
-
Mon May 18 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-687.10.1.el9_8]
- net: skbuff: propagate shared-frag marker through frag-transfer helpers (Sabrina Dubroca) [RHEL-176064] {CVE-2026-46300}
- net: move skb_gro_receive_list from udp to core (Sabrina Dubroca) [RHEL-176064] {CVE-2026-46300}
- net: skbuff: preserve shared-frag marker during coalescing (Sabrina Dubroca) [RHEL-176064] {CVE-2026-46300}
- ptrace: slightly saner 'get_dumpable()' logic (Ricardo Robaina) [RHEL-176454] {CVE-2026-46333}
- md/bitmap: fix GPF in write_page caused by resize race (Nigel Croxon) [RHEL-174091] {CVE-2026-43163}
- RDMA/umem: Fix double dma_buf_unpin in failure path (CKI Backport Bot) [RHEL-174020] {CVE-2026-43128}
- usbip: validate number_of_packets in usbip_pack_ret_submit() (CKI Backport Bot) [RHEL-171430] {CVE-2026-31607}
- can: raw: fix ro->uniq use-after-free in raw_rcv() (CKI Backport Bot) [RHEL-170759] {CVE-2026-31532}
-
Mon May 11 2026 Patrick Talbert <ptalbert@redhat.com> [5.14.0-687.9.1.el9_8]
- xfrm: esp: avoid in-place decrypt on shared skb frags (Sabrina Dubroca) [RHEL-174563] {CVE-2026-43284}