[ol9_MODRHCK] kernel-devel-matched-5.14.0-611.11.1.0.1.el9_7.x86_64

Name:	kernel-devel-matched
Version:	5.14.0
Release:	611.11.1.0.1.el9_7
Architecture:	x86_64
Group:	Unspecified
Size:	0
License:	((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND GFDL-1.1-no-invariants-or-later AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR GFDL-1.1-no-invariants-or-later) AND (GPL-2.0-only OR GFDL-1.2-no-invariants-only) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR CC-BY-4.0) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND Linux-man-pages-copyleft AND MIT AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib AND (copyleft-next-0.3.1 OR GPL-2.0-or-later)
RPM:	kernel-devel-matched-5.14.0-611.11.1.0.1.el9_7.x86_64.rpm
Source RPM:	kernel-5.14.0-611.11.1.0.1.el9_7.src.rpm
Build Date:	Tue Dec 02 2025
Build Host:	build-ol9-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://www.kernel.org/
Summary:	Meta package to install matching core and devel packages for a given kernel
Description:	This meta package is used to install matching core and devel packages for a given kernel.

Changelog (Show File list) (Show related packages)

Tue Dec 02 2025 Akshata Konala <akshata.konala@oracle.com> [5.14.0-611.11.1.0.1.el9_7.OL9]
```
- Update module name for cryptographic module [Orabug: 36324521]
```

Mon Dec 01 2025 Craig Guiller <craig.guiller@oracle.com> [5.14.0-611.11.1.el9_7.OL9]

- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985764]

Tue Nov 25 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.11.1.el9_7]

- tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). (Antoine Tenart) [RHEL-120668]
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). (Antoine Tenart) [RHEL-120668] {CVE-2025-39955}
- Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981}
- Bluetooth: MGMT: Fix sparse errors (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981}
- Bluetooth: MGMT: Fix possible UAFs (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981}
- Bluetooth: hci_sync: fix set_local_name race condition (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981}
- Bluetooth: MGMT: set_mesh: update LE scan interval and window (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981}
- Bluetooth: MGMT: Protect mgmt_pending list with its own lock (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981}
- Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete (CKI Backport Bot) [RHEL-122892] {CVE-2025-39981}
- wifi: mt76: free pending offchannel tx frames on wcid cleanup (Jose Ignacio Tornos Martinez) [RHEL-123064]
- wifi: mt76: do not add non-sta wcid entries to the poll list (Jose Ignacio Tornos Martinez) [RHEL-123064]
- wifi: mt76: fix linked list corruption (Jose Ignacio Tornos Martinez) [RHEL-123064] {CVE-2025-39918}

Thu Nov 20 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.10.1.el9_7]

- ice: ice_adapter: release xa entry on adapter allocation failure (CKI Backport Bot) [RHEL-128469] {CVE-2025-40185}
- iommu/vt-d: Disallow dirty tracking if incoherent page walk (Eder Zulian) [RHEL-125478] {CVE-2025-40058}
- e1000e: fix heap overflow in e1000_set_eeprom (Corinna Vinschen) [RHEL-123111] {CVE-2025-39898}
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CKI Backport Bot) [RHEL-125604] {CVE-2025-38724}
- wifi: cfg80211: fix use-after-free in cmp_bss() (CKI Backport Bot) [RHEL-122874] {CVE-2025-39864}
- platform/x86/intel: power-domains: Use topology_logical_package_id() for package ID (Jay Shin) [RHEL-116680]

Sat Nov 15 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.9.1.el9_7]

- NFSv4: handle ERR_GRACE on delegation recalls (Olga Kornievskaia) [RHEL-124651]
- nfsd: nfserr_jukebox in nlm_fopen should lead to a retry (Olga Kornievskaia) [RHEL-124651]
- mm: slub: avoid wake up kswapd in set_track_prepare (Audra Mitchell) [RHEL-125521] {CVE-2025-39843}
- slub: Reflow ___slab_alloc() (Audra Mitchell) [RHEL-125521] {CVE-2025-39843}
- nvme-multipath: Skip nr_active increments in RETRY disposition (Ewan D. Milne) [RHEL-123686]

Thu Nov 13 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.8.1.el9_7]

- NFSD: Fix callback decoder status codes (Jay Shin) [RHEL-127193]
- NFSD: Fix CB_GETATTR status fix (Jay Shin) [RHEL-127193]
- NFSD: fix decoding in nfs4_xdr_dec_cb_getattr (Jay Shin) [RHEL-127193]
- kernfs: Fix UAF in polling when open file is released (Pavel Reichl) [RHEL-122087] {CVE-2025-39881}
- gitlab-ci: disable automotive pipelines (Scott Weaver)
- NFS: Fix wakeup of __nfs_lookup_revalidate() in unblock_revalidate() (Benjamin Coddington) [RHEL-122154]
- sched: Add wait/wake interface for variable updated under a lock. (Benjamin Coddington) [RHEL-122154]
- sched: Add test_and_clear_wake_up_bit() and atomic_dec_and_wake_up() (Benjamin Coddington) [RHEL-122154]
- sched: Document wait_var_event() family of functions and wake_up_var() (Benjamin Coddington) [RHEL-122154]
- sched: Improve documentation for wake_up_bit/wait_on_bit family of functions (Benjamin Coddington) [RHEL-122154]
- sched: change wake_up_bit() and related function to expect unsigned long * (Benjamin Coddington) [RHEL-122154]
- bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} [rhel-9.7.z] (Xin Long) [RHEL-125513]
- redhat: use the same cert as UKI's to sign addons (Li Tian) [RHEL-125317]
- i40e: add mask to apply valid bits for itr_idx (Michal Schmidt) [RHEL-123808]
- i40e: add max boundary check for VF filters (Michal Schmidt) [RHEL-123808] {CVE-2025-39968}
- i40e: fix validation of VF state in get resources (Michal Schmidt) [RHEL-123808] {CVE-2025-39969}
- i40e: fix input validation logic for action_meta (Michal Schmidt) [RHEL-123808] {CVE-2025-39970}
- i40e: fix idx validation in config queues msg (Michal Schmidt) [RHEL-123808] {CVE-2025-39971}
- i40e: fix idx validation in i40e_validate_queue_map (Michal Schmidt) [RHEL-123808] {CVE-2025-39972}
- i40e: add validation for ring_len param (Michal Schmidt) [RHEL-123808] {CVE-2025-39973}
- io_uring/waitid: always prune wait queue entry in io_waitid_wait() (CKI Backport Bot) [RHEL-124971] {CVE-2025-40047}
- Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue (CKI Backport Bot) [RHEL-124129] {CVE-2025-39983}
- Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync (CKI Backport Bot) [RHEL-123821] {CVE-2025-39982}
- use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-121704] {CVE-2025-38498}
- do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-121704] {CVE-2025-38498}
- KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (Jon Maloy) [RHEL-117136] {CVE-2025-38351}
- ibmveth: Add multi buffers rx replenishment hcall support (Mamatha Inamdar) [RHEL-117438]
- net: ibmveth: Reset the adapter when unexpected states are detected (Mamatha Inamdar) [RHEL-117438]
- NFS: Fix a race when updating an existing write (CKI Backport Bot) [RHEL-113855] {CVE-2025-39697}

Thu Oct 30 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.7.1.el9_7]

- The rpminspect.yaml emptyrpm list needs to be expanded (Alexandra Hájková)
- crypto: xts - Handle EBUSY correctly (Vladis Dronov) [RHEL-119236] {CVE-2023-53494}
- ice: fix NULL access of tx->in_use in ice_ll_ts_intr (Petr Oros) [RHEL-112874]
- ice: fix NULL access of tx->in_use in ice_ptp_ts_irq (Petr Oros) [RHEL-112874]
- ice: fix Rx page leak on multi-buffer frames (Petr Oros) [RHEL-116540]
- xfs: do not propagate ENODATA disk errors into xattr code (Carlos Maiolino) [RHEL-115730]
- ipv6: sr: Fix MAC comparison to be constant-time (CKI Backport Bot) [RHEL-116383] {CVE-2025-39702}
- s390/hypfs: Enable limited access during lockdown (CKI Backport Bot) [RHEL-114434]
- s390/hypfs: Avoid unnecessary ioctl registration in debugfs (CKI Backport Bot) [RHEL-114434]
- vsock/virtio: Validate length in packet header before skb_put() (Jon Maloy) [RHEL-114298] {CVE-2025-39718}

Thu Oct 23 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-611.6.1.el9_7]

- pstore/ram: Check start of empty przs during init (CKI Backport Bot) [RHEL-122068] {CVE-2023-53331}
- ixgbe: fix ixgbe_orom_civd_info struct layout (Michal Schmidt) [RHEL-119074]
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (CKI Backport Bot) [RHEL-119130] {CVE-2025-39841}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CKI Backport Bot) [RHEL-118257] {CVE-2025-39817}
- SUNRPC: call xs_sock_process_cmsg for all cmsg (Olga Kornievskaia) [RHEL-110810]
- sunrpc: fix client side handling of tls alerts (Olga Kornievskaia) [RHEL-110810] {CVE-2025-38571}
- smb: client: fix wrong index reference in smb2_compound_op() (Paulo Alcantara) [RHEL-117880]
- smb: client: handle unlink(2) of files open by different clients (Paulo Alcantara) [RHEL-117880]
- smb: client: fix file open check in __cifs_unlink() (Paulo Alcantara) [RHEL-117880]
- smb: client: fix filename matching of deferred files (Paulo Alcantara) [RHEL-117880]
- smb: client: fix data loss due to broken rename(2) (Paulo Alcantara) [RHEL-117880]
- smb: client: fix compound alignment with encryption (Paulo Alcantara) [RHEL-117880]
- fs/smb: Fix inconsistent refcnt update (Paulo Alcantara) [RHEL-117880] {CVE-2025-39819}
- sunrpc: fix handling of server side tls alerts (Steve Dickson) [RHEL-111069] {CVE-2025-38566}
- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (CKI Backport Bot) [RHEL-117580] {CVE-2025-39849}
- crypto: seqiv - Handle EBUSY correctly (CKI Backport Bot) [RHEL-117235] {CVE-2023-53373}
- ibmvnic: Increase max subcrq indirect entries with fallback (Mamatha Inamdar) [RHEL-116187]
- fs: fix UAF/GPF bug in nilfs_mdt_destroy (CKI Backport Bot) [RHEL-116662] {CVE-2022-50367}
- firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (Charles Mirabile) [RHEL-113837] {CVE-2022-50087}
- hv_netvsc: Fix panic during namespace deletion with VF (Maxim Levitsky) [RHEL-115070]
- RDMA/mana_ib: Fix DSCP value in modify QP (Maxim Levitsky) [RHEL-115070]
- net: mana: Handle Reset Request from MANA NIC (Maxim Levitsky) [RHEL-115070]
- net: mana: Set tx_packets to post gso processing packet count (Maxim Levitsky) [RHEL-115070]
- net: mana: Handle unsupported HWC commands (Maxim Levitsky) [RHEL-115070]
- net: mana: Add handler for hardware servicing events (Maxim Levitsky) [RHEL-115070]
- RDMA/mana_ib: Add device statistics support (Maxim Levitsky) [RHEL-115070]
- net: mana: Expose additional hardware counters for drop and TC via ethtool. (Maxim Levitsky) [RHEL-115070]
- net: mana: Fix warnings for missing export.h header inclusion (Maxim Levitsky) [RHEL-115070]
- net: mana: Record doorbell physical address in PF mode (Maxim Levitsky) [RHEL-115070]
- s390/pci: Do not try re-enabling load/store if device is disabled (CKI Backport Bot) [RHEL-114451]
- s390/pci: Fix stale function handles in error handling (CKI Backport Bot) [RHEL-114451]
- redhat: enable TDX host config (Paolo Bonzini) [RHEL-27146]
- KVM: TDX: Explicitly do WBINVD when no more TDX SEAMCALLs (Paolo Bonzini) [RHEL-27146]
- x86/virt/tdx: Update the kexec section in the TDX documentation (Paolo Bonzini) [RHEL-27146]
- x86/virt/tdx: Remove the !KEXEC_CORE dependency (Paolo Bonzini) [RHEL-27146]
- x86/kexec: Disable kexec/kdump on platforms with TDX partial write erratum (Paolo Bonzini) [RHEL-27146]
- x86/virt/tdx: Mark memory cache state incoherent when making SEAMCALL (Paolo Bonzini) [RHEL-27146]
- x86/sme: Use percpu boolean to control WBINVD during kexec (Paolo Bonzini) [RHEL-27146]
- x86/virt/tdx: Avoid indirect calls to TDX assembly functions (Paolo Bonzini) [RHEL-27146]
- ibmvnic: Use ndo_get_stats64 to fix inaccurate SAR reporting (Mamatha Inamdar) [RHEL-114437]
- ibmvnic: Fix hardcoded NUM_RX_STATS/NUM_TX_STATS with dynamic sizeof (Mamatha Inamdar) [RHEL-114437]
- ibmvnic: Add stat for tx direct vs tx batched (Mamatha Inamdar) [RHEL-114437]
- redhat/configs: Enable CONFIG_MITIGATION_VMSCAPE for x86 (Waiman Long) [RHEL-114272]
- x86/vmscape: Add old Intel CPUs to affected list (Waiman Long) [RHEL-114272] {CVE-2025-40300}
- x86/vmscape: Warn when STIBP is disabled with SMT (Waiman Long) [RHEL-114272] {CVE-2025-40300}
- x86/bugs: Move cpu_bugs_smt_update() down (Waiman Long) [RHEL-114272] {CVE-2025-40300}
- x86/vmscape: Enable the mitigation (Waiman Long) [RHEL-114272] {CVE-2025-40300}
- x86/vmscape: Add conditional IBPB mitigation (Waiman Long) [RHEL-114272] {CVE-2025-40300}
- x86/vmscape: Enumerate VMSCAPE bug (Waiman Long) [RHEL-114272] {CVE-2025-40300}
- Documentation/hw-vuln: Add VMSCAPE documentation (Waiman Long) [RHEL-114272] {CVE-2025-40300}
- randomize_kstack: Remove non-functional per-arch entropy filtering (Waiman Long) [RHEL-114272]
- tunnels: reset the GSO metadata before reusing the skb (Antoine Tenart) [RHEL-113917]

Fri Oct 17 2025 Augusto Caringi <acaringi@redhat.com> [5.14.0-611.5.1.el9_7]

- redhat: revert to using redhatsecureboot504 for RHEL UKI (Vitaly Kuznetsov) [RHEL-122230]

Wed Oct 08 2025 Augusto Caringi <acaringi@redhat.com> [5.14.0-611.4.1.el9_7]

- drm/amdgpu: Include sdma_4_4_4.bin (Peter Colberg) [RHEL-117568]
- redhat: use new x86/aarch64 signing key (801/804) (Augusto Caringi) [RHEL-116727]