-
Mon Feb 09 2026 EL Errata <el-errata_ww@oracle.com> [4.18.0-553.104.1.el8_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]
-
Tue Feb 03 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.104.1.el8_10]
- Revert "audit: Avoid excessive dput/dget in audit_context setup and reset paths" (Alexandra Hájková) [RHEL-145856]
-
Tue Feb 03 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.103.1.el8_10]
- ext4: fix use-after-free in ext4_orphan_cleanup (CKI Backport Bot) [RHEL-136000] {CVE-2022-50673}
- ext4: lost matching-pair of trace in ext4_truncate (CKI Backport Bot) [RHEL-136000] {CVE-2022-50673}
- ALSA: usb-audio: Fix potential overflow of PCM transfer buffer (CKI Backport Bot) [RHEL-136904] {CVE-2025-40269}
-
Sat Jan 31 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.102.1.el8_10]
- nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CKI Backport Bot) [RHEL-144327] {CVE-2026-22998}
- NFSv4: ensure the open stateid seqid doesn't go backwards (Scott Mayhew) [RHEL-121683]
- audit: Avoid excessive dput/dget in audit_context setup and reset paths (Waiman Long) [RHEL-140776]
- lockref: remove lockref_put_not_zero (Waiman Long) [RHEL-140776]
- lockref: stop doing cpu_relax in the cmpxchg loop (Waiman Long) [RHEL-140776]
- lockref: remove unused 'lockref_get_or_lock()' function (Waiman Long) [RHEL-140776]
- lockref: Limit number of cmpxchg loop retries (Waiman Long) [RHEL-140776]
- net: use dst_dev_rcu() in sk_setup_caps() (Hangbin Liu) [RHEL-129079] {CVE-2025-40170}
- ipv6: use RCU in ip6_xmit() (Hangbin Liu) [RHEL-129004] {CVE-2025-40135}
- ipv6: use RCU in ip6_output() (Hangbin Liu) [RHEL-128966] {CVE-2025-40158}
- net: dst: introduce dst->dev_rcu (Hangbin Liu) [RHEL-128966]
- net: Add locking to protect skb->dev access in ip_output (Hangbin Liu) [RHEL-128966]
- net: dst: add four helpers to annotate data-races around dst->dev (Hangbin Liu) [RHEL-128966]
- ipv4: use RCU protection in __ip_rt_update_pmtu() (Hangbin Liu) [RHEL-128966] {CVE-2025-21766}
- net: gain ipv4 mtu when mtu is not locked (Hangbin Liu) [RHEL-128966]
- ipv4: use RCU protection in ip_dst_mtu_maybe_forward() (Hangbin Liu) [RHEL-128966]
- ipv4: add RCU protection to ip4_dst_hoplimit() (Hangbin Liu) [RHEL-128966]
-
Thu Jan 29 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.101.1.el8_10]
- i40e: avoid redundant VF link state updates (CKI Backport Bot) [RHEL-141878]
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CKI Backport Bot) [RHEL-140255] {CVE-2025-68349}
- vsock/vmci: Clear the vmci transport packet properly when initializing it (CKI Backport Bot) [RHEL-137692] {CVE-2025-38403}
- sched: Fix stop_one_cpu_nowait() vs hotplug (Herton R. Krzesinski) [RHEL-85625]
-
Tue Jan 27 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.100.1.el8_10]
- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (Kamal Heib) [RHEL-138396] {CVE-2024-26766}
-
Sat Jan 24 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.99.1.el8_10]
- fbdev: bitblit: bound-check glyph index in bit_putcs* (Jocelyn Falempe) [RHEL-136937] {CVE-2025-40322}
- atm: clip: Fix infinite recursive call of clip_push(). (Guillaume Nault) [RHEL-137591] {CVE-2025-38459}
- squashfs: fix memory leak in squashfs_fill_super (Abhi Das) [RHEL-138010] {CVE-2025-38415}
- Squashfs: check return result of sb_min_blocksize (CKI Backport Bot) [RHEL-138010] {CVE-2025-38415}
- usb: core: config: Prevent OOB read in SS endpoint companion parsing (CKI Backport Bot) [RHEL-137362] {CVE-2025-39760}
- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (CKI Backport Bot) [RHEL-137058] {CVE-2025-38024}
-
Thu Jan 22 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.98.1.el8_10]
- vfs: use READ_ONCE() to access ->i_link (Jay Shin) [RHEL-141790]
- fold generic_readlink() into its only caller (Jay Shin) [RHEL-141790]
- fs/proc: fix uaf in proc_readdir_de() (Pavel Reichl) [RHEL-137093] {CVE-2025-40271}
- Backport 'create an empty changelog file when changing its name' (Alexandra Hájková)
- mptcp: fix race condition in mptcp_schedule_work() (Paolo Abeni) [RHEL-134443] {CVE-2025-40258}
- mptcp: use mptcp_schedule_work instead of open-coding it (Paolo Abeni) [RHEL-134443]
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Guillaume Nault) [RHEL-137976] {CVE-2022-50865}
- tcp: minor optimization in tcp_add_backlog() (Guillaume Nault) [RHEL-137976] {CVE-2022-50865}
- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (Kamal Heib) [RHEL-134347] {CVE-2025-38022}
-
Tue Jan 20 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.97.1.el8_10]
- ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (CKI Backport Bot) [RHEL-129107] {CVE-2025-40154}
-
Sat Jan 17 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.96.1.el8_10]
- Bluetooth: hci_event: call disconnect callback before deleting conn (CKI Backport Bot) [RHEL-137039] {CVE-2023-53673}
- drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (CKI Backport Bot) [RHEL-134423] {CVE-2025-40277}
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (John J Coleman) [RHEL-111354]
- xen: Fix x86 sched_clock() interface for xen (John J Coleman) [RHEL-111354]
- x86/xen/time: Output xen sched_clock time from 0 (John J Coleman) [RHEL-111354]