ELSA-2026-3685
- ULN >
- Oracle Linux Errata repository >
- ELSA-2026-3685
ELSA-2026-3685 - kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2026-03-24 |
Description
[3.10.0-1160.119.1.0.19]
- ext4: fix use-after-free in ext4_orphan_cleanup {CVE-2022-50673} [Orabug: 39036029]
- Squashfs: check return result of sb_min_blocksize {CVE-2025-38415} [Orabug: 39036029]
- atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459} [Orabug: 39036029]
- usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760} [Orabug: 39036029]
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare {CVE-2025-39817} [Orabug: 39036029]
- media: imon: reorganize serialization [Orabug: 39036029]
- media: rc: fix races with imon_disconnect() {CVE-2025-39993} [Orabug: 39036029]
- fs/proc: fix uaf in proc_readdir_de() {CVE-2025-40271} [Orabug: 39036029]
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid {CVE-2025-68349} [Orabug: 39036029]
- net/sched: Enforce that teql can only be used as root qdisc {CVE-2026-23074} [Orabug: 39036029]
[3.10.0-1160.119.1.0.18]
- e1000e: fix heap overflow in e1000_set_eeprom {CVE-2025-39898} [Orabug: 38904071]
- i40e: fix idx validation in config queues msg {CVE-2025-39971} [Orabug: 38904071]
- vsock: track pkt owner vsock [Orabug: 38904071]
- vhost-vsock: add pkt cancel capability [Orabug: 38904071]
- vsock: cancel packets when failing to connect [Orabug: 38904071]
- vsock: notify server to shutdown when client has pending
signal [Orabug: 38904071]
- vsock: remove vsock from connected table when connect is
interrupted by a signal [Orabug: 38904071]
- vsock: Ignore signal/timeout on connect() if already
established {CVE-2025-40248} [Orabug: 38904071]
[3.10.0-1160.119.1.0.17]
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses {CVE-2023-53675} [Orabug: 38860426]
- ipv6: Fix out-of-bounds access in ipv6_find_tlv() {CVE-2023-53705} [Orabug: 38860426]
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} [Orabug: 38860426]
- libceph: fix potential use-after-free in have_mon_and_osd_map() {CVE-2025-68285} [Orabug: 38860426]
[3.10.0-1160.119.1.0.16]
- net: sched: sfb: fix null pointer access issue when sfb_init() fails {CVE-2022-50356} [Orabug: 38790244]
- fs: fix UAF/GPF bug in nilfs_mdt_destroy {CVE-2022-50367} [Orabug: 38790244]
- iomap: iomap: fix memory corruption when recording {CVE-2022-50406} [Orabug: 38790244]
- mm: fix zswap writeback race condition {CVE-2023-53178} [Orabug: 38790244]
- Bluetooth: L2CAP: fix 'bad unlock balance' in l2cap_disconnect_rsp {CVE-2023-53297} [Orabug: 38790244]
- scsi: qla2xxx: Wait for io return on terminate rport {CVE-2023-53322} [Orabug: 38790244]
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} [Orabug: 38790244]
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757} [Orabug: 38790244]
- tcp: fix potential double free issue for fastopen_req [Orabug: 38790244]
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() {CVE-2025-39955} [Orabug: 38790244]
- NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-50410} [Orabug: 38790244]
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values {CVE-2022-50403} [Orabug: 38790244]
[3.10.0-1160.119.1.0.15]
- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() {CVE-2022-3640} [Orabug: 38742878]
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put [Orabug: 38742878]
- Bluetooth: L2CAP: Fix user-after-free {CVE-2022-50386} [Orabug: 38742878]
- wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() {CVE-2022-50408} [Orabug: 38742878]
- Bluetooth: L2CAP: Fix use-after-free {CVE-2023-53305} [Orabug: 38742878]
- ip6mr: Fix skb_under_panic in ip6mr_cache_report() {CVE-2023-53365} [Orabug: 38742878]
- sctp: linearize cloned gso packets in sctp_rcv {CVE-2025-38718} [Orabug: 38742878]
[3.10.0-1160.119.1.0.14]
- HID: core: fix shift-out-of-bounds in hid_report_raw_event {CVE-2022-48978} [Orabug: 38644370]
- crypto: seqiv - Handle EBUSY correctly {CVE-2023-53373} [Orabug: 38644370]
- nfsd: don't ignore the return code of svc_proc_register() {CVE-2025-22026} [Orabug: 38644370]
- net_sched: hfsc: Fix a UAF vulnerability in class handling {CVE-2025-37797} [Orabug: 38644370]
- HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} [Orabug: 38644370]
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control {CVE-2025-39751} [Orabug: 38644370]
[3.10.0-1160.119.1.0.13]
- ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() {CVE-2022-48701} [Orabug: 38493400]
- md-raid10: fix KASAN warning {CVE-2022-50211} [Orabug: 38493400]
- ALSA: bcd2000: Fix a UAF bug on the error path of probing {CVE-2022-50229} [Orabug: 38493400]
- net: usb: smsc75xx: Limit packet length to skb->len {CVE-2023-53125} [Orabug: 38493400]
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200} [Orabug: 38493400]
- net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477} [Orabug: 38493400]
[3.10.0-1160.119.1.0.12]
- scsi: lpfc: Use memcpy() for BIOS version (CVE-2025-38332) [Orabug: 38414589]
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CVE-2025-38352) [Orabug: 38414589]
[3.10.0-1160.119.1.0.11]
- kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)
- kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)
- kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150)
- kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)
- kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)
- kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)
- kernel: drivers:md:fix a potential use-after-free bug (CVE-2022-50022)
- kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)
- kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)
- crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)
[3.10.0-1160.119.1.0.10]
- net: atlantic: fix aq_vec index out of range error (Chia-Lin Kao) {CVE-2022-50066} [Orabug: 38201271]
- net: atm: fix use after free in lec_send() (Dan Carpenter) {CVE-2025-22004} [Orabug: 38201271]
Related CVEs
| CVE-2022-50673 |
| CVE-2025-38415 |
| CVE-2025-38459 |
| CVE-2025-39760 |
| CVE-2025-39817 |
| CVE-2025-39993 |
| CVE-2025-40271 |
| CVE-2025-68349 |
| CVE-2026-23074 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (x86_64) | kernel-3.10.0-1160.119.1.0.19.el7.src.rpm | 46d84a696f29e9b5bc10f5612f9cca304d6d8159437376a747fd19b32369a590 | - | ol7_x86_64_latest_ELS |
| bpftool-3.10.0-1160.119.1.0.19.el7.x86_64.rpm | 779daddf4863bd6a61afeb47a24a8005c8986d649f824e49233181dd9d73a0d7 | - | ol7_x86_64_latest_ELS | |
| kernel-3.10.0-1160.119.1.0.19.el7.x86_64.rpm | 4351a98bb74151f8a51ff4b4bfa8ce72269794208118036fb7be796761d8b221 | - | ol7_x86_64_latest_ELS | |
| kernel-abi-whitelists-3.10.0-1160.119.1.0.19.el7.noarch.rpm | 97d3fa1beb1cdbdc9c2d9ac1a788e8798a9dd2f2805132238c316d941d0d7c58 | - | ol7_x86_64_latest_ELS | |
| kernel-debug-3.10.0-1160.119.1.0.19.el7.x86_64.rpm | aac4fcf4ef7731bf538dc9e9bc0dfdf4b0eb271b646b0e41f02a2c583002d1c6 | - | ol7_x86_64_latest_ELS | |
| kernel-debug-devel-3.10.0-1160.119.1.0.19.el7.x86_64.rpm | 805e4f55bad241feaccdba7105201c43c17829e2396b7393f50b47e1834460bc | - | ol7_x86_64_latest_ELS | |
| kernel-devel-3.10.0-1160.119.1.0.19.el7.x86_64.rpm | c3104a7ee389ffb89d6b0184cacd5e2a0532585c5eaa6042edf1119b896871e9 | - | ol7_x86_64_latest_ELS | |
| kernel-doc-3.10.0-1160.119.1.0.19.el7.noarch.rpm | 85139f11730951f01ede4fd3aa691f5b1245d9ec80bb2f4a47017c833be1bebe | - | ol7_x86_64_latest_ELS | |
| kernel-headers-3.10.0-1160.119.1.0.19.el7.x86_64.rpm | caa43b0d5d47e76424baf7496a482856e84ff61b61223c03e43bdeebeaffa4f0 | - | ol7_x86_64_latest_ELS | |
| kernel-tools-3.10.0-1160.119.1.0.19.el7.x86_64.rpm | 6a495a78af9ef4c2fa44b7323f666c26ce6d378ed03527a208a300a2d0901092 | - | ol7_x86_64_latest_ELS | |
| kernel-tools-libs-3.10.0-1160.119.1.0.19.el7.x86_64.rpm | bd4ac5d9de97ceed7c9e79ba64dfba41fb8c3ec2d90e00eca2b797255f49edd4 | - | ol7_x86_64_latest_ELS | |
| kernel-tools-libs-devel-3.10.0-1160.119.1.0.19.el7.x86_64.rpm | 8a4694084939c123ce7363443dc1809ef889af60c708059dbb5111ccd9933069 | - | ol7_x86_64_latest_ELS | |
| perf-3.10.0-1160.119.1.0.19.el7.x86_64.rpm | 534c8df5371d0a31bed5ddc8280ef2620a4e710e5b63ec7cf66dbc26122ca8cc | - | ol7_x86_64_latest_ELS | |
| python-perf-3.10.0-1160.119.1.0.19.el7.x86_64.rpm | beb029208331cd059ffd89c146dd323700469379a54a18a8e77f2fa261ddbce1 | - | ol7_x86_64_latest_ELS | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
