kernel security update

4.18.0-553.125.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

PT-2026-37584

In the Linux kernel, the following vulnerability has been resolved: kcm: fix zero-frag skb in frag list on partial sendmsg error Syzkaller reported a warning in kcm write msgs when processing a message with a zero-fragment skb in the frag list. When kcm sendmsg fills MAX SKB FRAGS fragments in th...

SUSE CVE-2021-47261

In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function initcqfragbuf can be called to initialize the current CQ fragments buffer cq-buf, or the temporary cq-resizebuf that is filled during CQ resize operation. However, the...

Denial Of Service (DoS)

github.com/pion/dtls is vulnerable to denial of service. The vulnerability exists because the pop function of fragmentbuffer.go does not properly check the length of the fragments buffer, allowing an attacker to crash the application through the infinite loop by providing zero-length fragments...

openssl: DTLS memory exhaustion DoS when messages are not removed from fragment buffer

It was discovered that the Datagram TLS DTLS implementation could fail to release memory in certain cases. A malicious DTLS client could cause a DTLS server using OpenSSL to consume an excessive amount of memory and, possibly, exit unexpectedly after exhausting all available memory...