[ELSA-2022-7318] kernel security, bug fix, and enhancement update
[5.14.0-70.30.1.0.1_0.OL9]
- lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499}
[5.14.0-70.30.1_0.OL9]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4
- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]
[5.14.0-70.30.1_0]
- random: trigger reseeding DRBG on more occasions (Daiki Ueno) [2128970 2125257]
- random: allow reseeding DRBG with getrandom (Daiki Ueno) [2121129 2114854]
- nvme-tcp: handle number of queue changes (John Meneghini) [2131360 2112025]
- nvmet: expose max queues to configfs (John Meneghini) [2131360 2112025]
- nvme-fabrics: parse nvme connect Linux error codes (John Meneghini) [2131360 2112025]
- nvmet: revert 'nvmet: make discovery NQN configurable' (Gopal Tiwari) [2131360 2066146]
- vfio/type1: Unpin zero pages (Alex Williamson) [2128791 2121855]
- cifs: fix bad fids sent over wire (Ronnie Sahlberg) [2127858 2088775]
- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Ronnie Sahlberg) [2127858 2088775]
- cifs: verify that tcon is valid before dereference in cifs_kill_sb (Ronnie Sahlberg) [2127858 2048823]
- cifs: release cached dentries only if mount is complete (Ronnie Sahlberg) [2127858 2048823]
- cifs: we do not need a spinlock around the tree access during umount (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix handlecache and multiuser (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix workstation_name for multiuser mounts (Ronnie Sahlberg) [2127858 2048823]
- cifs: free ntlmsspblob allocated in negotiate (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix ntlmssp auth when there is no key exchange (Ronnie Sahlberg) [2127858 2048823]
- cifs: send workstation name during ntlmssp session setup (Ronnie Sahlberg) [2127858 2048823]
- cifs: Fix crash on unload of cifs_arc4.ko (Ronnie Sahlberg) [2127858 2048823]
- Documentation, arch: Remove leftovers from CIFS_WEAK_PW_HASH (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix the cifs_reconnect path for DFS (Ronnie Sahlberg) [2127858 2048823]
- cifs: sanitize multiple delimiters in prepath (Ronnie Sahlberg) [2127858 2048823]
- cifs: ignore resource_id while getting fscache super cookie (Ronnie Sahlberg) [2127858 2048823]
- cifs: avoid use of dstaddr as key for fscache client cookie (Ronnie Sahlberg) [2127858 2048823]
- cifs: add server conn_id to fscache client cookie (Ronnie Sahlberg) [2127858 2048823]
- cifs: wait for tcon resource_id before getting fscache super (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix missed refcounting of ipc tcon (Ronnie Sahlberg) [2127858 2048823]
- cifs: update internal version number (Ronnie Sahlberg) [2127858 2048823]
- smb2: clarify rc initialization in smb2_reconnect (Ronnie Sahlberg) [2127858 2048823]
- cifs: populate server_hostname for extra channels (Ronnie Sahlberg) [2127858 2048823]
- cifs: nosharesock should be set on new server (Ronnie Sahlberg) [2127858 2048823]
- cifs: introduce cifs_ses_mark_for_reconnect() helper (Ronnie Sahlberg) [2127858 2048823]
- cifs: protect srv_count with cifs_tcp_ses_lock (Ronnie Sahlberg) [2127858 2048823]
- cifs: move debug print out of spinlock (Ronnie Sahlberg) [2127858 2048823]
- cifs: do not duplicate fscache cookie for secondary channels (Ronnie Sahlberg) [2127858 2048823]
- cifs: connect individual channel servers to primary channel server (Ronnie Sahlberg) [2127858 2048823]
- cifs: protect session channel fields with chan_lock (Ronnie Sahlberg) [2127858 2048823]
- cifs: do not negotiate session if session already exists (Ronnie Sahlberg) [2127858 2048823]
- smb3: do not setup the fscache_super_cookie until fsinfo initialized (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix potential use-after-free bugs (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname (Ronnie Sahlberg) [2127858 2048823]
- smb3: add additional null check in SMB311_posix_mkdir (Ronnie Sahlberg) [2127858 2048823]
- cifs: release lock earlier in dequeue_mid error case (Ronnie Sahlberg) [2127858 2048823]
- smb3: add additional null check in SMB2_tcon (Ronnie Sahlberg) [2127858 2048823]
- smb3: add additional null check in SMB2_open (Ronnie Sahlberg) [2127858 2048823]
- smb3: add additional null check in SMB2_ioctl (Ronnie Sahlberg) [2127858 2048823]
- smb3: remove trivial dfs compile warning (Ronnie Sahlberg) [2127858 2048823]
- cifs: support nested dfs links over reconnect (Ronnie Sahlberg) [2127858 2048823]
- smb3: do not error on fsync when readonly (Ronnie Sahlberg) [2127858 2048823]
- cifs: for compound requests, use open handle if possible (Ronnie Sahlberg) [2127858 2048823]
- cifs: set a minimum of 120s for next dns resolution (Ronnie Sahlberg) [2127858 2048823]
- cifs: split out dfs code from cifs_reconnect() (Ronnie Sahlberg) [2127858 2048823]
- cifs: convert list_for_each to entry variant (Ronnie Sahlberg) [2127858 2048823]
- cifs: introduce new helper for cifs_reconnect() (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix print of hdr_flags in dfscache_proc_show() (Ronnie Sahlberg) [2127858 2048823]
- cifs: nosharesock should not share socket with future sessions (Ronnie Sahlberg) [2127858 2048823]
- smb3: add dynamic trace points for socket connection (Ronnie Sahlberg) [2127858 2048823]
- cifs: Move SMB2_Create definitions to the shared area (Ronnie Sahlberg) [2127858 2048823]
- cifs: Move more definitions into the shared area (Ronnie Sahlberg) [2127858 2048823]
- cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (Ronnie Sahlberg) [2127858 2048823]
- cifs: Create a new shared file holding smb2 pdu definitions (Ronnie Sahlberg) [2127858 2048823]
- cifs: add mount parameter tcpnodelay (Ronnie Sahlberg) [2127858 2048823]
- cifs: To match file servers, make sure the server hostname matches (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix incorrect check for null pointer in header_assemble (Ronnie Sahlberg) [2127858 2048823]
- smb3: correct server pointer dereferencing check to be more consistent (Ronnie Sahlberg) [2127858 2048823]
- smb3: correct smb3 ACL security descriptor (Ronnie Sahlberg) [2127858 2048823]
- cifs: Clear modified attribute bit from inode flags (Ronnie Sahlberg) [2127858 2048823]
- cifs: Deal with some warnings from W=1 (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix a sign extension bug (Ronnie Sahlberg) [2127858 2048823]
- cifs: Not to defer close on file when lock is set (Ronnie Sahlberg) [2127858 2048823]
- cifs: Fix soft lockup during fsstress (Ronnie Sahlberg) [2127858 2048823]
- cifs: Deferred close performance improvements (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix incorrect kernel doc comments (Ronnie Sahlberg) [2127858 2048823]
- cifs: remove pathname for file from SPDX header (Ronnie Sahlberg) [2127858 2048823]
- cifs: properly invalidate cached root handle when closing it (Ronnie Sahlberg) [2127858 2048823]
- cifs: move SMB FSCTL definitions to common code (Ronnie Sahlberg) [2127858 2048823]
- cifs: rename cifs_common to smbfs_common (Ronnie Sahlberg) [2127858 2048823]
- cifs: cifs_md4 convert to SPDX identifier (Ronnie Sahlberg) [2127858 2048823]
- cifs: create a MD4 module and switch cifs.ko to use it (Ronnie Sahlberg) [2127858 2048823]
- cifs: fork arc4 and create a separate module for it for cifs and other users (Ronnie Sahlberg) [2127858 2048823]
- cifs: remove support for NTLM and weaker authentication algorithms (Ronnie Sahlberg) [2127858 2048823]
- cifs: update FSCTL definitions (Ronnie Sahlberg) [2127858 2048823]
- cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (Ronnie Sahlberg) [2127858 2048823]
- cifs: enable fscache usage even for files opened as rw (Ronnie Sahlberg) [2127858 2048823]
- smb3: fix posix extensions mount option (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix wrong release in sess_alloc_buffer() failed path (Ronnie Sahlberg) [2127858 2048823]
- CIFS: Fix a potencially linear read overflow (Ronnie Sahlberg) [2127858 2048823]
- drm/mgag200: Select clock in PLL update functions (Herton R. Krzesinski) [2112017 2043115]
- mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (Inigo Huguet) [2095653 2096777]
- mt76: mt7921e: fix possible probe failure after reboot (Inigo Huguet) [2095653 2065633]
[5.14.0-70.29.1_0]
- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2129453 2126153]
- KVM: x86/mmu: Don't advance iterator after restart due to yielding (Nico Pache) [2127859 2055725]
- scsi: csiostor: Add module softdep on cxgb4 (Rahul Lakkireddy) [2127857 1977553]
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (Oleg Nesterov) [2127875 2121271] {CVE-2022-30594}
[5.14.0-70.28.1_0]
- powerpc: Enable execve syscall exit tracepoint (Steve Best) [2106661 2095526]
[5.14.0-70.27.1_0]
- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Wander Lairson Costa) [2116967 2116968] {CVE-2022-2585}
- fix race between exit_itimers() and /proc/pid/timers (Wander Lairson Costa) [2116967 2116968] {CVE-2022-2585}
- ID
- ELSA-2022-7318
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2022-7318.html
- Published
-
2022-11-04T00:00:00
(22 months ago) - Modified
-
2022-11-04T00:00:00
(22 months ago) - Rights
- Copyright 2022 Oracle, Inc.
- Other Advisories
-
- ALAS-2022-1591
- ALAS2-2022-1798
- ALSA-2022:7318
- ALSA-2023:0334
- ALSA-2023:2951
- DSA-5173-1
- DSA-5207-1
- ELSA-2022-9827
- ELSA-2022-9830
- ELSA-2023-0334
- ELSA-2023-2951
- FEDORA-2022-484e226872
- FEDORA-2022-9bbb1d9b7b
- MS:CVE-2022-30594
- openSUSE-SU-2022:2177-1
- RHSA-2022:7318
- RHSA-2022:7319
- RHSA-2022:7330
- RHSA-2023:0300
- RHSA-2023:0334
- RHSA-2023:2736
- RHSA-2023:2951
- RLSA-2023:0334
- SSA:2022-237-02
- SUSE-SU-2022:1939-1
- SUSE-SU-2022:1940-1
- SUSE-SU-2022:1942-1
- SUSE-SU-2022:1945-1
- SUSE-SU-2022:1947-1
- SUSE-SU-2022:1948-1
- SUSE-SU-2022:1949-1
- SUSE-SU-2022:1955-1
- SUSE-SU-2022:1974-1
- SUSE-SU-2022:1988-1
- SUSE-SU-2022:2000-1
- SUSE-SU-2022:2006-1
- SUSE-SU-2022:2010-1
- SUSE-SU-2022:2077-1
- SUSE-SU-2022:2078-1
- SUSE-SU-2022:2079-1
- SUSE-SU-2022:2080-1
- SUSE-SU-2022:2082-1
- SUSE-SU-2022:2083-1
- SUSE-SU-2022:2103-1
- SUSE-SU-2022:2104-1
- SUSE-SU-2022:2111-1
- SUSE-SU-2022:2116-1
- SUSE-SU-2022:2177-1
- SUSE-SU-2022:2268-1
- SUSE-SU-2022:2520-1
- SUSE-SU-2022:2615-1
- SUSE-SU-2022:2629-1
- SUSE-SU-2022:2803-1
- SUSE-SU-2022:3072-1
- SUSE-SU-2022:3108-1
- SUSE-SU-2022:3288-1
- USN-5442-1
- USN-5442-2
- USN-5443-1
- USN-5443-2
- USN-5465-1
- USN-5564-1
- USN-5565-1
- USN-5566-1
- USN-5567-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2022-7318 | https://linux.oracle.com/errata/ELSA-2022-7318.html | |
CVE | CVE-2022-30594 | https://linux.oracle.com/cve/CVE-2022-30594.html | |
CVE | CVE-2022-2585 | https://linux.oracle.com/cve/CVE-2022-2585.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-9.0 | oraclelinux | python3-perf | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-9.0 | oraclelinux | perf | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-9.0 | oraclelinux | kernel | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-9.0 | oraclelinux | kernel-tools | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-9.0 | oraclelinux | kernel-tools-libs | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-9.0 | oraclelinux | kernel-tools-libs-devel | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-9.0 | oraclelinux | kernel-modules | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-9.0 | oraclelinux | kernel-modules-extra | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-9.0 | oraclelinux | kernel-headers | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-9.0 | oraclelinux | kernel-doc | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-9.0 | oraclelinux | kernel-devel | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel-matched?distro=oraclelinux-9.0 | oraclelinux | kernel-devel-matched | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-9.0 | oraclelinux | kernel-debug | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-9.0 | oraclelinux | kernel-debug-modules | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-9.0 | oraclelinux | kernel-debug-modules-extra | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-9.0 | oraclelinux | kernel-debug-devel | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel-matched?distro=oraclelinux-9.0 | oraclelinux | kernel-debug-devel-matched | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-9.0 | oraclelinux | kernel-debug-core | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-9.0 | oraclelinux | kernel-cross-headers | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-9.0 | oraclelinux | kernel-core | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-9.0 | oraclelinux | kernel-abi-stablelists | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-9.0 | oraclelinux | bpftool | < 5.14.0-70.30.1.0.1.el9_0 | oraclelinux-9.0 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |