[ELSA-2022-9368] Unbreakable Enterprise kernel-container security update
[5.4.17-2136.307.3.1]
- Revert 'rds/ib: recover rds connection from stuck tx path' (Nagappan Ramasamy
Palaniappan) [Orabug: 34124233]
[5.4.17-2136.307.3]
- kvm: debugfs: fix memory leak in kvm_create_vm_debugfs (Pavel Skripkin) [Orabug: 33099019]
- KVM: debugfs: Reuse binary stats descriptors (Jing Zhang) [Orabug: 33099019]
- KVM: selftests: Add selftest for KVM statistics data binary interface (Jing Zhang) [Orabug: 33099019]
- KVM: stats: Add documentation for binary statistics interface (Jing Zhang) [Orabug: 33099019]
- KVM: stats: Support binary stats retrieval for a VCPU (Jing Zhang) [Orabug: 33099019]
- KVM: stats: Support binary stats retrieval for a VM (Jing Zhang) [Orabug: 33099019]
- KVM: stats: Add fd-based API to read binary stats data (Jing Zhang) [Orabug: 33099019]
- KVM: stats: Separate generic stats from architecture specific ones (Jing Zhang) [Orabug: 33099019]
- KVM: switch per-VM stats to u64 (Paolo Bonzini) [Orabug: 33099019]
- kvm_host: unify VM_STAT and VCPU_STAT definitions in a single place (Emanuele Giuseppe Esposito) [Orabug: 33099019]
- kvm: Refactor handling of VM debugfs files (Milan Pandurov) [Orabug: 33099019]
- mpt3sas: avoid SOFT_RESET on shutdown (John Donnelly) [Orabug: 33666018]
- scsi: mpt3sas: Clean up some inconsistent indenting (Colin Ian King) [Orabug: 33666018]
- scsi: mpt3sas: Fix incorrectly assigned error return and check (Colin Ian King) [Orabug: 33666018]
- scsi: mpt3sas: Introduce sas_ncq_prio_supported sysfs sttribute (Damien Le Moal) [Orabug: 33666018]
- scsi: mpt3sas: Update driver version to 39.100.00.00 (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Use firmware recommended queue depth (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Bump driver version to 38.100.00.00 (Sreekanth Reddy) [Orabug: 33666018]
- scsi: mpt3sas: Transition IOC to Ready state during shutdown (Sreekanth Reddy) [Orabug: 33666018]
- scsi: mpt3sas: Fix Coverity reported issue (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Fix fall-through warnings for Clang (Gustavo A. R. Silva) [Orabug: 33666018]
- scsi: mpt3sas: Handle firmware faults during second (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Handle firmware faults during first half of IOC init (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Fix deadlock while cancelling the running firmware event (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Documentation cleanup (Randy Dunlap) [Orabug: 33666018]
- scsi: mpt3sas: Fix two kernel-doc headers (Bart Van Assche) [Orabug: 33666018]
- scsi: mpt3sas: Fix out-of-bounds warnings in _ctl_addnl_diag_query (Gustavo A. R. Silva) [Orabug: 33666018]
- scsi: mpt3sas: Fix endianness for ActiveCablePowerRequirement (Sreekanth Reddy) [Orabug: 33666018]
- scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (Sreekanth Reddy) [Orabug: 33666018]
- scsi: mpt3sas: Fix a typo (Bhaskar Chowdhury) [Orabug: 33666018]
- scsi: mpt3sas: Fix a few kernel-doc issues (Lee Jones) [Orabug: 33666018]
- scsi: mpt3sas: Update driver version to 37.101.00.00 (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Force reply post array allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Force reply post buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Force reply buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Force sense buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Force chain buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one (Gustavo A. R. Silva) [Orabug: 33666018]
- scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (Christophe JAILLET) [Orabug: 33666018]
- scsi: mpt3sas: Fix some kernel-doc misnaming issues (Lee Jones) [Orabug: 33666018]
- scsi: mpt3sas: Fix a couple of misdocumented functions/params (Lee Jones) [Orabug: 33666018]
- scsi: mpt3sas: Fix a bunch of potential naming doc-rot (Lee Jones) [Orabug: 33666018]
- scsi: mpt3sas: Move a little data from the stack onto the heap (Lee Jones) [Orabug: 33666018]
- scsi: mpt3sas: Fix misspelling of _base_put_smid_default_atomic() (Lee Jones) [Orabug: 33666018]
- scsi: mpt3sas: Update driver version to 37.100.00.00 (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Additional diagnostic buffer query interface (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Fix ReplyPostFree pool allocation (Sreekanth Reddy) [Orabug: 33666018]
- scsi: mpt3sas: Simplify bool comparison (YANG LI) [Orabug: 33666018]
- scsi: mpt3sas: Fix spelling mistake in Kconfig 'compatiblity' -> 'compatibility' (Suganath Prabu S) [Orabug: 33666018]
- scsi: mpt3sas: Signedness bug in _base_get_diag_triggers() (Dan Carpenter) [Orabug: 33666018]
- mei: me: disable driver on the ign firmware (Alexander Usyskin) [Orabug: 34018919]
- mei: add device kind to sysfs (Alexander Usyskin) [Orabug: 34018919]
- mei: me: add MEI device for SPT with ITPS capability (Tomas Winkler) [Orabug: 34018919]
- mei: me: make mei_me_fw_sku_sps_4() less cryptic (Tomas Winkler) [Orabug: 34018919]
- mei: me: constify the device parameter to the probe quirk (Tomas Winkler) [Orabug: 34018919]
- mei: me: disable mei interface on Mehlow server platforms (Tomas Winkler) [Orabug: 34018919]
- mei: fix CNL itouch device number to match the spec. (Alexander Usyskin) [Orabug: 34018919]
- mei: me: disable mei interface on LBG servers. (Tomas Winkler) [Orabug: 34018919]
- mei: me: mei_me_dev_init() use struct device instead of struct pci_dev. (Tomas Winkler) [Orabug: 34018919]
- x86/speculation: Restore speculation related MSRs during S3 resume (Pawan Gupta) [Orabug: 34053700]
- net: bpf: Make bpf_ktime_get_ns() available to non GPL programs (Maciej zenczykowski) [Orabug: 34079481]
[5.4.17-2136.307.2]
- net: sched: fix use-after-free in tc_new_tfilter() (Eric Dumazet) [Orabug: 34027161] {CVE-2022-1055}
- rds: ib: Initialize SG table properly (Hakon Bugge) [Orabug: 34031913]
- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34039270]
- mm: memcontrol: slab: fix obtain a reference to a freeing memcg (Muchun Song) [Orabug: 34045826]
- mm: memcg/slab: fix use after free in obj_cgroup_charge (Muchun Song) [Orabug: 34045826]
- mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050049]
- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34034594] {CVE-2022-1158}
[5.4.17-2136.307.1]
- oracleasm: Fix block layer error conversion (Martin K. Petersen) [Orabug: 33413872]
- oracleasm: Fix memory leak inadvertently caused by block layer changes (Martin K. Petersen) [Orabug: 33413872]
- rds: Fix incorrect initialization order (Hakon Bugge) [Orabug: 33519061]
- Fix switchdev transition after configuring 256 SFs (Mikhael Goikhman) [Orabug: 33913142]
- net/mlx5: Remove all auxiliary devices at the unregister event (Leon Romanovsky) [Orabug: 33913153]
- net/mlx5: E-Switch, handle devcom events only for ports on the same device (Roi Dayan) [Orabug: 33913153]
- net/mlx5e: Don't create devices during unload flow (Dmytro Linkin) [Orabug: 33913153]
- net/mlx5: Delete auxiliary bus driver eth-rep first (Maor Dickman) [Orabug: 33913153]
- Fix deadlock with SFs created and devlink reload of parent PF (Mikhael Goikhman) [Orabug: 33913153]
- phonet: refcount leak in pep_sock_accep (Hangyu Hua) [Orabug: 33962760] {CVE-2021-45095}
- bpf: Lift hashtab key_size limit (Florian Lehner) [Orabug: 33968668]
- net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33974713]
- rds: ib: Fix racy credit tracepoints (Hakon Bugge) [Orabug: 33980855]
- mm: fix MADV_DONTEXEC to clear VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 33987399]
- ice: create scheduler aggregator node config and move VSIs (Kiran Patil) [Orabug: 33993157] {CVE-2020-24502} {CVE-2020-245024} {CVE-2020-24503}
- sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax (Valentin Schneider) [Orabug: 33994395]
- esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) [Orabug: 33997299] {CVE-2022-27666}
- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34003080]
- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012924] {CVE-2022-1016}
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-8 | < 5.4.17-2136.307.3.1.el8 |
pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 | < 5.4.17-2136.307.3.1.el7 |
pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-8 | < 5.4.17-2136.307.3.1.el8 |
pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-7 | < 5.4.17-2136.307.3.1.el7 |
- ID
- ELSA-2022-9368
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2022-9368.html
- Published
-
2022-05-10T00:00:00
(2 years ago) - Modified
-
2022-05-10T00:00:00
(2 years ago) - Rights
- Copyright 2022 Oracle, Inc.
- Other Advisories
-
- ALAS-2022-1577
- ALAS-2022-1581
- ALAS2-2022-1768
- ALAS2-2022-1774
- ALSA-2021:4356
- ALSA-2022:5249
- ALSA-2022:5316
- ALSA-2022:6003
- ALSA-2022:7683
- ALSA-2022:8267
- DSA-5050-1
- DSA-5096-1
- DSA-5127-1
- DSA-5173-1
- ELSA-2021-4356
- ELSA-2022-5249
- ELSA-2022-5316
- ELSA-2022-6003
- ELSA-2022-7683
- ELSA-2022-8267
- ELSA-2022-9264
- ELSA-2022-9265
- ELSA-2022-9266
- ELSA-2022-9267
- ELSA-2022-9270
- ELSA-2022-9271
- ELSA-2022-9273
- ELSA-2022-9274
- ELSA-2022-9313
- ELSA-2022-9314
- ELSA-2022-9348
- ELSA-2022-9365
- ELSA-2022-9366
- ELSA-2022-9367
- MS:CVE-2021-45095
- MS:CVE-2022-1016
- MS:CVE-2022-1055
- MS:CVE-2022-1158
- MS:CVE-2022-27666
- openSUSE-SU-2022:0056-1
- openSUSE-SU-2022:0131-1
- openSUSE-SU-2022:0363-1
- openSUSE-SU-2022:0366-1
- openSUSE-SU-2022:0370-1
- RHSA-2021:4140
- RHSA-2021:4356
- RHSA-2022:5214
- RHSA-2022:5219
- RHSA-2022:5249
- RHSA-2022:5267
- RHSA-2022:5316
- RHSA-2022:5344
- RHSA-2022:6002
- RHSA-2022:6003
- RHSA-2022:7444
- RHSA-2022:7683
- RHSA-2022:7933
- RHSA-2022:8267
- RLSA-2022:5316
- RLSA-2022:7683
- SSA:2022-031-01
- SSA:2022-129-01
- SUSE-SU-2022:0056-1
- SUSE-SU-2022:0079-1
- SUSE-SU-2022:0131-1
- SUSE-SU-2022:0362-1
- SUSE-SU-2022:0363-1
- SUSE-SU-2022:0365-1
- SUSE-SU-2022:0366-1
- SUSE-SU-2022:0367-1
- SUSE-SU-2022:0370-1
- SUSE-SU-2022:0371-1
- SUSE-SU-2022:0477-1
- SUSE-SU-2022:0543-1
- SUSE-SU-2022:0544-1
- SUSE-SU-2022:0555-1
- SUSE-SU-2022:0765-1
- SUSE-SU-2022:0767-1
- SUSE-SU-2022:1163-1
- SUSE-SU-2022:1172-1
- SUSE-SU-2022:1182-1
- SUSE-SU-2022:1183-1
- SUSE-SU-2022:1189-1
- SUSE-SU-2022:1192-1
- SUSE-SU-2022:1193-1
- SUSE-SU-2022:1194-1
- SUSE-SU-2022:1196-1
- SUSE-SU-2022:1197-1
- SUSE-SU-2022:1212-1
- SUSE-SU-2022:1215-1
- SUSE-SU-2022:1223-1
- SUSE-SU-2022:1224-1
- SUSE-SU-2022:1230-1
- SUSE-SU-2022:1242-1
- SUSE-SU-2022:1246-1
- SUSE-SU-2022:1248-1
- SUSE-SU-2022:1255-1
- SUSE-SU-2022:1256-1
- SUSE-SU-2022:1257-1
- SUSE-SU-2022:1261-1
- SUSE-SU-2022:1266-1
- SUSE-SU-2022:1267-1
- SUSE-SU-2022:1268-1
- SUSE-SU-2022:1269-1
- SUSE-SU-2022:1270-1
- SUSE-SU-2022:1278-1
- SUSE-SU-2022:1283-1
- SUSE-SU-2022:1303-1
- SUSE-SU-2022:1318-1
- SUSE-SU-2022:1320-1
- SUSE-SU-2022:1322-1
- SUSE-SU-2022:1326-1
- SUSE-SU-2022:1329-1
- SUSE-SU-2022:1335-1
- SUSE-SU-2022:1369-1
- SUSE-SU-2022:1402-1
- SUSE-SU-2022:1407-1
- SUSE-SU-2022:1440-1
- SUSE-SU-2022:1453-1
- SUSE-SU-2022:1486-1
- SUSE-SU-2022:1569-1
- SUSE-SU-2022:1571-1
- SUSE-SU-2022:1573-1
- SUSE-SU-2022:1575-1
- SUSE-SU-2022:1591-1
- SUSE-SU-2022:1605-1
- SUSE-SU-2022:1629-1
- SUSE-SU-2022:1634-1
- SUSE-SU-2022:1637-1
- SUSE-SU-2022:1669-1
- SUSE-SU-2022:1676-1
- SUSE-SU-2022:1687-1
- SUSE-SU-2022:2104-1
- SUSE-SU-2022:2268-1
- SUSE-SU-2022:2520-1
- SUSE-SU-2022:2615-1
- USN-5278-1
- USN-5337-1
- USN-5338-1
- USN-5339-1
- USN-5343-1
- USN-5353-1
- USN-5357-1
- USN-5357-2
- USN-5358-1
- USN-5358-2
- USN-5368-1
- USN-5377-1
- USN-5381-1
- USN-5383-1
- USN-5390-1
- USN-5390-2
- USN-5415-1
- USN-5416-1
- USN-5466-1
- USN-5467-1
- USN-5468-1
- USN-5469-1
- USN-6001-1
- USN-6013-1
- USN-6014-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2022-9368 | https://linux.oracle.com/errata/ELSA-2022-9368.html | |
CVE | CVE-2020-24502 | https://linux.oracle.com/cve/CVE-2020-24502.html | |
CVE | CVE-2020-24503 | https://linux.oracle.com/cve/CVE-2020-24503.html | |
CVE | CVE-2020-24504 | https://linux.oracle.com/cve/CVE-2020-24504.html | |
CVE | CVE-2022-27666 | https://linux.oracle.com/cve/CVE-2022-27666.html | |
CVE | CVE-2022-1016 | https://linux.oracle.com/cve/CVE-2022-1016.html | |
CVE | CVE-2022-1158 | https://linux.oracle.com/cve/CVE-2022-1158.html | |
CVE | CVE-2021-45095 | https://linux.oracle.com/cve/CVE-2021-45095.html | |
CVE | CVE-2022-1055 | https://linux.oracle.com/cve/CVE-2022-1055.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-8 | oraclelinux | kernel-uek-container | < 5.4.17-2136.307.3.1.el8 | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 | oraclelinux | kernel-uek-container | < 5.4.17-2136.307.3.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-8 | oraclelinux | kernel-uek-container-debug | < 5.4.17-2136.307.3.1.el8 | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-container-debug | < 5.4.17-2136.307.3.1.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |