[ELSA-2022-9870] Unbreakable Enterprise kernel security update
[4.14.35-2047.518.4]
- xfs: avoid race between writeback and data/cow fork changes (Wengang Wang) [Orabug: 34508036]
[4.14.35-2047.518.3]
- KVM: SVM: Clear the CR4 register on reset (Babu Moger) [Orabug: 34617675]
[4.14.35-2047.518.2]
- af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34566753] {CVE-2022-3028}
- l2tp: fix tunnel lookup use-after-free race (James Chapman) [Orabug: 32504113]
[4.14.35-2047.518.1]
- xfs: fix out of bound access (Junxiao Bi) [Orabug: 33089469] [Orabug: 34535011]
- KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34362737]
- KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34362737]
- KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34362737]
- netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal) [Orabug: 32176166]
- sysfs: turn WARN() into pr_warn() (Greg Kroah-Hartman) [Orabug: 32176118]
[4.14.35-2047.518.0]
- lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34543517] {CVE-2022-21499}
- Revert 'debug: Lock down kgdb' (Alok Tiwari) [Orabug: 34543517]
- vmcoreinfo: add kallsyms_num_syms symbol (Stephen Brennan) [Orabug: 34475880]
- vmcoreinfo: include kallsyms symbols (Stephen Brennan) [Orabug: 34475880]
- kallsyms: move declarations to internal header (Stephen Brennan) [Orabug: 34475880]
- mpt3sas: avoid SOFT_RESET on shutdown (John Donnelly) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Update driver version to 39.100.00.00 (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Use firmware recommended queue depth (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Transition IOC to Ready state during shutdown (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix fall-through warnings for Clang (Gustavo A. R. Silva) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Handle firmware faults during first half of IOC init (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix deadlock while cancelling the running firmware event (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Documentation cleanup (Randy Dunlap) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (Sreekanth Reddy) [Orabug: 34408138]
- scsi: mpt3sas: Fix two kernel-doc headers (Bart Van Assche) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix out-of-bounds warnings in _ctl_addnl_diag_query (Gustavo A. R. Silva) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix endianness for ActiveCablePowerRequirement (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix a typo (Bhaskar Chowdhury) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix a few kernel-doc issues (Lee Jones) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force reply post buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force reply buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force sense buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force chain buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one (Gustavo A. R. Silva) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (Christophe JAILLET) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix some kernel-doc misnaming issues (Lee Jones) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix a couple of misdocumented functions/params (Lee Jones) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix a bunch of potential naming doc-rot (Lee Jones) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Move a little data from the stack onto the heap (Lee Jones) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix misspelling of _base_put_smid_default_atomic() (Lee Jones) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Additional diagnostic buffer query interface (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix ReplyPostFree pool allocation (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Simplify bool comparison (YANG LI) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix spelling mistake in Kconfig 'compatiblity' -> 'compatibility' (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Signedness bug in _base_get_diag_triggers() (Dan Carpenter) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Block PCI config access from userspace during reset (Sreekanth Reddy) [Orabug: 34408138]
- Linux 4.14.290 (Greg Kroah-Hartman)
- PCI: hv: Fix interrupt mapping for multi-MSI (Jeffrey Hugo)
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Jeffrey Hugo)
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Jeffrey Hugo)
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (Jeffrey Hugo)
- net: usb: ax88179_178a needs FLAG_SEND_ZLP (Jose Alonso)
- tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (Jiri Slaby)
- tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (Jiri Slaby)
- tty: drop tty_schedule_flip() (Jiri Slaby)
- tty: the rest, stop using tty_schedule_flip() (Jiri Slaby)
- tty: drivers/tty/, stop using tty_schedule_flip() (Jiri Slaby)
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (Luiz Augusto von Dentz)
- Bluetooth: SCO: Fix sco_send_frame returning skb->len (Luiz Augusto von Dentz)
- Bluetooth: Fix passing NULL to PTR_ERR (Luiz Augusto von Dentz)
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (Luiz Augusto von Dentz)
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (Luiz Augusto von Dentz)
- Bluetooth: Add bt_skb_sendmmsg helper (Luiz Augusto von Dentz)
- Bluetooth: Add bt_skb_sendmsg helper (Luiz Augusto von Dentz)
- ALSA: memalloc: Align buffer allocations in page size (Takashi Iwai)
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong)
- drm/tilcdc: Remove obsolete crtc_mode_valid() hack (Jyri Sarha)
- bpf: Make sure mac_header was set before using it (Eric Dumazet)
- mm/mempolicy: fix uninit-value in mpol_rebind_policy() (Wang Cheng)
- Revert 'Revert 'char/random: silence a lockdep splat with printk()'' (Jason A. Donenfeld)
- be2net: Fix buffer overflow in be_get_module_eeprom (Hristo Venev)
- tcp: Fix a data-race around sysctl_tcp_notsent_lowat. (Kuniyuki Iwashima)
- igmp: Fix a data-race around sysctl_igmp_max_memberships. (Kuniyuki Iwashima)
- igmp: Fix data-races around sysctl_igmp_llm_reports. (Kuniyuki Iwashima)
- net: stmmac: fix dma queue left shift overflow issue (Junxiao Chang)
- i2c: cadence: Change large transfer count reset logic to be unconditional (Robert Hancock)
- tcp: Fix a data-race around sysctl_tcp_probe_interval. (Kuniyuki Iwashima)
- tcp: Fix a data-race around sysctl_tcp_probe_threshold. (Kuniyuki Iwashima)
- tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. (Kuniyuki Iwashima)
- ip: Fix a data-race around sysctl_fwmark_reflect. (Kuniyuki Iwashima)
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (Peter Zijlstra)
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (Miaoqian Lin)
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua)
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour)
- Linux 4.14.289 (Greg Kroah-Hartman)
- can: m_can: m_can_tx_handler(): fix use after free of skb (Marc Kleine-Budde)
- mm: invalidate hwpoison page cache page in fault path (Rik van Riel)
- serial: 8250: fix return error code in serial8250_request_std_resource() (Yi Yang)
- tty: serial: samsung_tty: set dma burst_size to 1 (Chanho Park)
- usb: dwc3: gadget: Fix event pending check (Thinh Nguyen)
- USB: serial: ftdi_sio: add Belimo device ids (Lucien Buchmann)
- signal handling: don't use BUG_ON() for debugging (Linus Torvalds)
- x86: Clear .brk area at early boot (Juergen Gross)
- irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (Stafford Horne)
- ASoC: wm5110: Fix DRE control (Charles Keepax)
- ASoC: ops: Fix off by one in range control validation (Mark Brown)
- net: sfp: fix memory leak in sfp_probe() (Jianglei Nie)
- NFC: nxp-nci: don't print header length mismatch on i2c error (Michael Walle)
- net: tipc: fix possible refcount leak in tipc_sk_create() (Hangyu Hua)
- platform/x86: hp-wmi: Ignore Sanitization Mode event (Kai-Heng Feng)
- cpufreq: pmac32-cpufreq: Fix refcount leak bug (Liang He)
- netfilter: br_netfilter: do not skip all hooks with 0 priority (Florian Westphal)
- virtio_mmio: Restore guest page size on resume (Stephan Gerhold)
- virtio_mmio: Add missing PM calls to freeze/restore (Stephan Gerhold)
- sfc: fix kernel panic when creating VF (Inigo Huguet)
- seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (Andrea Mayer)
- seg6: fix skb checksum evaluation in SRH encapsulation/insertion (Andrea Mayer)
- sfc: fix use after free when disabling sriov (Inigo Huguet)
- ipv4: Fix data-races around sysctl_ip_dynaddr. (Kuniyuki Iwashima)
- icmp: Fix a data-race around sysctl_icmp_ratemask. (Kuniyuki Iwashima)
- icmp: Fix a data-race around sysctl_icmp_ratelimit. (Kuniyuki Iwashima)
- ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (Michal Suchanek)
- icmp: Fix data-races around sysctl. (Kuniyuki Iwashima)
- cipso: Fix data-races around sysctl. (Kuniyuki Iwashima)
- net: Fix data-races around sysctl_mem. (Kuniyuki Iwashima)
- inetpeer: Fix data-races around sysctl. (Kuniyuki Iwashima)
- ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (Ard Biesheuvel)
- xhci: make xhci_handshake timeout for xhci_reset() adjustable (Mathias Nyman)
- xhci: bail out early if driver can't accress host in resume (Mathias Nyman)
- net: dsa: bcm_sf2: force pause link settings (Doug Berger)
- nilfs2: fix incorrect masking of permission flags for symlinks (Ryusuke Konishi)
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (Tejun Heo)
- ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (Ard Biesheuvel)
- ARM: 9213/1: Print message about disabled Spectre workarounds only once (Dmitry Osipenko)
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (Steven Rostedt (Google))
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (Juergen Gross)
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (Meng Tang)
- ALSA: hda - Add fixup for Dell Latitidue E5430 (Meng Tang)
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | < 4.14.35-2047.518.4.el7uek |
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | < 4.14.35-2047.518.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | < 4.14.35-2047.518.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | < 4.14.35-2047.518.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | < 4.14.35-2047.518.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | < 4.14.35-2047.518.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | < 4.14.35-2047.518.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | < 4.14.35-2047.518.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | < 4.14.35-2047.518.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | < 4.14.35-2047.518.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | < 4.14.35-2047.518.4.el7uek |
- ID
- ELSA-2022-9870
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2022-9870.html
- Published
-
2022-10-10T00:00:00
(23 months ago) - Modified
-
2022-10-10T00:00:00
(23 months ago) - Rights
- Copyright 2022 Oracle, Inc.
- Other Advisories
-
- ALAS-2022-1636
- ALAS2-2022-1852
- ALSA-2022:7683
- ALSA-2022:8267
- ALSA-2023:2458
- ALSA-2023:2951
- DSA-5161-1
- ELSA-2022-5232
- ELSA-2022-7683
- ELSA-2022-8267
- ELSA-2022-9422
- ELSA-2022-9423
- ELSA-2022-9425
- ELSA-2022-9426
- ELSA-2022-9427
- ELSA-2022-9495
- ELSA-2022-9496
- ELSA-2022-9852
- ELSA-2022-9871
- ELSA-2022-9926
- ELSA-2022-9927
- ELSA-2022-9930
- ELSA-2022-9931
- ELSA-2022-9998
- ELSA-2022-9999
- ELSA-2023-2458
- ELSA-2023-2951
- FEDORA-2022-35c14ba5bb
- FEDORA-2022-6835ddb6d8
- FEDORA-2022-ccb0138bb6
- MS:CVE-2022-3028
- RHSA-2022:7444
- RHSA-2022:7683
- RHSA-2022:7933
- RHSA-2022:8267
- RHSA-2023:2148
- RHSA-2023:2458
- RHSA-2023:2736
- RHSA-2023:2951
- RLSA-2022:7683
- SSA:2022-237-02
- SSA:2022-333-01
- SUSE-SU-2022:2077-1
- SUSE-SU-2022:2080-1
- SUSE-SU-2022:2082-1
- SUSE-SU-2022:2103-1
- SUSE-SU-2022:2111-1
- SUSE-SU-2022:2116-1
- SUSE-SU-2022:2393-1
- SUSE-SU-2022:2438-1
- SUSE-SU-2022:2444-1
- SUSE-SU-2022:2446-1
- SUSE-SU-2022:2461-1
- SUSE-SU-2022:2482-1
- SUSE-SU-2022:2520-1
- SUSE-SU-2022:2615-1
- SUSE-SU-2022:2629-1
- SUSE-SU-2022:3263-1
- SUSE-SU-2022:3264-1
- SUSE-SU-2022:3265-1
- SUSE-SU-2022:3274-1
- SUSE-SU-2022:3282-1
- SUSE-SU-2022:3288-1
- SUSE-SU-2022:3291-1
- SUSE-SU-2022:3293-1
- SUSE-SU-2022:3294-1
- SUSE-SU-2022:3408-1
- SUSE-SU-2022:3422-1
- SUSE-SU-2022:3450-1
- SUSE-SU-2022:3609-1
- SUSE-SU-2022:3809-1
- SUSE-SU-2022:4617-1
- SUSE-SU-2023:0416-1
- USN-5465-1
- USN-5466-1
- USN-5467-1
- USN-5468-1
- USN-5469-1
- USN-5470-1
- USN-5471-1
- USN-5484-1
- USN-5650-1
- USN-5693-1
- USN-5727-1
- USN-5727-2
- USN-5728-1
- USN-5728-2
- USN-5728-3
- USN-5729-1
- USN-5729-2
- USN-5774-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2022-9870 | https://linux.oracle.com/errata/ELSA-2022-9870.html | |
CVE | CVE-2022-3028 | https://linux.oracle.com/cve/CVE-2022-3028.html | |
CVE | CVE-2022-21499 | https://linux.oracle.com/cve/CVE-2022-21499.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 4.14.35-2047.518.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 4.14.35-2047.518.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 4.14.35-2047.518.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools | < 4.14.35-2047.518.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs | < 4.14.35-2047.518.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs-devel | < 4.14.35-2047.518.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | oraclelinux | kernel-uek-headers | < 4.14.35-2047.518.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 4.14.35-2047.518.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 4.14.35-2047.518.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 4.14.35-2047.518.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 4.14.35-2047.518.4.el7uek | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |