[ELSA-2023-0101] kernel security and bug fix update
[4.18.0-425.10.1.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
[4.18.0-425.10.1_7]
- scsi: target: loop: Fix handling of aborted TMRs (Maurizio Lombardi) [2144583 2141713]
- ice: virtchnl rss hena support (Petr Oros) [2148130]
- ice: Fix configuring VIRTCHNL_OP_CONFIG_VSI_QUEUES with unbalanced queues (Michal Schmidt) [2142017 2137378]
- ice: Add support Flex RXD (Michal Schmidt) [2138157 2131310]
- netfilter: flowtable: fix stuck flows on cleanup due to pending work (Phil Sutter) [2134084 2131370]
- netfilter: flowtable: add function to invoke garbage collection immediately (Phil Sutter) [2134084 2131370]
- netfilter: flowtable: pass flowtable to nf_flow_table_iterate() (Phil Sutter) [2134084 2131370]
- netfilter: flowtable: separate replace, destroy and stats to different workqueues (Phil Sutter) [2134084 2131370]
- x86/paravirt: Add a dummy __x86_paravirt_patch_template() function (Waiman Long) [2152206 2144161]
- x86/paravirt: Fix kABI breakage in struct pv_mmu_ops (Waiman Long) [2152206 2144161]
- drm/i915: fix TLB invalidation for Gen12 video and compute engines (Wander Lairson Costa) [2148149 2148150] {CVE-2022-4139}
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (Emanuele Giuseppe Esposito) [2150912 2082836]
- iavf: Fix cached head and tail value for iavf_get_tx_pending (Stefan Assmann) [2149742 2103944]
- iavf: Fix change VF's mac address (Stefan Assmann) [2149742 2103944]
- iavf: Fix race between iavf_close and iavf_reset_task (Stefan Assmann) [2149742 2103944]
- net: ethernet: move from strlcpy with unused retval to strscpy (Stefan Assmann) [2149742 2103944]
- iavf: Fix 'tc qdisc show' listing too many queues (Stefan Assmann) [2149742 2103944]
- iavf: Fix max_rate limiting (Stefan Assmann) [2149742 2103944]
- iavf: Check for duplicate TC flower filter before parsing (Stefan Assmann) [2149742 2103944]
- iavf: Fix handling of dummy receive descriptors (Stefan Assmann) [2149742 2103944]
- iavf: Disallow changing rx/tx-frames and rx/tx-frames-irq (Stefan Assmann) [2149742 2103944]
- intel/iavf:fix repeated words in comments (Stefan Assmann) [2149742 2103944]
- intel: remove unused macros (Stefan Assmann) [2149742 2103944]
- iavf: Add waiting for response from PF in set mac (Stefan Assmann) [2149742 2103944]
[4.18.0-425.9.1_7]
- Documentation/admin-guide: Document nomodeset kernel parameter (Jocelyn Falempe) [2145218 2143952]
- drm: Move nomodeset kernel parameter to the DRM subsystem (Jocelyn Falempe) [2145218 2143952]
- wait: Fix __wait_event_hrtimeout for RT/DL tasks (Derek Barbosa) [2138953 2125233]
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (Tobias Huschle) [2127849 2121089]
- net: Fix return value of qdisc ingress handling on success (Ivan Vecera) [2141878 2131361]
[4.18.0-425.8.1_7]
- scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (Tomas Henzl) [2139216 2134535]
- RDMA/mlx5: Set local port to one when accessing counters (Mohammad Kabat) [2141957 2077119]
- drm/mgag200: Fix PLL setup for G200_SE_A rev >=4 (Jocelyn Falempe) [2140152 2130159]
- iavf: Do not restart Tx queues after reset task failure (Petr Oros) [2149081 2134005]
- iavf: Fix a crash during reset task (Petr Oros) [2149081 2134005]
- scsi: core: Allow the ALUA transitioning state enough time (Tomas Henzl) [2147374 2084250]
- scsi: core: Return BLK_STS_TRANSPORT for ALUA transitioning (Tomas Henzl) [2147374 2084250]
- i40e: Fix DMA mappings leak (Ivan Vecera) [2138205 2077847]
- net: usb: ax88179_178a: Fix packet receiving (Jose Ignacio Tornos Martinez) [2142724 2142725] {CVE-2022-2964}
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jose Ignacio Tornos Martinez) [2142724 2142725] {CVE-2022-2964}
[4.18.0-425.7.1_7]
- ice: Add additional CSR registers to ETHTOOL_GREGS (Petr Oros) [2136513 2131024]
- i40e: Fix set max_tx_rate when it is lower than 1 Mbps (Petr Oros) [2137270 2106964]
- i40e: Fix VF set max MTU size (Petr Oros) [2137270 2106964]
- iavf: Fix set max MTU size with port VLAN and jumbo frames (Petr Oros) [2137270 2106964]
- iavf: Fix bad page state (Petr Oros) [2137270 2106964]
- Revert 'scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels' (Jarod Wilson)
- scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (Tomas Henzl) [2139216]
- Revert 'ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems' (Jarod Wilson)
- ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (Wei Huang) [2142170 2130653]
[4.18.0-425.6.1_7]
- ice: Add low latency Tx timestamp read (Petr Oros) [2136036 2092425]
- ice: introduce ice_ptp_reset_cached_phctime function (Petr Oros) [2136036 2092425]
- ice: re-arrange some static functions in ice_ptp.c (Petr Oros) [2136036 2092425]
- ice: track and warn when PHC update is late (Petr Oros) [2136036 2092425]
- ice: track Tx timestamp stats similar to other Intel drivers (Petr Oros) [2136036 2092425]
- ice: implement adjfine with mul_u64_u64_div_u64 (Petr Oros) [2136036 2092425]
- ice: Add EXTTS feature to the feature bitmap (Petr Oros) [2136036 2092425]
- math: Export mul_u64_u64_div_u64 (Petr Oros) [2136036 2092425]
- vfio/type1: Unpin zero pages (Alex Williamson) [2128515 2123015]
- net: atlantic: remove aq_nic_deinit() when resume (Inigo Huguet) [2131935 2130839]
- net: atlantic: remove deep parameter on suspend/resume functions (Inigo Huguet) [2131935 2130839]
- CI: Use zstream builder container (Veronika Kabatova)
- CI: Add disttag override for 8.7 (Veronika Kabatova)
[4.18.0-425.5.1_7]
- ice: Fix interface being down after reset with link-down-on-close flag on (Petr Oros) [2136216 2024110]
- ice: Fix crash by keep old cfg when update TCs more than queues (Petr Oros) [2130992 2129902]
- ice: Fix tunnel checksum offload with fragmented traffic (Petr Oros) [2130992 2129902]
- ice: handle E822 generic device ID in PLDM header (Petr Oros) [2130992 2129902]
- ice: ethtool: Prohibit improper channel config for DCB (Petr Oros) [2130992 2129902]
- ice: ethtool: advertise 1000M speeds properly (Petr Oros) [2130992 2129902]
- ice: Fix switchdev rules book keeping (Petr Oros) [2130992 2129902]
- ice: fix access-beyond-end in the switch code (Petr Oros) [2130992 2129902]
- eth: ice: silence the GCC 12 array-bounds warning (Petr Oros) [2130992 2129902]
- ice: Expose RSS indirection tables for queue groups via ethtool (Petr Oros) [2130992 2129902]
- Revert 'ice: Hide bus-info in ethtool for PRs in switchdev mode' (Petr Oros) [2130992 2129902]
- ice: remove period on argument description in ice_for_each_vf (Petr Oros) [2130992 2129902]
- ice: add a function comment for ice_cfg_mac_antispoof (Petr Oros) [2130992 2129902]
- ice: fix wording in comment for ice_reset_vf (Petr Oros) [2130992 2129902]
- ice: remove return value comment for ice_reset_all_vfs (Petr Oros) [2130992 2129902]
- ice: always check VF VSI pointer values (Petr Oros) [2130992 2129902]
- ice: add newline to dev_dbg in ice_vf_fdir_dump_info (Petr Oros) [2130992 2129902]
- ice: get switch id on switchdev devices (Petr Oros) [2130992 2129902]
- ice: return ENOSPC when exceeding ICE_MAX_CHAIN_WORDS (Petr Oros) [2130992 2129902]
- ice: introduce common helper for retrieving VSI by vsi_num (Petr Oros) [2130992 2129902]
- ice: use min_t() to make code cleaner in ice_gnss (Petr Oros) [2130992 2129902]
- ice: Add mpls+tso support (Petr Oros) [2130992 2129902]
- ice: switch: convert packet template match code to rodata (Petr Oros) [2130992 2129902]
- ice: switch: use convenience macros to declare dummy pkt templates (Petr Oros) [2130992 2129902]
- ice: switch: use a struct to pass packet template params (Petr Oros) [2130992 2129902]
- ice: switch: unobscurify bitops loop in ice_fill_adv_dummy_packet() (Petr Oros) [2130992 2129902]
- ice: switch: add and use u16[] aliases to ice_adv_lkup_elem::{h, m}_u (Petr Oros) [2130992 2129902]
- ice: Support GTP-U and GTP-C offload in switchdev (Petr Oros) [2130992 2129902]
- ice: Remove useless DMA-32 fallback configuration (Petr Oros) [2130992 2129902]
- ice: switch to napi_build_skb() (Petr Oros) [2130992 2129902]
- redhat: switch to z-stream dist tag and build targets (Jarod Wilson)
- block: avoid sign extend problem with default queue flags mask (Nico Pache) [2135813]
[4.18.0-425.4.1]
- random: allow reseeding DRBG with getrandom (Daiki Ueno) [2121766]
- ID
- ELSA-2023-0101
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2023-0101.html
- Published
-
2023-01-13T00:00:00
(20 months ago) - Modified
-
2023-01-13T00:00:00
(20 months ago) - Rights
- Copyright 2023 Oracle, Inc.
- Other Advisories
-
-
ALSA-2023:0101
-
ALSA-2023:0334
-
ELSA-2022-9852
-
ELSA-2023-0334
-
ELSA-2023-0399
-
ELSA-2023-12116
-
ELSA-2023-12119
-
ELSA-2023-12120
-
ELSA-2023-12121
-
FEDORA-2022-24041b1667
-
FEDORA-2022-b36cd53dca
-
FEDORA-2022-e4460c41bc
-
RHSA-2023:0101
-
RHSA-2023:0114
-
RHSA-2023:0123
-
RHSA-2023:0300
-
RHSA-2023:0334
-
RHSA-2023:0348
-
RHSA-2023:0399
-
RHSA-2023:0400
-
RHSA-2023:0404
-
RLSA-2023:0101
-
RLSA-2023:0334
-
SUSE-SU-2022:3897-1
-
SUSE-SU-2022:3929-1
-
SUSE-SU-2022:3930-1
-
SUSE-SU-2022:3998-1
-
SUSE-SU-2022:4053-1
-
SUSE-SU-2022:4072-1
-
SUSE-SU-2022:4272-1
-
SUSE-SU-2022:4273-1
-
SUSE-SU-2022:4503-1
-
SUSE-SU-2022:4504-1
-
SUSE-SU-2022:4513-1
-
SUSE-SU-2022:4515-1
-
SUSE-SU-2022:4516-1
-
SUSE-SU-2022:4517-1
-
SUSE-SU-2022:4518-1
-
SUSE-SU-2022:4520-1
-
SUSE-SU-2022:4528-1
-
SUSE-SU-2022:4534-1
-
SUSE-SU-2022:4542-1
-
SUSE-SU-2022:4543-1
-
SUSE-SU-2022:4544-1
-
SUSE-SU-2022:4550-1
-
SUSE-SU-2022:4551-1
-
SUSE-SU-2022:4559-1
-
SUSE-SU-2022:4560-1
-
SUSE-SU-2022:4561-1
-
SUSE-SU-2022:4562-1
-
SUSE-SU-2022:4569-1
-
SUSE-SU-2022:4572-1
-
SUSE-SU-2022:4573-1
-
SUSE-SU-2022:4574-1
-
SUSE-SU-2022:4580-1
-
SUSE-SU-2022:4585-1
-
SUSE-SU-2022:4587-1
-
SUSE-SU-2022:4589-1
-
SUSE-SU-2022:4595-1
-
SUSE-SU-2022:4611-1
-
SUSE-SU-2022:4613-1
-
SUSE-SU-2022:4614-1
-
SUSE-SU-2022:4615-1
-
SUSE-SU-2022:4616-1
-
SUSE-SU-2022:4617-1
-
SUSE-SU-2024:2901-1
-
SUSE-SU-2024:2929-1
-
SUSE-SU-2024:2940-1
-
USN-5650-1
-
USN-5859-1
-
USN-5911-1
-
USN-5912-1
-
USN-5917-1
-
USN-5929-1
-
USN-5934-1
-
USN-5935-1
-
USN-5938-1
-
USN-5939-1
-
USN-5940-1
-
USN-5941-1
-
USN-5950-1
-
USN-5951-1
-
USN-5962-1
-
USN-6000-1
-
USN-6089-1
-
USN-6124-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2023-0101 |
|
|
| CVE | CVE-2022-2964 |
|
|
| CVE | CVE-2022-4139 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-8.7 | oraclelinux |
 python3-perf
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-8.7 | oraclelinux |
perf
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-8.7 | oraclelinux |
kernel
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-8.7 | oraclelinux |
kernel-tools
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-8.7 | oraclelinux |
kernel-tools-libs
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-8.7 | oraclelinux |
kernel-tools-libs-devel
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-8.7 | oraclelinux |
kernel-modules
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-8.7 | oraclelinux |
kernel-modules-extra
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-8.7 | oraclelinux |
kernel-headers
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-8.7 | oraclelinux |
kernel-doc
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-8.7 | oraclelinux |
kernel-devel
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-8.7 | oraclelinux |
kernel-debug
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-8.7 | oraclelinux |
kernel-debug-modules
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-8.7 | oraclelinux |
kernel-debug-modules-extra
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-8.7 | oraclelinux |
kernel-debug-devel
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-8.7 | oraclelinux |
kernel-debug-core
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-8.7 | oraclelinux |
kernel-cross-headers
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-8.7 | oraclelinux |
kernel-core
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-8.7 | oraclelinux |
kernel-abi-stablelists
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 | ||
| Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-8.7 | oraclelinux |
bpftool
|
< 4.18.0-425.10.1.el8_7 | oraclelinux-8.7 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |