[ELSA-2023-0334] kernel security and bug fix update
[5.14.0-162.12.1_1.OL9]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
[5.14.0-162.12.1_1]
- x86/fpu: Drop fpregs lock before inheriting FPU permissions (Valentin Schneider) [2154407 2153181]
- hv_netvsc: Fix race between VF offering and VF association message from host (Mohammed Gamal) [2151605 2149277]
- PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (Emanuele Giuseppe Esposito) [2150910 2092794]
[5.14.0-162.11.1_1]
- drm/i915: fix TLB invalidation for Gen12 video and compute engines (Wander Lairson Costa) [2148152 2148153] {CVE-2022-4139}
- memcg: prohibit unconditional exceeding the limit of dying tasks (Chris von Recklinghausen) [2143976 2120352]
- mm, oom: do not trigger out_of_memory from the #PF (Waiman Long) [2143976 2139747]
- mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks (Chris von Recklinghausen) [2143976 2120352]
- pipe: Fix missing lock in pipe_resize_ring() (Ian Kent) [2141631 2141632] {CVE-2022-2959}
- net: usb: ax88179_178a: Fix packet receiving (Jose Ignacio Tornos Martinez) [2142722 2142723] {CVE-2022-2964}
- net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (Jose Ignacio Tornos Martinez) [2142722 2142723] {CVE-2022-2964}
- NFSD: Protect against send buffer overflow in NFSv3 READ (Scott Mayhew) [2141769 2141770] {CVE-2022-43945}
- NFSD: Protect against send buffer overflow in NFSv2 READ (Scott Mayhew) [2141769 2141770] {CVE-2022-43945}
- NFSD: Protect against send buffer overflow in NFSv3 XXXXXXX (Scott Mayhew) [2141769 2141770] {CVE-2022-43945}
- NFSD: Protect against send buffer overflow in NFSv2 XXXXXXX (Scott Mayhew) [2141769 2141770] {CVE-2022-43945}
- SUNRPC: Fix svcxdr_init_encode's buflen calculation (Scott Mayhew) [2141769 2141770] {CVE-2022-43945}
- SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation (Scott Mayhew) [2141769 2141770] {CVE-2022-43945}
[5.14.0-162.10.1_1]
- ice: Fix crash by keep old cfg when update TCs more than queues (Petr Oros) [2132070 2131953]
- ice: Fix tunnel checksum offload with fragmented traffic (Petr Oros) [2132070 2131953]
- ice: handle E822 generic device ID in PLDM header (Petr Oros) [2132070 2131953]
- ice: ethtool: Prohibit improper channel config for DCB (Petr Oros) [2132070 2131953]
- ice: ethtool: advertise 1000M speeds properly (Petr Oros) [2132070 2131953]
- ice: Fix switchdev rules book keeping (Petr Oros) [2132070 2131953]
- ice: fix access-beyond-end in the switch code (Petr Oros) [2132070 2131953]
- eth: ice: silence the GCC 12 array-bounds warning (Petr Oros) [2132070 2131953]
- ice: Expose RSS indirection tables for queue groups via ethtool (Petr Oros) [2132070 2131953]
- Revert 'ice: Hide bus-info in ethtool for PRs in switchdev mode' (Petr Oros) [2132070 2131953]
- ice: remove period on argument description in ice_for_each_vf (Petr Oros) [2132070 2131953]
- ice: add a function comment for ice_cfg_mac_antispoof (Petr Oros) [2132070 2131953]
- ice: fix wording in comment for ice_reset_vf (Petr Oros) [2132070 2131953]
- ice: remove return value comment for ice_reset_all_vfs (Petr Oros) [2132070 2131953]
- ice: always check VF VSI pointer values (Petr Oros) [2132070 2131953]
- ice: add newline to dev_dbg in ice_vf_fdir_dump_info (Petr Oros) [2132070 2131953]
- ice: get switch id on switchdev devices (Petr Oros) [2132070 2131953]
- ice: return ENOSPC when exceeding ICE_MAX_CHAIN_WORDS (Petr Oros) [2132070 2131953]
- ice: introduce common helper for retrieving VSI by vsi_num (Petr Oros) [2132070 2131953]
- ice: use min_t() to make code cleaner in ice_gnss (Petr Oros) [2132070 2131953]
- ice, xsk: Avoid refilling single Rx descriptors (Petr Oros) [2132070 2131953]
- ice, xsk: Diversify return values from xsk_wakeup call paths (Petr Oros) [2132070 2131953]
- ice, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full (Petr Oros) [2132070 2131953]
- ice, xsk: Decorate ICE_XDP_REDIR with likely() (Petr Oros) [2132070 2131953]
- ice: Add mpls+tso support (Petr Oros) [2132070 2131953]
- ice: switch: convert packet template match code to rodata (Petr Oros) [2132070 2131953]
- ice: switch: use convenience macros to declare dummy pkt templates (Petr Oros) [2132070 2131953]
- ice: switch: use a struct to pass packet template params (Petr Oros) [2132070 2131953]
- ice: switch: unobscurify bitops loop in ice_fill_adv_dummy_packet() (Petr Oros) [2132070 2131953]
- ice: switch: add and use u16[] aliases to ice_adv_lkup_elem::{h, m}_u (Petr Oros) [2132070 2131953]
- ice: Support GTP-U and GTP-C offload in switchdev (Petr Oros) [2132070 2131953]
- Documentation/admin-guide: Document nomodeset kernel parameter (Karol Herbst) [2145217 2143841]
- drm: Move nomodeset kernel parameter to the DRM subsystem (Karol Herbst) [2145217 2143841]
- selftests/bpf: Limit unroll_count for pyperf600 test (Frantisek Hrbata) [2144902 2139836]
- nvme-fc: fix the fc_appid_store return value (Ewan D. Milne) [2136914 2113035]
- ACPI: processor idle: Practically limit 'Dummy wait' workaround to old Intel systems (Wei Huang) [2142168 2130652]
- CI: Drop c9s CI parts (Veronika Kabatova)
- CI: Use GA builder container (Veronika Kabatova)
[5.14.0-162.9.1_1]
- CI: Remove deprecated variable (Veronika Kabatova)
- drm: fix duplicated code in drm_connector_register (Karol Herbst) [2134619 2132575]
- drm/mgag200: Fix PLL setup for G200_SE_A rev >=4 (Jocelyn Falempe) [2140153 1960467]
- scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels (Tomas Henzl) [2139213 2136223]
[5.14.0-162.8.1_1]
- redhat: fix the branch we pull from the documentation tree (Herton R. Krzesinski)
- nvme-tcp: handle number of queue changes (John Meneghini) [2131359 2112025]
- nvmet: expose max queues to configfs (John Meneghini) [2131359 2112025]
- nvme-fabrics: parse nvme connect Linux error codes (John Meneghini) [2131359 2112025]
- vfio/type1: Unpin zero pages (Alex Williamson) [2128514 2121855]
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (Oleg Nesterov) [2127881 2121271] {CVE-2022-30594}
[5.14.0-162.7.1_1]
- i2c: ismt: prevent memory corruption in ismt_access() (David Arcari) [2127532 2125582] {CVE-2022-3077}
- x86/fpu: Prevent FPU state corruption (Oleksandr Natalenko) [2134588 2131667]
- iavf: Fix reset error handling (Petr Oros) [2127884 2119712]
- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2127884 2119712]
- iavf: Fix missing state logs (Petr Oros) [2127884 2119712]
- ID
- ELSA-2023-0334
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2023-0334.html
- Published
-
2023-01-25T00:00:00
(20 months ago) - Modified
-
2023-01-25T00:00:00
(20 months ago) - Rights
- Copyright 2023 Oracle, Inc.
- Other Advisories
-
- ALAS-2022-1591
- ALAS2-2022-1798
- ALSA-2022:7318
- ALSA-2023:0101
- ALSA-2023:0334
- ALSA-2023:0832
- ALSA-2023:2951
- DSA-5173-1
- DSA-5730-1
- ELSA-2022-7318
- ELSA-2022-9852
- ELSA-2023-0101
- ELSA-2023-0399
- ELSA-2023-0832
- ELSA-2023-12116
- ELSA-2023-12119
- ELSA-2023-12120
- ELSA-2023-12121
- ELSA-2023-2951
- FEDORA-2022-24041b1667
- FEDORA-2022-b36cd53dca
- FEDORA-2022-e4460c41bc
- MS:CVE-2022-2959
- MS:CVE-2022-30594
- MS:CVE-2022-3077
- MS:CVE-2022-43945
- openSUSE-SU-2022:2177-1
- RHSA-2022:7318
- RHSA-2022:7319
- RHSA-2023:0101
- RHSA-2023:0114
- RHSA-2023:0123
- RHSA-2023:0300
- RHSA-2023:0334
- RHSA-2023:0348
- RHSA-2023:0399
- RHSA-2023:0400
- RHSA-2023:0404
- RHSA-2023:0832
- RHSA-2023:0839
- RHSA-2023:0854
- RHSA-2023:2736
- RHSA-2023:2951
- RLSA-2023:0101
- RLSA-2023:0334
- RLSA-2023:0832
- SSA:2022-333-01
- SUSE-SU-2022:1939-1
- SUSE-SU-2022:1940-1
- SUSE-SU-2022:1942-1
- SUSE-SU-2022:1945-1
- SUSE-SU-2022:1947-1
- SUSE-SU-2022:1948-1
- SUSE-SU-2022:1949-1
- SUSE-SU-2022:1955-1
- SUSE-SU-2022:1974-1
- SUSE-SU-2022:1988-1
- SUSE-SU-2022:2000-1
- SUSE-SU-2022:2006-1
- SUSE-SU-2022:2010-1
- SUSE-SU-2022:2077-1
- SUSE-SU-2022:2078-1
- SUSE-SU-2022:2079-1
- SUSE-SU-2022:2080-1
- SUSE-SU-2022:2082-1
- SUSE-SU-2022:2083-1
- SUSE-SU-2022:2103-1
- SUSE-SU-2022:2104-1
- SUSE-SU-2022:2111-1
- SUSE-SU-2022:2116-1
- SUSE-SU-2022:2177-1
- SUSE-SU-2022:2268-1
- SUSE-SU-2022:2520-1
- SUSE-SU-2022:2615-1
- SUSE-SU-2022:2629-1
- SUSE-SU-2022:3288-1
- SUSE-SU-2022:3293-1
- SUSE-SU-2022:3897-1
- SUSE-SU-2022:3929-1
- SUSE-SU-2022:3930-1
- SUSE-SU-2022:3998-1
- SUSE-SU-2022:4053-1
- SUSE-SU-2022:4072-1
- SUSE-SU-2022:4113-1
- SUSE-SU-2022:4272-1
- SUSE-SU-2022:4273-1
- SUSE-SU-2022:4503-1
- SUSE-SU-2022:4504-1
- SUSE-SU-2022:4505-1
- SUSE-SU-2022:4506-1
- SUSE-SU-2022:4510-1
- SUSE-SU-2022:4513-1
- SUSE-SU-2022:4515-1
- SUSE-SU-2022:4516-1
- SUSE-SU-2022:4517-1
- SUSE-SU-2022:4518-1
- SUSE-SU-2022:4520-1
- SUSE-SU-2022:4527-1
- SUSE-SU-2022:4528-1
- SUSE-SU-2022:4533-1
- SUSE-SU-2022:4534-1
- SUSE-SU-2022:4539-1
- SUSE-SU-2022:4542-1
- SUSE-SU-2022:4543-1
- SUSE-SU-2022:4544-1
- SUSE-SU-2022:4545-1
- SUSE-SU-2022:4546-1
- SUSE-SU-2022:4550-1
- SUSE-SU-2022:4551-1
- SUSE-SU-2022:4559-1
- SUSE-SU-2022:4560-1
- SUSE-SU-2022:4561-1
- SUSE-SU-2022:4562-1
- SUSE-SU-2022:4566-1
- SUSE-SU-2022:4569-1
- SUSE-SU-2022:4572-1
- SUSE-SU-2022:4573-1
- SUSE-SU-2022:4574-1
- SUSE-SU-2022:4577-1
- SUSE-SU-2022:4580-1
- SUSE-SU-2022:4585-1
- SUSE-SU-2022:4587-1
- SUSE-SU-2022:4589-1
- SUSE-SU-2022:4595-1
- SUSE-SU-2022:4611-1
- SUSE-SU-2022:4613-1
- SUSE-SU-2022:4614-1
- SUSE-SU-2022:4615-1
- SUSE-SU-2022:4616-1
- SUSE-SU-2022:4617-1
- SUSE-SU-2023:2146-1
- SUSE-SU-2023:2148-1
- SUSE-SU-2023:2151-1
- SUSE-SU-2023:2162-1
- SUSE-SU-2023:2163-1
- SUSE-SU-2023:2232-1
- SUSE-SU-2024:2901-1
- SUSE-SU-2024:2929-1
- SUSE-SU-2024:2940-1
- USN-5442-1
- USN-5442-2
- USN-5443-1
- USN-5443-2
- USN-5465-1
- USN-5594-1
- USN-5599-1
- USN-5602-1
- USN-5616-1
- USN-5623-1
- USN-5650-1
- USN-5754-1
- USN-5754-2
- USN-5755-1
- USN-5755-2
- USN-5773-1
- USN-5779-1
- USN-5789-1
- USN-5794-1
- USN-5802-1
- USN-5804-1
- USN-5804-2
- USN-5808-1
- USN-5813-1
- USN-5829-1
- USN-5830-1
- USN-5859-1
- USN-5861-1
- USN-5863-1
- USN-5875-1
- USN-5911-1
- USN-5912-1
- USN-5914-1
- USN-5917-1
- USN-5918-1
- USN-5929-1
- USN-5934-1
- USN-5935-1
- USN-5938-1
- USN-5939-1
- USN-5940-1
- USN-5941-1
- USN-5950-1
- USN-5951-1
- USN-5962-1
- USN-6000-1
- USN-6089-1
- USN-6124-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2023-0334 | https://linux.oracle.com/errata/ELSA-2023-0334.html | |
CVE | CVE-2022-4139 | https://linux.oracle.com/cve/CVE-2022-4139.html | |
CVE | CVE-2022-3077 | https://linux.oracle.com/cve/CVE-2022-3077.html | |
CVE | CVE-2022-2964 | https://linux.oracle.com/cve/CVE-2022-2964.html | |
CVE | CVE-2022-43945 | https://linux.oracle.com/cve/CVE-2022-43945.html | |
CVE | CVE-2022-2959 | https://linux.oracle.com/cve/CVE-2022-2959.html | |
CVE | CVE-2022-30594 | https://linux.oracle.com/cve/CVE-2022-30594.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-9.1 | oraclelinux | python3-perf | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-9.1 | oraclelinux | perf | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-9.1 | oraclelinux | kernel | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-9.1 | oraclelinux | kernel-tools | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-9.1 | oraclelinux | kernel-tools-libs | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-9.1 | oraclelinux | kernel-tools-libs-devel | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-9.1 | oraclelinux | kernel-modules | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-9.1 | oraclelinux | kernel-modules-extra | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-9.1 | oraclelinux | kernel-headers | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-9.1 | oraclelinux | kernel-doc | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-9.1 | oraclelinux | kernel-devel | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel-matched?distro=oraclelinux-9.1 | oraclelinux | kernel-devel-matched | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-9.1 | oraclelinux | kernel-debug | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-9.1 | oraclelinux | kernel-debug-modules | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-9.1 | oraclelinux | kernel-debug-modules-extra | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-9.1 | oraclelinux | kernel-debug-devel | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel-matched?distro=oraclelinux-9.1 | oraclelinux | kernel-debug-devel-matched | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-9.1 | oraclelinux | kernel-debug-core | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-9.1 | oraclelinux | kernel-cross-headers | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-9.1 | oraclelinux | kernel-core | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-9.1 | oraclelinux | kernel-abi-stablelists | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-9.1 | oraclelinux | bpftool | < 5.14.0-162.12.1.el9_1 | oraclelinux-9.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |