[ELSA-2023-12565] Unbreakable Enterprise kernel security update

Severity Important

Affected Packages 6

CVEs 7

[4.1.12-124.76.2]
- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) [Orabug: 35493606] {CVE-2023-3159}
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Pavel Skripkin) [Orabug: 35448003] {CVE-2022-1679}
- dm ioctl: fix nested locking in table_clear() to remove deadlock concern (Mike Snitzer) [Orabug: 35354880] {CVE-2023-2269}
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (Duoming Zhou) [Orabug: 35181652] {CVE-2023-1118}
- misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (Zheng Wang) [Orabug: 35180779] {CVE-2022-3424}

[4.1.12-124.76.1]
- ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum (Tudor Ambarus) [Orabug: 35457204] {CVE-2023-34256}
- igmp: Add ip_mc_list lock in ip_check_mc_rcu (Liu Jian) [Orabug: 35448048] {CVE-2022-20141}

Package	Affected Version
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6	< 4.1.12-124.76.2.el6uek
pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6	< 4.1.12-124.76.2.el6uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6	< 4.1.12-124.76.2.el6uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6	< 4.1.12-124.76.2.el6uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6	< 4.1.12-124.76.2.el6uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6	< 4.1.12-124.76.2.el6uek

ID

ELSA-2023-12565

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2023-12565.html

Published

2023-07-04T00:00:00
(14 months ago)

Modified

2023-07-04T00:00:00
(14 months ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2023-12565	https://linux.oracle.com/errata/ELSA-2023-12565.html
CVE	CVE-2023-3159	https://linux.oracle.com/cve/CVE-2023-3159.html
CVE	CVE-2023-2269	https://linux.oracle.com/cve/CVE-2023-2269.html
CVE	CVE-2023-1118	https://linux.oracle.com/cve/CVE-2023-1118.html
CVE	CVE-2022-3424	https://linux.oracle.com/cve/CVE-2022-3424.html
CVE	CVE-2023-34256	https://linux.oracle.com/cve/CVE-2023-34256.html
CVE	CVE-2022-1679	https://linux.oracle.com/cve/CVE-2022-1679.html
CVE	CVE-2022-20141	https://linux.oracle.com/cve/CVE-2022-20141.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6	oraclelinux	kernel-uek	< 4.1.12-124.76.2.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6	oraclelinux	kernel-uek-firmware	< 4.1.12-124.76.2.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6	oraclelinux	kernel-uek-doc	< 4.1.12-124.76.2.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6	oraclelinux	kernel-uek-devel	< 4.1.12-124.76.2.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6	oraclelinux	kernel-uek-debug	< 4.1.12-124.76.2.el6uek	oraclelinux-6
Affected	pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6	oraclelinux	kernel-uek-debug-devel	< 4.1.12-124.76.2.el6uek	oraclelinux-6

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date