1. Home
  2. Security Advisories
  3. Oracle Linux
  4. ELSA-2023-13039

[ELSA-2023-13039] Unbreakable Enterprise kernel security update

Severity Important
Affected Packages 11
CVEs 1
Info Packages References Vulnerabilities

[4.14.35-2047.532.3]
- Revert 'mmc: core: Capture correct oemid-bits for eMMC cards' (Dominique Martinet)

- media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil)

- perf/core: Fix potential NULL deref (Peter Zijlstra)

[4.14.35-2047.532.2]
- x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl (Andrea Arcangeli) [Orabug: 35905888]
- LTS version: 4.14.328 (Saeed Mirzamohammadi)

- Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz)

- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook)

- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD)

- gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen)

- s390/pci: fix iommu bitmap allocation (Niklas Schnelle)

- perf: Disallow mis-matched inherited group reads (Saeed Mirzamohammadi)

- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu)

- USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoit Monin)

- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda)

- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L)

- Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (Andy Shevchenko)

- mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman)

- sky2: Make sure there is at least one frag_addr available (Kees Cook)

- wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg)

- wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong)

- Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz)

- Bluetooth: Avoid redundant authentication (Ying Hsu)

- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke)

- tracing: relax trace_event_eval_update() execution with cond_resched() (Clement Leger)

- ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal)

- gpio: timberdale: Fix potential deadlock on &tgpio->lock (Chengfeng Ye)

- overlayfs: set ctime when setting mtime and atime (Jeff Layton)

- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit)

- btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik)

- ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren)

- i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt)

- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter)

- net: rfkill: gpio: prevent value glitch during probe (Josua Mayer)

- net: ipv6: fix return value check in esp_remove_trailer (Ma Ke)

- net: ipv4: fix return value check in esp_remove_trailer (Ma Ke)

- xfrm: fix a data-race in xfrm_gen_index() (Saeed Mirzamohammadi)

- netfilter: nft_payload: fix wrong mac header matching (Florian Westphal)

- KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson)

- regmap: fix NULL deref on lookup (Johan Hovold)

- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski)

- Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann)

- Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz)

- Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy)

- Bluetooth: Fix a refcnt underflow problem for hci_conn (Ziyang Xuan)

- Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi)

- Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi)

- usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Canuelo)

- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD))

- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (Krishna Kurapati)

- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta)

- pinctrl: avoid unsafe code pattern in find_pinctrl() (Dmitry Torokhov)

- cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutny)

- Input: xpad - add PXN V900 support (Matthias Berndt)

- Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco)

- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li)

- mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia)

- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl)

- iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell)

- usb: musb: Modify the 'HWVers' register address (Xingxing Luo)

- usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo)

- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (Javier Carrasco)

- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng)

- workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long)

- nfc: nci: assert requested protocol is valid (Jeremy Cline)

- ixgbe: fix crash with empty VF macvlan list (Dan Carpenter)

- drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze)

- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu)

- drm: etvnaviv: fix bad backport leading to warning (Martin Fuzzey)

- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede)

- RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev)

- LTS version: 4.14.327 (Saeed Mirzamohammadi)

- parisc: Restore __ldcw_align for PA-RISC 2.0 processors (John David Anglin)

- RDMA/mlx5: Fix NULL string error (Shay Drory)

- RDMA/cma: Fix truncation compilation warning in make_cma_ports (Leon Romanovsky)

- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (Bartosz Golaszewski)

- IB/mlx4: Fix the size of a buffer in add_port_entries() (Christophe JAILLET)

- cpupower: add Makefile dependencies for install targets (Ivan Babrou)

- sctp: update hb timer immediately after users change hb_interval (Xin Long)

- sctp: update transport state when processing a dupcook packet (Xin Long)

- tcp: fix delayed ACKs for MSS boundary condition (Neal Cardwell)

- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida)

- ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (David Howells)

- modpost: add missing else to the 'of' check (Mauricio Faria de Oliveira)

- scsi: target: core: Fix deadlock due to recursive locking (Junxiao Bi)

- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (Richard Fitzgerald)

- drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() (Alexandra Diupina)

- ubi: Refuse attaching if mtd's erasesize is 0 (Zhihao Cheng)

- wifi: mwifiex: Fix tlv_buf_left calculation (Gustavo A. R. Silva)

- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (Dinghao Liu)

- media: dvb: symbol fixup for dvb_attach() - again (Greg Kroah-Hartman)

- ata: libata: disallow dev-initiated LPM transitions to unsupported states (Niklas Cassel)

- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Budimir Markovic) [Orabug: 35810543] {CVE-2023-4623}
- ext4: fix rec_len verify error (Shida Zhang)

- vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (George Kennedy)

- fs: binfmt_elf_efpic: fix personality for ELF-FDPIC (Greg Ungerer)

- ata: libata-sata: increase PMP SRST timeout to 10s (Matthias Schiffer)

- ata: libata-core: Fix port and device removal (Damien Le Moal)

- ata: libata-core: Fix ata_port_request_pm() locking (Damien Le Moal)

- btrfs: properly report 0 avail for very full file systems (Josef Bacik)

- i2c: i801: unregister tco_pdev in i801_probe() error path (Heiner Kallweit)

- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (Niklas Cassel)

- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (Pan Bian)

- serial: 8250_port: Check IRQ data before use (Andy Shevchenko)

- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (Mika Westerberg)

- watchdog: iTCO_wdt: No need to stop the timer in probe (Mika Westerberg)

- ata: libahci: clear pending interrupt status (Szuying Chen)

- ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones (Hannes Reinecke)

- fbdev/sh7760fb: Depend on FB=y (Thomas Zimmermann)

- ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() (Niklas Cassel)

- ring-buffer: Avoid softlockup in ring_buffer_resize() (Zheng Yejian)

- selftests/ftrace: Correctly enable event in instance-event.tc (Zheng Yejian)

- parisc: irq: Make irq_stack_union static to avoid sparse warning (Helge Deller)

- parisc: iosapic.c: Fix sparse warnings (Helge Deller)

- parisc: sba: Fix compile warning wrt list of SBA devices (Helge Deller)

- xtensa: boot/lib: fix function prototypes (Max Filippov)

- xtensa: boot: don't add include-dirs (Randy Dunlap)

- clk: tegra: fix error return case for recalc_rate (Timo Alho)

- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (Xiaoke Wang)

- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (Christophe JAILLET)

- team: fix null-ptr-deref when team device type is changed (Ziyang Xuan)

- powerpc/perf/hv-24x7: Update domain value check (Kajol Jain)

- ipv4: fix null-deref in ipv4_link_failure (Kyle Zeng)

- NFS/pNFS: Report EINVAL errors from connect() to the server (Trond Myklebust)

[4.14.35-2047.532.1]
- rds/ib: Preserve dest qp num in the connect request (Arumugam Kolappan) [Orabug: 35649849]
- rds: Provision to allow all trace points at module load time (Arumugam Kolappan) [Orabug: 35355776]

Package Affected Version
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 < 4.14.35-2047.532.3.el7uek
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 < 4.14.35-2047.532.3.el7uek
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 < 4.14.35-2047.532.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 < 4.14.35-2047.532.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 < 4.14.35-2047.532.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 < 4.14.35-2047.532.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 < 4.14.35-2047.532.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 < 4.14.35-2047.532.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 < 4.14.35-2047.532.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 < 4.14.35-2047.532.3.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 < 4.14.35-2047.532.3.el7uek
ID
ELSA-2023-13039
Severity
important
URL
https://linux.oracle.com/errata/ELSA-2023-13039.html
Published
2023-12-11T00:00:00
(9 months ago)
Modified
2023-12-11T00:00:00
(9 months ago)
Rights
Copyright 2023 Oracle, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 oraclelinux python-perf < 4.14.35-2047.532.3.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 oraclelinux perf < 4.14.35-2047.532.3.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 oraclelinux kernel-uek < 4.14.35-2047.532.3.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 oraclelinux kernel-uek-tools < 4.14.35-2047.532.3.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 oraclelinux kernel-uek-tools-libs < 4.14.35-2047.532.3.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 oraclelinux kernel-uek-tools-libs-devel < 4.14.35-2047.532.3.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 oraclelinux kernel-uek-headers < 4.14.35-2047.532.3.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 oraclelinux kernel-uek-doc < 4.14.35-2047.532.3.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 oraclelinux kernel-uek-devel < 4.14.35-2047.532.3.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 oraclelinux kernel-uek-debug < 4.14.35-2047.532.3.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 oraclelinux kernel-uek-debug-devel < 4.14.35-2047.532.3.el7uek oraclelinux-7
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date