[ELSA-2023-1470] kernel security, bug fix, and enhancement update

Severity Important

Affected Packages 22

CVEs 3

[5.14.0-162.22.2_1.OL9]
Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]

[5.14.0-162.22.2_1]
- tun: avoid double free in tun_free_netdev (Jon Maloy) [2156373] {CVE-2022-4744}

[5.14.0-162.22.1_1]
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (Jaroslav Kysela) [2163390 2125540] {CVE-2023-0266}

[5.14.0-162.21.1_1]
- s390/boot: add secure boot trailer (Tobias Huschle) [2151528 2141966]
- s390/kexec: fix ipl report address for kdump (Tobias Huschle) [2166903 2161327]
- s390/qeth: cache link_info for ethtool (Tobias Huschle) [2166304 2110436]
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (Tobias Huschle) [2127880 2121088]

[5.14.0-162.20.1_1]
- cgroup/cpuset: remove unreachable code (Waiman Long) [2161105 1946801]
- kselftest/cgroup: Add cpuset v2 partition root state test (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Update description of cpuset.cpus.partition in cgroup-v2.rst (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Make partition invalid if cpumask change violates exclusivity rule (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Relocate a code block in validate_change() (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Show invalid partition reason string (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Add a new isolated cpus.partition type (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Relax constraints to partition & cpus changes (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Allow no-task partition to have empty cpuset.cpus.effective (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Miscellaneous cleanups & add helper functions (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Waiman Long) [2161105 1946801]
- cpuset: convert 'allowed' in __cpuset_node_allowed() to be boolean (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) [2161105 1946801]
- cgroup: cleanup comments (Waiman Long) [2161105 1946801]
- act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti) [2164655 2150278] {CVE-2022-4269}
- net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti) [2164655 2150278] {CVE-2022-4269}
- scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (Emanuele Giuseppe Esposito) [2170227 2150660]

[5.14.0-162.19.1_1]
- sched/core: Use kfree_rcu() in do_set_cpus_allowed() (Waiman Long) [2160614 2143847]
- sched/core: Fix use-after-free bug in dup_user_cpus_ptr() (Waiman Long) [2160614 2143847]
- sched: Always clear user_cpus_ptr in do_set_cpus_allowed() (Waiman Long) [2143766 2107354]
- sched: Enforce user requested affinity (Waiman Long) [2143766 2107354]
- sched: Always preserve the user requested cpumask (Waiman Long) [2143766 2107354]
- sched: Introduce affinity_context (Waiman Long) [2143766 2107354]
- sched: Add __releases annotations to affine_move_task() (Waiman Long) [2143766 2107354]
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (Dean Nelson) [2168382 2122851]
- x86/fpu: Exclude dynamic states from init_fpstate (Dean Nelson) [2168382 2122851]
- x86/fpu: Fix the init_fpstate size check with the actual size (Dean Nelson) [2168382 2122851]
- x86/fpu: Configure init_fpstate attributes orderly (Dean Nelson) [2168382 2122851]
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (Dean Nelson) [2168382 2122851]

Package	Affected Version
pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/perf?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-devel-matched?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-debug-devel-matched?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1
pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-9.1	< 5.14.0-162.22.2.el9_1

ID

ELSA-2023-1470

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2023-1470.html

Published

2023-03-28T00:00:00
(17 months ago)

Modified

2023-03-28T00:00:00
(17 months ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2023-1470	https://linux.oracle.com/errata/ELSA-2023-1470.html
CVE	CVE-2022-4269	https://linux.oracle.com/cve/CVE-2022-4269.html
CVE	CVE-2022-4744	https://linux.oracle.com/cve/CVE-2022-4744.html
CVE	CVE-2023-0266	https://linux.oracle.com/cve/CVE-2023-0266.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-9.1	oraclelinux	python3-perf	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/perf?distro=oraclelinux-9.1	oraclelinux	perf	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel?distro=oraclelinux-9.1	oraclelinux	kernel	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-9.1	oraclelinux	kernel-tools	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-9.1	oraclelinux	kernel-tools-libs	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-9.1	oraclelinux	kernel-tools-libs-devel	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-9.1	oraclelinux	kernel-modules	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-9.1	oraclelinux	kernel-modules-extra	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-9.1	oraclelinux	kernel-headers	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-9.1	oraclelinux	kernel-doc	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-9.1	oraclelinux	kernel-devel	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-devel-matched?distro=oraclelinux-9.1	oraclelinux	kernel-devel-matched	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-9.1	oraclelinux	kernel-debug	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-9.1	oraclelinux	kernel-debug-modules	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-9.1	oraclelinux	kernel-debug-modules-extra	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-9.1	oraclelinux	kernel-debug-devel	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-debug-devel-matched?distro=oraclelinux-9.1	oraclelinux	kernel-debug-devel-matched	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-9.1	oraclelinux	kernel-debug-core	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-9.1	oraclelinux	kernel-cross-headers	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-9.1	oraclelinux	kernel-core	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-9.1	oraclelinux	kernel-abi-stablelists	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1
Affected	pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-9.1	oraclelinux	bpftool	< 5.14.0-162.22.2.el9_1	oraclelinux-9.1

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date