[ELSA-2024-2758] kernel security and bug fix update
[5.14.0-427.16.1_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-427.16.1_4]
- memory: tegra: Skip SID programming if SID registers aren't set (Robert Foss) [RHEL-32675 RHEL-23656]
- memory: tegra: Add SID override programming for MC clients (Robert Foss) [RHEL-32675 RHEL-23656]
- iommu: Don't reserve 0-length IOVA region (Robert Foss) [RHEL-32675 RHEL-23656]
[5.14.0-427.15.1_4]
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (Michal Schmidt) [RHEL-30110 RHEL-19000]
- ice: avoid the PTP hardware semaphore in gettimex64 path (Michal Schmidt) [RHEL-30110 RHEL-19000]
- ice: add ice_adapter for shared data across PFs on the same NIC (Michal Schmidt) [RHEL-30110 RHEL-19000]
- crypto: iaa - mark tech preview (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix nr_cpus < nr_iaa case (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix comp/decomp delay statistics (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix async_disable descriptor leak (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Remove header table code (Vladis Dronov) [RHEL-32242 RHEL-29685]
- cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Laurent Vivier) [RHEL-32716 RHEL-31381]
- x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30030 RHEL-30031] {CVE-2024-25743 CVE-2024-25742}
[5.14.0-427.14.1_4]
- crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-27009 RHEL-25845]
- crypto: tcrypt - add ffdhe2048(dh) test (Vladis Dronov) [RHEL-27009 RHEL-25845]
- crypto: dh - Make public key test FIPS-only (Vladis Dronov) [RHEL-27009 RHEL-25845]
- printk: allow disabling printk per-console device kthreads at boot (Luis Claudio R. Goncalves) [RHEL-30678 RHEL-17709]
- mm, vmscan: remove ISOLATE_UNMAPPED (Nico Pache) [RHEL-29235 RHEL-28667]
- trace-vmscan-postprocess: sync with tracepoints updates (Nico Pache) [RHEL-29235 RHEL-28667]
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: skip special VMAs in lru_gen_look_around() (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: reclaim offlined memcgs harder (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: try to stop at high watermarks (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: fix underprotected page cache (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: reuse some legacy trace events (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: improve design doc (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: clean up sysfs code (Nico Pache) [RHEL-29235 RHEL-28667]
- cpu/hotplug: Do not bail-out in DYING/STARTING sections (David Arcari) [RHEL-29673 RHEL-19514]
- crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-29079 RHEL-17113] {CVE-2023-6240}
- ID
- ELSA-2024-2758
- Severity
- moderate
- URL
- https://linux.oracle.com/errata/ELSA-2024-2758.html
- Published
-
2024-05-08T00:00:00
(4 months ago) - Modified
-
2024-05-08T00:00:00
(4 months ago) - Rights
- Copyright 2024 Oracle, Inc.
- Other Advisories
-
- ALSA-2024:3138
- ALSA-2024:3618
- ELSA-2024-3138
- ELSA-2024-3618
- RHSA-2024:2950
- RHSA-2024:3138
- RHSA-2024:3618
- RHSA-2024:3627
- RLSA-2024:2758
- RLSA-2024:3138
- RLSA-2024:3618
- SUSE-SU-2024:1320-1
- SUSE-SU-2024:1321-1
- SUSE-SU-2024:1322-1
- SUSE-SU-2024:1466-1
- SUSE-SU-2024:1480-1
- SUSE-SU-2024:1490-1
- SUSE-SU-2024:1641-1
- USN-6921-1
- USN-6921-2
- USN-6923-1
- USN-6923-2
- USN-6927-1
- USN-6952-1
- USN-6952-2
- USN-6956-1
- USN-6957-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2024-2758 | https://linux.oracle.com/errata/ELSA-2024-2758.html | |
CVE | CVE-2024-25742 | https://linux.oracle.com/cve/CVE-2024-25742.html | |
CVE | CVE-2023-6240 | https://linux.oracle.com/cve/CVE-2023-6240.html | |
CVE | CVE-2024-25743 | https://linux.oracle.com/cve/CVE-2024-25743.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/rv?distro=oraclelinux-9.4 | oraclelinux | rv | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/rtla?distro=oraclelinux-9.4 | oraclelinux | rtla | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-9.4 | oraclelinux | python3-perf | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-9.4 | oraclelinux | perf | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/libperf?distro=oraclelinux-9.4 | oraclelinux | libperf | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-9.4 | oraclelinux | kernel | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-9.4 | oraclelinux | kernel-tools | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-9.4 | oraclelinux | kernel-tools-libs | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-9.4 | oraclelinux | kernel-tools-libs-devel | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-9.4 | oraclelinux | kernel-modules | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-9.4 | oraclelinux | kernel-modules-extra | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules-core?distro=oraclelinux-9.4 | oraclelinux | kernel-modules-core | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-9.4 | oraclelinux | kernel-headers | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-9.4 | oraclelinux | kernel-doc | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-9.4 | oraclelinux | kernel-devel | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel-matched?distro=oraclelinux-9.4 | oraclelinux | kernel-devel-matched | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-9.4 | oraclelinux | kernel-debug | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-9.4 | oraclelinux | kernel-debug-modules | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-9.4 | oraclelinux | kernel-debug-modules-extra | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules-core?distro=oraclelinux-9.4 | oraclelinux | kernel-debug-modules-core | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-9.4 | oraclelinux | kernel-debug-devel | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel-matched?distro=oraclelinux-9.4 | oraclelinux | kernel-debug-devel-matched | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-9.4 | oraclelinux | kernel-debug-core | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-9.4 | oraclelinux | kernel-cross-headers | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-9.4 | oraclelinux | kernel-core | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-9.4 | oraclelinux | kernel-abi-stablelists | < 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-9.4 | oraclelinux | bpftool | < 7.3.0-427.16.1.el9_4 | oraclelinux-9.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |