[ELSA-2024-2758] kernel security and bug fix update
[5.14.0-427.16.1_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-427.16.1_4]
- memory: tegra: Skip SID programming if SID registers aren't set (Robert Foss) [RHEL-32675 RHEL-23656]
- memory: tegra: Add SID override programming for MC clients (Robert Foss) [RHEL-32675 RHEL-23656]
- iommu: Don't reserve 0-length IOVA region (Robert Foss) [RHEL-32675 RHEL-23656]
[5.14.0-427.15.1_4]
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (Michal Schmidt) [RHEL-30110 RHEL-19000]
- ice: avoid the PTP hardware semaphore in gettimex64 path (Michal Schmidt) [RHEL-30110 RHEL-19000]
- ice: add ice_adapter for shared data across PFs on the same NIC (Michal Schmidt) [RHEL-30110 RHEL-19000]
- crypto: iaa - mark tech preview (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix nr_cpus < nr_iaa case (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix comp/decomp delay statistics (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix async_disable descriptor leak (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Remove header table code (Vladis Dronov) [RHEL-32242 RHEL-29685]
- cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Laurent Vivier) [RHEL-32716 RHEL-31381]
- x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30030 RHEL-30031] {CVE-2024-25743 CVE-2024-25742}
[5.14.0-427.14.1_4]
- crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-27009 RHEL-25845]
- crypto: tcrypt - add ffdhe2048(dh) test (Vladis Dronov) [RHEL-27009 RHEL-25845]
- crypto: dh - Make public key test FIPS-only (Vladis Dronov) [RHEL-27009 RHEL-25845]
- printk: allow disabling printk per-console device kthreads at boot (Luis Claudio R. Goncalves) [RHEL-30678 RHEL-17709]
- mm, vmscan: remove ISOLATE_UNMAPPED (Nico Pache) [RHEL-29235 RHEL-28667]
- trace-vmscan-postprocess: sync with tracepoints updates (Nico Pache) [RHEL-29235 RHEL-28667]
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: skip special VMAs in lru_gen_look_around() (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: reclaim offlined memcgs harder (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: try to stop at high watermarks (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: fix underprotected page cache (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: reuse some legacy trace events (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: improve design doc (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: clean up sysfs code (Nico Pache) [RHEL-29235 RHEL-28667]
- cpu/hotplug: Do not bail-out in DYING/STARTING sections (David Arcari) [RHEL-29673 RHEL-19514]
- crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-29079 RHEL-17113] {CVE-2023-6240}
- ID
- ELSA-2024-2758
- Severity
- moderate
- URL
- https://linux.oracle.com/errata/ELSA-2024-2758.html
- Published
-
2024-05-08T00:00:00
(4 months ago) - Modified
-
2024-05-08T00:00:00
(4 months ago) - Rights
- Copyright 2024 Oracle, Inc.
- Other Advisories
-
-
ALSA-2024:3138
-
ALSA-2024:3618
-
ELSA-2024-3138
-
ELSA-2024-3618
-
RHSA-2024:2950
-
RHSA-2024:3138
-
RHSA-2024:3618
-
RHSA-2024:3627
-
RLSA-2024:2758
-
RLSA-2024:3138
-
RLSA-2024:3618
-
SUSE-SU-2024:1320-1
-
SUSE-SU-2024:1321-1
-
SUSE-SU-2024:1322-1
-
SUSE-SU-2024:1466-1
-
SUSE-SU-2024:1480-1
-
SUSE-SU-2024:1490-1
-
SUSE-SU-2024:1641-1
-
USN-6921-1
-
USN-6921-2
-
USN-6923-1
-
USN-6923-2
-
USN-6927-1
-
USN-6952-1
-
USN-6952-2
-
USN-6956-1
-
USN-6957-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2024-2758 |
|
|
| CVE | CVE-2024-25742 |
|
|
| CVE | CVE-2023-6240 |
|
|
| CVE | CVE-2024-25743 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/rv?distro=oraclelinux-9.4 | oraclelinux |
 rv
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/rtla?distro=oraclelinux-9.4 | oraclelinux |
rtla
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-9.4 | oraclelinux |
python3-perf
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-9.4 | oraclelinux |
perf
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/libperf?distro=oraclelinux-9.4 | oraclelinux |
libperf
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-9.4 | oraclelinux |
kernel
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-9.4 | oraclelinux |
kernel-tools
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-9.4 | oraclelinux |
kernel-tools-libs
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-9.4 | oraclelinux |
kernel-tools-libs-devel
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-9.4 | oraclelinux |
kernel-modules
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-9.4 | oraclelinux |
kernel-modules-extra
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules-core?distro=oraclelinux-9.4 | oraclelinux |
kernel-modules-core
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-9.4 | oraclelinux |
kernel-headers
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-9.4 | oraclelinux |
kernel-doc
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-9.4 | oraclelinux |
kernel-devel
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel-matched?distro=oraclelinux-9.4 | oraclelinux |
kernel-devel-matched
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-modules
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-modules-extra
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules-core?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-modules-core
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-devel
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel-matched?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-devel-matched
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-core
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-9.4 | oraclelinux |
kernel-cross-headers
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-9.4 | oraclelinux |
kernel-core
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-9.4 | oraclelinux |
kernel-abi-stablelists
|
< 5.14.0-427.16.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-9.4 | oraclelinux |
bpftool
|
< 7.3.0-427.16.1.el9_4 | oraclelinux-9.4 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |