[ELSA-2024-3306] kernel security and bug fix update
[5.14.0-427.18.1_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-427.18.1_4]
- netfilter: nf_tables: disallow anonymous set with timeout flag (Phil Sutter) [RHEL-32971 RHEL-30082] {CVE-2024-26642}
- netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout (Phil Sutter) [RHEL-33070 RHEL-30078] {CVE-2024-26643}
- netfilter: nft_ct: fix l3num expectations with inet pseudo family (Phil Sutter) [RHEL-32963 RHEL-31345] {CVE-2024-26673}
- netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations (Phil Sutter) [RHEL-32963 RHEL-31345] {CVE-2024-26673}
- arm64: tlb: Fix TLBI RANGE operand (Shaoqin Huang) [RHEL-33412 RHEL-26259]
- arm64/mm: Modify range-based tlbi to decrement scale (Shaoqin Huang) [RHEL-33412 RHEL-26259]
- rh_messages.h: mark mlx5 on Bluefield-3 as unmaintained (Scott Weaver) [RHEL-35878 RHEL-33061]
- net: ip_tunnel: prevent perpetual headroom growth (Guillaume Nault) [RHEL-33934 RHEL-31816] {CVE-2024-26804}
- gitlab-ci: use zstream builder container image (Michael Hofmann)
- selftests: net: gro fwd: update vxlan GRO test expectations (Antoine Tenart) [RHEL-30910 RHEL-19729]
- udp: prevent local UDP tunnel packets from being GROed (Antoine Tenart) [RHEL-30910 RHEL-19729]
- udp: do not transition UDP GRO fraglist partial checksums to unnecessary (Antoine Tenart) [RHEL-30910 RHEL-19729]
- gro: fix ownership transfer (Antoine Tenart) [RHEL-30910 RHEL-19729]
- udp: do not accept non-tunnel GSO skbs landing in a tunnel (Antoine Tenart) [RHEL-30910 RHEL-19729]
- bpf, tcx: Get rid of tcx_link_const (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add additional mprog query test coverage (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Make seen_tc* variable tests more robust (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Test query on empty mprog and pass revision into attach (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Adapt assert_mprog_count to always expect 0 count (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Test bpf_mprog query API via libbpf and raw syscall (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftest/bpf: Add various selftests for program limits (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpf: Refuse unused attributes in bpf_prog_{attach,detach} (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpf: Handle bpf_mprog_query with NULL entry (Felix Maurer) [RHEL-33062 RHEL-28590]
- net: Fix skb consume leak in sch_handle_egress (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add various more tcx test cases (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add test for detachment on empty mprog entry (Felix Maurer) [RHEL-33062 RHEL-28590]
- tcx: Fix splat during dev unregister (Felix Maurer) [RHEL-33062 RHEL-28590]
- tcx: Fix splat in ingress_destroy upon tcx_entry_free (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add mprog API tests for BPF tcx links (Felix Maurer) [RHEL-33062 RHEL-28590]
- selftests/bpf: Add mprog API tests for BPF tcx opts (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpf: Add fd-based tcx multi-prog infra with link support (Felix Maurer) [RHEL-33062 RHEL-28590]
- bpftool: Implement link show support for tcx (Artem Savkov) [RHEL-33062 RHEL-23643]
- bpftool: Extend net dump with tcx progs (Artem Savkov) [RHEL-33062 RHEL-23643]
- bpf: fix precision backtracking instruction iteration (Jay Shin) [RHEL-35230 RHEL-23643]
[5.14.0-427.17.1_4]
- ceph: switch to use cap_delay_lock for the unlink delay list (Jay Shin) [RHEL-33003 RHEL-32997]
- ceph: remove useless session parameter for check_caps() (Xiubo Li) [RHEL-33003 RHEL-19813]
- ceph: flush the dirty caps immediatelly when quota is approaching (Xiubo Li) [RHEL-33003 RHEL-19813]
- vhost: Add smp_rmb() in vhost_enable_notify() (Gavin Shan) [RHEL-31839 RHEL-26104]
- vhost: Add smp_rmb() in vhost_vq_avail_empty() (Gavin Shan) [RHEL-31839 RHEL-26104]
- iommu/vt-d: Support enforce_cache_coherency only for empty domains (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- iommu/vt-d: Add MTL to quirk list to skip TE disabling (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- iommu/vt-d: Make context clearing consistent with context mapping (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- iommu/vt-d: Disable PCI ATS in legacy passthrough mode (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- iommu/vt-d: Omit devTLB invalidation requests when TES=0 (Jerry Snitselaar) [RHEL-32793 RHEL-31083]
- PCI/MSI: Prevent MSI hardware interrupt number truncation (Myron Stowe) [RHEL-33656 RHEL-21453]
- ID
- ELSA-2024-3306
- Severity
- moderate
- URL
- https://linux.oracle.com/errata/ELSA-2024-3306.html
- Published
-
2024-05-23T00:00:00
(3 months ago) - Modified
-
2024-05-23T00:00:00
(3 months ago) - Rights
- Copyright 2024 Oracle, Inc.
- Other Advisories
-
-
ALAS2-2024-2584
-
ALAS2-2024-2615
-
ALSA-2024:3618
-
ALSA-2024:4211
-
DSA-5658-1
-
DSA-5681-1
-
ELSA-2024-12570
-
ELSA-2024-12571
-
ELSA-2024-3618
-
ELSA-2024-4211
-
RHSA-2024:3618
-
RHSA-2024:3627
-
RHSA-2024:4211
-
RHSA-2024:4352
-
RLSA-2024:3618
-
RLSA-2024:4211
-
SSA:2024-157-01
-
SUSE-SU-2024:1322-1
-
SUSE-SU-2024:1454-1
-
SUSE-SU-2024:1465-1
-
SUSE-SU-2024:1466-1
-
SUSE-SU-2024:1480-1
-
SUSE-SU-2024:1489-1
-
SUSE-SU-2024:1490-1
-
SUSE-SU-2024:1641-1
-
SUSE-SU-2024:1643-1
-
SUSE-SU-2024:1644-1
-
SUSE-SU-2024:1646-1
-
SUSE-SU-2024:1647-1
-
SUSE-SU-2024:1648-1
-
SUSE-SU-2024:1659-1
-
SUSE-SU-2024:1663-1
-
SUSE-SU-2024:1870-1
-
SUSE-SU-2024:2008-1
-
SUSE-SU-2024:2010-1
-
SUSE-SU-2024:2019-1
-
SUSE-SU-2024:2135-1
-
SUSE-SU-2024:2183-1
-
SUSE-SU-2024:2185-1
-
SUSE-SU-2024:2190-1
-
SUSE-SU-2024:2203-1
-
SUSE-SU-2024:2973-1
-
USN-6765-1
-
USN-6766-1
-
USN-6766-2
-
USN-6766-3
-
USN-6767-1
-
USN-6767-2
-
USN-6795-1
-
USN-6818-1
-
USN-6818-2
-
USN-6818-3
-
USN-6818-4
-
USN-6819-1
-
USN-6819-2
-
USN-6819-3
-
USN-6819-4
-
USN-6820-1
-
USN-6820-2
-
USN-6821-1
-
USN-6821-2
-
USN-6821-3
-
USN-6821-4
-
USN-6828-1
-
USN-6831-1
-
USN-6865-1
-
USN-6866-1
-
USN-6866-2
-
USN-6866-3
-
USN-6867-1
-
USN-6868-1
-
USN-6868-2
-
USN-6869-1
-
USN-6870-1
-
USN-6870-2
-
USN-6871-1
-
USN-6872-1
-
USN-6872-2
-
USN-6873-1
-
USN-6873-2
-
USN-6874-1
-
USN-6892-1
-
USN-6895-1
-
USN-6895-2
-
USN-6895-3
-
USN-6895-4
-
USN-6896-1
-
USN-6896-2
-
USN-6896-3
-
USN-6896-4
-
USN-6896-5
-
USN-6898-1
-
USN-6898-2
-
USN-6898-3
-
USN-6898-4
-
USN-6900-1
-
USN-6917-1
-
USN-6919-1
-
USN-6927-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2024-3306 |
|
|
| CVE | CVE-2024-26643 |
|
|
| CVE | CVE-2024-26642 |
|
|
| CVE | CVE-2024-26804 |
|
|
| CVE | CVE-2024-26673 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/rv?distro=oraclelinux-9.4 | oraclelinux |
 rv
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/rtla?distro=oraclelinux-9.4 | oraclelinux |
rtla
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-9.4 | oraclelinux |
python3-perf
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-9.4 | oraclelinux |
perf
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/libperf?distro=oraclelinux-9.4 | oraclelinux |
libperf
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-9.4 | oraclelinux |
kernel
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uki-virt?distro=oraclelinux-9.4 | oraclelinux |
kernel-uki-virt
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-9.4 | oraclelinux |
kernel-tools
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-9.4 | oraclelinux |
kernel-tools-libs
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-9.4 | oraclelinux |
kernel-tools-libs-devel
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-9.4 | oraclelinux |
kernel-modules
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-9.4 | oraclelinux |
kernel-modules-extra
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules-core?distro=oraclelinux-9.4 | oraclelinux |
kernel-modules-core
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-9.4 | oraclelinux |
kernel-headers
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-9.4 | oraclelinux |
kernel-doc
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-9.4 | oraclelinux |
kernel-devel
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel-matched?distro=oraclelinux-9.4 | oraclelinux |
kernel-devel-matched
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-uki-virt?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-uki-virt
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-modules
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-modules-extra
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules-core?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-modules-core
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-devel
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel-matched?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-devel-matched
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-core
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-9.4 | oraclelinux |
kernel-cross-headers
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-9.4 | oraclelinux |
kernel-core
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-9.4 | oraclelinux |
kernel-abi-stablelists
|
< 5.14.0-427.18.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-9.4 | oraclelinux |
bpftool
|
< 7.3.0-427.18.1.el9_4 | oraclelinux-9.4 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |