[ELSA-2024-4349] kernel security and bug fix update
- [5.14.0-427.24.1_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-427.24.1_4]
- net/bnx2x: Prevent access to a freed page in page_pool (Michal Schmidt) [RHEL-43272 RHEL-23117]
- bnx2x: new flag for track HW resource allocation (Michal Schmidt) [RHEL-43272 RHEL-23117]
- bnx2x: fix page fault following EEH recovery (Michal Schmidt) [RHEL-43272 RHEL-23117]
- bnx2x: fix pci device refcount leak in bnx2x_vf_is_pcie_pending() (Michal Schmidt) [RHEL-43272 RHEL-23117]
- bnx2x: fix potential memory leak in bnx2x_tpa_stop() (Michal Schmidt) [RHEL-43272 RHEL-23117]
- xen-netfront: Add missing skb_mark_for_recycle (Vitaly Kuznetsov) [RHEL-37626 RHEL-36573] {CVE-2024-27393}
- tools/power/turbostat: Fix uncore frequency file string (David Arcari) [RHEL-34953 RHEL-29239]
- tools/power turbostat: Expand probe_intel_uncore_frequency() (David Arcari) [RHEL-34953 RHEL-29239]
- net/mlx5e: fix a potential double-free in fs_any_create_groups (Kamal Heib) [RHEL-38972 RHEL-37093] {CVE-2023-52667}
- crypto: qat - Fix typo (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Vladis Dronov) [RHEL-38546 RHEL-35816] {CVE-2024-26974}
- crypto: qat - specify firmware files for 402xx (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - validate slices count returned by FW (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - improve error logging to be consistent across features (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - improve error message in adf_get_arbiter_mapping() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - implement dh fallback for primes > 4K (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - Fix spelling mistake 'Invalide' -> 'Invalid' (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - Avoid -Wflex-array-member-not-at-end warnings (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - implement interface for live migration (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add interface for live migration (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add bank save and restore flows (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - expand CSR operations for QAT GEN4 devices (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - rename get_sla_arr_of_type() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - relocate CSR access code (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - move PFVF compat checker to a function (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - relocate and rename 4xxx PF2VM definitions (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - adf_get_etr_base() helper (Vladis Dronov) [RHEL-38546 RHEL-35816]
- redhat/configs: Add CONFIG_CRYPTO_DEV_QAT_420XX (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - make ring to service map common for QAT GEN4 (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - fix ring to service map for dcc in 420xx (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - fix ring to service map for dcc in 4xxx (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - fix comment structure (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - remove unnecessary description from comment (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - remove double initialization of value (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - avoid division by zero (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - removed unused macro in adf_cnv_dbgfs.c (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - remove unused macros in qat_comp_alg.c (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - uninitialized variable in adf_hb_error_inject_write() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- Documentation: qat: fix auto_reset section (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - resolve race condition during AER recovery (Vladis Dronov) [RHEL-38546 RHEL-35816] {CVE-2024-26974}
- crypto: qat - change SLAs cleanup flow at shutdown (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - improve aer error reset handling (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - limit heartbeat notifications (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add auto reset on error (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add fatal error notification (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - re-enable sriov after pf reset (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - update PFVF protocol for recovery (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - disable arbitration before reset (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add fatal error notify method (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add heartbeat error simulator (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - avoid memcpy() overflow warning (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - fix arbiter mapping generation algorithm for QAT 402xx (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - generate dynamically arbiter mappings (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add support for ring pair level telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add support for device telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add admin msgs for telemetry (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - include pci.h for GET_DEV() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - add support for 420xx devices (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - move fw config related structures (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - relocate portions of qat_4xxx code (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - change signature of uof_get_num_objs() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- crypto: qat - relocate and rename get_service_enabled() (Vladis Dronov) [RHEL-38546 RHEL-35816]
- seq_file: add helper macro to define attribute for rw file (Vladis Dronov) [RHEL-38546 RHEL-35816]
- minmax: Introduce {min,max}_array() (Vladis Dronov) [RHEL-38546 RHEL-35816]
[5.14.0-427.23.1_4]
- net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (Kamal Heib) [RHEL-34050 RHEL-30492] {CVE-2023-52626}
- blk-mq: add helper for checking if one CPU is mapped to specified hctx (Ming Lei) [RHEL-38595 RHEL-36684]
- net/sched: flower: Add lock protection when remove filter handle (Petr Oros) [RHEL-35672 RHEL-33379]
- Bluetooth: Avoid potential use-after-free in hci_error_reset (David Marlin) [RHEL-33913 RHEL-31828] {CVE-2024-26801}
- net: hns3: do not allow call hns3_nic_net_open repeatedly (Jose Ignacio Tornos Martinez) [RHEL-38933 RHEL-37707] {CVE-2021-47400}
- tmpfs: fix Documentation of noswap and huge mount options (Nico Pache) [RHEL-38252 RHEL-31975]
- shmem: add support to ignore swap (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: update documentation (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: skip page split if we're not reclaiming (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: move reclaim check early on writepages() (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: set shmem_writepage() variables early (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- shmem: remove check for folio lock on writepage() (Chris von Recklinghausen) [RHEL-38252 RHEL-31975]
- ice: Add automatic VF reset on Tx MDD events (Petr Oros) [RHEL-39083 RHEL-36317]
- net/ipv6: SKB symmetric hash should incorporate transport ports (Ivan Vecera) [RHEL-37641 RHEL-36218]
- ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [RHEL-37669 RHEL-37511]
- ipv6: sr: fix missing sk_buff release in seg6_input_core (Hangbin Liu) [RHEL-37669 RHEL-37511]
- ipv6: sr: fix invalid unregister error path (Hangbin Liu) [RHEL-37669 RHEL-37511]
- ipv6: sr: fix incorrect unregister order (Hangbin Liu) [RHEL-37669 RHEL-37511]
- ipv6: sr: add missing seg6_local_exit (Hangbin Liu) [RHEL-37669 RHEL-37511]
- block: fix q->blkg_list corruption during disk rebind (Ming Lei) [RHEL-36687 RHEL-33577]
- ice: fix uninitialized dplls mutex usage (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix pin phase adjust updates on PF reset (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix dpll periodic work data updates on PF reset (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix dpll and dpll_pin data access on PF reset (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix dpll input pin phase_adjust value updates (Petr Oros) [RHEL-36716 RHEL-36283]
- ice: fix connection state of DPLL and out pin (Petr Oros) [RHEL-36716 RHEL-36283]
- redhat: remove the merge subtrees script (Derek Barbosa)
- redhat: rhdocs: delete .get_maintainer.conf (Derek Barbosa)
- redhat: rhdocs: Remove the rhdocs directory (Derek Barbosa)
- net/mlx5: Properly link new fs rules into the tree (Kamal Heib) [RHEL-38954 RHEL-37422] {CVE-2024-35960}
- smb: client: fix UAF in smb2_reconnect_server() (Jay Shin) [RHEL-28943 RHEL-40177 RHEL-37273 RHEL-7986] {CVE-2024-35870}
- smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (Jay Shin) [RHEL-28943 RHEL-31245]
- RHEL: enable CONFIG_AMD_ATL (Aristeu Rozanski) [RHEL-36220 RHEL-26704]
- EDAC/amd64: Use new AMD Address Translation Library (Aristeu Rozanski) [RHEL-36220 RHEL-26704]
- RAS: Introduce AMD Address Translation Library (Aristeu Rozanski) [RHEL-36220 RHEL-26704]
- ID
- ELSA-2024-4349
- Severity
- moderate
- URL
- https://linux.oracle.com/errata/ELSA-2024-4349.html
- Published
-
2024-07-08T00:00:00
(2 months ago) - Modified
-
2024-07-08T00:00:00
(2 months ago) - Rights
- Copyright 2024 Oracle, Inc.
- Other Advisories
-
-
ALSA-2024:4211
-
DSA-5681-1
-
ELSA-2024-12606
-
ELSA-2024-4211
-
RHSA-2024:4211
-
RHSA-2024:4352
-
RLSA-2024:4211
-
RLSA-2024:4349
-
SSA:2024-157-01
-
SUSE-SU-2024:1979-1
-
SUSE-SU-2024:1983-1
-
SUSE-SU-2024:2008-1
-
SUSE-SU-2024:2011-1
-
SUSE-SU-2024:2019-1
-
SUSE-SU-2024:2135-1
-
SUSE-SU-2024:2184-1
-
SUSE-SU-2024:2189-1
-
SUSE-SU-2024:2190-1
-
SUSE-SU-2024:2203-1
-
SUSE-SU-2024:2360-1
-
SUSE-SU-2024:2372-1
-
SUSE-SU-2024:2381-1
-
SUSE-SU-2024:2394-1
-
SUSE-SU-2024:2561-1
-
SUSE-SU-2024:2939-1
-
SUSE-SU-2024:2973-1
-
USN-6765-1
-
USN-6774-1
-
USN-6777-1
-
USN-6777-2
-
USN-6777-3
-
USN-6777-4
-
USN-6778-1
-
USN-6818-1
-
USN-6818-2
-
USN-6818-3
-
USN-6818-4
-
USN-6819-1
-
USN-6819-2
-
USN-6819-3
-
USN-6819-4
-
USN-6820-1
-
USN-6820-2
-
USN-6821-1
-
USN-6821-2
-
USN-6821-3
-
USN-6821-4
-
USN-6828-1
-
USN-6831-1
-
USN-6867-1
-
USN-6871-1
-
USN-6892-1
-
USN-6893-1
-
USN-6893-2
-
USN-6893-3
-
USN-6896-1
-
USN-6896-2
-
USN-6896-3
-
USN-6896-4
-
USN-6896-5
-
USN-6898-1
-
USN-6898-2
-
USN-6898-3
-
USN-6898-4
-
USN-6917-1
-
USN-6918-1
-
USN-6919-1
-
USN-6927-1
-
XSA-457
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2024-4349 |
|
|
| CVE | CVE-2024-27393 |
|
|
| CVE | CVE-2024-35870 |
|
|
| CVE | CVE-2023-52626 |
|
|
| CVE | CVE-2024-26801 |
|
|
| CVE | CVE-2024-26974 |
|
|
| CVE | CVE-2024-35960 |
|
|
| CVE | CVE-2023-52667 |
|
|
| CVE | CVE-2021-47400 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/rv?distro=oraclelinux-9.4 | oraclelinux |
 rv
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/rtla?distro=oraclelinux-9.4 | oraclelinux |
rtla
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-9.4 | oraclelinux |
python3-perf
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-9.4 | oraclelinux |
perf
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/libperf?distro=oraclelinux-9.4 | oraclelinux |
libperf
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-9.4 | oraclelinux |
kernel
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uki-virt?distro=oraclelinux-9.4 | oraclelinux |
kernel-uki-virt
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-9.4 | oraclelinux |
kernel-tools
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-9.4 | oraclelinux |
kernel-tools-libs
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-9.4 | oraclelinux |
kernel-tools-libs-devel
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-9.4 | oraclelinux |
kernel-modules
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-9.4 | oraclelinux |
kernel-modules-extra
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules-core?distro=oraclelinux-9.4 | oraclelinux |
kernel-modules-core
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-9.4 | oraclelinux |
kernel-headers
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-9.4 | oraclelinux |
kernel-doc
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-9.4 | oraclelinux |
kernel-devel
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel-matched?distro=oraclelinux-9.4 | oraclelinux |
kernel-devel-matched
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-uki-virt?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-uki-virt
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-modules
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-modules-extra
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules-core?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-modules-core
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-devel
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel-matched?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-devel-matched
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-9.4 | oraclelinux |
kernel-debug-core
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-9.4 | oraclelinux |
kernel-cross-headers
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-9.4 | oraclelinux |
kernel-core
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-9.4 | oraclelinux |
kernel-abi-stablelists
|
< 5.14.0-427.24.1.el9_4 | oraclelinux-9.4 | ||
| Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-9.4 | oraclelinux |
bpftool
|
< 7.3.0-427.24.1.el9_4 | oraclelinux-9.4 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |