ELSA-2023-13049

ULN >
Oracle Linux Errata repository >
ELSA-2023-13049

ELSA-2023-13049 - Unbreakable Enterprise kernel-container security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2023-12-14

Description

[5.4.17-2136.326.6.el8]
- Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (Junxiao Bi) [Orabug: 35914789]
- md: bypass block throttle for superblock update (Junxiao Bi) [Orabug: 35914789]

[5.4.17-2136.326.5.el8]
- Revert 'tracing: Increase trace array ref count on enable and filter files' (Sherry Yang) [Orabug: 36059945]
- xen/blkback: Force flush and secure discard support flags (Boris Ostrovsky) [Orabug: 36050498]
- Revert 'PCI: acpiphp: Reassign resources on bridge if necessary' (Dongli Zhang) [Orabug: 36049644]
- Revert 'PCI: acpiphp: Use pci_assign_unassigned_bridge_resources() only for non-root bus' (Dongli Zhang) [Orabug: 36049644]

[5.4.17-2136.326.4.el8]
- Revert 'mmc: core: Capture correct oemid-bits for eMMC cards' (Dominique Martinet)
- media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil)
- perf/core: Fix potential NULL deref (Peter Zijlstra)
- i2c: aspeed: Fix i2c bus hang in slave read (Jian Zhang)
- virtio-mmio: fix memory leak of vm_dev (Maximilian Heyne)
- net/rds: Use proper peer port number even when not connected (Greg Jumper) [Orabug: 35065319]
- Use inflight IO in io acct of high latency devices (Gulam Mohamed) [Orabug: 35475691]
- nvmet-tcp: Fix a possible UAF in queue intialization setup (Sagi Grimberg) [Orabug: 36028026] {CVE-2023-5178}

[5.4.17-2136.326.3.el8]
- LTS tag: v5.4.259 (Sherry Yang)
- xfrm6: fix inet6_dev refcount underflow problem (Zhang Changzhong)
- Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook)
- Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD)
- phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins (Tony Lindgren)
- phy: mapphone-mdm6600: Fix runtime PM for remove (Tony Lindgren)
- phy: mapphone-mdm6600: Fix runtime disable on probe (Tony Lindgren)
- ASoC: pxa: fix a memory leak in probe() (Dan Carpenter)
- gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen)
- s390/pci: fix iommu bitmap allocation (Niklas Schnelle)
- perf: Disallow mis-matched inherited group reads (Peter Zijlstra)
- USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu)
- USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoit Monin)
- USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda)
- ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L)
- Revert 'pinctrl: avoid unsafe code pattern in find_pinctrl()' (Andy Shevchenko)
- mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman)
- mmc: core: sdio: hold retuning if sdio in 1-bit mode (Haibo Chen)
- mtd: physmap-core: Restore map_rom fallback (Geert Uytterhoeven)
- mtd: spinand: micron: correct bitmask for ecc status (Martin Kurbanov)
- mtd: rawnand: qcom: Unmap the right resource upon probe failure (Bibek Kumar Patro)
- Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz)
- HID: multitouch: Add required quirk for Synaptics 0xcd7e device (Rahul Rameshbabu)
- btrfs: fix some -Wmaybe-uninitialized warnings in ioctl.c (Josef Bacik)
- drm: panel-orientation-quirks: Add quirk for One Mix 2S (Kai Uwe Broulik)
- sky2: Make sure there is at least one frag_addr available (Kees Cook)
- regulator/core: Revert 'fix kobject release warning and memory leak in regulator_register()' (Michal Miroslaw)
- wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg)
- wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong)
- Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz)
- Bluetooth: Avoid redundant authentication (Ying Hsu)
- HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke)
- tracing: relax trace_event_eval_update() execution with cond_resched() (Clement Leger)
- ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal)
- gpio: timberdale: Fix potential deadlock on &tgpio->lock (Chengfeng Ye)
- overlayfs: set ctime when setting mtime and atime (Jeff Layton)
- i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit)
- btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik)
- btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 (Filipe Manana)
- ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren)
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CBA (Hans de Goede)
- ACPI: resource: Skip IRQ override on ASUS ExpertBook B1502CBA (Paul Menzel)
- ACPI: resource: Skip IRQ override on Asus Expertbook B2402CBA (Tamim Khan)
- ACPI: resource: Add Asus ExpertBook B2502 to Asus quirks (Hans de Goede)
- ACPI: resource: Skip IRQ override on Asus Vivobook S5602ZA (Tamim Khan)
- ACPI: resource: Add ASUS model S5402ZA to quirks (Kellen Renshaw)
- ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (Tamim Khan)
- ACPI: resources: Add DMI-based legacy IRQ override quirk (Hui Wang)
- ACPI: Drop acpi_dev_irqresource_disabled() (John Garry)
- resource: Add irqresource_disabled() (John Garry)
- net: pktgen: Fix interface flags printing (Gavrilov Ilia)
- netfilter: nft_set_rbtree: .deactivate fails if element has expired (Pablo Neira Ayuso)
- neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section (Geert Uytterhoeven)
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Pedro Tammela)
- i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt)
- net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter)
- ipv4: fib: annotate races around nh->nh_saddr_genid and nh->nh_saddr (Eric Dumazet)
- tun: prevent negative ifindex (Eric Dumazet)
- tcp: tsq: relax tcp_small_queue_check() when rtx queue contains a single skb (Eric Dumazet)
- tcp: fix excessive TLP and RACK timeouts from HZ rounding (Neal Cardwell)
- net: rfkill: gpio: prevent value glitch during probe (Josua Mayer)
- net: ipv6: fix return value check in esp_remove_trailer (Ma Ke)
- net: ipv4: fix return value check in esp_remove_trailer (Ma Ke)
- xfrm: interface: use DEV_STATS_INC() (Eric Dumazet)
- xfrm: fix a data-race in xfrm_gen_index() (Eric Dumazet)
- qed: fix LL2 RX buffer allocation (Manish Chopra)
- netfilter: nft_payload: fix wrong mac header matching (Florian Westphal)
- KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson)
- regmap: fix NULL deref on lookup (Johan Hovold)
- nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski)
- ice: fix over-shifted variable (Jesse Brandeburg)
- Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann)
- Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz)
- Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy)
- Bluetooth: Fix a refcnt underflow problem for hci_conn (Ziyang Xuan)
- Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi) {CVE-2020-26555}
- Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi) {CVE-2020-26555}
- usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Canuelo)
- Documentation: sysctl: align cells in second content column (Bagas Sanjaya)
- dev_forward_skb: do not scrub skb mark within the same name space (Nicolas Dichtel)
- ravb: Fix use-after-free issue in ravb_tx_timeout_work() (Yoshihiro Shimoda)
- powerpc/64e: Fix wrong test in __ptep_test_and_clear_young() (Christophe Leroy)
- powerpc/8xx: Fix pte_access_permitted() for PAGE_NONE (Christophe Leroy)
- dmaengine: mediatek: Fix deadlock caused by synchronize_irq() (Duoming Zhou)
- x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD))
- usb: gadget: ncm: Handle decoding of multiple NTB's in unwrap call (Krishna Kurapati)
- usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta)
- cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutny)
- Input: xpad - add PXN V900 support (Matthias Berndt)
- Input: psmouse - fix fast_reconnect function for PS/2 mode (Jeffery Miller)
- Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco)
- ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li)
- libceph: use kernel_connect() (Jordan Rife)
- mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia)
- iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl)
- iio: pressure: dps310: Adjust Timeout Settings (Lakshmi Yadlapati)
- iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell)
- usb: musb: Modify the 'HWVers' register address (Xingxing Luo)
- usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo)
- usb: dwc3: Soft reset phy on probe for host (Thinh Nguyen)
- net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (Javier Carrasco)
- usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng)
- dmaengine: stm32-mdma: abort resume if no ongoing transfer (Amelie Delaunay)
- workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long)
- nfc: nci: assert requested protocol is valid (Jeremy Cline)
- net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (Eric Dumazet)
- ixgbe: fix crash with empty VF macvlan list (Dan Carpenter)
- drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze)
- xen-netback: use default TX queue size for vifs (Roger Pau Monne)
- mlxsw: fix mlxsw_sp2_nve_vxlan_learning_set() return type (Dan Carpenter)
- ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu)
- ravb: Fix up dma_free_coherent() call in ravb_remove() (Yoshihiro Shimoda)
- drm/msm/dsi: skip the wait for video mode done if not applicable (Abhinav Kumar)
- drm: etvnaviv: fix bad backport leading to warning (Martin Fuzzey)
- quota: Fix slow quotaoff (Jan Kara)
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede)
- pwm: hibvt: Explicitly set .polarity in .get_state() (Uwe Kleine-Konig)
- lib/test_meminit: fix off-by-one error in test_pages() (Greg Kroah-Hartman)
- RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev)
- LTS tag: v5.4.258 (Sherry Yang)
- xen/events: replace evtchn_rwlock with RCU (Juergen Gross) {CVE-2023-34324}
- ima: rework CONFIG_IMA dependency block (Arnd Bergmann)
- NFS: Fix a race in __nfs_list_for_each_server() (Trond Myklebust)
- parisc: Restore __ldcw_align for PA-RISC 2.0 processors (John David Anglin)
- RDMA/mlx5: Fix NULL string error (Shay Drory)
- RDMA/siw: Fix connection failure handling (Bernard Metzler)
- RDMA/uverbs: Fix typo of sizeof argument (Konstantin Meskhidze)
- RDMA/cma: Fix truncation compilation warning in make_cma_ports (Leon Romanovsky)
- gpio: pxa: disable pinctrl calls for MMP_GPIO (Duje Mihanovic)
- gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (Bartosz Golaszewski)
- IB/mlx4: Fix the size of a buffer in add_port_entries() (Christophe JAILLET)
- RDMA/core: Require admin capabilities to set system parameters (Leon Romanovsky)
- cpupower: add Makefile dependencies for install targets (Ivan Babrou)
- sctp: update hb timer immediately after users change hb_interval (Xin Long)
- sctp: update transport state when processing a dupcook packet (Xin Long)
- tcp: fix delayed ACKs for MSS boundary condition (Neal Cardwell)
- tcp: fix quick-ack counting to count actual ACKs of new data (Neal Cardwell)
- net: stmmac: dwmac-stm32: fix resume on STM32 MCU (Ben Wolsieffer)
- netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (Xin Long)
- net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida)
- ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (David Howells)
- net: fix possible store tearing in neigh_periodic_work() (Eric Dumazet)
- modpost: add missing else to the 'of' check (Mauricio Faria de Oliveira)
- NFSv4: Fix a nfs4_state_manager() race (Trond Myklebust)
- NFS: Add a helper nfs_client_for_each_server() (Trond Myklebust)
- NFS4: Trace state recovery operation (Chuck Lever)
- regmap: rbtree: Fix wrong register marked as in-cache when creating new node (Richard Fitzgerald)
- wifi: mt76: mt76x02: fix MT76x0 external LNA gain handling (Felix Fietkau)
- drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() (Alexandra Diupina)
- wifi: iwlwifi: dbg_ini: fix structure packing (Arnd Bergmann)
- ubi: Refuse attaching if mtd's erasesize is 0 (Zhihao Cheng)
- net: prevent rewrite of msg_name in sock_sendmsg() (Jordan Rife)
- wifi: mwifiex: Fix tlv_buf_left calculation (Gustavo A. R. Silva)
- qed/red_ll2: Fix undefined behavior bug in struct qed_ll2_info (Gustavo A. R. Silva)
- scsi: zfcp: Fix a double put in zfcp_port_enqueue() (Dinghao Liu)
- fs: binfmt_elf_efpic: fix personality for ELF-FDPIC (Greg Ungerer)
- ata: libata-sata: increase PMP SRST timeout to 10s (Matthias Schiffer)
- ata: libata-core: Do not register PM operations for SAS ports (Damien Le Moal)
- ata: libata-core: Fix port and device removal (Damien Le Moal)
- ata: libata-core: Fix ata_port_request_pm() locking (Damien Le Moal)
- net: thunderbolt: Fix TCPv6 GSO checksum calculation (Mika Westerberg)
- btrfs: properly report 0 avail for very full file systems (Josef Bacik)
- i2c: i801: unregister tco_pdev in i801_probe() error path (Heiner Kallweit)
- ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (Niklas Cassel)
- ALSA: hda: Disable power save for solving pop issue on Lenovo ThinkCentre M70q (Kailang Yang)
- nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (Pan Bian)
- serial: 8250_port: Check IRQ data before use (Andy Shevchenko)
- Smack:- Use overlay inode label in smack_inode_copy_up() (Vishal Goel)
- smack: Retrieve transmuting information in smack_inode_getsecurity() (Roberto Sassu)
- smack: Record transmuting in smk_transmuted (Roberto Sassu)
- i40e: fix return of uninitialized aq_ret in i40e_set_vsi_promisc (Stefan Assmann)
- i40e: always propagate error value in i40e_set_vsi_promisc() (Stefan Assmann)
- i40e: improve locking of mac_filter_hash (Stefan Assmann)
- watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (Mika Westerberg)
- watchdog: iTCO_wdt: No need to stop the timer in probe (Mika Westerberg)
- nvme-pci: do not set the NUMA node of device if it has none (Pratyush Yadav)
- fbdev/sh7760fb: Depend on FB=y (Thomas Zimmermann)
- ncsi: Propagate carrier gain/loss events to the NCSI controller (Johnathan Mantey)
- powerpc/watchpoints: Annotate atomic context in more places (Benjamin Gray)
- bpf: Clarify error expectations from bpf_clone_redirect (Stanislav Fomichev)
- spi: nxp-fspi: reset the FLSHxCR1 registers (Han Xu)
- ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() (Niklas Cassel)
- ring-buffer: Avoid softlockup in ring_buffer_resize() (Zheng Yejian)
- selftests/ftrace: Correctly enable event in instance-event.tc (Zheng Yejian)
- parisc: irq: Make irq_stack_union static to avoid sparse warning (Helge Deller)
- parisc: drivers: Fix sparse warning (Helge Deller)
- parisc: iosapic.c: Fix sparse warnings (Helge Deller)
- parisc: sba: Fix compile warning wrt list of SBA devices (Helge Deller)
- gpio: pmic-eic-sprd: Add can_sleep flag for PMIC EIC chip (Wenhua Lin)
- xtensa: boot/lib: fix function prototypes (Max Filippov)
- xtensa: boot: don't add include-dirs (Randy Dunlap)
- xtensa: iss/network: make functions static (Randy Dunlap)
- xtensa: add default definition for XCHAL_HAVE_DIV32 (Max Filippov)
- bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up (Tony Lindgren)
- ARM: dts: ti: omap: motorola-mapphone: Fix abe_clkctrl warning on boot (Tony Lindgren)
- clk: tegra: fix error return case for recalc_rate (Timo Alho)
- ata: libata: disallow dev-initiated LPM transitions to unsupported states (Niklas Cassel)
- drm/amd/display: prevent potential division by zero errors (Hamza Mahfooz)
- drm/amd/display: Fix LFC multiplier changing erratically (Anthony Koo)
- drm/amd/display: Reinstate LFC optimization (Amanda Liu)
- scsi: qla2xxx: Fix deletion race condition (Quinn Tran)
- Input: i8042 - add quirk for TUXEDO Gemini 17 Gen1/Clevo PD70PN (Werner Sembach)
- i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (Xiaoke Wang)
- gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (Christophe JAILLET)
- team: fix null-ptr-deref when team device type is changed (Ziyang Xuan)
- net: bridge: use DEV_STATS_INC() (Eric Dumazet)
- net: hns3: add 5ms delay before clear firmware reset irq source (Jie Wang)
- powerpc/perf/hv-24x7: Update domain value check (Kajol Jain)
- ipv4: fix null-deref in ipv4_link_failure (Kyle Zeng)
- i40e: Fix VF VLAN offloading when port VLAN is configured (Ivan Vecera)
- i40e: Fix warning message and call stack during rmmod i40e driver (Karen Sornek)
- ASoC: imx-audmix: Fix return error with devm_clk_get() (Shengjiu Wang)
- selftests: tls: swap the TX and RX sockets in some tests (Sabrina Dubroca)
- selftests/tls: Add {} to avoid static checker warning (Kees Cook)
- bpf: Avoid deadlock when using queue and stack maps from NMI (Toke Hoiland-Jorgensen)
- netfilter: nf_tables: disallow element removal on anonymous sets (Pablo Neira Ayuso)
- ASoC: meson: spdifin: start hw on dai probe (Jerome Brunet)
- ext4: do not let fstrim block system suspend (Jan Kara)
- ext4: move setting of trimmed bit into ext4_try_to_trim_range() (Jan Kara)
- ext4: replace the traditional ternary conditional operator with with max()/min() (Kemeng Shi)
- ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov)
- ext4: change s_last_trim_minblks type to unsigned long (Lukas Czerner)
- ext4: scope ret locally in ext4_try_to_trim_range() (Lukas Bulwahn)
- ext4: add new helper interface ext4_try_to_trim_range() (Wang Jianchao)
- ext4: remove the 'group' parameter of ext4_trim_extent (Wang Jianchao)
- ata: libahci: clear pending interrupt status (Szuying Chen)
- tracing: Increase trace array ref count on enable and filter files (Steven Rostedt (Google))
- SUNRPC: Mark the cred for revalidation if the server rejects it (Trond Myklebust)
- NFS/pNFS: Report EINVAL errors from connect() to the server (Trond Myklebust)
- mm/memcg: optimize memory.numa_stat like memory.stat (Shakeel Butt) [Orabug: 35879962]

[5.4.17-2136.326.1.el8]
- mm: fix munmap() of reserved va ranges (Anthony Yznaga) [Orabug: 35843809]
- mm: fix mmap() of reserved va ranges (Anthony Yznaga) [Orabug: 35843809]
- mm: reinstall placeholder mappings before downgrading mmap lock (Anthony Yznaga) [Orabug: 35843809]
- mm: mapping over a reserved va range may unmap twice (Anthony Yznaga) [Orabug: 35843809]
- mm: fix update of total_vm for reserved va placeholders (Anthony Yznaga) [Orabug: 35843809]
- mm: enable merging of reserved va placeholders (Anthony Yznaga) [Orabug: 35843809]
- rds: Provision to allow all trace points at module load time (Arumugam Kolappan) [Orabug: 35916078]
- rds/ib: Preserve dest qp num in the connect request (Arumugam Kolappan) [Orabug: 35926165]

Related CVEs

CVE-2023-5178

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 8 (x86_64)	kernel-uek-container-5.4.17-2136.326.6.el8.src.rpm	bc34e921c3646f61d67b748b5f86e7b9	-	ol8_x86_64_UEKR6
	kernel-uek-container-5.4.17-2136.326.6.el8.x86_64.rpm	fc6bf2b742142920007ba0b3ffdef923	-	ol8_x86_64_UEKR6
	kernel-uek-container-debug-5.4.17-2136.326.6.el8.x86_64.rpm	38eb9bcc3d496426c505bf8b468d1edb	-	ol8_x86_64_UEKR6

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691