ELSA-2023-7423

ULN >
Oracle Linux Errata repository >
ELSA-2023-7423

ELSA-2023-7423 - kernel security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2023-11-22

Description

[3.10.0-1160.105.1.0.1.OL7]
- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}

[3.10.0-1160.105.1.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)

[3.10.0-1160.105.1]
- net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2228703] {CVE-2023-4128}
- net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2228703] {CVE-2023-4128}
- net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (Davide Caratti) [2228703] {CVE-2023-4128}

[3.10.0-1160.104.1]
- CI: Remove unused kpet_tree_family (Nikolai Kondrashov)
- xen/x86: don't lose event interrupts (Vitaly Kuznetsov) [RHEL-1534]
- Documentation/x86: Fix backwards on/off logic about YMM support (Waiman Long) [2229893] {CVE-2022-40982}
- KVM: Add GDS_NO support to KVM (Waiman Long) [2229893] {CVE-2022-40982}
- x86/speculation: Add Kconfig option for GDS (Waiman Long) [2229893] {CVE-2022-40982}
- x86/speculation: Add force option to GDS mitigation (Waiman Long) [2229893] {CVE-2022-40982}
- x86/speculation: Add Gather Data Sampling mitigation (Waiman Long) [2229893] {CVE-2022-40982}
- Documentation/ABI: Mention retbleed vulnerability info file for sysfs (Waiman Long) [2229893]
- docs/kernel-parameters: Update descriptions for 'mitigations=' param with retbleed (Waiman Long) [2229893]
- x86/speculation: Add missing srbds=off to the mitigations= help text (Waiman Long) [2229893]
- x86: Sync Intel family names & cpu_vuln_blacklist[] with upstream (Waiman Long) [2229893]

[3.10.0-1160.103.1]
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Davide Caratti) [2225555] {CVE-2023-3611}
- net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (Davide Caratti) [2225555]
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free (Davide Caratti) [2225639] {CVE-2023-3776}
- redhat: fix to be able to build with rpm 4.19.0 (Denys Vlasenko)

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	kernel-3.10.0-1160.105.1.0.1.el7.src.rpm	f62b428fa8fa856f243f3310e38a4524	-	ol7_x86_64_latest
	kernel-3.10.0-1160.105.1.0.1.el7.src.rpm	f62b428fa8fa856f243f3310e38a4524	-	ol7_x86_64_optional_latest
	kernel-3.10.0-1160.105.1.0.1.el7.src.rpm	f62b428fa8fa856f243f3310e38a4524	-	ol7_x86_64_u9_patch
	bpftool-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	55fb1f0c45776f12940a35d19f01ca4b	-	ol7_x86_64_latest
	bpftool-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	55fb1f0c45776f12940a35d19f01ca4b	-	ol7_x86_64_u9_patch
	kernel-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	fdb69ea67bd740288e1e8751407c6426	-	ol7_x86_64_latest
	kernel-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	fdb69ea67bd740288e1e8751407c6426	-	ol7_x86_64_u9_patch
	kernel-abi-whitelists-3.10.0-1160.105.1.0.1.el7.noarch.rpm	d4d50a164040f7c5b8a09c8baea6e2e7	-	ol7_x86_64_latest
	kernel-abi-whitelists-3.10.0-1160.105.1.0.1.el7.noarch.rpm	d4d50a164040f7c5b8a09c8baea6e2e7	-	ol7_x86_64_u9_patch
	kernel-debug-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	e18063a1d37b3c2f4a107613f1812aca	-	ol7_x86_64_latest
	kernel-debug-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	e18063a1d37b3c2f4a107613f1812aca	-	ol7_x86_64_u9_patch
	kernel-debug-devel-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	98d654fa4c48d76eb0432baae56a4633	-	ol7_x86_64_latest
	kernel-debug-devel-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	98d654fa4c48d76eb0432baae56a4633	-	ol7_x86_64_u9_patch
	kernel-devel-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	54f69234f0daca0cb44b1ef1a886b204	-	ol7_x86_64_latest
	kernel-devel-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	54f69234f0daca0cb44b1ef1a886b204	-	ol7_x86_64_u9_patch
	kernel-doc-3.10.0-1160.105.1.0.1.el7.noarch.rpm	37527b72c02ea2ca9fa1db8fa897a1c6	-	ol7_x86_64_latest
	kernel-doc-3.10.0-1160.105.1.0.1.el7.noarch.rpm	37527b72c02ea2ca9fa1db8fa897a1c6	-	ol7_x86_64_u9_patch
	kernel-headers-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	53d26bc8f48f193f1683b9ef9658342e	-	ol7_x86_64_latest
	kernel-headers-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	53d26bc8f48f193f1683b9ef9658342e	-	ol7_x86_64_u9_patch
	kernel-tools-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	3e156cb735351ea4a676c730ff295a64	-	ol7_x86_64_latest
	kernel-tools-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	3e156cb735351ea4a676c730ff295a64	-	ol7_x86_64_u9_patch
	kernel-tools-libs-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	e0c5fc1642593d93b9d9b03dea6de296	-	ol7_x86_64_latest
	kernel-tools-libs-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	e0c5fc1642593d93b9d9b03dea6de296	-	ol7_x86_64_u9_patch
	kernel-tools-libs-devel-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	0ff9ea6e5126742ae0ff93cc854fcc84	-	ol7_x86_64_optional_latest
	perf-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	bd4f7a8887b2dfe7523a120dd340f3b2	-	ol7_x86_64_latest
	perf-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	bd4f7a8887b2dfe7523a120dd340f3b2	-	ol7_x86_64_u9_patch
	python-perf-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	19dbd047cb65dc1a05d0f961384992f8	-	ol7_x86_64_latest
	python-perf-3.10.0-1160.105.1.0.1.el7.x86_64.rpm	19dbd047cb65dc1a05d0f961384992f8	-	ol7_x86_64_u9_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691