ELBA-2024-5363-1

ULN >
Oracle Linux Errata repository >
ELBA-2024-5363-1

ELBA-2024-5363-1 - kernel bug fix update

Type:	BUG
Impact:	NA
Release Date:	2024-08-19

Description

[5.14.0-427.31.1.0.1.el9_4.OL9]
- Revert 'crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode' [Orabug: 36638086]
- Update module name for cryptographic module [Orabug: 36324521]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-427.31.1.el9_4]
- net: fix __dst_negative_advice() race (CKI Backport Bot) [RHEL-46798] {CVE-2024-36971}
- net: annotate data-races around sk->sk_dst_pending_confirm (CKI Backport Bot) [RHEL-46798] {CVE-2024-36971}

[5.14.0-427.30.1.el9_4]
- dmaengine: idxd: add a write() method for applications to submit work (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823}
- dmaengine: idxd: add a new security check to deal with a hardware erratum (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823}
- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823}
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (Mark Salter) [RHEL-49538 RHEL-39308]
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jon Maloy) [RHEL-44467] {CVE-2024-37353}
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Izabela Bakollari) [RHEL-36271 RHEL-26682] {CVE-2024-26600}
- eeprom: at24: fix memory corruption race condition (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- eeprom: at24: Use dev_err_probe for nvmem register failure (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- eeprom: at24: Add support for 24c1025 EEPROM (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- eeprom: at24: remove struct at24_client (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- at24: Support probing while in non-zero ACPI D state (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CKI Backport Bot) [RHEL-44439] {CVE-2024-37356}
- cxl/region: Fix cxlr_pmem leaks (cki-backport-bot) [RHEL-44486] {CVE-2024-38391}
- tls: fix missing memory barrier in tls_init (cki-backport-bot) [RHEL-44480] {CVE-2024-36489}
- igc: avoid returning frame twice in XDP_REDIRECT (Corinna Vinschen) [RHEL-42714 RHEL-33266] {CVE-2024-26853}
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Hangbin Liu) [RHEL-44404 RHEL-44402] {CVE-2024-33621}
- ipvlan: add ipvlan_route_v6_outbound() helper (Davide Caratti) [RHEL-44404 RHEL-32205]
- ipvlan: properly track tx_errors (Davide Caratti) [RHEL-44404 RHEL-32205]
- wifi: nl80211: don't free NULL coalescing rule (Jose Ignacio Tornos Martinez) [RHEL-41698 RHEL-39754] {CVE-2024-36941}
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (Jose Ignacio Tornos Martinez) [RHEL-41658 RHEL-37028] {CVE-2024-35845}
- mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work (Ivan Vecera) [RHEL-41556 RHEL-37018] {CVE-2024-35852}
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [RHEL-44215] {CVE-2024-38558}
- wifi: iwlwifi: read txq->read_ptr under lock (Jose Ignacio Tornos Martinez) [RHEL-41520 RHEL-39799] {CVE-2024-36922}
- wifi: cfg80211: check A-MSDU format more carefully (Jose Ignacio Tornos Martinez) [RHEL-38754 RHEL-37345] {CVE-2024-35937}
- ice: fix memory corruption bug with suspend and rebuild (Petr Oros) [RHEL-49858 RHEL-17486] {CVE-2024-35911}
- ipv6: prevent possible NULL deref in fib6_nh_init() (Hangbin Liu) [RHEL-48182 RHEL-45826] {CVE-2024-40961}
- netns: Make get_net_ns() handle zero refcount net (Paolo Abeni) [RHEL-48117 RHEL-46610] {CVE-2024-40958}
- net: do not leave a dangling sk pointer, when socket creation fails (Paolo Abeni) [RHEL-48072 RHEL-46610] {CVE-2024-40954}
- net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (CKI Backport Bot) [RHEL-47902] {CVE-2024-40928}
- net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Ivan Vecera) [RHEL-43619 RHEL-30344] {CVE-2021-47606}
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CKI Backport Bot) [RHEL-46921] {CVE-2024-39487}
- nfs: fix panic when nfs4_ff_layout_prepare_ds() fails (Benjamin Coddington) [RHEL-42732 RHEL-34875] {CVE-2024-26868}
- efi: fix panic in kdump kernel (Steve Best) [RHEL-42920 RHEL-36998] {CVE-2024-35800}
- ipv6: fix potential 'struct net' leak in inet6_rtm_getaddr() (Hangbin Liu) [RHEL-41735 RHEL-31050] {CVE-2024-27417}
- netfilter: nf_tables: do not compare internal table flags on updates (Florian Westphal) [RHEL-41682 RHEL-33985] {CVE-2024-27065}
- ipv6: Fix potential uninit-value access in __ip6_make_skb() (Antoine Tenart) [RHEL-41466 RHEL-39786] {CVE-2024-36903}
- netfilter: nf_tables: honor table dormant flag from netdev release event path (Florian Westphal) [RHEL-40056 RHEL-33985] {CVE-2024-36005}
- cifs: fix underflow in parse_server_interfaces() (Paulo Alcantara) [RHEL-34636 RHEL-31245] {CVE-2024-26828}
- drm/i915/audio: Fix audio time stamp programming for DP (CKI Backport Bot) [RHEL-45843]
- platform/x86: wmi: Fix opening of char device (David Arcari) [RHEL-42548 RHEL-38260] {CVE-2023-52864}
- platform/x86: wmi: remove unnecessary initializations (David Arcari) [RHEL-42548 RHEL-38260] {CVE-2023-52864}
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (CKI Backport Bot) [RHEL-43170] {CVE-2024-36017}
- netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (Florian Westphal) [RHEL-40062 RHEL-33985] {CVE-2024-26808}
- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) [RHEL-39017 RHEL-32372] {CVE-2024-35969}
- netfilter: nf_tables: flush pending destroy work before exit_net release (Florian Westphal) [RHEL-38765 RHEL-33985] {CVE-2024-35899}
- vt: fix unicode buffer corruption when deleting characters (Andrew Halaney) [RHEL-42947 RHEL-24205] {CVE-2024-35823}

[5.14.0-427.29.1.el9_4]
- net: Avoid address overwrite in kernel_connect (Davide Caratti) [RHEL-45728 RHEL-30875]
- net: replace calls to sock->ops->connect() with kernel_connect() (Davide Caratti) [RHEL-45728 RHEL-33410]
- i40e: fix vf may be used uninitialized in this function warning (Kamal Heib) [RHEL-41638 RHEL-39704] {CVE-2024-36020}
- cifs: translate network errors on send to -ECONNABORTED (Jay Shin) [RHEL-47047 RHEL-31245]
- wifi: brcmfmac: pcie: handle randbuf allocation failure (Jose Ignacio Tornos Martinez) [RHEL-44132] {CVE-2024-38575}
- wifi: iwlwifi: mvm: guard against invalid STA ID on removal (Jose Ignacio Tornos Martinez) [RHEL-43208 RHEL-39803] {CVE-2024-36921}
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (Jose Ignacio Tornos Martinez) [RHEL-42906 RHEL-36809] {CVE-2024-35789}
- wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (Jose Ignacio Tornos Martinez) [RHEL-42886 RHEL-36900] {CVE-2024-27434}
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (Jose Ignacio Tornos Martinez) [RHEL-42860 RHEL-35142] {CVE-2024-27052}
- wifi: mt76: mt7925e: fix use-after-free in free_irq() (Jose Ignacio Tornos Martinez) [RHEL-42856 RHEL-35148] {CVE-2024-27049}
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (Jose Ignacio Tornos Martinez) [RHEL-42743 RHEL-34187] {CVE-2024-26897}
- wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (Jose Ignacio Tornos Martinez) [RHEL-42383 RHEL-35199] {CVE-2023-52651}
- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-41402 RHEL-39781] {CVE-2024-36929}

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (x86_64)	kernel-5.14.0-427.31.1.0.1.el9_4.src.rpm	d5a9047734021614175421b1b37900ee4609dc10dff4176c4cd3c1bd0c821498	-	ol9_x86_64_MODRHCK
	bpftool-7.3.0-427.31.1.0.1.el9_4.x86_64.rpm	6c650e6517aeaa351783a2a332110d9eca8a94b67a3ee8b262c942a44a717203	-	ol9_x86_64_MODRHCK
	kernel-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	fb02eb188c672188a447588961332179d5d0d11d187499fb9106520e681ad368	-	ol9_x86_64_MODRHCK
	kernel-abi-stablelists-5.14.0-427.31.1.0.1.el9_4.noarch.rpm	63cb5997c5c2e7985ce0f6fad47d9099edb91de8632c4a885c0883479870b6c6	-	ol9_x86_64_MODRHCK
	kernel-core-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	8dbe920ea464ca7ec409a05703004c8c124d6c3865da1da9c724e9d5b7736a81	-	ol9_x86_64_MODRHCK
	kernel-cross-headers-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	e4d52fae91d367c06563ede394cb2c0da6045ab3d3951afe059e1463c219dc9f	-	ol9_x86_64_MODRHCK
	kernel-debug-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	2cbba609d86bd4b9b9d26e4d3d1d8cc00e56d921b87714de2c505cc49dd3a07f	-	ol9_x86_64_MODRHCK
	kernel-debug-core-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	e1ec65412ebbd48c4d0f7536e1b503eb02f71ce49d7e53ccaea26027d9178c33	-	ol9_x86_64_MODRHCK
	kernel-debug-devel-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	65385442b5430e93158532456a3c39e24d6baed2a78a2dcfb86f3ae58f63f67e	-	ol9_x86_64_MODRHCK
	kernel-debug-devel-matched-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	0283b9efb76deee36e8b22b79e477a46f425c70a0486482bb48fe37687cb5ca3	-	ol9_x86_64_MODRHCK
	kernel-debug-modules-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	39f2468ca75361fe481c24462111f98014c352770fbaa2341caca62bb8ceb485	-	ol9_x86_64_MODRHCK
	kernel-debug-modules-core-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	5c426016b9418835f265e8c0caa5a1134c76773ba1f86b976d2c62f6e92c5c8b	-	ol9_x86_64_MODRHCK
	kernel-debug-modules-extra-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	102f496777ea3668fc03686ec46edbd3fe5ab56cd75d91185e5a3d27471ad3aa	-	ol9_x86_64_MODRHCK
	kernel-debug-uki-virt-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	adf7f476427820542774504450965f80f115b34315032933bd41a14085a1ab89	-	ol9_x86_64_MODRHCK
	kernel-devel-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	28fdaa06d421e19a5ddc011d0bacf6a5da5dde38235d3ca9b877e130b6ddc222	-	ol9_x86_64_MODRHCK
	kernel-devel-matched-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	a957fa7a90f28214a88cdf974af315febf8e4935edce73d3cd0b08a454d54782	-	ol9_x86_64_MODRHCK
	kernel-doc-5.14.0-427.31.1.0.1.el9_4.noarch.rpm	2cda465db8af49d704747b862de235918e2617587548f2efba9e4ccc0e91128b	-	ol9_x86_64_MODRHCK
	kernel-headers-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	003856944ab5eeefdf0ce2e003d5bbae1fa5ea31fe8af3c56da38b7f6e6a7e04	-	ol9_x86_64_MODRHCK
	kernel-modules-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	1fd141a6df2d41caea4501e2619addd9d82c844764187ea4998e5f9a436bdcac	-	ol9_x86_64_MODRHCK
	kernel-modules-core-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	9385e4528209d3856221f7ce37bd21c478968148830a221b86fcea8b5c988aaf	-	ol9_x86_64_MODRHCK
	kernel-modules-extra-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	11b38f1fe7b6c5231d68346f679f5091ca79c1805309e54327d7ef591f63a99b	-	ol9_x86_64_MODRHCK
	kernel-tools-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	73786e2a16459591e41d4b7e7b7961120fd98da02f4e57e0707cd071feb50226	-	ol9_x86_64_MODRHCK
	kernel-tools-libs-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	bfcc3f9771d3e02797082bbb43997d22d2ff8bc3884a467f916040cb56d572ab	-	ol9_x86_64_MODRHCK
	kernel-tools-libs-devel-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	1a5d7cf36208166d212d0ff8ca4220c829176a654f2a4f43d8a2b5c86bd17407	-	ol9_x86_64_MODRHCK
	kernel-uki-virt-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	56fbb8402578f940b544abbc6f303fb8c6df6ff4bcc092466607e3395bf36343	-	ol9_x86_64_MODRHCK
	libperf-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	18e45803c674a8d28b866e6c76de95b0318ff9d744eded77c5e2e293fe1e8244	-	ol9_x86_64_MODRHCK
	perf-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	ca935dd3ebea7f5d0155a8de3bbf8eedb0fcb3269d607f22eb9d67ef91aaaaa1	-	ol9_x86_64_MODRHCK
	python3-perf-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	5a60bf759ea2554e4c599841c63f20e80d7fef49467033554032a45c7fa29d38	-	ol9_x86_64_MODRHCK
	rtla-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	b900f6dd73b9621dc6c01d2bfaa1d6897d9265778dbdb4a44964b4ccf600249c	-	ol9_x86_64_MODRHCK
	rv-5.14.0-427.31.1.0.1.el9_4.x86_64.rpm	28182586add60c7b31f2400420c31b48779af521e661001893a8d851ed27d90b	-	ol9_x86_64_MODRHCK

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691