ELBA-2024-6567-1

ULN >
Oracle Linux Errata repository >
ELBA-2024-6567-1

ELBA-2024-6567-1 - kernel bug fix update

Type:	BUG
Impact:	NA
Release Date:	2024-09-12

Description

[5.14.0-427.35.1.0.1.el9_4.OL9]
- Revert 'crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode' [Orabug: 36638086]
- Update module name for cryptographic module [Orabug: 36324521]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-427.35.1.el9_4]
- usb-storage: alauda: Check whether the media is initialized (CKI Backport Bot) [RHEL-43716] {CVE-2024-38619}
- ceph: force sending a cap update msg back to MDS for revoke op (Xiubo Li) [RHEL-55437]
- ceph: periodically flush the cap releases (Xiubo Li) [RHEL-55437]
- mm: avoid overflows in dirty throttling logic (Jay Shin) [RHEL-51848 RHEL-50004] {CVE-2024-42131}
- Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (Jay Shin) [RHEL-51701 RHEL-50004] {CVE-2024-42102}
- mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Jay Shin) [RHEL-42628 RHEL-5619] {CVE-2024-26720}
- net: fix out-of-bounds access in ops_init (Paolo Abeni) [RHEL-43188 RHEL-46610] {CVE-2024-36883}
- nvme: avoid double free special payload (CKI Backport Bot) [RHEL-51311] {CVE-2024-41073}
- kernfs: change kernfs_rename_lock into a read-write lock (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: Separate kernfs_pr_cont_buf and rename_lock (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: fix missing kernfs_iattr_rwsem locking (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: Introduce separate rwsem to protect inode attributes (Jay Shin) [RHEL-55253 RHEL-52956]
- xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47894 RHEL-47892] {CVE-2024-40927}
- Bluetooth: af_bluetooth: Fix deadlock (Bastien Nocera) [RHEL-34161] {CVE-2024-26886}
- xdp: Remove WARN() from __xdp_reg_mem_model() (CKI Backport Bot) [RHEL-51586] {CVE-2024-42082}
- nfsd: don't take fi_lock in nfsd_break_deleg_cb() (Benjamin Coddington) [RHEL-42578 RHEL-34875]
- nfsd: fix RELEASE_LOCKOWNER (Benjamin Coddington) [RHEL-42578 RHEL-34875] {CVE-2024-26629}
- net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727]
- net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727]
- net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43729] {CVE-2024-36979}
- efivarfs: force RO when remounting if SetVariable is not supported (Pavel Reichl) [RHEL-42343 RHEL-26588] {CVE-2023-52463}
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (Charles Mirabile) [RHEL-34234 RHEL-1697]
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (Charles Mirabile) [RHEL-34234 RHEL-1697]
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (Scott Weaver) [RHEL-34234 RHEL-1697]

[5.14.0-427.34.1.el9_4]
- mm: prevent derefencing NULL ptr in pfn_section_valid() (Jarod Wilson) [RHEL-51140 RHEL-51138] {CVE-2024-41055}
- mm, kmsan: fix infinite recursion due to RCU critical section (Jarod Wilson) [RHEL-51140 RHEL-51138] {CVE-2024-41055}
- ppp: reject claimed-as-LCP but actually malformed packets (CKI Backport Bot) [RHEL-51061 RHEL-51059] {CVE-2024-41044}
- x86: stop playing stack games in profile_pc() (CKI Backport Bot) [RHEL-51651] {CVE-2024-42096}
- PCI/MSI: Fix UAF in msi_capability_init (CKI Backport Bot) [RHEL-51438] {CVE-2024-41096}
- iommufd: Fix missing update of domains_itree after splitting iopt_area (Jerry Snitselaar) [RHEL-42518 RHEL-28780] {CVE-2023-52801}
- mm: cachestat: fix folio read-after-free in cache walk (Nico Pache) [RHEL-41739 RHEL-5619] {CVE-2024-26630}
- regmap: maple: Fix cache corruption in regcache_maple_drop() (Jaroslav Kysela) [RHEL-43179 RHEL-39706] {CVE-2024-36019}
- mm: cachestat: fix two shmem bugs (Nico Pache) [RHEL-36912] {CVE-2024-35797}
- kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (Steve Best) [RHEL-42778 RHEL-34985] {CVE-2024-26946}
- mm/hugetlb: fix missing hugetlb_lock for resv uncharge (Rafael Aquini) [RHEL-43132 RHEL-37467] {CVE-2024-36000}
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-52675 RHEL-50366]
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-52675 RHEL-50366]
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-52675 RHEL-50366]
- gpio: tegra186: Fix tegra186_gpio_is_accessible() check (Charles Mirabile) [RHEL-49347 RHEL-32452]
- net/sched: Fix UAF when resolving a clash (CKI Backport Bot) [RHEL-51022 RHEL-51020] {CVE-2024-41040}
- KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (Maxim Levitsky) [RHEL-41462 RHEL-32430] {CVE-2024-35791}
- cxl/region: Fix memregion leaks in devm_cxl_add_region() (John W. Linville) [RHEL-47965 RHEL-23582] {CVE-2024-40936}
- x86/coco: Require seeding RNG with RDRAND on CoCo systems (Lenny Szubowicz) [RHEL-42986 RHEL-37269] {CVE-2024-35875}
- scsi: qedf: Ensure the copied buf is NUL terminated (cki-backport-bot) [RHEL-44203] {CVE-2024-38559}

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (x86_64)	kernel-5.14.0-427.35.1.0.1.el9_4.src.rpm	4be935f84cd9b5c86ef751093097353758704e0d232a80787429d602eef8e64c	-	ol9_x86_64_MODRHCK
	bpftool-7.3.0-427.35.1.0.1.el9_4.x86_64.rpm	6a5dded55e676cb65e93879902a177ca0c4ca8a8896e7b190aec13c48fe3919d	-	ol9_x86_64_MODRHCK
	kernel-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	e0fe96bf8317abd2f7c9ab043706ddba843fc58da3dc7a3e50a2c9a32dd936b4	-	ol9_x86_64_MODRHCK
	kernel-abi-stablelists-5.14.0-427.35.1.0.1.el9_4.noarch.rpm	7145132441ea02ed5619f34de289ee66d4a29ea84d79c6bf9990f65a4de7ee3a	-	ol9_x86_64_MODRHCK
	kernel-core-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	b5829623e2f112892b981408398a9195e811b4b9a3d915adcd519a4aab6d53da	-	ol9_x86_64_MODRHCK
	kernel-cross-headers-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	a8d06c0ccb58c6cd6e720fc30fa03222205a6186a8703fec9165f525f25760b0	-	ol9_x86_64_MODRHCK
	kernel-debug-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	bb4e5a767113f75e5062d203e445b321e18afa758638a6029d9c696d2a7a1264	-	ol9_x86_64_MODRHCK
	kernel-debug-core-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	422bd687b2771f9dd354999c21e3dfdf576dacee2120c0e2ddab2ea166721898	-	ol9_x86_64_MODRHCK
	kernel-debug-devel-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	da85ce5f1554d5c13a8243be9af2cb41dfdf88e860e8b9edbbe4d599a890eae3	-	ol9_x86_64_MODRHCK
	kernel-debug-devel-matched-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	a15d6d0f4e56eda41654c344dd1f31fc65fe51b013752d179788e2100905232f	-	ol9_x86_64_MODRHCK
	kernel-debug-modules-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	4d76abf60e9b2f09191531f400e69a7cd161740a25bd0ffbac8202e4af168e7a	-	ol9_x86_64_MODRHCK
	kernel-debug-modules-core-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	5dd7547174d44538912c5a77c8808e6da2c149307ef841e131c2a050e4477aca	-	ol9_x86_64_MODRHCK
	kernel-debug-modules-extra-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	baa6e2cc0c068c73c040e5e5f4b46b9efd3d85a66761bb44ab01fc84004f739b	-	ol9_x86_64_MODRHCK
	kernel-debug-uki-virt-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	46be99f7e2382f4c16fb1408dc6009e97772503946f292b55b4c83ec146cc636	-	ol9_x86_64_MODRHCK
	kernel-devel-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	0d5a6cb564b3ca70a2c591e9dc3b7c4ec06d201b298807906ac9fe564de80d8c	-	ol9_x86_64_MODRHCK
	kernel-devel-matched-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	6ea9a1072e51672516b8aa74ef5a1999aa85dc7b002f6e7aa016ad866dab61ff	-	ol9_x86_64_MODRHCK
	kernel-doc-5.14.0-427.35.1.0.1.el9_4.noarch.rpm	864527b4d0c202bef0312137023a45122cf60107dcd2850e5fa515c791be0439	-	ol9_x86_64_MODRHCK
	kernel-headers-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	7731ae55260537e68b73a7cdf496158623995b400f9022da6fe2809298d3cb3d	-	ol9_x86_64_MODRHCK
	kernel-modules-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	0b0033e530d21be86d8604f892e9b5987bf11faa4770799abd29434b67773dd6	-	ol9_x86_64_MODRHCK
	kernel-modules-core-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	50f11b8c1d704ec9b5ec9691e0d64a54d6031575d5a1d6b401a213401c95994e	-	ol9_x86_64_MODRHCK
	kernel-modules-extra-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	c533a44f84c76fac3354aaecebccb4b3d59f37179d2aad497865658a345576ea	-	ol9_x86_64_MODRHCK
	kernel-tools-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	de384d5c572a30c16acd71833dff547eb16526671c77bd2a365169ae33f16cd6	-	ol9_x86_64_MODRHCK
	kernel-tools-libs-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	fc73b86f7b7875a9cb68a2883b387751172d7bcafa9fdc2bf3b90ba236cddbc5	-	ol9_x86_64_MODRHCK
	kernel-tools-libs-devel-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	2d63572661117f09489a9e3a6bd38f9f064456c2be31e38a7e558e11bf0a9fba	-	ol9_x86_64_MODRHCK
	kernel-uki-virt-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	b6aba3f10cc4491185399ef5ec7bc9b1647385cb1375cb0dc138ca0421a469ce	-	ol9_x86_64_MODRHCK
	libperf-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	ae51800d659a5a2fcb2f09c85c1874b883fdb407ab694951d6ecb37a486ddf87	-	ol9_x86_64_MODRHCK
	perf-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	78bbb4309be6cb623b9ef2da89c11b94ed198a41561193cc1bb15ad24f8f1f6b	-	ol9_x86_64_MODRHCK
	python3-perf-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	6f99ab9c481794bef0eca1e5df644177cc3b9947192c24297a9255059bf440b5	-	ol9_x86_64_MODRHCK
	rtla-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	fba7e58ff8b22c39896d21df89c9a3c23a6ec6fef4851a19919bad16a33f7e67	-	ol9_x86_64_MODRHCK
	rv-5.14.0-427.35.1.0.1.el9_4.x86_64.rpm	9ef1d58db56a22b42932d46a95c321ad1e38dc5973ad0e08889a3603889ea7f6	-	ol9_x86_64_MODRHCK

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691