ELBA-2024-6997-1

ULN >
Oracle Linux Errata repository >
ELBA-2024-6997-1

ELBA-2024-6997-1 - kernel bug fix update

Type:	BUG
Impact:	NA
Release Date:	2024-09-26

Description

[5.14.0-427.37.1.0.1.el9_4.OL9]
- Revert 'crypto: testmgr - allow ecdsa-nist-p256 and -p384 in FIPS mode' [Orabug: 36638086]
- Update module name for cryptographic module [Orabug: 36324521]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-427.37.1.el9_4]
- ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses (CKI Backport Bot) [RHEL-42783] {CVE-2024-26947}
- powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV (Mamatha Inamdar) [RHEL-45537 RHEL-25055]
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Steve Best) [RHEL-40517 RHEL-39354] {CVE-2024-36016}
- smb: client: set correct id, uid and cruid for multiuser automounts (Jay Shin) [RHEL-47260 RHEL-31245]
- printk: printk.c: Disable per_console_kthreads on !CONFIG_PREEMPT_RT (Derek Barbosa) [RHEL-39064]
- uio: Fix use-after-free in uio_open (Ricardo Robaina) [RHEL-41275 RHEL-26233] {CVE-2023-52439}
- gpiolib: cdev: Fix use after free in lineinfo_changed_notify (Steve Best) [RHEL-43192 RHEL-39849] {CVE-2024-36899}
- wifi: mac80211: Avoid address calculations via out of bounds array indexing (CKI Backport Bot) [RHEL-51287 RHEL-51285] {CVE-2024-41071}
- Input: cyapa - add missing input core locking to suspend/resume functions (cki-backport-bot) [RHEL-44455] {CVE-2023-52884}
- net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Limit number of driver warning messages (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Fix race condition in disconnect handling (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Fix race conditions in suspend/resume handling (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Fix partial packet errors on suspend/resume (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Fix exception on link speed change (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Add missing return code checks (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Remove unused pause frame queue (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Set flow control threshold to prevent packet loss (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Remove unused timer (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- lan78xx: Fix white space and style issues (Jamie Bainbridge) [RHEL-34928 RHEL-33332]
- sctp: fix association labeling in the duplicate COOKIE-ECHO case (CKI Backport Bot) [RHEL-56745 RHEL-48647]
- ice: xsk: fix txq interrupt mapping (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: improve updating ice_{t,r}x_ring::xsk_pool (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: toggle netif_carrier when setting up XSK pool (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: modify error handling when setting XSK pool in ndo_bpf (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: replace synchronize_rcu with synchronize_net (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: don't busy wait for Rx queue disable in ice_qp_dis() (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: respect netif readiness in AF_XDP ZC related ndo's (Petr Oros) [RHEL-52771 RHEL-15670]
- ice: remove af_xdp_zc_qps bitmap (Petr Oros) [RHEL-52771 RHEL-17486]
- ice: reorder disabling IRQ and NAPI in ice_qp_dis (Petr Oros) [RHEL-52771 RHEL-17486]
- ice: make ice_vsi_cfg_txq() static (Petr Oros) [RHEL-52771 RHEL-17486]
- ice: make ice_vsi_cfg_rxq() static (Petr Oros) [RHEL-52771 RHEL-17486]
- ice: make use of DEFINE_FLEX() for struct ice_aqc_add_tx_qgrp (Petr Oros) [RHEL-52771 RHEL-17486]
- xdp: reflect tail increase for MEM_TYPE_XSK_BUFF_POOL (Petr Oros) [RHEL-52771 RHEL-38863]
- ice: update xdp_rxq_info::frag_size for ZC enabled Rx queue (Petr Oros) [RHEL-52771 RHEL-38863]
- intel: xsk: initialize skb_frag_t::bv_offset in ZC drivers (Petr Oros) [RHEL-52771 RHEL-38863]
- ice: remove redundant xdp_rxq_info registration (Petr Oros) [RHEL-52771 RHEL-38863]
- ice: work on pre-XDP prog frag count (Petr Oros) [RHEL-52771 RHEL-38863]
- xsk: fix usage of multi-buffer BPF helpers for ZC XDP (Petr Oros) [RHEL-52771 RHEL-38863]
- xsk: make xsk_buff_pool responsible for clearing xdp_buff::flags (Petr Oros) [RHEL-52771 RHEL-38863]
- xsk: recycle buffer in case Rx queue was full (Petr Oros) [RHEL-52771 RHEL-38863]
- overflow: add DEFINE_FLEX() for on-stack allocs (Petr Oros) [RHEL-52771 RHEL-30138]
- overflow: Add struct_size_t() helper (Petr Oros) [RHEL-52771 RHEL-30138]
- bpf, sockmap: Prevent lock inversion deadlock in map delete elem (Felix Maurer) [RHEL-41479 RHEL-30107] {CVE-2024-35895}
- xfs: allow SECURE namespace xattrs to use reserved block pool (CKI Backport Bot) [RHEL-54443 RHEL-49806]
- platform/x86/intel-uncore-freq: Don't present root domain on error (David Arcari) [RHEL-43291 RHEL-38558]
- platform/x86/intel-uncore-freq: Increase minor number support (David Arcari) [RHEL-43291 RHEL-38558]
- platform/x86/intel-uncore-freq: Process read/write blocked feature status (David Arcari) [RHEL-43291 RHEL-38558]
- platform/x86/intel/tpmi: Move TPMI ID definition (Steve Best) [RHEL-43291 RHEL-35956]
- ice: fix VSI lists confusion when adding VLANs (CKI Backport Bot) [RHEL-57778 RHEL-20571]
- ice: fix accounting for filters shared by multiple VSIs (CKI Backport Bot) [RHEL-57778 RHEL-20571]
- ice: fix accounting if a VLAN already exists (CKI Backport Bot) [RHEL-57778 RHEL-17486]

[5.14.0-427.36.1.el9_4]
- scsi: qla2xxx: Fix double free of fcport (Nilesh Javali) [RHEL-39547 RHEL-40034 RHEL-25184 RHEL-35020] {CVE-2024-26929}
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (Nilesh Javali) [RHEL-39547 RHEL-41325 RHEL-25184 RHEL-35016] {CVE-2024-26930}
- scsi: qla2xxx: Fix command flush on cable pull (Nilesh Javali) [RHEL-39547 RHEL-40029 RHEL-25184 RHEL-35012] {CVE-2024-26931}
- net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (Benjamin Coddington) [RHEL-53708 RHEL-53004] {CVE-2024-42246}
- ice: Add netif_device_attach/detach into PF reset flow (CKI Backport Bot) [RHEL-56275 RHEL-56084]
- wifi: mt76: replace skb_put with skb_put_zero (CKI Backport Bot) [RHEL-52368] {CVE-2024-42225}
- cppc_cpufreq: Fix possible null pointer dereference (cki-backport-bot) [RHEL-44145] {CVE-2024-38573}
- ring-buffer: Fix a race between readers and resize checks (cki-backport-bot) [RHEL-43920] {CVE-2024-38601}
- fork: defer linking file vma until vma is fully initialized (Rafael Aquini) [RHEL-35617 RHEL-35022] {CVE-2024-27022}
- ACPICA: Revert 'ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine.' (CKI Backport Bot) [RHEL-48393 RHEL-48391] {CVE-2024-40984}
- KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes (Maxim Levitsky) [RHEL-41345 RHEL-32430] {CVE-2024-26991}
- net/sched: act_mirred: don't override retval if we already lost the skb (Davide Caratti) [RHEL-42644 RHEL-31724] {CVE-2024-26739}
- net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability (Davide Caratti) [RHEL-42644 RHEL-32137]
- cpufreq: exit() callback is optional (cki-backport-bot) [RHEL-43848] {CVE-2024-38615}
- gfs2: Fix potential glock use-after-free on unmount (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570}
- gfs2: simplify gdlm_put_lock with out_free label (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570}
- gfs2: Remove ill-placed consistency check (Andreas Gruenbacher) [RHEL-44157 RHEL-44155] {CVE-2024-38570}
- wifi: nl80211: Avoid address calculations via out of bounds array indexing (Jose Ignacio Tornos Martinez) [RHEL-46505 RHEL-34696] {CVE-2024-38562}

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (x86_64)	kernel-5.14.0-427.37.1.0.1.el9_4.src.rpm	27a791ebbb97aa226ceb321c930a9db1bd61867afcf739fe9c1d8cb12a0dc4d8	-	ol9_x86_64_MODRHCK
	bpftool-7.3.0-427.37.1.0.1.el9_4.x86_64.rpm	9c103adc14a5e6eb0eee30cc9e4cb276bed59766a9694f08b22a223e73d7943d	-	ol9_x86_64_MODRHCK
	kernel-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	e07648260de2d7c20845f7118614e2207e960bcca207e9924f19c0992b0d721c	-	ol9_x86_64_MODRHCK
	kernel-abi-stablelists-5.14.0-427.37.1.0.1.el9_4.noarch.rpm	8a6bff34f971343a21f0e7e87d039d19db10ccb35cdeb804ce33a72aacf0fcc9	-	ol9_x86_64_MODRHCK
	kernel-core-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	76c937bd88f2fbc6385021ac38be8876b3ef57c9c13e943d2662da5307919dfb	-	ol9_x86_64_MODRHCK
	kernel-cross-headers-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	d14cf4127e1156692f9a1d9757b92b3c678b0db78ec555479333d757692531c2	-	ol9_x86_64_MODRHCK
	kernel-debug-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	bc699eb84504757a777367ceb13f74295111d8d1be405107136398a881021ac1	-	ol9_x86_64_MODRHCK
	kernel-debug-core-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	139b08c176ceb84149714e842981b3f05eaeff6b7ffa83a67e4f2af9e70705dd	-	ol9_x86_64_MODRHCK
	kernel-debug-devel-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	c34f0cbbbcdb5fde940ac11657c965859cc8aea597ef19cb1ad9cbf963075131	-	ol9_x86_64_MODRHCK
	kernel-debug-devel-matched-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	2af1f0e6962813280be9ad7caa2ee9d1d1882509010cb71c99d6b39b920ef9f9	-	ol9_x86_64_MODRHCK
	kernel-debug-modules-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	56b6a8d5a1c67c891e8ad589844ee7d4fa6d5cca06683c2c5547eb3d37bd193b	-	ol9_x86_64_MODRHCK
	kernel-debug-modules-core-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	21ffa08fb4f49bf562cd06ea37690884141d516685bf761caea15259be28d9c5	-	ol9_x86_64_MODRHCK
	kernel-debug-modules-extra-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	45b5aa71f40079e1118b718095142b3d9f700de4820f5cf356673f82337957f5	-	ol9_x86_64_MODRHCK
	kernel-debug-uki-virt-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	81f34ae3fb1405b0de3a94c86ea13f01d87fa26f98afb2f5b56cf7b66ca2c339	-	ol9_x86_64_MODRHCK
	kernel-devel-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	73cefbb0d5351ed0ccb67ed49a09efe1da740ce84665f9d6f38211160781b3f5	-	ol9_x86_64_MODRHCK
	kernel-devel-matched-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	5ba70dec532463e62f7a3b6453f4ba100e82c2b0000363e14330893f2172f22e	-	ol9_x86_64_MODRHCK
	kernel-doc-5.14.0-427.37.1.0.1.el9_4.noarch.rpm	c8272ce51b0a88f0df62468d96c13656831b0200901ef4bf605830d6417ae9d6	-	ol9_x86_64_MODRHCK
	kernel-headers-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	e438014f55d8489e3281973c521fc468ef75d7a9f1a3ce42eb88213c011b8ad6	-	ol9_x86_64_MODRHCK
	kernel-modules-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	ac045601622c24744114cca4e4028e20715e990ae502c41630d51ad073336f66	-	ol9_x86_64_MODRHCK
	kernel-modules-core-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	36b4a239c4c3dd6971b8de6149197d522e150bc1539edaa5627d2fca432bbe76	-	ol9_x86_64_MODRHCK
	kernel-modules-extra-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	69885a5a21f07d2adac9b7cdeb79396e9d0cc269d60a66c85f8ac02193c71a87	-	ol9_x86_64_MODRHCK
	kernel-tools-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	947460408fab4cee061e16a0609b2af13cfb81d1674cfe6c3850f1c361277d4c	-	ol9_x86_64_MODRHCK
	kernel-tools-libs-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	7297c849560bcd249172e55ab6ccbab65b6c174255fc39b27398ce0742ba0f09	-	ol9_x86_64_MODRHCK
	kernel-tools-libs-devel-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	76ab6461418b439341752c314e8ba2c2f5007c957ef11fcabe07ff137dfffad6	-	ol9_x86_64_MODRHCK
	kernel-uki-virt-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	f6d1f769bea32604a87447ebba69b2aaae8a027c220a673f23a481655955926e	-	ol9_x86_64_MODRHCK
	libperf-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	a9722b74ccd3c497069e5a7e1e896892aca566e61b9c535b8191b0672cbd5676	-	ol9_x86_64_MODRHCK
	perf-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	e00ebfd36e06ed8fbc9edaec3ecb9f1d9c988aee25ca68e93ef169294df82d30	-	ol9_x86_64_MODRHCK
	python3-perf-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	96045a68fe6f0e9f770db50f137c65f0fad8f23a5e82d4f3c32b0def98b1ba69	-	ol9_x86_64_MODRHCK
	rtla-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	537581b8a109eb23a7e7b2fde3055df485cbaaef41b033689e9e2910c014d958	-	ol9_x86_64_MODRHCK
	rv-5.14.0-427.37.1.0.1.el9_4.x86_64.rpm	41dcf95e2233b52ed8637eb91d3bbe9c0c19065e12d090f0f83395978dae6231	-	ol9_x86_64_MODRHCK

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691