ELSA-2021-3057

ULN >
Oracle Linux Errata repository >
ELSA-2021-3057

ELSA-2021-3057 - kernel security, bug fix, and enhancement update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2021-08-11

Description

[4.18.0-305.12.1_4.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5

[4.18.0-305.12.1_4]
- Revert 'nvme-pci: remove last_sq_tail' (Gopal Tiwari) [1965415 1921591]
- tc-testing: add test for ct DNAT tuple collision (Marcelo Ricardo Leitner) [1982494 1964578]
- tc-testing: add support for sending various scapy packets (Marcelo Ricardo Leitner) [1982494 1964578]
- tc-testing: fix list handling (Marcelo Ricardo Leitner) [1982494 1964578]
- net/sched: act_ct: handle DNAT tuple collision (Marcelo Ricardo Leitner) [1982494 1964578]
- mm/memcg: Relocate tcpmem to below memory in struct mem_cgroup (Waiman Long) [1980314 1959772]
- mm/memcg: optimize user context object stock access (Waiman Long) [1980314 1959772]
- mm/memcg: improve refill_obj_stock() performance (Waiman Long) [1980314 1959772]
- mm/memcg: cache vmstat data in percpu memcg_stock_pcp (Waiman Long) [1980314 1959772]
- mm/memcg: move mod_objcg_state() to memcontrol.c (Waiman Long) [1980314 1959772]
- mm: memcontrol: use obj_cgroup APIs to charge kmem pages (Waiman Long) [1980314 1959772]
- mm: memcontrol: change ug->dummy_page only if memcg changed (Waiman Long) [1980314 1959772]
- mm: memcontrol: directly access page->memcg_data in mm/page_alloc.c (Waiman Long) [1980314 1959772]
- mm: memcontrol: introduce obj_cgroup_{un}charge_pages (Waiman Long) [1980314 1959772]
- mm: memcontrol: slab: fix obtain a reference to a freeing memcg (Waiman Long) [1980314 1959772]
- mm: move lruvec stats update functions to vmstat.h (Waiman Long) [1980314 1959772]
- mm: memcg/slab: rename *_lruvec_slab_state to *_lruvec_kmem_state (Waiman Long) [1980314 1959772]
- mm: Convert page kmemcg type to a page memcg flag (Waiman Long) [1980314 1959772]
- mm: Introduce page memcg flags (Waiman Long) [1980314 1959772]
- mm: memcontrol/slab: Use helpers to access slab page's memcg_data (Waiman Long) [1980314 1959772]
- mm: memcontrol: Use helpers to read page's memcg data (Waiman Long) [1980314 1959772]
- mm/page_alloc.c: extract check_[new|free]_page_bad() common part to page_bad_reason() (Waiman Long) [1980314 1959772]
- mm/page_alloc.c: rename free_pages_check() to check_free_page() (Waiman Long) [1980314 1959772]
- mm/page_alloc.c: rename free_pages_check_bad() to check_free_page_bad() (Waiman Long) [1980314 1959772]
- mm/page_alloc.c: bad_flags is not necessary for bad_page() (Waiman Long) [1980314 1959772]
- mm/page_alloc.c: bad_[reason|flags] is not necessary when PageHWPoison (Waiman Long) [1980314 1959772]

[4.18.0-305.11.1_4]
- SUNRPC: Handle major timeout in xprt_adjust_timeout() (Scott Mayhew) [1980613 1979070]
- net/mlx5e: Disable TLS device offload in kdump mode (Alaa Hleihel) [1969909 1946647]
- net/mlx5e: Disable TX MPWQE in kdump mode (Alaa Hleihel) [1969909 1946647]
- drm/i915: Add an encoder hook to sanitize its state during init/resume (Imre Deak) [1981250 1961122]
- netfilter: x_tables: fix compat match/target pad out-of-bound write (Florian Westphal) [1980500 1980501] {CVE-2021-22555}
- Bluetooth: btusb: Fix the autosuspend enable and disable (Gopal Tiwari) [1972564 1927375]
- cifs: handle empty list of targets in cifs_reconnect() (Ronnie Sahlberg) [1973637 1952263]
- tick/nohz: Update idle_exittime on actual idle exit (Phil Auld) [1978710 1962632]
- tick/nohz: Remove superflous check for CONFIG_VIRT_CPU_ACCOUNTING_NATIVE (Phil Auld) [1978710 1962632]
- tick/nohz: Conditionally restart tick on idle exit (Phil Auld) [1978710 1962632]
- can: bcm: delay release of struct bcm_op after synchronize_rcu() (Hangbin Liu) [1975058 1975059]
- redhat/configs: Re-enable dptf_power module (Prarit Bhargava) [1968381 1962349]
- KVM: do not allow mapping valid but non-reference-counted pages (Jon Maloy) [1975514 1975515] {CVE-2021-22543}
- seq_file: Disallow extremely large seq buffer allocations (Ian Kent) [1975181 1975182] {CVE-2021-33909}

Related CVEs

CVE-2021-22543

CVE-2021-22555

CVE-2021-3609

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	kernel-4.18.0-305.12.1.el8_4.src.rpm	10cda1c61537b04200a92bc3a3242614a146f4a574701f621c606a370e01c472	-	ol8_aarch64_baseos_latest
	kernel-4.18.0-305.12.1.el8_4.src.rpm	10cda1c61537b04200a92bc3a3242614a146f4a574701f621c606a370e01c472	-	ol8_aarch64_codeready_builder
	kernel-4.18.0-305.12.1.el8_4.src.rpm	10cda1c61537b04200a92bc3a3242614a146f4a574701f621c606a370e01c472	-	ol8_aarch64_u4_baseos_patch
	bpftool-4.18.0-305.12.1.el8_4.aarch64.rpm	3d0b20f855e2c42be21ceffaf04304e162b4a8eac38e8fb50464a3e3a1c2ced3	-	ol8_aarch64_baseos_latest
	bpftool-4.18.0-305.12.1.el8_4.aarch64.rpm	3d0b20f855e2c42be21ceffaf04304e162b4a8eac38e8fb50464a3e3a1c2ced3	-	ol8_aarch64_u4_baseos_patch
	kernel-headers-4.18.0-305.12.1.el8_4.aarch64.rpm	1604ca864f32dd69cacbee2b9934a2b3ecf57c0a69f37bccf779846aefbc8d8d	-	ol8_aarch64_baseos_latest
	kernel-headers-4.18.0-305.12.1.el8_4.aarch64.rpm	1604ca864f32dd69cacbee2b9934a2b3ecf57c0a69f37bccf779846aefbc8d8d	-	ol8_aarch64_u4_baseos_patch
	kernel-tools-4.18.0-305.12.1.el8_4.aarch64.rpm	363622b186859a4778c153025866a5dca2fa87577cf22920f4415e0d40d11e6f	-	ol8_aarch64_baseos_latest
	kernel-tools-4.18.0-305.12.1.el8_4.aarch64.rpm	363622b186859a4778c153025866a5dca2fa87577cf22920f4415e0d40d11e6f	-	ol8_aarch64_u4_baseos_patch
	kernel-tools-libs-4.18.0-305.12.1.el8_4.aarch64.rpm	8748845d261e18b119ba3eeac5242dd99b7f72d7dc449429571deeda31020d12	-	ol8_aarch64_baseos_latest
	kernel-tools-libs-4.18.0-305.12.1.el8_4.aarch64.rpm	8748845d261e18b119ba3eeac5242dd99b7f72d7dc449429571deeda31020d12	-	ol8_aarch64_u4_baseos_patch
	kernel-tools-libs-devel-4.18.0-305.12.1.el8_4.aarch64.rpm	6531d8e25d55ccb48d2f9fe459acb479304be2810df74379b5863188e40c44e0	-	ol8_aarch64_codeready_builder
	perf-4.18.0-305.12.1.el8_4.aarch64.rpm	aa8d9f134d7bdb7336b353b5f7bb959b4147043158ca900d7239ff35770c5276	-	ol8_aarch64_baseos_latest
	perf-4.18.0-305.12.1.el8_4.aarch64.rpm	aa8d9f134d7bdb7336b353b5f7bb959b4147043158ca900d7239ff35770c5276	-	ol8_aarch64_u4_baseos_patch
	python3-perf-4.18.0-305.12.1.el8_4.aarch64.rpm	9e2e127a89ed27dcf05e68b702524c721c89e4c9daad6bd3482f62695d018878	-	ol8_aarch64_baseos_latest
	python3-perf-4.18.0-305.12.1.el8_4.aarch64.rpm	9e2e127a89ed27dcf05e68b702524c721c89e4c9daad6bd3482f62695d018878	-	ol8_aarch64_u4_baseos_patch

Oracle Linux 8 (x86_64)	kernel-4.18.0-305.12.1.el8_4.src.rpm	10cda1c61537b04200a92bc3a3242614a146f4a574701f621c606a370e01c472	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-305.12.1.el8_4.src.rpm	10cda1c61537b04200a92bc3a3242614a146f4a574701f621c606a370e01c472	-	ol8_x86_64_codeready_builder
	kernel-4.18.0-305.12.1.el8_4.src.rpm	10cda1c61537b04200a92bc3a3242614a146f4a574701f621c606a370e01c472	-	ol8_x86_64_u4_baseos_patch
	bpftool-4.18.0-305.12.1.el8_4.x86_64.rpm	e2c33115a1ec506a26ddba3faf4f0d511149c3a02c77e41aca4fa8e478f2a593	-	ol8_x86_64_baseos_latest
	bpftool-4.18.0-305.12.1.el8_4.x86_64.rpm	e2c33115a1ec506a26ddba3faf4f0d511149c3a02c77e41aca4fa8e478f2a593	-	ol8_x86_64_u4_baseos_patch
	kernel-4.18.0-305.12.1.el8_4.x86_64.rpm	c6b5510219b74f076dabbd4dcb48391753a15c6ea9a41eda5de9091fb315379e	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-305.12.1.el8_4.x86_64.rpm	c6b5510219b74f076dabbd4dcb48391753a15c6ea9a41eda5de9091fb315379e	-	ol8_x86_64_u4_baseos_patch
	kernel-abi-stablelists-4.18.0-305.12.1.el8_4.noarch.rpm	70cb18c182beab503a11ed82077bab1823eb57286ffbb89fa5e49a6c831b5261	-	ol8_x86_64_baseos_latest
	kernel-abi-stablelists-4.18.0-305.12.1.el8_4.noarch.rpm	70cb18c182beab503a11ed82077bab1823eb57286ffbb89fa5e49a6c831b5261	-	ol8_x86_64_u4_baseos_patch
	kernel-core-4.18.0-305.12.1.el8_4.x86_64.rpm	4325a3b16d2b5f17392e52034330f136d4462bc03665bb3b42a79976f530149b	-	ol8_x86_64_baseos_latest
	kernel-core-4.18.0-305.12.1.el8_4.x86_64.rpm	4325a3b16d2b5f17392e52034330f136d4462bc03665bb3b42a79976f530149b	-	ol8_x86_64_u4_baseos_patch
	kernel-cross-headers-4.18.0-305.12.1.el8_4.x86_64.rpm	f6b47fbccda34b808a3f60df913eb9d15c9960c0aa3b0be1c47cd7c62a7c0058	-	ol8_x86_64_baseos_latest
	kernel-cross-headers-4.18.0-305.12.1.el8_4.x86_64.rpm	f6b47fbccda34b808a3f60df913eb9d15c9960c0aa3b0be1c47cd7c62a7c0058	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-4.18.0-305.12.1.el8_4.x86_64.rpm	78d66b754e68b8a65e928f386ae28a11eb7b5d3aee22780a9d88527fc1e086b3	-	ol8_x86_64_baseos_latest
	kernel-debug-4.18.0-305.12.1.el8_4.x86_64.rpm	78d66b754e68b8a65e928f386ae28a11eb7b5d3aee22780a9d88527fc1e086b3	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-core-4.18.0-305.12.1.el8_4.x86_64.rpm	275c2f82b4be179eedd2769d63945fcf532cb601809b7d7185040943c46895a6	-	ol8_x86_64_baseos_latest
	kernel-debug-core-4.18.0-305.12.1.el8_4.x86_64.rpm	275c2f82b4be179eedd2769d63945fcf532cb601809b7d7185040943c46895a6	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-devel-4.18.0-305.12.1.el8_4.x86_64.rpm	bb5f6d61edf93bb90eb2969030f9dc78fb042140ad54c18c2d5560abc1df814b	-	ol8_x86_64_baseos_latest
	kernel-debug-devel-4.18.0-305.12.1.el8_4.x86_64.rpm	bb5f6d61edf93bb90eb2969030f9dc78fb042140ad54c18c2d5560abc1df814b	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-modules-4.18.0-305.12.1.el8_4.x86_64.rpm	cbad55b6fbd2595431bfd95d87f89cc5508d0583303dbac5c147b48dd334d514	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-4.18.0-305.12.1.el8_4.x86_64.rpm	cbad55b6fbd2595431bfd95d87f89cc5508d0583303dbac5c147b48dd334d514	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-modules-extra-4.18.0-305.12.1.el8_4.x86_64.rpm	fd21aca9749513d6f6ced6b5de25ef4a53b0d36e4f22deb0d079592191e5549d	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-extra-4.18.0-305.12.1.el8_4.x86_64.rpm	fd21aca9749513d6f6ced6b5de25ef4a53b0d36e4f22deb0d079592191e5549d	-	ol8_x86_64_u4_baseos_patch
	kernel-devel-4.18.0-305.12.1.el8_4.x86_64.rpm	3df9daad699946848b0f791bbef5b6b7a0a78ed5b3a99bb1cc593c400fbf2619	-	ol8_x86_64_baseos_latest
	kernel-devel-4.18.0-305.12.1.el8_4.x86_64.rpm	3df9daad699946848b0f791bbef5b6b7a0a78ed5b3a99bb1cc593c400fbf2619	-	ol8_x86_64_u4_baseos_patch
	kernel-doc-4.18.0-305.12.1.el8_4.noarch.rpm	d95de5d4a472c829010a7a58fb66b0f5e2b88066129b48efecf972fe18305755	-	ol8_x86_64_baseos_latest
	kernel-doc-4.18.0-305.12.1.el8_4.noarch.rpm	d95de5d4a472c829010a7a58fb66b0f5e2b88066129b48efecf972fe18305755	-	ol8_x86_64_u4_baseos_patch
	kernel-headers-4.18.0-305.12.1.el8_4.x86_64.rpm	eecee93c7d8bf32aad6d3063836ef159723f50b4cc7fb6f2928a78f9e681ed78	-	ol8_x86_64_baseos_latest
	kernel-headers-4.18.0-305.12.1.el8_4.x86_64.rpm	eecee93c7d8bf32aad6d3063836ef159723f50b4cc7fb6f2928a78f9e681ed78	-	ol8_x86_64_u4_baseos_patch
	kernel-modules-4.18.0-305.12.1.el8_4.x86_64.rpm	09029740b36a9991612b22ef63718f597a2614ce2276de68d8e5e4975d7be971	-	ol8_x86_64_baseos_latest
	kernel-modules-4.18.0-305.12.1.el8_4.x86_64.rpm	09029740b36a9991612b22ef63718f597a2614ce2276de68d8e5e4975d7be971	-	ol8_x86_64_u4_baseos_patch
	kernel-modules-extra-4.18.0-305.12.1.el8_4.x86_64.rpm	f1b33d24b9ae9d24a25b2246ce93eaa01b98c567a93b73ced790933f5094726d	-	ol8_x86_64_baseos_latest
	kernel-modules-extra-4.18.0-305.12.1.el8_4.x86_64.rpm	f1b33d24b9ae9d24a25b2246ce93eaa01b98c567a93b73ced790933f5094726d	-	ol8_x86_64_u4_baseos_patch
	kernel-tools-4.18.0-305.12.1.el8_4.x86_64.rpm	638495b3332f50fc103e324896b980cbc25b9f30b34076f833e67b91dcf420ce	-	ol8_x86_64_baseos_latest
	kernel-tools-4.18.0-305.12.1.el8_4.x86_64.rpm	638495b3332f50fc103e324896b980cbc25b9f30b34076f833e67b91dcf420ce	-	ol8_x86_64_u4_baseos_patch
	kernel-tools-libs-4.18.0-305.12.1.el8_4.x86_64.rpm	2612e8596cad9845f694ca151fc0e18d45daa41a1a3103a65693b75a4496b804	-	ol8_x86_64_baseos_latest
	kernel-tools-libs-4.18.0-305.12.1.el8_4.x86_64.rpm	2612e8596cad9845f694ca151fc0e18d45daa41a1a3103a65693b75a4496b804	-	ol8_x86_64_u4_baseos_patch
	kernel-tools-libs-devel-4.18.0-305.12.1.el8_4.x86_64.rpm	c27b1a1ced7242c4911440ce953f18b5624b61c58ef2aadcac516303bd1a0dbb	-	ol8_x86_64_codeready_builder
	perf-4.18.0-305.12.1.el8_4.x86_64.rpm	3563f98daa7b5ef5770eff91a80337be0262a2f67d7ebff463409f907b614873	-	ol8_x86_64_baseos_latest
	perf-4.18.0-305.12.1.el8_4.x86_64.rpm	3563f98daa7b5ef5770eff91a80337be0262a2f67d7ebff463409f907b614873	-	ol8_x86_64_u4_baseos_patch
	python3-perf-4.18.0-305.12.1.el8_4.x86_64.rpm	1fbd9f6f89fa881c30a83c86a51fe7c8d2fb18ddf32d77db9b0935a23f6e9c46	-	ol8_x86_64_baseos_latest
	python3-perf-4.18.0-305.12.1.el8_4.x86_64.rpm	1fbd9f6f89fa881c30a83c86a51fe7c8d2fb18ddf32d77db9b0935a23f6e9c46	-	ol8_x86_64_u4_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691