ELSA-2022-5316

ELSA-2022-5316 - kernel security and bug fix update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2022-07-02

Description

[4.18.0-372.13.1.0.1_6.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5
- debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499}

[4.18.0-372.13.1_6]
- openvswitch: always update flow key after nat (Aaron Conole) [2068476 2066885]
- KVM: PPC: Fix TCE handling for VFIO (Daniel Henrique Barboza) [2085572 2062687]
- rfkill: make new event layout opt-in (Jose Ignacio Tornos Martinez) [2087641 2023175]
- ASoC: Intel: soc-acpi: add entries in ADL match table (Jaroslav Kysela) [2090423 2052011]
- isert: support for unsolicited NOPIN with no response (Maurizio Lombardi) [2079433 2035915]
- iscsit: increment max_cmd_sn for isert on command release (Maurizio Lombardi) [2079433 2035915]
- net: tcp better handling of reordering then loss cases (Marcelo Ricardo Leitner) [2080972 2074566]
- tcp: tcp_mark_head_lost is only valid for sack-tcp (Marcelo Ricardo Leitner) [2080972 2074566]

[4.18.0-372.12.1_6]
- sctp: use the correct skb for security_sctp_assoc_request (Xin Long) [2070959]
- net/mlx5e: Fix wrong source vport matching on tunnel rule (Amir Tzin) [2088610]
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Amir Tzin) [2088611]
- net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (Amir Tzin) [2088611]
- net/mlx5: DR, Cache STE shadow memory (Amir Tzin) [2075553]
- net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (Amir Tzin) [2075553]
- drm/i915/display: Remove check for low voltage sku for max dp source rate (Jocelyn Falempe) [2066644]
- net/mlx5: DR, Ignore modify TTL on RX if device doesn't support it (Amir Tzin) [2088638]
- net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (Amir Tzin) [2081011]
- net/mlx5e: TC, Skip redundant ct clear actions (Amir Tzin) [2079918]
- net/mlx5e: TC, fix decap fallback to uplink when int port not supported (Amir Tzin) [2088639]
- CI: Use zstream builder image (Veronika Kabatova)
- ice: Allow to pass VLAN tagged packets to VF when port VLAN is configured (Petr Oros) [2081794]
- ice: clear stale Tx queue settings before configuring (Petr Oros) [2081794]
- ice: fix crash when writing timestamp on RX rings (Petr Oros) [2081794]
- ice: Fix race during aux device (un)plugging (Petr Oros) [2081794]
- ice: fix PTP stale Tx timestamps cleanup (Petr Oros) [2081794]
- ice: ice_sched: fix an incorrect NULL check on list iterator (Petr Oros) [2081794]
- ice: fix use-after-free when deinitializing mailbox snapshot (Petr Oros) [2081794]
- ice: wait 5 s for EMP reset after firmware flash (Petr Oros) [2081794]
- ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (Petr Oros) [2081794]
- ice: Fix incorrect locking in ice_vc_process_vf_msg() (Petr Oros) [2081794]
- ice: Fix memory leak in ice_get_orom_civd_data() (Petr Oros) [2081794]
- ice: fix crash in switchdev mode (Petr Oros) [2081794]
- Revert 'iavf: Fix deadlock occurrence during resetting VF interface' (Petr Oros) [2081794]
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (Petr Oros) [2081794]
- ice: clear cmd_type_offset_bsz for TX rings (Petr Oros) [2081794]
- ice: xsk: fix VSI state check in ice_xsk_wakeup() (Petr Oros) [2081794]
- ice: synchronize_rcu() when terminating rings (Petr Oros) [2081794]
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (Petr Oros) [2081794]
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (Petr Oros) [2081794]
- ice: Fix broken IFF_ALLMULTI handling (Petr Oros) [2081794]
- ice: Fix MAC address setting (Petr Oros) [2081794]
- openvswitch: Fix setting ipv6 fields causing hw csum failure (Eelco Chaudron) [2086549]
- sched/cputime, proc/stat: Fix incorrect guest nice cpustat value (Waiman Long) [2084138]
- procfs: Use all-in-one vtime aware kcpustat accessor (Waiman Long) [2084138]
- procfs: Use vtime aware kcpustat accessor to fetch CPUTIME_SYSTEM (Waiman Long) [2084138]
- proc: read kernel cpu stat pointer once (Waiman Long) [2084138]
- proc: use 'unsigned int' in /proc/stat hook (Waiman Long) [2084138]
- sched/cputime: Support other fields on kcpustat_field() (Waiman Long) [2084138]
- sched/cputime: Add vtime guest task state (Waiman Long) [2084138]
- sched/cputime: Add vtime idle task state (Waiman Long) [2084138]
- sched/cputime: Spare a seqcount lock/unlock cycle on context switch (Waiman Long) [2084138]
- sched/vtime: Move task_struct_rh->vtime_cpu back to vtime structure (Waiman Long) [2084138]
- net: openvswitch: fix leak of nested actions (Eelco Chaudron) [2086590]
- net/sched: fix initialization order when updating chain 0 head (Marcelo Ricardo Leitner) [2074221]
- PCI: hv: Propagate coherence from VMbus device to PCI device (Vitaly Kuznetsov) [2074829]
- Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (Vitaly Kuznetsov) [2074829]

[4.18.0-372.11.1_6]
- Revert 'xfs: actually bump warning counts when we send warnings' (Carlos Maiolino) [2071713]
- SUNRPC: use different lock keys for INET6 and LOCAL (Guillaume Nault) [2079856]
- Revert 'netfilter: conntrack: tag conntracks picked up in local out hook' (Florian Westphal) [2065266]
- Revert 'netfilter: nat: force port remap to prevent shadowing well-known ports' (Florian Westphal) [2065266]
- KVM: PPC: Book3S HV: Add infrastructure to support 2nd DAWR (Laurent Vivier) [2079069]
- KVM: PPC: Book3S HV: Rename current DAWR macros and variables (Laurent Vivier) [2079069]
- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) [2062114] {CVE-2022-27666}
- esp: Fix possible buffer overflow in ESP transformation (Sabrina Dubroca) [2062114] {CVE-2022-27666}
- NFS: Don't loop forever in nfs_do_recoalesce() (Scott Mayhew) [2080998]

[4.18.0-372.10.1_6]
- Fonts: Replace discarded const qualifier (Nico Pache) [2064762]
- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Nico Pache) [2064762]
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Nico Pache) [2064762]
- CI: Drop baseline runs (Veronika Kabatova)
- redhat: drop the -sha512 suffix from default rhpkg invocation (Jarod Wilson)
- redhat: switch release to zstream (Augusto Caringi)
- ceph: fix possible NULL pointer dereference for req->r_session (Xiubo Li) [2080071]

Related CVEs

CVE-2020-28915

CVE-2022-27666

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	kernel-4.18.0-372.13.1.0.1.el8_6.src.rpm	6cd5dfc823f030528ffcaf31ab8b93d0328e75922293bf9dca48b74ab2aae303	-	ol8_aarch64_baseos_latest
	kernel-4.18.0-372.13.1.0.1.el8_6.src.rpm	6cd5dfc823f030528ffcaf31ab8b93d0328e75922293bf9dca48b74ab2aae303	-	ol8_aarch64_codeready_builder
	kernel-4.18.0-372.13.1.0.1.el8_6.src.rpm	6cd5dfc823f030528ffcaf31ab8b93d0328e75922293bf9dca48b74ab2aae303	-	ol8_aarch64_u6_baseos_patch
	bpftool-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	b4ad0adc9ab3129844e1b5fa2b48114c554c85c0811a5f860e5b8d31b266376f	-	ol8_aarch64_baseos_latest
	bpftool-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	b4ad0adc9ab3129844e1b5fa2b48114c554c85c0811a5f860e5b8d31b266376f	-	ol8_aarch64_u6_baseos_patch
	kernel-cross-headers-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	c5498e0f042c5b1e25284765a04df4103b09b13dce748aaba55ce4716eda2d29	-	ol8_aarch64_baseos_latest
	kernel-cross-headers-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	c5498e0f042c5b1e25284765a04df4103b09b13dce748aaba55ce4716eda2d29	-	ol8_aarch64_u6_baseos_patch
	kernel-headers-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	917763f4cb38b33155793b6f1b08faa754d9ce8a84e97c6c2779edea36d6d657	-	ol8_aarch64_baseos_latest
	kernel-headers-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	917763f4cb38b33155793b6f1b08faa754d9ce8a84e97c6c2779edea36d6d657	-	ol8_aarch64_u6_baseos_patch
	kernel-tools-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	fbc7c728dfd694c15e180c0ebf2be1583013ba23a010401aac315e6480b4c46a	-	ol8_aarch64_baseos_latest
	kernel-tools-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	fbc7c728dfd694c15e180c0ebf2be1583013ba23a010401aac315e6480b4c46a	-	ol8_aarch64_u6_baseos_patch
	kernel-tools-libs-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	476a7a22e38f2d9c68e16ebc28f214e24885f4e1d3ebee73dbebf4ac30f018c2	-	ol8_aarch64_baseos_latest
	kernel-tools-libs-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	476a7a22e38f2d9c68e16ebc28f214e24885f4e1d3ebee73dbebf4ac30f018c2	-	ol8_aarch64_u6_baseos_patch
	kernel-tools-libs-devel-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	037989fff674c45ddffe674610197f0c19b014b82bc2e6ea688c4e63325b61b6	-	ol8_aarch64_codeready_builder
	perf-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	9018025e8aaa06c723ede0ec97e7f12837f516de09b1635e391ec6eb82dd2ea6	-	ol8_aarch64_baseos_latest
	perf-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	9018025e8aaa06c723ede0ec97e7f12837f516de09b1635e391ec6eb82dd2ea6	-	ol8_aarch64_u6_baseos_patch
	python3-perf-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	f9ae63e36e03e038c11f9e2e87d9a0d20bc11a7ff2dd622b82d838c652631fb5	-	ol8_aarch64_baseos_latest
	python3-perf-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm	f9ae63e36e03e038c11f9e2e87d9a0d20bc11a7ff2dd622b82d838c652631fb5	-	ol8_aarch64_u6_baseos_patch
Oracle Linux 8 (x86_64)	kernel-4.18.0-372.13.1.0.1.el8_6.src.rpm	6cd5dfc823f030528ffcaf31ab8b93d0328e75922293bf9dca48b74ab2aae303	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-372.13.1.0.1.el8_6.src.rpm	6cd5dfc823f030528ffcaf31ab8b93d0328e75922293bf9dca48b74ab2aae303	-	ol8_x86_64_codeready_builder
	kernel-4.18.0-372.13.1.0.1.el8_6.src.rpm	6cd5dfc823f030528ffcaf31ab8b93d0328e75922293bf9dca48b74ab2aae303	-	ol8_x86_64_u6_baseos_patch
	bpftool-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	4abe441dfa89f00f7695022a17ea0d1dbf1ce39ca6f18d447c187c158dda50e2	-	ol8_x86_64_baseos_latest
	bpftool-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	4abe441dfa89f00f7695022a17ea0d1dbf1ce39ca6f18d447c187c158dda50e2	-	ol8_x86_64_u6_baseos_patch
	kernel-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	455facf8de7a58e003b1e7d4df61573b52cf69dd4009da7ce0ccedfa3ee8e4f8	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	455facf8de7a58e003b1e7d4df61573b52cf69dd4009da7ce0ccedfa3ee8e4f8	-	ol8_x86_64_u6_baseos_patch
	kernel-abi-stablelists-4.18.0-372.13.1.0.1.el8_6.noarch.rpm	af43e5572985ec482c149915f1fa9d2c5b8ace8047bc5792c62f834ce0b6af38	-	ol8_x86_64_baseos_latest
	kernel-abi-stablelists-4.18.0-372.13.1.0.1.el8_6.noarch.rpm	af43e5572985ec482c149915f1fa9d2c5b8ace8047bc5792c62f834ce0b6af38	-	ol8_x86_64_u6_baseos_patch
	kernel-core-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	3bf0a17d9addd4c27c358a9040e07037948bf8c4c57483b1c348132396b12e0c	-	ol8_x86_64_baseos_latest
	kernel-core-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	3bf0a17d9addd4c27c358a9040e07037948bf8c4c57483b1c348132396b12e0c	-	ol8_x86_64_u6_baseos_patch
	kernel-cross-headers-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	dc0f8d09607acebd9d27c8bae8bb6d5b3f898bedfce0ba9e152b20e96bdb578e	-	ol8_x86_64_baseos_latest
	kernel-cross-headers-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	dc0f8d09607acebd9d27c8bae8bb6d5b3f898bedfce0ba9e152b20e96bdb578e	-	ol8_x86_64_u6_baseos_patch
	kernel-debug-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	7c1a89a429609321690ad1febd62386d6cb5e7d471f82576b5cc0b10ad9cc6ea	-	ol8_x86_64_baseos_latest
	kernel-debug-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	7c1a89a429609321690ad1febd62386d6cb5e7d471f82576b5cc0b10ad9cc6ea	-	ol8_x86_64_u6_baseos_patch
	kernel-debug-core-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	5684b6e939528c6182f87b155ae0fe1dc54b0653de8f26b7ece4b90fcc56cc47	-	ol8_x86_64_baseos_latest
	kernel-debug-core-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	5684b6e939528c6182f87b155ae0fe1dc54b0653de8f26b7ece4b90fcc56cc47	-	ol8_x86_64_u6_baseos_patch
	kernel-debug-devel-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	20feee976ebe51a34b4a482af90345b9c7e813d0786573d3bc62f4f610c394ce	-	ol8_x86_64_baseos_latest
	kernel-debug-devel-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	20feee976ebe51a34b4a482af90345b9c7e813d0786573d3bc62f4f610c394ce	-	ol8_x86_64_u6_baseos_patch
	kernel-debug-modules-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	a7b7824572b3140f1a0b7d0be56febb9dbe50186f9a584040e86f1ab00a41a81	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	a7b7824572b3140f1a0b7d0be56febb9dbe50186f9a584040e86f1ab00a41a81	-	ol8_x86_64_u6_baseos_patch
	kernel-debug-modules-extra-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	2adec92f5149440319f6c2593273c9a86ec91299e7a150a024aa34b84514df8a	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-extra-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	2adec92f5149440319f6c2593273c9a86ec91299e7a150a024aa34b84514df8a	-	ol8_x86_64_u6_baseos_patch
	kernel-devel-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	941a69f829e8c62971ae34f0abe9b0018312d58f2e6a50c1d9b5411b9cff116e	-	ol8_x86_64_baseos_latest
	kernel-devel-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	941a69f829e8c62971ae34f0abe9b0018312d58f2e6a50c1d9b5411b9cff116e	-	ol8_x86_64_u6_baseos_patch
	kernel-doc-4.18.0-372.13.1.0.1.el8_6.noarch.rpm	38899216244c60ad23a342e653ace0d32417830817b623f1a158cb1145682792	-	ol8_x86_64_baseos_latest
	kernel-doc-4.18.0-372.13.1.0.1.el8_6.noarch.rpm	38899216244c60ad23a342e653ace0d32417830817b623f1a158cb1145682792	-	ol8_x86_64_u6_baseos_patch
	kernel-headers-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	1393f5de37aad1f0d8b01dbb109dce05214e4256a3eb9ab85afc1e96d2367537	-	ol8_x86_64_baseos_latest
	kernel-headers-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	1393f5de37aad1f0d8b01dbb109dce05214e4256a3eb9ab85afc1e96d2367537	-	ol8_x86_64_u6_baseos_patch
	kernel-modules-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	6758f82b1bcda7b980f36a6922c45424b8fd834825296d6857f6c4ce4cdc19d2	-	ol8_x86_64_baseos_latest
	kernel-modules-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	6758f82b1bcda7b980f36a6922c45424b8fd834825296d6857f6c4ce4cdc19d2	-	ol8_x86_64_u6_baseos_patch
	kernel-modules-extra-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	7869163603a66d0365746a50e81f4872af78af4dd91f983da3dca0c480bdebb3	-	ol8_x86_64_baseos_latest
	kernel-modules-extra-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	7869163603a66d0365746a50e81f4872af78af4dd91f983da3dca0c480bdebb3	-	ol8_x86_64_u6_baseos_patch
	kernel-tools-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	377b7293a23cdb23d9a879a35a391f70bf29af40ae6a128bdd110bc3f2333988	-	ol8_x86_64_baseos_latest
	kernel-tools-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	377b7293a23cdb23d9a879a35a391f70bf29af40ae6a128bdd110bc3f2333988	-	ol8_x86_64_u6_baseos_patch
	kernel-tools-libs-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	cc41c144e60b89ba23dc0a54f8683e905ce755250ac7b2fcc55c9db6da70b8c8	-	ol8_x86_64_baseos_latest
	kernel-tools-libs-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	cc41c144e60b89ba23dc0a54f8683e905ce755250ac7b2fcc55c9db6da70b8c8	-	ol8_x86_64_u6_baseos_patch
	kernel-tools-libs-devel-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	caf0cac9fd515de58cda8ecccfb679c32ed2d9558e7d5ab7aa05fd2a62cbcfc9	-	ol8_x86_64_codeready_builder
	perf-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	d6206b1849cfa13d716ea29da4a9c79621f1bc758703c2cca06291f35f1421e5	-	ol8_x86_64_baseos_latest
	perf-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	d6206b1849cfa13d716ea29da4a9c79621f1bc758703c2cca06291f35f1421e5	-	ol8_x86_64_u6_baseos_patch
	python3-perf-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	b64d99c30f64f67425cccf356db7cac38db17b2b8dcfa43128e8a50ac23e7d97	-	ol8_x86_64_baseos_latest
	python3-perf-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm	b64d99c30f64f67425cccf356db7cac38db17b2b8dcfa43128e8a50ac23e7d97	-	ol8_x86_64_u6_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team