ELSA-2022-5316

ELSA-2022-5316 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2022-07-02

Description


[4.18.0-372.13.1.0.1_6.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5
- debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499}

[4.18.0-372.13.1_6]
- openvswitch: always update flow key after nat (Aaron Conole) [2068476 2066885]
- KVM: PPC: Fix TCE handling for VFIO (Daniel Henrique Barboza) [2085572 2062687]
- rfkill: make new event layout opt-in (Jose Ignacio Tornos Martinez) [2087641 2023175]
- ASoC: Intel: soc-acpi: add entries in ADL match table (Jaroslav Kysela) [2090423 2052011]
- isert: support for unsolicited NOPIN with no response (Maurizio Lombardi) [2079433 2035915]
- iscsit: increment max_cmd_sn for isert on command release (Maurizio Lombardi) [2079433 2035915]
- net: tcp better handling of reordering then loss cases (Marcelo Ricardo Leitner) [2080972 2074566]
- tcp: tcp_mark_head_lost is only valid for sack-tcp (Marcelo Ricardo Leitner) [2080972 2074566]

[4.18.0-372.12.1_6]
- sctp: use the correct skb for security_sctp_assoc_request (Xin Long) [2070959]
- net/mlx5e: Fix wrong source vport matching on tunnel rule (Amir Tzin) [2088610]
- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Amir Tzin) [2088611]
- net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte (Amir Tzin) [2088611]
- net/mlx5: DR, Cache STE shadow memory (Amir Tzin) [2075553]
- net/mlx5: DR, Fix the threshold that defines when pool sync is initiated (Amir Tzin) [2075553]
- drm/i915/display: Remove check for low voltage sku for max dp source rate (Jocelyn Falempe) [2066644]
- net/mlx5: DR, Ignore modify TTL on RX if device doesn't support it (Amir Tzin) [2088638]
- net/mlx5: Bridge, Fix devlink deadlock on net namespace deletion (Amir Tzin) [2081011]
- net/mlx5e: TC, Skip redundant ct clear actions (Amir Tzin) [2079918]
- net/mlx5e: TC, fix decap fallback to uplink when int port not supported (Amir Tzin) [2088639]
- CI: Use zstream builder image (Veronika Kabatova)
- ice: Allow to pass VLAN tagged packets to VF when port VLAN is configured (Petr Oros) [2081794]
- ice: clear stale Tx queue settings before configuring (Petr Oros) [2081794]
- ice: fix crash when writing timestamp on RX rings (Petr Oros) [2081794]
- ice: Fix race during aux device (un)plugging (Petr Oros) [2081794]
- ice: fix PTP stale Tx timestamps cleanup (Petr Oros) [2081794]
- ice: ice_sched: fix an incorrect NULL check on list iterator (Petr Oros) [2081794]
- ice: fix use-after-free when deinitializing mailbox snapshot (Petr Oros) [2081794]
- ice: wait 5 s for EMP reset after firmware flash (Petr Oros) [2081794]
- ice: Protect vf_state check by cfg_lock in ice_vc_process_vf_msg() (Petr Oros) [2081794]
- ice: Fix incorrect locking in ice_vc_process_vf_msg() (Petr Oros) [2081794]
- ice: Fix memory leak in ice_get_orom_civd_data() (Petr Oros) [2081794]
- ice: fix crash in switchdev mode (Petr Oros) [2081794]
- Revert 'iavf: Fix deadlock occurrence during resetting VF interface' (Petr Oros) [2081794]
- ice: arfs: fix use-after-free when freeing @rx_cpu_rmap (Petr Oros) [2081794]
- ice: clear cmd_type_offset_bsz for TX rings (Petr Oros) [2081794]
- ice: xsk: fix VSI state check in ice_xsk_wakeup() (Petr Oros) [2081794]
- ice: synchronize_rcu() when terminating rings (Petr Oros) [2081794]
- ice: Do not skip not enabled queues in ice_vc_dis_qs_msg (Petr Oros) [2081794]
- ice: Set txq_teid to ICE_INVAL_TEID on ring creation (Petr Oros) [2081794]
- ice: Fix broken IFF_ALLMULTI handling (Petr Oros) [2081794]
- ice: Fix MAC address setting (Petr Oros) [2081794]
- openvswitch: Fix setting ipv6 fields causing hw csum failure (Eelco Chaudron) [2086549]
- sched/cputime, proc/stat: Fix incorrect guest nice cpustat value (Waiman Long) [2084138]
- procfs: Use all-in-one vtime aware kcpustat accessor (Waiman Long) [2084138]
- procfs: Use vtime aware kcpustat accessor to fetch CPUTIME_SYSTEM (Waiman Long) [2084138]
- proc: read kernel cpu stat pointer once (Waiman Long) [2084138]
- proc: use 'unsigned int' in /proc/stat hook (Waiman Long) [2084138]
- sched/cputime: Support other fields on kcpustat_field() (Waiman Long) [2084138]
- sched/cputime: Add vtime guest task state (Waiman Long) [2084138]
- sched/cputime: Add vtime idle task state (Waiman Long) [2084138]
- sched/cputime: Spare a seqcount lock/unlock cycle on context switch (Waiman Long) [2084138]
- sched/vtime: Move task_struct_rh->vtime_cpu back to vtime structure (Waiman Long) [2084138]
- net: openvswitch: fix leak of nested actions (Eelco Chaudron) [2086590]
- net/sched: fix initialization order when updating chain 0 head (Marcelo Ricardo Leitner) [2074221]
- PCI: hv: Propagate coherence from VMbus device to PCI device (Vitaly Kuznetsov) [2074829]
- Drivers: hv: vmbus: Propagate VMbus coherence to each VMbus device (Vitaly Kuznetsov) [2074829]

[4.18.0-372.11.1_6]
- Revert 'xfs: actually bump warning counts when we send warnings' (Carlos Maiolino) [2071713]
- SUNRPC: use different lock keys for INET6 and LOCAL (Guillaume Nault) [2079856]
- Revert 'netfilter: conntrack: tag conntracks picked up in local out hook' (Florian Westphal) [2065266]
- Revert 'netfilter: nat: force port remap to prevent shadowing well-known ports' (Florian Westphal) [2065266]
- KVM: PPC: Book3S HV: Add infrastructure to support 2nd DAWR (Laurent Vivier) [2079069]
- KVM: PPC: Book3S HV: Rename current DAWR macros and variables (Laurent Vivier) [2079069]
- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) [2062114] {CVE-2022-27666}
- esp: Fix possible buffer overflow in ESP transformation (Sabrina Dubroca) [2062114] {CVE-2022-27666}
- NFS: Don't loop forever in nfs_do_recoalesce() (Scott Mayhew) [2080998]

[4.18.0-372.10.1_6]
- Fonts: Replace discarded const qualifier (Nico Pache) [2064762]
- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Nico Pache) [2064762]
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Nico Pache) [2064762]
- CI: Drop baseline runs (Veronika Kabatova)
- redhat: drop the -sha512 suffix from default rhpkg invocation (Jarod Wilson)
- redhat: switch release to zstream (Augusto Caringi)
- ceph: fix possible NULL pointer dereference for req->r_session (Xiubo Li) [2080071]


Related CVEs


CVE-2020-28915
CVE-2022-27666

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) kernel-4.18.0-372.13.1.0.1.el8_6.src.rpm0232a6b0f28f02f04babb5304ea6ffd6-
bpftool-4.18.0-372.13.1.0.1.el8_6.aarch64.rpmc88a31e153d2d13172c0d4cdf7700524-
kernel-cross-headers-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm88264706fbc42dc3a1b2f8369f2c1f4f-
kernel-headers-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm00c79f2f5a835264bc7da4694935cfa5-
kernel-tools-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm92c3eb8e41455e13e650a12bdf830fb1-
kernel-tools-libs-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm40aff3c36343e1963e46707b310b2012-
kernel-tools-libs-devel-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm0b42532f7bb83736ecc64c225738a426-
perf-4.18.0-372.13.1.0.1.el8_6.aarch64.rpmb61d6f840346dc86ee1263b25d3c928d-
python3-perf-4.18.0-372.13.1.0.1.el8_6.aarch64.rpm9aeab69b40b8cd0c9ee5eb088991d5e8-
Oracle Linux 8 (x86_64) kernel-4.18.0-372.13.1.0.1.el8_6.src.rpm0232a6b0f28f02f04babb5304ea6ffd6-
bpftool-4.18.0-372.13.1.0.1.el8_6.x86_64.rpmc50a7a6abd21fd4aa8b5efbb07ffb293-
kernel-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm1d992bc3b86a114c6e77ec62293dee41-
kernel-abi-stablelists-4.18.0-372.13.1.0.1.el8_6.noarch.rpm422d0a086e851d6b214e84239b639822-
kernel-core-4.18.0-372.13.1.0.1.el8_6.x86_64.rpmdca43ea0f1775a1840d5939cfdf7b2f1-
kernel-cross-headers-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm81c79cd58ee221dbb0e675369705d817-
kernel-debug-4.18.0-372.13.1.0.1.el8_6.x86_64.rpmb9f56d708cfeb30d9fd9e7f074befe14-
kernel-debug-core-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm80399122e3aaf41ca557cf31f0418401-
kernel-debug-devel-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm2bbb5ab978940f72d3f6e3e35bd160bb-
kernel-debug-modules-4.18.0-372.13.1.0.1.el8_6.x86_64.rpme04a666c48b8b4d486c604b1c2a83d95-
kernel-debug-modules-extra-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm960369a5280f5051ce2948e039c4a978-
kernel-devel-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm70afd4200b1d44f6f4c7fe1bc6b7179f-
kernel-doc-4.18.0-372.13.1.0.1.el8_6.noarch.rpm078984bb45d90688d14252dea75cddcb-
kernel-headers-4.18.0-372.13.1.0.1.el8_6.x86_64.rpme3e45fabc019bc439b6691a6b17d001e-
kernel-modules-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm2039de32e85a5e1a1685d456d8522ee0-
kernel-modules-extra-4.18.0-372.13.1.0.1.el8_6.x86_64.rpmb30a8c1d47f97ba2df3a5a94b95071e9-
kernel-tools-4.18.0-372.13.1.0.1.el8_6.x86_64.rpmf15e5807d52201d58c5c2aa539e09b3e-
kernel-tools-libs-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm73750f6444ddaf5c932848e2b46d8241-
kernel-tools-libs-devel-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm1918e6c060ef911594d991393e6ca687-
perf-4.18.0-372.13.1.0.1.el8_6.x86_64.rpm8c8c2502b8dc2d3284c41927a1d902e5-
python3-perf-4.18.0-372.13.1.0.1.el8_6.x86_64.rpme4d2f19d71f4b6a2fa5e586d7d3b3f87-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete