ELSA-2022-5564
- ULN >
- Oracle Linux Errata repository >
- ELSA-2022-5564
ELSA-2022-5564 - kernel security, bug fix, and enhancement update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2022-07-15 |
Description
[4.18.0-372.16.1.0.1_6.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5
- debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499}
[4.18.0-372.16.1_6]
- x86/platform/uv: Log gap hole end size (Frank Ramsay) [2084645 2074098]
- x86/platform/uv: Update TSC sync state for UV5 (Frank Ramsay) [2084645 2074098]
- x86/platform/uv: Update NMI Handler for UV5 (Frank Ramsay) [2084645 2074098]
- x86/platform/uv: Remove unused variable in UV5 NMI handler (Frank Ramsay) [2084645 2074098]
- blk-mq: fix blk_mq_flush_plug_list (Ming Lei) [2096931 2088397]
- sched/pelt: Fix attach_entity_load_avg() corner case (Phil Auld) [2096305 2056383]
[4.18.0-372.15.1_6]
- perf: Fix sys_perf_event_open() race against self (Michael Petlan) [2087948 2087949] {CVE-2022-1729}
- vmxnet3: fix minimum vectors alloc issue (Kamal Heib) [2094473 2093242]
- gfs2: Stop using glock holder auto-demotion for now (Andreas Gruenbacher) [2092073 2054855]
- gfs2: buffered write prefaulting (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Align read and write chunks to the page cache (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Pull return value test out of should_fault_in_pages (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Clean up use of fault_in_iov_iter_{read,write}able (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Variable rename (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) [2092073 2054855]
- iomap: iomap_write_end cleanup (Andreas Gruenbacher) [2092073 2054855]
- iomap: iomap_write_failed fix (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Don't re-check for write past EOF unnecessarily (Andreas Gruenbacher) [2092073 2054855]
- gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) [2092073 2054855]
- fs/iomap: Fix buffered write page prefaulting (Andreas Gruenbacher) [2092073 2054855]
- generic_perform_write()/iomap_write_actor(): saner logics for short copy (Andreas Gruenbacher) [2092073 2054855]
- iomap: Convert iomap_write_end types (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Remove dead code in gfs2_file_read_iter (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Minor retry logic cleanup (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Fix should_fault_in_pages() logic (Andreas Gruenbacher) [2092073 2054855]
- mm: gup: make fault_in_safe_writeable() use fixup_user_fault() (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Initialize gh_error in gfs2_glock_nq (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Switch lock order of inode and iopen glock (Andreas Gruenbacher) [2092073 2054855]
- gfs2: cancel timed-out glock requests (Andreas Gruenbacher) [2092073 2054855]
- gfs2: Expect -EBUSY after canceling dlm locking requests (Andreas Gruenbacher) [2092073 2054855]
- gfs2: gfs2_setattr_size error path fix (Andreas Gruenbacher) [2092073 2054855]
- gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) [2092073 2054855]
- net: openvswitch: don't send internal clone attribute to the userspace. (Antoine Tenart) [2097796 2085509]
[4.18.0-372.14.1_6]
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Chris Leech) [2091078 2086970]
- scsi: core: sysfs: Fix hang when device state is set via sysfs (Chris Leech) [2091078 2086970]
- net/sched: act_ct: fix ref leak when switching zones (Marcelo Ricardo Leitner) [2066356 2014027]
- net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (Marcelo Ricardo Leitner) [2066356 2014027]
- drm/i915: Stop force enabling pipe bottom color gammma/csc (Foggy Liu) [2083384 2054487]
- gfs2: Fix gfs2_release for non-writers regression (Bob Peterson) [2092074 1955591]
- gfs2: gfs2_create_inode rework (Andreas Gruenbacher) [2092074 1955591]
- gfs2: gfs2_inode_lookup rework (Andreas Gruenbacher) [2092074 1955591]
- gfs2: gfs2_inode_lookup cleanup (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Fix remote demote of weak glock holders (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Fix glock_hash_walk bugs (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Cancel remote delete work asynchronously (Bob Peterson) [2092074 1955591]
- gfs2: set glock object after nq (Bob Peterson) [2092074 1955591]
- gfs2: remove RDF_UPTODATE flag (Bob Peterson) [2092074 1955591]
- gfs2: Eliminate GIF_INVALID flag (Bob Peterson) [2092074 1955591]
- gfs2: Fix atomic bug in gfs2_instantiate (Andreas Gruenbacher) [2092074 1955591]
- gfs2: fix GL_SKIP node_scope problems (Bob Peterson) [2092074 1955591]
- gfs2: Add some flags missing from glock output (Bob Peterson) [2092074 1955591]
- gfs2: split glock instantiation off from do_promote (Bob Peterson) [2092074 1955591]
- gfs2: further simplify do_promote (Bob Peterson) [2092074 1955591]
- gfs2: re-factor function do_promote (Bob Peterson) [2092074 1955591]
- gfs2: Remove 'first' trace_gfs2_promote argument (Andreas Gruenbacher) [2092074 1955591]
- gfs2: change go_lock to go_instantiate (Bob Peterson) [2092074 1955591]
- gfs2: Switch some BUG_ON to GLOCK_BUG_ON for debug (Bob Peterson) [2092074 1955591]
- gfs2: move GL_SKIP check from glops to do_promote (Bob Peterson) [2092074 1955591]
- gfs2: Add GL_SKIP holder flag to dump_holder (Bob Peterson) [2092074 1955591]
- gfs2: remove redundant check in gfs2_rgrp_go_lock (Bob Peterson) [2092074 1955591]
- gfs2: Fix mmap + page fault deadlocks for direct I/O (Andreas Gruenbacher) [2092074 1955591]
- iov_iter: Introduce ITER_IOVEC_FLAG_NOFAULT flag to disable page faults (Andreas Gruenbacher) [2092074 1955591]
- gup: Introduce FOLL_NOFAULT flag to disable page faults (Andreas Gruenbacher) [2092074 1955591]
- iomap: Add done_before argument to iomap_dio_rw (Andreas Gruenbacher) [2092074 1955591]
- iomap: Support partial direct I/O on user copy failures (Andreas Gruenbacher) [2092074 1955591]
- iomap: Fix iomap_dio_rw return value for user copies (Andreas Gruenbacher) [2092074 1955591]
- iomap: support reading inline data from non-zero pos (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Only dereference i->iov when iter_is_iovec(i) (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Fix mmap + page fault deadlocks for buffered I/O (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Eliminate ip->i_gh (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Move the inode glock locking to gfs2_file_buffered_write (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Fix 'Introduce flag for glock holder auto-demotion' (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Introduce flag for glock holder auto-demotion (Bob Peterson) [2092074 1955591]
- gfs2: fix scheduling while atomic bug in glocks (Bob Peterson) [2092074 1955591]
- gfs2: Clean up function may_grant (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Add wrapper for iomap_file_buffered_write (Andreas Gruenbacher) [2092074 1955591]
- iov_iter: Introduce fault_in_iov_iter_writeable (Andreas Gruenbacher) [2092074 1955591]
- iov_iter: Turn iov_iter_fault_in_readable into fault_in_iov_iter_readable (Andreas Gruenbacher) [2092074 1955591]
- gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (Andreas Gruenbacher) [2092074 1955591]
- powerpc/signal64: Don't opencode page prefaulting (Andreas Gruenbacher) [2092074 1955591]
- sanitize iov_iter_fault_in_readable() (Andreas Gruenbacher) [2092074 1955591]
- [xarray] iov_iter_fault_in_readable() should do nothing in xarray case (Andreas Gruenbacher) [2092074 1955591]
- powerpc/kvm: Fix kvm_use_magic_page (Andreas Gruenbacher) [2092074 1955591]
- iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Fix length of holes reported at end-of-file (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Remove redundant check from gfs2_glock_dq (Bob Peterson) [2092074 1955591]
- gfs2: release iopen glock early in evict (Bob Peterson) [2092074 1955591]
- mm: change fault_in_pages_* to have an unsigned size parameter (Andreas Gruenbacher) [2092074 1955591]
- gfs2: Eliminate vestigial HIF_FIRST (Bob Peterson) [2092074 1955591]
- iomap: remove the iomap arguments to ->page_{prepare,done} (Andreas Gruenbacher) [2092074 1955591]
- md: Set MD_BROKEN for RAID1 and RAID10 (Nigel Croxon) [2075075 2048954]
- raid5: introduce MD_BROKEN (Nigel Croxon) [2075075 2048954]
- drm/i915/ehl: Remove require_force_probe protection (Michel Danzer) [2075567 2048674]
- genirq: Use rcu in kstat_irqs_usr() (Waiman Long) [2083308 2068445]
- dm integrity: fix memory corruption when tag_size is less than digest size (Benjamin Marzinski) [2082184 2081775]
Related CVEs
| CVE-2022-1729 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 8 (aarch64) | kernel-4.18.0-372.16.1.0.1.el8_6.src.rpm | 305430f9b79248323f6b12551a2c6de4 | - |
| bpftool-4.18.0-372.16.1.0.1.el8_6.aarch64.rpm | 26fe3550b656c57ae114a9effcc530f2 | - | |
| kernel-cross-headers-4.18.0-372.16.1.0.1.el8_6.aarch64.rpm | d77cb78ba5b861d96ad35e266ed83c67 | - | |
| kernel-headers-4.18.0-372.16.1.0.1.el8_6.aarch64.rpm | 7b81d441c97c80e69bfce9cb8390958b | - | |
| kernel-tools-4.18.0-372.16.1.0.1.el8_6.aarch64.rpm | bd783c2ad5198a4302e2cf6c5dac706d | - | |
| kernel-tools-libs-4.18.0-372.16.1.0.1.el8_6.aarch64.rpm | e96834a5dfe0eba28944e5288fd3e015 | - | |
| kernel-tools-libs-devel-4.18.0-372.16.1.0.1.el8_6.aarch64.rpm | 1328ced29e2346d4de345abcdc999439 | - | |
| perf-4.18.0-372.16.1.0.1.el8_6.aarch64.rpm | 71786044a9ce41d39b13601bdaa42b1f | - | |
| python3-perf-4.18.0-372.16.1.0.1.el8_6.aarch64.rpm | d0ff8518f089d97fd637f7c902b11fb2 | - | |
| Oracle Linux 8 (x86_64) | kernel-4.18.0-372.16.1.0.1.el8_6.src.rpm | 305430f9b79248323f6b12551a2c6de4 | - |
| bpftool-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | ae89ce43a8a4054ac3b7b7a3c7601709 | - | |
| kernel-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | a78c69fa2cfb78ee12183a6f51ee092c | - | |
| kernel-abi-stablelists-4.18.0-372.16.1.0.1.el8_6.noarch.rpm | 96b4fae4799b41a2530a2cafade04e1e | - | |
| kernel-core-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | b722ae8fde9bc15ee6fc5788f16e4bf6 | - | |
| kernel-cross-headers-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | 2c995c4fce86a3f382514917e6515577 | - | |
| kernel-debug-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | 9ef3419433233a5d7850f9cef6994c5a | - | |
| kernel-debug-core-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | 40a1fe6c597028d4425778da0f70fdd7 | - | |
| kernel-debug-devel-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | 09500e6b30b53c286bcb988730329c09 | - | |
| kernel-debug-modules-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | 29c5fff0473f04acee81a6afef2d3dd6 | - | |
| kernel-debug-modules-extra-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | 565a4d7b51ca2544849950c81f438148 | - | |
| kernel-devel-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | 65de9b89891b6dc7983376b9cc20de75 | - | |
| kernel-doc-4.18.0-372.16.1.0.1.el8_6.noarch.rpm | d7d78586b74c6ae963429c704798f596 | - | |
| kernel-headers-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | 66cf3ac361226dd14a4fe76f2931b411 | - | |
| kernel-modules-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | 25f1ac0d5c90cff234865e4b73ab63bf | - | |
| kernel-modules-extra-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | 8df8a9f0833dad05a3cab686ca9faa43 | - | |
| kernel-tools-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | f78aceac4a9cc7668b85766b519e2563 | - | |
| kernel-tools-libs-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | d76ca36078e8368523e24d2169123022 | - | |
| kernel-tools-libs-devel-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | fa29d38670edff9ce96dd41bee2fcee6 | - | |
| perf-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | 0443ad6e7cbb9b4d362283a099f25395 | - | |
| python3-perf-4.18.0-372.16.1.0.1.el8_6.x86_64.rpm | cb760f171b1d3521de9136ae1bb1f0bf | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
