Stay Connected:

ELSA-2022-7318

ELSA-2022-7318 - kernel security, bug fix, and enhancement update

Type:SECURITY
Impact:IMPORTANT
Release Date:2022-11-04

Description


[5.14.0-70.30.1.0.1_0.OL9]
- lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499}

[5.14.0-70.30.1_0.OL9]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4
- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]

[5.14.0-70.30.1_0]
- random: trigger reseeding DRBG on more occasions (Daiki Ueno) [2128970 2125257]
- random: allow reseeding DRBG with getrandom (Daiki Ueno) [2121129 2114854]
- nvme-tcp: handle number of queue changes (John Meneghini) [2131360 2112025]
- nvmet: expose max queues to configfs (John Meneghini) [2131360 2112025]
- nvme-fabrics: parse nvme connect Linux error codes (John Meneghini) [2131360 2112025]
- nvmet: revert 'nvmet: make discovery NQN configurable' (Gopal Tiwari) [2131360 2066146]
- vfio/type1: Unpin zero pages (Alex Williamson) [2128791 2121855]
- cifs: fix bad fids sent over wire (Ronnie Sahlberg) [2127858 2088775]
- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Ronnie Sahlberg) [2127858 2088775]
- cifs: verify that tcon is valid before dereference in cifs_kill_sb (Ronnie Sahlberg) [2127858 2048823]
- cifs: release cached dentries only if mount is complete (Ronnie Sahlberg) [2127858 2048823]
- cifs: we do not need a spinlock around the tree access during umount (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix handlecache and multiuser (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix workstation_name for multiuser mounts (Ronnie Sahlberg) [2127858 2048823]
- cifs: free ntlmsspblob allocated in negotiate (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix ntlmssp auth when there is no key exchange (Ronnie Sahlberg) [2127858 2048823]
- cifs: send workstation name during ntlmssp session setup (Ronnie Sahlberg) [2127858 2048823]
- cifs: Fix crash on unload of cifs_arc4.ko (Ronnie Sahlberg) [2127858 2048823]
- Documentation, arch: Remove leftovers from CIFS_WEAK_PW_HASH (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix the cifs_reconnect path for DFS (Ronnie Sahlberg) [2127858 2048823]
- cifs: sanitize multiple delimiters in prepath (Ronnie Sahlberg) [2127858 2048823]
- cifs: ignore resource_id while getting fscache super cookie (Ronnie Sahlberg) [2127858 2048823]
- cifs: avoid use of dstaddr as key for fscache client cookie (Ronnie Sahlberg) [2127858 2048823]
- cifs: add server conn_id to fscache client cookie (Ronnie Sahlberg) [2127858 2048823]
- cifs: wait for tcon resource_id before getting fscache super (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix missed refcounting of ipc tcon (Ronnie Sahlberg) [2127858 2048823]
- cifs: update internal version number (Ronnie Sahlberg) [2127858 2048823]
- smb2: clarify rc initialization in smb2_reconnect (Ronnie Sahlberg) [2127858 2048823]
- cifs: populate server_hostname for extra channels (Ronnie Sahlberg) [2127858 2048823]
- cifs: nosharesock should be set on new server (Ronnie Sahlberg) [2127858 2048823]
- cifs: introduce cifs_ses_mark_for_reconnect() helper (Ronnie Sahlberg) [2127858 2048823]
- cifs: protect srv_count with cifs_tcp_ses_lock (Ronnie Sahlberg) [2127858 2048823]
- cifs: move debug print out of spinlock (Ronnie Sahlberg) [2127858 2048823]
- cifs: do not duplicate fscache cookie for secondary channels (Ronnie Sahlberg) [2127858 2048823]
- cifs: connect individual channel servers to primary channel server (Ronnie Sahlberg) [2127858 2048823]
- cifs: protect session channel fields with chan_lock (Ronnie Sahlberg) [2127858 2048823]
- cifs: do not negotiate session if session already exists (Ronnie Sahlberg) [2127858 2048823]
- smb3: do not setup the fscache_super_cookie until fsinfo initialized (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix potential use-after-free bugs (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix memory leak of smb3_fs_context_dup::server_hostname (Ronnie Sahlberg) [2127858 2048823]
- smb3: add additional null check in SMB311_posix_mkdir (Ronnie Sahlberg) [2127858 2048823]
- cifs: release lock earlier in dequeue_mid error case (Ronnie Sahlberg) [2127858 2048823]
- smb3: add additional null check in SMB2_tcon (Ronnie Sahlberg) [2127858 2048823]
- smb3: add additional null check in SMB2_open (Ronnie Sahlberg) [2127858 2048823]
- smb3: add additional null check in SMB2_ioctl (Ronnie Sahlberg) [2127858 2048823]
- smb3: remove trivial dfs compile warning (Ronnie Sahlberg) [2127858 2048823]
- cifs: support nested dfs links over reconnect (Ronnie Sahlberg) [2127858 2048823]
- smb3: do not error on fsync when readonly (Ronnie Sahlberg) [2127858 2048823]
- cifs: for compound requests, use open handle if possible (Ronnie Sahlberg) [2127858 2048823]
- cifs: set a minimum of 120s for next dns resolution (Ronnie Sahlberg) [2127858 2048823]
- cifs: split out dfs code from cifs_reconnect() (Ronnie Sahlberg) [2127858 2048823]
- cifs: convert list_for_each to entry variant (Ronnie Sahlberg) [2127858 2048823]
- cifs: introduce new helper for cifs_reconnect() (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix print of hdr_flags in dfscache_proc_show() (Ronnie Sahlberg) [2127858 2048823]
- cifs: nosharesock should not share socket with future sessions (Ronnie Sahlberg) [2127858 2048823]
- smb3: add dynamic trace points for socket connection (Ronnie Sahlberg) [2127858 2048823]
- cifs: Move SMB2_Create definitions to the shared area (Ronnie Sahlberg) [2127858 2048823]
- cifs: Move more definitions into the shared area (Ronnie Sahlberg) [2127858 2048823]
- cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (Ronnie Sahlberg) [2127858 2048823]
- cifs: Create a new shared file holding smb2 pdu definitions (Ronnie Sahlberg) [2127858 2048823]
- cifs: add mount parameter tcpnodelay (Ronnie Sahlberg) [2127858 2048823]
- cifs: To match file servers, make sure the server hostname matches (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix incorrect check for null pointer in header_assemble (Ronnie Sahlberg) [2127858 2048823]
- smb3: correct server pointer dereferencing check to be more consistent (Ronnie Sahlberg) [2127858 2048823]
- smb3: correct smb3 ACL security descriptor (Ronnie Sahlberg) [2127858 2048823]
- cifs: Clear modified attribute bit from inode flags (Ronnie Sahlberg) [2127858 2048823]
- cifs: Deal with some warnings from W=1 (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix a sign extension bug (Ronnie Sahlberg) [2127858 2048823]
- cifs: Not to defer close on file when lock is set (Ronnie Sahlberg) [2127858 2048823]
- cifs: Fix soft lockup during fsstress (Ronnie Sahlberg) [2127858 2048823]
- cifs: Deferred close performance improvements (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix incorrect kernel doc comments (Ronnie Sahlberg) [2127858 2048823]
- cifs: remove pathname for file from SPDX header (Ronnie Sahlberg) [2127858 2048823]
- cifs: properly invalidate cached root handle when closing it (Ronnie Sahlberg) [2127858 2048823]
- cifs: move SMB FSCTL definitions to common code (Ronnie Sahlberg) [2127858 2048823]
- cifs: rename cifs_common to smbfs_common (Ronnie Sahlberg) [2127858 2048823]
- cifs: cifs_md4 convert to SPDX identifier (Ronnie Sahlberg) [2127858 2048823]
- cifs: create a MD4 module and switch cifs.ko to use it (Ronnie Sahlberg) [2127858 2048823]
- cifs: fork arc4 and create a separate module for it for cifs and other users (Ronnie Sahlberg) [2127858 2048823]
- cifs: remove support for NTLM and weaker authentication algorithms (Ronnie Sahlberg) [2127858 2048823]
- cifs: update FSCTL definitions (Ronnie Sahlberg) [2127858 2048823]
- cifs: Do not leak EDEADLK to dgetents64 for STATUS_USER_SESSION_DELETED (Ronnie Sahlberg) [2127858 2048823]
- cifs: enable fscache usage even for files opened as rw (Ronnie Sahlberg) [2127858 2048823]
- smb3: fix posix extensions mount option (Ronnie Sahlberg) [2127858 2048823]
- cifs: fix wrong release in sess_alloc_buffer() failed path (Ronnie Sahlberg) [2127858 2048823]
- CIFS: Fix a potencially linear read overflow (Ronnie Sahlberg) [2127858 2048823]
- drm/mgag200: Select clock in PLL update functions (Herton R. Krzesinski) [2112017 2043115]
- mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (Inigo Huguet) [2095653 2096777]
- mt76: mt7921e: fix possible probe failure after reboot (Inigo Huguet) [2095653 2065633]

[5.14.0-70.29.1_0]
- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2129453 2126153]
- KVM: x86/mmu: Don't advance iterator after restart due to yielding (Nico Pache) [2127859 2055725]
- scsi: csiostor: Add module softdep on cxgb4 (Rahul Lakkireddy) [2127857 1977553]
- ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE (Oleg Nesterov) [2127875 2121271] {CVE-2022-30594}

[5.14.0-70.28.1_0]
- powerpc: Enable execve syscall exit tracepoint (Steve Best) [2106661 2095526]

[5.14.0-70.27.1_0]
- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Wander Lairson Costa) [2116967 2116968] {CVE-2022-2585}
- fix race between exit_itimers() and /proc/pid/timers (Wander Lairson Costa) [2116967 2116968] {CVE-2022-2585}


Related CVEs


CVE-2022-2585
CVE-2022-30594

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) kernel-5.14.0-70.30.1.0.1.el9_0.src.rpm436491ca90b0a33a90b2188f49ce2a9608eecfca02f63506a028e7ed701b72c2-ol9_aarch64_appstream
kernel-5.14.0-70.30.1.0.1.el9_0.src.rpm436491ca90b0a33a90b2188f49ce2a9608eecfca02f63506a028e7ed701b72c2-ol9_aarch64_baseos_latest
kernel-5.14.0-70.30.1.0.1.el9_0.src.rpm436491ca90b0a33a90b2188f49ce2a9608eecfca02f63506a028e7ed701b72c2-ol9_aarch64_codeready_builder
kernel-5.14.0-70.30.1.0.1.el9_0.src.rpm436491ca90b0a33a90b2188f49ce2a9608eecfca02f63506a028e7ed701b72c2-ol9_aarch64_u0_baseos_patch
bpftool-5.14.0-70.30.1.0.1.el9_0.aarch64.rpm6c4159f8b121c7a3a4b48f1a38a50d307ffafcdd650d0980a4e8ffddacf24bfe-ol9_aarch64_baseos_latest
bpftool-5.14.0-70.30.1.0.1.el9_0.aarch64.rpm6c4159f8b121c7a3a4b48f1a38a50d307ffafcdd650d0980a4e8ffddacf24bfe-ol9_aarch64_u0_baseos_patch
kernel-cross-headers-5.14.0-70.30.1.0.1.el9_0.aarch64.rpma44a8e29c89daf2785a7133e411aa48ab6dbafc8368166bb0f3251857d6d1a1b-ol9_aarch64_codeready_builder
kernel-headers-5.14.0-70.30.1.0.1.el9_0.aarch64.rpm522dcc0bbc6458a48355d6e8a148a443a6284b0cc3aeedabd82d0ad61c8ad5dd-ol9_aarch64_appstream
kernel-tools-5.14.0-70.30.1.0.1.el9_0.aarch64.rpm6a2994e0bc1b21c6f253f8c1fd48ee8e5c1de262905dc645482be12e42f7b8b0-ol9_aarch64_baseos_latest
kernel-tools-5.14.0-70.30.1.0.1.el9_0.aarch64.rpm6a2994e0bc1b21c6f253f8c1fd48ee8e5c1de262905dc645482be12e42f7b8b0-ol9_aarch64_u0_baseos_patch
kernel-tools-libs-5.14.0-70.30.1.0.1.el9_0.aarch64.rpm802d62a29fb71c4af06c923932f170361f9717c28010a10770de0a71e26df533-ol9_aarch64_baseos_latest
kernel-tools-libs-5.14.0-70.30.1.0.1.el9_0.aarch64.rpm802d62a29fb71c4af06c923932f170361f9717c28010a10770de0a71e26df533-ol9_aarch64_u0_baseos_patch
kernel-tools-libs-devel-5.14.0-70.30.1.0.1.el9_0.aarch64.rpm5bc79486e00112176ca23d84673ba50a14c9d8ac837ffa3dad38a0bb7a5ef0d0-ol9_aarch64_codeready_builder
perf-5.14.0-70.30.1.0.1.el9_0.aarch64.rpm2b187d64238b3011e1a62404af3c2de51fe8456d61158024009d3b11cf0c05e4-ol9_aarch64_appstream
python3-perf-5.14.0-70.30.1.0.1.el9_0.aarch64.rpm72fbd08496735a4ff6cde582ae421ef29c7230f4e45907b961e547463cbcd91c-ol9_aarch64_baseos_latest
python3-perf-5.14.0-70.30.1.0.1.el9_0.aarch64.rpm72fbd08496735a4ff6cde582ae421ef29c7230f4e45907b961e547463cbcd91c-ol9_aarch64_u0_baseos_patch
Oracle Linux 9 (x86_64) kernel-5.14.0-70.30.1.0.1.el9_0.src.rpm436491ca90b0a33a90b2188f49ce2a9608eecfca02f63506a028e7ed701b72c2-ol9_x86_64_appstream
kernel-5.14.0-70.30.1.0.1.el9_0.src.rpm436491ca90b0a33a90b2188f49ce2a9608eecfca02f63506a028e7ed701b72c2-ol9_x86_64_baseos_latest
kernel-5.14.0-70.30.1.0.1.el9_0.src.rpm436491ca90b0a33a90b2188f49ce2a9608eecfca02f63506a028e7ed701b72c2-ol9_x86_64_codeready_builder
kernel-5.14.0-70.30.1.0.1.el9_0.src.rpm436491ca90b0a33a90b2188f49ce2a9608eecfca02f63506a028e7ed701b72c2-ol9_x86_64_u0_baseos_patch
bpftool-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm3a8dac4401e6c027552803956ba352511d0c707345186aa44dc801327d8bb9d7-ol9_x86_64_baseos_latest
bpftool-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm3a8dac4401e6c027552803956ba352511d0c707345186aa44dc801327d8bb9d7-ol9_x86_64_u0_baseos_patch
kernel-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm911724df2c1f0cbb470da6db9c6e1f742052527e965e4c19368198444a6418a7-ol9_x86_64_baseos_latest
kernel-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm911724df2c1f0cbb470da6db9c6e1f742052527e965e4c19368198444a6418a7-ol9_x86_64_u0_baseos_patch
kernel-abi-stablelists-5.14.0-70.30.1.0.1.el9_0.noarch.rpm202773e80d7280c6f46bd6ecc7bca46c23d6e15f24d4e936c8b26e87e7fc7961-ol9_x86_64_baseos_latest
kernel-abi-stablelists-5.14.0-70.30.1.0.1.el9_0.noarch.rpm202773e80d7280c6f46bd6ecc7bca46c23d6e15f24d4e936c8b26e87e7fc7961-ol9_x86_64_u0_baseos_patch
kernel-core-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm8ee8b04814bfe5c7c46cd75e04b01f08db6cfdd02eac3f12e59ccf9eef49084b-ol9_x86_64_baseos_latest
kernel-core-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm8ee8b04814bfe5c7c46cd75e04b01f08db6cfdd02eac3f12e59ccf9eef49084b-ol9_x86_64_u0_baseos_patch
kernel-cross-headers-5.14.0-70.30.1.0.1.el9_0.x86_64.rpmd5ae2fdbdbc78340ea954e6e3d971f0235eb4137971143dde382b9d157531876-ol9_x86_64_codeready_builder
kernel-debug-5.14.0-70.30.1.0.1.el9_0.x86_64.rpmbc1b2992f00fa2604a1f6244db64cd44c51e41849190bd723fd12930cc10aec8-ol9_x86_64_baseos_latest
kernel-debug-5.14.0-70.30.1.0.1.el9_0.x86_64.rpmbc1b2992f00fa2604a1f6244db64cd44c51e41849190bd723fd12930cc10aec8-ol9_x86_64_u0_baseos_patch
kernel-debug-core-5.14.0-70.30.1.0.1.el9_0.x86_64.rpme2d5c02a0e07ca2083ec94a3a56356a143595b2cfbac2876613ea6ed5aac80a6-ol9_x86_64_baseos_latest
kernel-debug-core-5.14.0-70.30.1.0.1.el9_0.x86_64.rpme2d5c02a0e07ca2083ec94a3a56356a143595b2cfbac2876613ea6ed5aac80a6-ol9_x86_64_u0_baseos_patch
kernel-debug-devel-5.14.0-70.30.1.0.1.el9_0.x86_64.rpme8b2476f690f4c99d695e055b355092db4af64179cc02b091f3734f42928b799-ol9_x86_64_appstream
kernel-debug-devel-matched-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm4e2b242f495728d5618c56b1f659acbb8d9c000d381933c3d0c1599999b784a6-ol9_x86_64_appstream
kernel-debug-modules-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm5e1b2e0b36bfe057708db2753b16c59e66f101a94bbf8bdd598b51f0c1395f53-ol9_x86_64_baseos_latest
kernel-debug-modules-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm5e1b2e0b36bfe057708db2753b16c59e66f101a94bbf8bdd598b51f0c1395f53-ol9_x86_64_u0_baseos_patch
kernel-debug-modules-extra-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm6239b3eba1126e987e4920e4f0b6e0f8c4545fe6c23517333e017f9f197213cc-ol9_x86_64_baseos_latest
kernel-debug-modules-extra-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm6239b3eba1126e987e4920e4f0b6e0f8c4545fe6c23517333e017f9f197213cc-ol9_x86_64_u0_baseos_patch
kernel-devel-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm6384cd6fbf265da0a5dbe1bb60ecf01b6761e70ac8301396fc7188bc7c8e575b-ol9_x86_64_appstream
kernel-devel-matched-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm9f7e83271b6f144e2c09507a2ef7fa8229f6391989a9efe5581e7ed483e36e76-ol9_x86_64_appstream
kernel-doc-5.14.0-70.30.1.0.1.el9_0.noarch.rpmdc5f7ad7b2b0f64d372cb51930772b0b99404c01c954e6520dca26fe5c45ac1f-ol9_x86_64_appstream
kernel-headers-5.14.0-70.30.1.0.1.el9_0.x86_64.rpma422c7fd32782f81f6f6682a603a74fda845be84619fd19ee4649c790098791d-ol9_x86_64_appstream
kernel-modules-5.14.0-70.30.1.0.1.el9_0.x86_64.rpmc51655662355e430f8210a79de45d97a9c4cb440b787f4f9e70b5468c3ce1ac9-ol9_x86_64_baseos_latest
kernel-modules-5.14.0-70.30.1.0.1.el9_0.x86_64.rpmc51655662355e430f8210a79de45d97a9c4cb440b787f4f9e70b5468c3ce1ac9-ol9_x86_64_u0_baseos_patch
kernel-modules-extra-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm0fd857e835f2f5d4c050a05cd550cc7418827ec2f9570443446fadf13e119431-ol9_x86_64_baseos_latest
kernel-modules-extra-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm0fd857e835f2f5d4c050a05cd550cc7418827ec2f9570443446fadf13e119431-ol9_x86_64_u0_baseos_patch
kernel-tools-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm31d17ff664b2270a96a235aa458427830f20d5b4cbc796ca9fbcae9406fc2537-ol9_x86_64_baseos_latest
kernel-tools-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm31d17ff664b2270a96a235aa458427830f20d5b4cbc796ca9fbcae9406fc2537-ol9_x86_64_u0_baseos_patch
kernel-tools-libs-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm05902ff982ceb3b74b0b9c105557d443ee534eb7aa0e51969e7a100f4f59ef11-ol9_x86_64_baseos_latest
kernel-tools-libs-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm05902ff982ceb3b74b0b9c105557d443ee534eb7aa0e51969e7a100f4f59ef11-ol9_x86_64_u0_baseos_patch
kernel-tools-libs-devel-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm1bde17d0277422e33e23ffa658b8891ec2fd87014ded126a46d9997ad1b8cad7-ol9_x86_64_codeready_builder
perf-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm0e9ebc334cbff76c67f7de5ec34666c4bb4482c9dee543c81150e0b8ce4ab0cd-ol9_x86_64_appstream
python3-perf-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm673e8abb5b9e415b0229c3d50ba931a41f70fdbe721c020cf80fc43497cffaa0-ol9_x86_64_baseos_latest
python3-perf-5.14.0-70.30.1.0.1.el9_0.x86_64.rpm673e8abb5b9e415b0229c3d50ba931a41f70fdbe721c020cf80fc43497cffaa0-ol9_x86_64_u0_baseos_patch



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights