ELSA-2022-9788

ULN >
Oracle Linux Errata repository >
ELSA-2022-9788

ELSA-2022-9788 - Unbreakable Enterprise kernel-container security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2022-09-16

Description

[4.14.35-2047.517.3.el7]
- KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637]
- KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637]
- KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]

[4.14.35-2047.517.2.el7]
- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476942]
- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476942]
- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476942]
- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476942]
- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476942]
- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419972] {CVE-2022-21546}
- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414240]
- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510858] {CVE-2022-21385}

[4.14.35-2047.517.1.el7]
- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480752] {CVE-2022-2588}
- Restore 'module, async: async_synchronize_full() on module init iff async is used' (Mridula Shastry) [Orabug: 34469834]
- net/rds: Replace #ifdef DEBUG with CONFIG_SLUB_DEBUG (Freddy Carrillo) [Orabug: 34405766]
- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34295843]
- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34295843]
- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34295843]
- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34295843]
- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34211118]
- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34211118]
- Linux 4.14.288 (Greg Kroah-Hartman)
- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin)
- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin)
- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle)
- ida: don't use BUG_ON() for debugging (Linus Torvalds)
- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy)
- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland)
- xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen)
- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld)
- video: of_display_timing.h: include errno.h (Hsin-Yi Wang)
- fbcon: Disallow setting font bigger than screen size (Helge Deller)
- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen)
- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou)
- usbnet: fix memory leak in error case (Oliver Neukum)
- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman)
- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He)
- mm/slub: add missing TID updates on slab deactivation (Jann Horn)
- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca)
- Linux 4.14.287 (Greg Kroah-Hartman)
- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour)
- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas)
- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano)
- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) {CVE-2022-33744}
- net: Rename and export copy_skb_header (Ilya Lesokhin)
- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou)
- sit: use min (kernel test robot)
- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang)
- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle)
- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski)
- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov)
- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet)
- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso)
- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang)
- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing)
- usbnet: fix memory allocation in helpers (Oliver Neukum)
- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib)
- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso)
- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou)
- SUNRPC: Fix READ_PLUS crasher (Chuck Lever)
- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld)
- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka)
- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen)
- nvdimm: Fix badblocks clear off-by-one error (Chris Ye)
- Linux 4.14.286 (Greg Kroah-Hartman)
- swiotlb: skip swiotlb_bounce when orig_addr is zero (Liu Shixin)
- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao)
- fdt: Update CRC check for rng-seed (Hsin-Yi Wang)
- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada)
- drm: remove drm_fb_helper_modinit (Christoph Hellwig)
- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld)
- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada)
- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin)
- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin)
- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin)
- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach)
- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld)
- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan)
- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao)
- xtensa: Fix refcount leak bug in time.c (Liang He)
- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He)
- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede)
- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch)
- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma)
- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen)
- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov)
- usb: chipidea: udc: check request status before setting device address (Xu Yang)
- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach)
- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng)
- MIPS: Remove repetitive increase irq_err_count (huhai)
- x86/xen: Remove undefined behavior in setup_features() (Julien Grall)
- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh)
- USB: serial: option: add Quectel RM500K module support (Macpaul Lin)
- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan)
- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano)
- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld)
- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis)
- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu)
- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld)
- vt: drop old FONT ioctls (Jiri Slaby)
- Linux 4.14.285 (Greg Kroah-Hartman)
- tcp: drop the hash_32() part from the index calculation (Willy Tarreau)
- tcp: increase source port perturb table to 2^16 (Willy Tarreau)
- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau)
- tcp: add small random increments to the source port (Willy Tarreau)
- tcp: use different parts of the port_offset for index and offset (Willy Tarreau)
- tcp: add some entropy in __inet_hash_connect() (Eric Dumazet)
- xprtrdma: fix incorrect header size calculations (Colin Ian King)
- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca)
- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger)
- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo)
- ext4: add reserved GDT blocks check (Zhang Yi)
- ext4: make variable 'count' signed (Ding Xiang)
- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li)
- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen)
- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin)
- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin)
- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann)
- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao)
- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott)
- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin)
- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada)
- arm64: ftrace: fix branch range checks (Mark Rutland)
- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET)
- misc: atmel-ssc: Fix IRQ check in ssc_probe (Miaoqian Lin)
- tty: goldfish: Fix free_irq() on remove (Vincent Whitchurch)
- i40e: Fix call trace in setup_tx_descriptors (Aleksandr Loktionov)
- pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (Trond Myklebust)
- random: credit cpu and bootloader seeds by default (Jason A. Donenfeld)
- net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (Chen Lin)
- ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (Wang Yufen)
- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (Xiaohui Zhang)
- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (chengkaitao)
- scsi: pmcraid: Fix missing resource cleanup in error case (Chengguang Xu)
- scsi: ipr: Fix missing/incorrect resource cleanup in error case (Chengguang Xu)
- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (James Smart)
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (Wentao Wang)
- ASoC: wm8962: Fix suspend while playing music (Adam Ford)
- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (Sergey Shtylyov)
- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (Charles Keepax)
- ASoC: cs42l52: Correct TLV for Bypass Volume (Charles Keepax)
- ASoC: cs53l30: Correct number of volume levels on SX controls (Charles Keepax)
- ASoC: cs42l52: Fix TLV scales for mixer controls (Charles Keepax)
- random: account for arch randomness in bits (Jason A. Donenfeld)
- random: mark bootloader randomness code as __init (Jason A. Donenfeld)
- random: avoid checking crng_ready() twice in random_init() (Jason A. Donenfeld)
- crypto: drbg - make reseeding from get_random_bytes() synchronous (Nicolai Stange)
- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller)
- crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (Nicolai Stange)
- crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (Nicolai Stange)
- crypto: drbg - prepare for more fine-grained tracking of seeding state (Nicolai Stange)
- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller)
- crypto: drbg - add FIPS 140-2 CTRNG for noise source (Stephan Mueller)
- Revert 'random: use static branch for crng_ready()' (Jason A. Donenfeld)
- random: check for signals after page of pool writes (Jason A. Donenfeld)
- random: wire up fops->splice_{read,write}_iter() (Jens Axboe)
- random: convert to using fops->write_iter() (Jens Axboe)
- random: move randomize_page() into mm where it belongs (Jason A. Donenfeld)
- random: move initialization functions out of hot pages (Jason A. Donenfeld)
- random: use proper jiffies comparison macro (Jason A. Donenfeld)
- random: use symbolic constants for crng_init states (Jason A. Donenfeld)
- siphash: use one source of truth for siphash permutations (Jason A. Donenfeld)
- random: help compiler out with fast_mix() by using simpler arguments (Jason A. Donenfeld)
- random: do not use input pool from hard IRQs (Saeed Mirzamohammadi)
- random: order timer entropy functions below interrupt functions (Jason A. Donenfeld)
- random: do not pretend to handle premature next security model (Jason A. Donenfeld)
- random: do not use batches when !crng_ready() (Jason A. Donenfeld)
- random: insist on random_get_entropy() existing in order to simplify (Jason A. Donenfeld)
- xtensa: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld)
- sparc: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld)
- um: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld)
- x86/tsc: Use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld)
- nios2: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld)
- arm: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld)
- mips: use fallback for random_get_entropy() instead of just c0 random (Jason A. Donenfeld)
- m68k: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld)
- timekeeping: Add raw clock fallback for random_get_entropy() (Jason A. Donenfeld)
- powerpc: define get_cycles macro for arch-override (Jason A. Donenfeld)
- alpha: define get_cycles macro for arch-override (Jason A. Donenfeld)
- parisc: define get_cycles macro for arch-override (Jason A. Donenfeld)
- s390: define get_cycles macro for arch-override (Jason A. Donenfeld)
- ia64: define get_cycles macro for arch-override (Jason A. Donenfeld)
- init: call time_init() before rand_initialize() (Jason A. Donenfeld)
- random: fix sysctl documentation nits (Jason A. Donenfeld)
- random: document crng_fast_key_erasure() destination possibility (Jason A. Donenfeld)
- random: make random_get_entropy() return an unsigned long (Jason A. Donenfeld)
- random: check for signals every PAGE_SIZE chunk of /dev/[u]random (Jason A. Donenfeld)
- random: check for signal_pending() outside of need_resched() check (Jann Horn)
- random: do not allow user to keep crng key around on stack (Jason A. Donenfeld)
- random: do not split fast init input in add_hwgenerator_randomness() (Jan Varho)
- random: mix build-time latent entropy into pool at init (Jason A. Donenfeld)
- random: re-add removed comment about get_random_{u32,u64} reseeding (Jason A. Donenfeld)
- random: treat bootloader trust toggle the same way as cpu trust toggle (Jason A. Donenfeld)
- random: skip fast_init if hwrng provides large chunk of entropy (Jason A. Donenfeld)
- random: check for signal and try earlier when generating entropy (Jason A. Donenfeld)
- random: reseed more often immediately after booting (Jason A. Donenfeld)
- random: make consistent usage of crng_ready() (Jason A. Donenfeld)
- random: use SipHash as interrupt entropy accumulator (Jason A. Donenfeld)
- random: replace custom notifier chain with standard one (Jason A. Donenfeld)
- random: don't let 644 read-only sysctls be written to (Jason A. Donenfeld)
- random: give sysctl_random_min_urandom_seed a more sensible value (Jason A. Donenfeld)
- random: do crng pre-init loading in worker rather than irq (Jason A. Donenfeld)
- random: unify cycles_t and jiffies usage and types (Jason A. Donenfeld)
- random: cleanup UUID handling (Jason A. Donenfeld)
- random: only wake up writers after zap if threshold was passed (Jason A. Donenfeld)
- random: round-robin registers as ulong, not u32 (Jason A. Donenfeld)
- random: pull add_hwgenerator_randomness() declaration into random.h (Jason A. Donenfeld)
- random: check for crng_init == 0 in add_device_randomness() (Jason A. Donenfeld)
- random: unify early init crng load accounting (Jason A. Donenfeld)
- random: do not take pool spinlock at boot (Jason A. Donenfeld)
- random: defer fast pool mixing to worker (Jason A. Donenfeld)
- random: rewrite header introductory comment (Jason A. Donenfeld)
- random: group sysctl functions (Jason A. Donenfeld)
- random: group userspace read/write functions (Jason A. Donenfeld)
- random: group entropy collection functions (Jason A. Donenfeld)
- random: group entropy extraction functions (Jason A. Donenfeld)
- random: remove useless header comment (Jason A. Donenfeld)
- random: introduce drain_entropy() helper to declutter crng_reseed() (Jason A. Donenfeld)
- random: deobfuscate irq u32/u64 contributions (Jason A. Donenfeld)
- random: add proper SPDX header (Jason A. Donenfeld)
- random: remove unused tracepoints (Jason A. Donenfeld)
- random: remove ifdef'd out interrupt bench (Jason A. Donenfeld)
- random: tie batched entropy generation to base_crng generation (Jason A. Donenfeld)
- random: zero buffer after reading entropy from userspace (Jason A. Donenfeld)
- random: remove outdated INT_MAX >> 6 check in urandom_read() (Jason A. Donenfeld)
- random: use hash function for crng_slow_load() (Jason A. Donenfeld)
- random: absorb fast pool into input pool after fast load (Jason A. Donenfeld)
- random: do not xor RDRAND when writing into /dev/random (Jason A. Donenfeld)
- random: ensure early RDSEED goes through mixer on init (Jason A. Donenfeld)
- random: inline leaves of rand_initialize() (Jason A. Donenfeld)
- random: use RDSEED instead of RDRAND in entropy extraction (Jason A. Donenfeld)
- random: fix locking in crng_fast_load() (Dominik Brodowski)
- random: remove batched entropy locking (Jason A. Donenfeld)
- random: remove use_input_pool parameter from crng_reseed() (Eric Biggers)
- random: make credit_entropy_bits() always safe (Jason A. Donenfeld)
- random: always wake up entropy writers after extraction (Jason A. Donenfeld)
- random: use linear min-entropy accumulation crediting (Jason A. Donenfeld)
- random: simplify entropy debiting (Jason A. Donenfeld)
- random: use computational hash for entropy extraction (Jason A. Donenfeld)
- random: only call crng_finalize_init() for primary_crng (Dominik Brodowski)
- random: access primary_pool directly rather than through pointer (Dominik Brodowski)
- random: continually use hwgenerator randomness (Dominik Brodowski)
- random: simplify arithmetic function flow in account() (Jason A. Donenfeld)
- random: access input_pool_data directly rather than through pointer (Jason A. Donenfeld)
- random: cleanup fractional entropy shift constants (Jason A. Donenfeld)
- random: prepend remaining pool constants with POOL_ (Jason A. Donenfeld)
- random: de-duplicate INPUT_POOL constants (Jason A. Donenfeld)
- random: remove unused OUTPUT_POOL constants (Jason A. Donenfeld)
- random: rather than entropy_store abstraction, use global (Jason A. Donenfeld)
- random: try to actively add entropy rather than passively wait for it (Linus Torvalds)
- random: remove unused extract_entropy() reserved argument (Jason A. Donenfeld)
- random: remove incomplete last_data logic (Jason A. Donenfeld)
- random: cleanup integer types (Jason A. Donenfeld)
- crypto: chacha20 - Fix chacha20_block() keystream alignment (again) (Eric Biggers)
- random: cleanup poolinfo abstraction (Jason A. Donenfeld)
- random: fix typo in comments (Schspa Shi)
- random: don't reset crng_init_cnt on urandom_read() (Jann Horn)
- random: avoid superfluous call to RDRAND in CRNG extraction (Jason A. Donenfeld)
- random: early initialization of ChaCha constants (Dominik Brodowski)
- random: initialize ChaCha20 constants with correct endianness (Eric Biggers)
- random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs (Jason A. Donenfeld)
- random: harmonize 'crng init done' messages (Dominik Brodowski)
- random: mix bootloader randomness into pool (Jason A. Donenfeld)
- random: do not re-init if crng_reseed completes before primary init (Jason A. Donenfeld)
- random: do not sign extend bytes for rotation when mixing (Jason A. Donenfeld)
- random: use BLAKE2s instead of SHA1 in extraction (Jason A. Donenfeld)
- random: remove unused irq_flags argument from add_interrupt_randomness() (Saeed Mirzamohammadi)
- random: document add_hwgenerator_randomness() with other input functions (Mark Brown)
- crypto: blake2s - adjust include guard naming (Eric Biggers)
- crypto: blake2s - include instead of (Eric Biggers)
- MAINTAINERS: co-maintain random.c (Jason A. Donenfeld)
- random: remove dead code left over from blocking pool (Eric Biggers)
- random: avoid arch_get_random_seed_long() when collecting IRQ randomness (Ard Biesheuvel)
- random: add arch_get_random_*long_early() (Mark Rutland)
- powerpc: Use bool in archrandom.h (Richard Henderson)
- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (Richard Henderson)
- linux/random.h: Use false with bool (Richard Henderson)
- linux/random.h: Remove arch_has_random, arch_has_random_seed (Richard Henderson)
- s390: Remove arch_has_random, arch_has_random_seed (Richard Henderson)
- powerpc: Remove arch_has_random, arch_has_random_seed (Richard Henderson)
- x86: Remove arch_has_random, arch_has_random_seed (Richard Henderson)
- random: avoid warnings for !CONFIG_NUMA builds (Mark Rutland)
- random: split primary/secondary crng init paths (Mark Rutland)
- random: remove some dead code of poolinfo (Yangtao Li)
- random: fix typo in add_timer_randomness() (Yangtao Li)
- random: Add and use pr_fmt() (Yangtao Li)
- random: convert to ENTROPY_BITS for better code readability (Yangtao Li)
- random: remove unnecessary unlikely() (Yangtao Li)
- random: remove kernel.random.read_wakeup_threshold (Andy Lutomirski)
- random: delete code to pull data into pools (Andy Lutomirski)
- random: remove the blocking pool (Andy Lutomirski)
- random: fix crash on multiple early calls to add_bootloader_randomness() (Dominik Brodowski)
- char/random: silence a lockdep splat with printk() (Sergey Senozhatsky)
- random: make /dev/random be almost like /dev/urandom (Andy Lutomirski)
- random: ignore GRND_RANDOM in getentropy(2) (Andy Lutomirski)
- random: add GRND_INSECURE to return best-effort non-cryptographic bytes (Andy Lutomirski)
- random: Add a urandom_read_nowait() for random APIs that don't warn (Andy Lutomirski)
- random: Don't wake crng_init_wait when crng_init == 1 (Andy Lutomirski)
- lib/crypto: sha1: re-roll loops to reduce code size (Jason A. Donenfeld)
- lib/crypto: blake2s: move hmac construction into wireguard (Jason A. Donenfeld)
- crypto: blake2s - generic C library implementation and selftest (Jason A. Donenfeld)
- crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() (Andy Shevchenko)
- Revert 'hwrng: core - Freeze khwrng thread during suspend' (Herbert Xu)
- char/random: Add a newline at the end of the file (Borislav Petkov)
- random: Use wait_event_freezable() in add_hwgenerator_randomness() (Stephen Boyd)
- fdt: add support for rng-seed (Hsin-Yi Wang)
- random: Support freezable kthreads in add_hwgenerator_randomness() (Stephen Boyd)
- random: fix soft lockup when trying to read from an uninitialized blocking pool (Theodore Ts'o)
- latent_entropy: avoid build error when plugin cflags are not set (Vasily Gorbik)
- random: document get_random_int() family (George Spelvin)
- random: move rand_initialize() earlier (Kees Cook)
- random: only read from /dev/random after its pool has received 128 bits (Theodore Ts'o)
- drivers/char/random.c: make primary_crng static (Rasmus Villemoes)
- drivers/char/random.c: remove unused stuct poolinfo::poolbits (Rasmus Villemoes)
- drivers/char/random.c: constify poolinfo_table (Rasmus Villemoes)
- random: make CPU trust a boot parameter (Kees Cook)
- random: Make crng state queryable (Jason A. Donenfeld)
- random: remove preempt disabled region (Ingo Molnar)
- random: add a config option to trust the CPU's hwrng (Theodore Ts'o)
- random: Return nbytes filled from hw RNG (Tobin C. Harding)
- random: Fix whitespace pre random-bytes work (Tobin C. Harding)
- drivers/char/random.c: remove unused dont_count_entropy (Rasmus Villemoes)
- random: optimize add_interrupt_randomness (Andi Kleen)
- random: always fill buffer in get_random_bytes_wait (Jason A. Donenfeld)
- crypto: chacha20 - Fix keystream alignment for chacha20_block() (Eric Biggers)
- 9p: missing chunk of 'fs/9p: Don't update file type when updating file attributes' (Al Viro)

[4.14.35-2047.517.0.el7]
- mpt3sas: Fix panic observed while accessing the hw ctx queue (Gulam Mohamed) [Orabug: 34446738]
- driver: marvell: mmc: Add new bus modes overrides from DT (Wojciech Bartczak) [Orabug: 34440004]
- octeontx2: mmc: Adds mechanism to modify all MMC bus modes timings (Wojciech Bartczak) [Orabug: 34440004]
- rds/rdma: correctly assign the dest qp num in rds ib connection (Rohit Nair) [Orabug: 34429478]
- Revert 'uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT' (Gulam Mohamed) [Orabug: 34419153]
- net/rds : Adding support to print SCQ and RCQ completion vectors in rds-info. (Anand Khoje) [Orabug: 34398210]
- IB/mlx5: Disable BME for unbound devices too (Hakon Bugge) [Orabug: 34395378]
- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) [Orabug: 34387281]
- net/mlx5: FW tracer, Add debug prints (Saeed Mahameed) [Orabug: 34387281]
- perf script: Fix crash because of missing evsel->priv (Ravi Bangoria) [Orabug: 34382257]
- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371946]
- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364338]
- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364338]
- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 33665743]

Related CVEs

CVE-2022-2588

CVE-2022-21385

CVE-2022-21546

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 7 (x86_64)	kernel-uek-container-4.14.35-2047.517.3.el7.src.rpm	35cd3110a0b7793cff6c5aebe784af6c	-
	kernel-uek-container-4.14.35-2047.517.3.el7.x86_64.rpm	6edac24b0dfced2835ddb5b0aa057222	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691