ELSA-2022-9871

ULN >
Oracle Linux Errata repository >
ELSA-2022-9871

ELSA-2022-9871 - Unbreakable Enterprise kernel-container security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2022-10-10

Description

[4.14.35-2047.518.4.el7]
- xfs: avoid race between writeback and data/cow fork changes (Wengang Wang)
[Orabug: 34508036]

[4.14.35-2047.518.3.el7]
- KVM: SVM: Clear the CR4 register on reset (Babu Moger) [Orabug: 34617675]

[4.14.35-2047.518.2.el7]
- af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu) [Orabug: 34566753] {CVE-2022-3028}
- l2tp: fix tunnel lookup use-after-free race (James Chapman) [Orabug: 32504113]

[4.14.35-2047.518.1.el7]
- xfs: fix out of bound access (Junxiao Bi) [Orabug: 33089469] [Orabug: 34535011]
- KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34362737]
- KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34362737]
- KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34362737]
- netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal) [Orabug: 32176166]
- sysfs: turn WARN() into pr_warn() (Greg Kroah-Hartman) [Orabug: 32176118]

[4.14.35-2047.518.0.el7]
- lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34543517] {CVE-2022-21499}
- Revert 'debug: Lock down kgdb' (Alok Tiwari) [Orabug: 34543517] {CVE-2022-21499}
- vmcoreinfo: add kallsyms_num_syms symbol (Stephen Brennan) [Orabug: 34475880]
- vmcoreinfo: include kallsyms symbols (Stephen Brennan) [Orabug: 34475880]
- kallsyms: move declarations to internal header (Stephen Brennan) [Orabug: 34475880]
- mpt3sas: avoid SOFT_RESET on shutdown (John Donnelly) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Update driver version to 39.100.00.00 (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Use firmware recommended queue depth (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Transition IOC to Ready state during shutdown (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix fall-through warnings for Clang (Gustavo A. R. Silva) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Handle firmware faults during first half of IOC init (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix deadlock while cancelling the running firmware event (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Documentation cleanup (Randy Dunlap) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (Sreekanth Reddy) [Orabug: 34408138]
- scsi: mpt3sas: Fix two kernel-doc headers (Bart Van Assche) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix out-of-bounds warnings in _ctl_addnl_diag_query (Gustavo A. R. Silva) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix endianness for ActiveCablePowerRequirement (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix a typo (Bhaskar Chowdhury) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix a few kernel-doc issues (Lee Jones) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force reply post buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force reply buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force sense buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force chain buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one (Gustavo A. R. Silva) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (Christophe JAILLET) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix some kernel-doc misnaming issues (Lee Jones) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix a couple of misdocumented functions/params (Lee Jones) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix a bunch of potential naming doc-rot (Lee Jones) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Move a little data from the stack onto the heap (Lee Jones) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix misspelling of _base_put_smid_default_atomic() (Lee Jones) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Additional diagnostic buffer query interface (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix ReplyPostFree pool allocation (Sreekanth Reddy) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Simplify bool comparison (YANG LI) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix spelling mistake in Kconfig 'compatiblity' -> 'compatibility' (Suganath Prabu S) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Signedness bug in _base_get_diag_triggers() (Dan Carpenter) [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Block PCI config access from userspace during reset (Sreekanth Reddy) [Orabug: 34408138]
- Linux 4.14.290 (Greg Kroah-Hartman)
- PCI: hv: Fix interrupt mapping for multi-MSI (Jeffrey Hugo)
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Jeffrey Hugo)
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Jeffrey Hugo)
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (Jeffrey Hugo)
- net: usb: ax88179_178a needs FLAG_SEND_ZLP (Jose Alonso)
- tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (Jiri Slaby)
- tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (Jiri Slaby)
- tty: drop tty_schedule_flip() (Jiri Slaby)
- tty: the rest, stop using tty_schedule_flip() (Jiri Slaby)
- tty: drivers/tty/, stop using tty_schedule_flip() (Jiri Slaby)
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (Luiz Augusto von Dentz)
- Bluetooth: SCO: Fix sco_send_frame returning skb->len (Luiz Augusto von Dentz)
- Bluetooth: Fix passing NULL to PTR_ERR (Luiz Augusto von Dentz)
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (Luiz Augusto von Dentz)
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (Luiz Augusto von Dentz)
- Bluetooth: Add bt_skb_sendmmsg helper (Luiz Augusto von Dentz)
- Bluetooth: Add bt_skb_sendmsg helper (Luiz Augusto von Dentz)
- ALSA: memalloc: Align buffer allocations in page size (Takashi Iwai)
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong)
- drm/tilcdc: Remove obsolete crtc_mode_valid() hack (Jyri Sarha)
- bpf: Make sure mac_header was set before using it (Eric Dumazet)
- mm/mempolicy: fix uninit-value in mpol_rebind_policy() (Wang Cheng)
- Revert 'Revert 'char/random: silence a lockdep splat with printk()'' (Jason A. Donenfeld)
- be2net: Fix buffer overflow in be_get_module_eeprom (Hristo Venev)
- tcp: Fix a data-race around sysctl_tcp_notsent_lowat. (Kuniyuki Iwashima)
- igmp: Fix a data-race around sysctl_igmp_max_memberships. (Kuniyuki Iwashima)
- igmp: Fix data-races around sysctl_igmp_llm_reports. (Kuniyuki Iwashima)
- net: stmmac: fix dma queue left shift overflow issue (Junxiao Chang)
- i2c: cadence: Change large transfer count reset logic to be unconditional (Robert Hancock)
- tcp: Fix a data-race around sysctl_tcp_probe_interval. (Kuniyuki Iwashima)
- tcp: Fix a data-race around sysctl_tcp_probe_threshold. (Kuniyuki Iwashima)
- tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. (Kuniyuki Iwashima)
- ip: Fix a data-race around sysctl_fwmark_reflect. (Kuniyuki Iwashima)
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (Peter Zijlstra)
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (Miaoqian Lin)
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua)
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour)
- Linux 4.14.289 (Greg Kroah-Hartman)
- can: m_can: m_can_tx_handler(): fix use after free of skb (Marc Kleine-Budde)
- mm: invalidate hwpoison page cache page in fault path (Rik van Riel)
- serial: 8250: fix return error code in serial8250_request_std_resource() (Yi Yang)
- tty: serial: samsung_tty: set dma burst_size to 1 (Chanho Park)
- usb: dwc3: gadget: Fix event pending check (Thinh Nguyen)
- USB: serial: ftdi_sio: add Belimo device ids (Lucien Buchmann)
- signal handling: don't use BUG_ON() for debugging (Linus Torvalds)
- x86: Clear .brk area at early boot (Juergen Gross)
- irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (Stafford Horne)
- ASoC: wm5110: Fix DRE control (Charles Keepax)
- ASoC: ops: Fix off by one in range control validation (Mark Brown)
- net: sfp: fix memory leak in sfp_probe() (Jianglei Nie)
- NFC: nxp-nci: don't print header length mismatch on i2c error (Michael Walle)
- net: tipc: fix possible refcount leak in tipc_sk_create() (Hangyu Hua)
- platform/x86: hp-wmi: Ignore Sanitization Mode event (Kai-Heng Feng)
- cpufreq: pmac32-cpufreq: Fix refcount leak bug (Liang He)
- netfilter: br_netfilter: do not skip all hooks with 0 priority (Florian Westphal)
- virtio_mmio: Restore guest page size on resume (Stephan Gerhold)
- virtio_mmio: Add missing PM calls to freeze/restore (Stephan Gerhold)
- sfc: fix kernel panic when creating VF (Inigo Huguet)
- seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (Andrea Mayer)
- seg6: fix skb checksum evaluation in SRH encapsulation/insertion (Andrea Mayer)
- sfc: fix use after free when disabling sriov (Inigo Huguet)
- ipv4: Fix data-races around sysctl_ip_dynaddr. (Kuniyuki Iwashima)
- icmp: Fix a data-race around sysctl_icmp_ratemask. (Kuniyuki Iwashima)
- icmp: Fix a data-race around sysctl_icmp_ratelimit. (Kuniyuki Iwashima)
- ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (Michal Suchanek)
- icmp: Fix data-races around sysctl. (Kuniyuki Iwashima)
- cipso: Fix data-races around sysctl. (Kuniyuki Iwashima)
- net: Fix data-races around sysctl_mem. (Kuniyuki Iwashima)
- inetpeer: Fix data-races around sysctl. (Kuniyuki Iwashima)
- ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (Ard Biesheuvel)
- xhci: make xhci_handshake timeout for xhci_reset() adjustable (Mathias Nyman)
- xhci: bail out early if driver can't accress host in resume (Mathias Nyman)
- net: dsa: bcm_sf2: force pause link settings (Doug Berger)
- nilfs2: fix incorrect masking of permission flags for symlinks (Ryusuke Konishi)
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (Tejun Heo)
- ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (Ard Biesheuvel)
- ARM: 9213/1: Print message about disabled Spectre workarounds only once (Dmitry Osipenko)
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (Steven Rostedt (Google))
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (Juergen Gross)
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (Meng Tang)
- ALSA: hda - Add fixup for Dell Latitidue E5430 (Meng Tang)

Related CVEs

CVE-2022-3028

CVE-2022-21499

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 7 (x86_64)	kernel-uek-container-4.14.35-2047.518.4.el7.src.rpm	b948411c1552599f66fcb47a7b7fd8c3	-
	kernel-uek-container-4.14.35-2047.518.4.el7.x86_64.rpm	328f8724eae02b98c55ba9aa879884a2	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691