ELSA-2023-0951

ELSA-2023-0951 - kernel security and bug fix update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2023-03-01

Description

- [5.14.0-162.18.1_1.OL9]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]

[5.14.0-162.18.1_1]
- powerpc/pseries: Use lparcfg to reconfig VAS windows for DLPAR CPU (Steve Best) [2154305 2133101]
- redhat/configs: Change the amd-pstate driver from builtin to loadable (David Arcari) [2151274 2143793]
- powerpc/pseries/mobility: set NMI watchdog factor during an LPM (Steve Best) [2140085 2122830]
- powerpc/watchdog: introduce a NMI watchdog's factor (Steve Best) [2140085 2122830]
- watchdog: export lockup_detector_reconfigure (Steve Best) [2140085 2122830]
- powerpc/mobility: wait for memory transfer to complete (Steve Best) [2140085 2122830]

[5.14.0-162.17.1_1]
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (Emanuele Giuseppe Esposito) [2155459 2100404]
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (Emanuele Giuseppe Esposito) [2155459 2100404]
- PCI: hv: Fix interrupt mapping for multi-MSI (Emanuele Giuseppe Esposito) [2155459 2100404]
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Emanuele Giuseppe Esposito) [2155459 2100404]
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Emanuele Giuseppe Esposito) [2155459 2100404]
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (Emanuele Giuseppe Esposito) [2155459 2100404]
- proc: proc_skip_spaces() shouldn't think it is working on C strings (Wander Lairson Costa) [2152580 2152581] {CVE-2022-4378}
- proc: avoid integer type confusion in get_proc_long (Wander Lairson Costa) [2152580 2152581] {CVE-2022-4378}
- blk-mq: run queue no matter whether the request is the last request (Ming Lei) [2162535 2118511]
- netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits (Florian Westphal) [2161724 2161725] {CVE-2023-0179}
- nvme-tcp: fix regression that causes sporadic requests to time out (Gopal Tiwari) [2161344 2124526]
- netfs: Fix dodgy maths (Xiubo Li) [2161418 2138981]
- netfs: Fix missing xas_retry() calls in xarray iteration (Xiubo Li) [2161418 2138981]

[5.14.0-162.16.1_1]
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Ricardo Robaina) [2152929 2152931] {CVE-2022-3564}
- gitlab-ci: use CI templates from production branch (Michael Hofmann)

[5.14.0-162.15.1_1]
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (Thomas Huth) [2158815 2140899]
- x86/fpu: Do not leak fpstate pointer on fork (Rafael Aquini) [2133083 2120448]
- Revert 'usb: typec: ucsi: add a common function ucsi_unregister_connectors()' (Torez Smith) [2153277 2113003]
- i2c: ismt: Fix an out-of-bounds bug in ismt_access() (David Arcari) [2154859 2119067] {CVE-2022-2873}

[5.14.0-162.14.1_1]
- NFSD: fix use-after-free in __nfs42_ssc_open() (Benjamin Coddington) [2152815 2152816] {CVE-2022-4379}
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (Mohammed Gamal) [2155930 2155277]
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (Mohammed Gamal) [2155930 2155277]
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (Mohammed Gamal) [2155930 2155277]
- sched/core: Always flush pending blk_plug (Phil Auld) [2153792 2115520]

[5.14.0-162.13.1_1]
- scsi: qla2xxx: Fix crash when I/O abort times out (Nilesh Javali) [2152178 2115892]
- net: mana: Fix race on per-CQ variable napi work_done (Emanuele Giuseppe Esposito) [2155145 2153431]

Related CVEs

CVE-2023-0179

CVE-2022-4378

CVE-2022-4379

CVE-2022-2873

CVE-2022-3564

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	kernel-5.14.0-162.18.1.el9_1.src.rpm	882c71926c1616db244f96af68a4d84de8d05995a1081cf75256196b3b0acb12	-	ol9_aarch64_appstream
	kernel-5.14.0-162.18.1.el9_1.src.rpm	882c71926c1616db244f96af68a4d84de8d05995a1081cf75256196b3b0acb12	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-162.18.1.el9_1.src.rpm	882c71926c1616db244f96af68a4d84de8d05995a1081cf75256196b3b0acb12	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-162.18.1.el9_1.src.rpm	882c71926c1616db244f96af68a4d84de8d05995a1081cf75256196b3b0acb12	-	ol9_aarch64_u1_baseos_patch
	bpftool-5.14.0-162.18.1.el9_1.aarch64.rpm	35891d468a7706614101b8439bef19c36855d4c807d9ed0cec74338dcf0e5aff	-	ol9_aarch64_baseos_latest
	bpftool-5.14.0-162.18.1.el9_1.aarch64.rpm	35891d468a7706614101b8439bef19c36855d4c807d9ed0cec74338dcf0e5aff	-	ol9_aarch64_u1_baseos_patch
	kernel-cross-headers-5.14.0-162.18.1.el9_1.aarch64.rpm	d2e42c4f1056e755b944825ec7653d842140534171e2b4dec6d14a0d552fd188	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-162.18.1.el9_1.aarch64.rpm	396f28bb9964d1b92ee08fc9f3c6ec2310b618c4607a2c4d3bfdcae4639beeb2	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-162.18.1.el9_1.aarch64.rpm	dc426d9e3965141d7f612d3935665373b80f228e85ef6ae122e0a5e099cf311b	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-162.18.1.el9_1.aarch64.rpm	dc426d9e3965141d7f612d3935665373b80f228e85ef6ae122e0a5e099cf311b	-	ol9_aarch64_u1_baseos_patch
	kernel-tools-libs-5.14.0-162.18.1.el9_1.aarch64.rpm	8a26f36bc21e11b4fb88dccbaaf6f599eb552e641267507acbbcdb1b0f15b5e8	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-162.18.1.el9_1.aarch64.rpm	8a26f36bc21e11b4fb88dccbaaf6f599eb552e641267507acbbcdb1b0f15b5e8	-	ol9_aarch64_u1_baseos_patch
	kernel-tools-libs-devel-5.14.0-162.18.1.el9_1.aarch64.rpm	53e03037f0da43ba1a5be6b644b94ae716a2b2a25e2d966f634b7d4c395f38f8	-	ol9_aarch64_codeready_builder
	perf-5.14.0-162.18.1.el9_1.aarch64.rpm	79aa195441b3536fbcfb4b8b06061b3d69a478ac6b34658e36ede2d0eeffc4e0	-	ol9_aarch64_appstream
	python3-perf-5.14.0-162.18.1.el9_1.aarch64.rpm	b912a270dc8a297f837126c3e41f5da632701983231e86f53aef16167a663317	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-162.18.1.el9_1.aarch64.rpm	b912a270dc8a297f837126c3e41f5da632701983231e86f53aef16167a663317	-	ol9_aarch64_u1_baseos_patch
Oracle Linux 9 (x86_64)	kernel-5.14.0-162.18.1.el9_1.src.rpm	882c71926c1616db244f96af68a4d84de8d05995a1081cf75256196b3b0acb12	-	ol9_x86_64_appstream
	kernel-5.14.0-162.18.1.el9_1.src.rpm	882c71926c1616db244f96af68a4d84de8d05995a1081cf75256196b3b0acb12	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-162.18.1.el9_1.src.rpm	882c71926c1616db244f96af68a4d84de8d05995a1081cf75256196b3b0acb12	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-162.18.1.el9_1.src.rpm	882c71926c1616db244f96af68a4d84de8d05995a1081cf75256196b3b0acb12	-	ol9_x86_64_u1_baseos_patch
	bpftool-5.14.0-162.18.1.el9_1.x86_64.rpm	fc93f9abcb81167d619ff2c160f8e1959ecfc4fccb5c5025aefd396ae9913bc4	-	ol9_x86_64_baseos_latest
	bpftool-5.14.0-162.18.1.el9_1.x86_64.rpm	fc93f9abcb81167d619ff2c160f8e1959ecfc4fccb5c5025aefd396ae9913bc4	-	ol9_x86_64_u1_baseos_patch
	kernel-5.14.0-162.18.1.el9_1.x86_64.rpm	2b49092dbcdd3df3fa0ed427ad30cb5d190ad35cc991940ef9c0dfc4a7c6c23a	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-162.18.1.el9_1.x86_64.rpm	2b49092dbcdd3df3fa0ed427ad30cb5d190ad35cc991940ef9c0dfc4a7c6c23a	-	ol9_x86_64_u1_baseos_patch
	kernel-abi-stablelists-5.14.0-162.18.1.el9_1.noarch.rpm	542c4c3a1198d28f0f3961a46c96f81d8797de431e0922cef0e6483ab9b35e70	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-162.18.1.el9_1.noarch.rpm	542c4c3a1198d28f0f3961a46c96f81d8797de431e0922cef0e6483ab9b35e70	-	ol9_x86_64_u1_baseos_patch
	kernel-core-5.14.0-162.18.1.el9_1.x86_64.rpm	11be56b0063b761424b662cca8adf9bdc169a19f6608f2e3e6e5f2c53923ade7	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-162.18.1.el9_1.x86_64.rpm	11be56b0063b761424b662cca8adf9bdc169a19f6608f2e3e6e5f2c53923ade7	-	ol9_x86_64_u1_baseos_patch
	kernel-cross-headers-5.14.0-162.18.1.el9_1.x86_64.rpm	4d4bcb2890af592dec38bb03ab40603cbe849d6c445c9ee9ef03757839a81d78	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-162.18.1.el9_1.x86_64.rpm	27829be07701bb53b673546d1ef0105a585908551d6c7e64f860be190089f70a	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-162.18.1.el9_1.x86_64.rpm	27829be07701bb53b673546d1ef0105a585908551d6c7e64f860be190089f70a	-	ol9_x86_64_u1_baseos_patch
	kernel-debug-core-5.14.0-162.18.1.el9_1.x86_64.rpm	98836a78803b7224a76a258d01047d8664ad8b8b3cd26c56313a87a901fd552b	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-162.18.1.el9_1.x86_64.rpm	98836a78803b7224a76a258d01047d8664ad8b8b3cd26c56313a87a901fd552b	-	ol9_x86_64_u1_baseos_patch
	kernel-debug-devel-5.14.0-162.18.1.el9_1.x86_64.rpm	9ecd23215b8deb8af3c7b78d2bb0c645c8f537dc40060251b6e507790c64b7da	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-162.18.1.el9_1.x86_64.rpm	ee376b926d795eece4395ff4535935bbda5fd5612bbd49a10b41210b5cf90d56	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-162.18.1.el9_1.x86_64.rpm	1f9b5d8ea60f59ad9cc520c6fa7707e6c131416d05989d8174d50e12468a8d58	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-162.18.1.el9_1.x86_64.rpm	1f9b5d8ea60f59ad9cc520c6fa7707e6c131416d05989d8174d50e12468a8d58	-	ol9_x86_64_u1_baseos_patch
	kernel-debug-modules-extra-5.14.0-162.18.1.el9_1.x86_64.rpm	957c1139a954cd929cf806282da592b9913e27ae63e17ef55161a79f6f4227cc	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-162.18.1.el9_1.x86_64.rpm	957c1139a954cd929cf806282da592b9913e27ae63e17ef55161a79f6f4227cc	-	ol9_x86_64_u1_baseos_patch
	kernel-devel-5.14.0-162.18.1.el9_1.x86_64.rpm	656838317f892e553e15d219ca417c2a80ce5e8c0b423a957134631a55ae21ef	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-162.18.1.el9_1.x86_64.rpm	d252ea1648f492b3fe6aad18221345e0994cc1eef9d1aaa6bc0ef1b10e20e3bc	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-162.18.1.el9_1.noarch.rpm	023998534cd6670ba4cd7bd75be0a0e1e79246fb25a33e440c079eee191817af	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-162.18.1.el9_1.x86_64.rpm	f704c874fc1569812be84f86afccb5f05f10b0b104f7a7adaf09d8e5eaf4cf8f	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-162.18.1.el9_1.x86_64.rpm	60afba5ed536098dc95f7b7b30094141f9204bc74794bc7133d6f717316efa71	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-162.18.1.el9_1.x86_64.rpm	60afba5ed536098dc95f7b7b30094141f9204bc74794bc7133d6f717316efa71	-	ol9_x86_64_u1_baseos_patch
	kernel-modules-extra-5.14.0-162.18.1.el9_1.x86_64.rpm	98ac1c589029ea20824532d673db3a1113a7103029c5016b9a47d5d2b9a79356	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-162.18.1.el9_1.x86_64.rpm	98ac1c589029ea20824532d673db3a1113a7103029c5016b9a47d5d2b9a79356	-	ol9_x86_64_u1_baseos_patch
	kernel-tools-5.14.0-162.18.1.el9_1.x86_64.rpm	abdba17538b4fabaffc472340af6f96a81e433bca5c50d0639ede3259c594e6c	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-162.18.1.el9_1.x86_64.rpm	abdba17538b4fabaffc472340af6f96a81e433bca5c50d0639ede3259c594e6c	-	ol9_x86_64_u1_baseos_patch
	kernel-tools-libs-5.14.0-162.18.1.el9_1.x86_64.rpm	0c5ff187e6d59428b3a39fd3c5c23ec885849901445830642a7afee4ddba368a	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-162.18.1.el9_1.x86_64.rpm	0c5ff187e6d59428b3a39fd3c5c23ec885849901445830642a7afee4ddba368a	-	ol9_x86_64_u1_baseos_patch
	kernel-tools-libs-devel-5.14.0-162.18.1.el9_1.x86_64.rpm	a161b2d1509bca11b4443072ad89388d8eeba552d7e105ce7d1e72246243c99b	-	ol9_x86_64_codeready_builder
	perf-5.14.0-162.18.1.el9_1.x86_64.rpm	99d02e697a84df4d4bf6e6d5d1367febecc0a126694f8214a4208df9dcaa5fef	-	ol9_x86_64_appstream
	python3-perf-5.14.0-162.18.1.el9_1.x86_64.rpm	6d8546c6056004ae40ea2c0dc23094bca6c45212ad65aaad008de1812acdfb07	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-162.18.1.el9_1.x86_64.rpm	6d8546c6056004ae40ea2c0dc23094bca6c45212ad65aaad008de1812acdfb07	-	ol9_x86_64_u1_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team