ELSA-2023-12565

ELSA-2023-12565 - Unbreakable Enterprise kernel security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2023-07-04

Description

[4.1.12-124.76.2]
- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) [Orabug: 35493606] {CVE-2023-3159}
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Pavel Skripkin) [Orabug: 35448003] {CVE-2022-1679}
- dm ioctl: fix nested locking in table_clear() to remove deadlock concern (Mike Snitzer) [Orabug: 35354880] {CVE-2023-2269}
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (Duoming Zhou) [Orabug: 35181652] {CVE-2023-1118}
- misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (Zheng Wang) [Orabug: 35180779] {CVE-2022-3424}

[4.1.12-124.76.1]
- ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum (Tudor Ambarus) [Orabug: 35457204] {CVE-2023-34256}
- igmp: Add ip_mc_list lock in ip_check_mc_rcu (Liu Jian) [Orabug: 35448048] {CVE-2022-20141}

Related CVEs

CVE-2023-3159

CVE-2023-2269

CVE-2023-1118

CVE-2022-3424

CVE-2023-34256

CVE-2022-1679

CVE-2022-20141

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 6 (x86_64)	kernel-uek-4.1.12-124.76.2.el6uek.src.rpm	883195b1c9000d402230e7433089bb7c	-
	kernel-uek-4.1.12-124.76.2.el6uek.x86_64.rpm	facac4195f5588681c4d72bc5b9e0481	-
	kernel-uek-debug-4.1.12-124.76.2.el6uek.x86_64.rpm	76e9a492750d01c574ce06e3575d7927	-
	kernel-uek-debug-devel-4.1.12-124.76.2.el6uek.x86_64.rpm	841eb91c3e3b4881b45e0e209882f6b9	-
	kernel-uek-devel-4.1.12-124.76.2.el6uek.x86_64.rpm	fed96834550bbf739a4cbb3b431d64d9	-
	kernel-uek-doc-4.1.12-124.76.2.el6uek.noarch.rpm	9f192d6ffd2ef287279ea464d369949e	-
	kernel-uek-firmware-4.1.12-124.76.2.el6uek.noarch.rpm	ee1152d59e1d091d73bb7ce9d23c723b	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team