ELSA-2023-1470
- ULN >
- Oracle Linux Errata repository >
- ELSA-2023-1470
ELSA-2023-1470 - kernel security, bug fix, and enhancement update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2023-03-28 |
Description
- [5.14.0-162.22.2_1.OL9]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
[5.14.0-162.22.2_1]
- tun: avoid double free in tun_free_netdev (Jon Maloy) [2156373] {CVE-2022-4744}
[5.14.0-162.22.1_1]
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (Jaroslav Kysela) [2163390 2125540] {CVE-2023-0266}
[5.14.0-162.21.1_1]
- s390/boot: add secure boot trailer (Tobias Huschle) [2151528 2141966]
- s390/kexec: fix ipl report address for kdump (Tobias Huschle) [2166903 2161327]
- s390/qeth: cache link_info for ethtool (Tobias Huschle) [2166304 2110436]
- scsi: zfcp: Fix missing auto port scan and thus missing target ports (Tobias Huschle) [2127880 2121088]
[5.14.0-162.20.1_1]
- cgroup/cpuset: remove unreachable code (Waiman Long) [2161105 1946801]
- kselftest/cgroup: Add cpuset v2 partition root state test (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Update description of cpuset.cpus.partition in cgroup-v2.rst (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Make partition invalid if cpumask change violates exclusivity rule (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Relocate a code block in validate_change() (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Show invalid partition reason string (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Add a new isolated cpus.partition type (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Relax constraints to partition & cpus changes (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Allow no-task partition to have empty cpuset.cpus.effective (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Miscellaneous cleanups & add helper functions (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Enable update_tasks_cpumask() on top_cpuset (Waiman Long) [2161105 1946801]
- cpuset: convert 'allowed' in __cpuset_node_allowed() to be boolean (Waiman Long) [2161105 1946801]
- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) [2161105 1946801]
- cgroup: cleanup comments (Waiman Long) [2161105 1946801]
- act_mirred: use the backlog for nested calls to mirred ingress (Davide Caratti) [2164655 2150278] {CVE-2022-4269}
- net/sched: act_mirred: better wording on protection against excessive stack growth (Davide Caratti) [2164655 2150278] {CVE-2022-4269}
- scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (Emanuele Giuseppe Esposito) [2170227 2150660]
[5.14.0-162.19.1_1]
- sched/core: Use kfree_rcu() in do_set_cpus_allowed() (Waiman Long) [2160614 2143847]
- sched/core: Fix use-after-free bug in dup_user_cpus_ptr() (Waiman Long) [2160614 2143847]
- sched: Always clear user_cpus_ptr in do_set_cpus_allowed() (Waiman Long) [2143766 2107354]
- sched: Enforce user requested affinity (Waiman Long) [2143766 2107354]
- sched: Always preserve the user requested cpumask (Waiman Long) [2143766 2107354]
- sched: Introduce affinity_context (Waiman Long) [2143766 2107354]
- sched: Add __releases annotations to affine_move_task() (Waiman Long) [2143766 2107354]
- x86/fpu: Fix copy_xstate_to_uabi() to copy init states correctly (Dean Nelson) [2168382 2122851]
- x86/fpu: Exclude dynamic states from init_fpstate (Dean Nelson) [2168382 2122851]
- x86/fpu: Fix the init_fpstate size check with the actual size (Dean Nelson) [2168382 2122851]
- x86/fpu: Configure init_fpstate attributes orderly (Dean Nelson) [2168382 2122851]
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (Dean Nelson) [2168382 2122851]
Related CVEs
| CVE-2022-4269 |
| CVE-2022-4744 |
| CVE-2023-0266 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 9 (aarch64) | kernel-5.14.0-162.22.2.el9_1.src.rpm | 72a2686df4d0ac4f0a5575d4b73a6a9a | - |
| bpftool-5.14.0-162.22.2.el9_1.aarch64.rpm | 64f833c8e57c45627a484f2424b2e501 | - | |
| kernel-cross-headers-5.14.0-162.22.2.el9_1.aarch64.rpm | cf67eb4d27cbc8e331fc49fa0579eeab | - | |
| kernel-headers-5.14.0-162.22.2.el9_1.aarch64.rpm | 3d62a011c2d3309445b9292675baa398 | - | |
| kernel-tools-5.14.0-162.22.2.el9_1.aarch64.rpm | 05215fdff716674e8970bccca3817541 | - | |
| kernel-tools-libs-5.14.0-162.22.2.el9_1.aarch64.rpm | ed04173d3d24f0ce01161979ce545b87 | - | |
| kernel-tools-libs-devel-5.14.0-162.22.2.el9_1.aarch64.rpm | c02e9cc7bcbfde2b361f45a2ddd2607b | - | |
| perf-5.14.0-162.22.2.el9_1.aarch64.rpm | 3305672cda30bcdda17b809616c27545 | - | |
| python3-perf-5.14.0-162.22.2.el9_1.aarch64.rpm | 4249f854e16b4237cce7c06f3e4fdd15 | - | |
| Oracle Linux 9 (x86_64) | kernel-5.14.0-162.22.2.el9_1.src.rpm | 72a2686df4d0ac4f0a5575d4b73a6a9a | - |
| bpftool-5.14.0-162.22.2.el9_1.x86_64.rpm | 8bfa0bf93016fc4d3de8007585a57a44 | - | |
| kernel-5.14.0-162.22.2.el9_1.x86_64.rpm | 8d0f9ae6de2235205c33aa3ede36e365 | - | |
| kernel-abi-stablelists-5.14.0-162.22.2.el9_1.noarch.rpm | 7cbaabe249a5f684efb0df49d43f46ea | - | |
| kernel-core-5.14.0-162.22.2.el9_1.x86_64.rpm | 24903b1d0ba69aead12b9b97b257ace9 | - | |
| kernel-cross-headers-5.14.0-162.22.2.el9_1.x86_64.rpm | 5346d4849e79980da5476e3b2d49d5bc | - | |
| kernel-debug-5.14.0-162.22.2.el9_1.x86_64.rpm | 31e6977ccc743e7b02971d12b9694b36 | - | |
| kernel-debug-core-5.14.0-162.22.2.el9_1.x86_64.rpm | 608363f7df794c52e9fcbf8cc72a57cd | - | |
| kernel-debug-devel-5.14.0-162.22.2.el9_1.x86_64.rpm | 0c5b638e95925d34c868b10983950b08 | - | |
| kernel-debug-devel-matched-5.14.0-162.22.2.el9_1.x86_64.rpm | 240e136c19e21a7d51995181bd7d1e8c | - | |
| kernel-debug-modules-5.14.0-162.22.2.el9_1.x86_64.rpm | 9f68b2084c3afb6f73cb0bc1188170e3 | - | |
| kernel-debug-modules-extra-5.14.0-162.22.2.el9_1.x86_64.rpm | cc8564fb3f53084c79f361bd2d081cb6 | - | |
| kernel-devel-5.14.0-162.22.2.el9_1.x86_64.rpm | 92b62e21ad734deb0b593e3cab7b7a16 | - | |
| kernel-devel-matched-5.14.0-162.22.2.el9_1.x86_64.rpm | c60c36e0aaca53f0e57c994b9661fbd1 | - | |
| kernel-doc-5.14.0-162.22.2.el9_1.noarch.rpm | 4420ff90b0179c957392ffb0dc2ed0b7 | - | |
| kernel-headers-5.14.0-162.22.2.el9_1.x86_64.rpm | d3ed2fb4c2108a4b7c4771ccc8553549 | - | |
| kernel-modules-5.14.0-162.22.2.el9_1.x86_64.rpm | 488bf5de67cce1f2d236a70b5f67964e | - | |
| kernel-modules-extra-5.14.0-162.22.2.el9_1.x86_64.rpm | aaf1547ced95d3140083a3b30763f69c | - | |
| kernel-tools-5.14.0-162.22.2.el9_1.x86_64.rpm | 1c38871707eeb82e9493d28f37d58b95 | - | |
| kernel-tools-libs-5.14.0-162.22.2.el9_1.x86_64.rpm | 7f294f8f9f107ab68ba58a82c5891741 | - | |
| kernel-tools-libs-devel-5.14.0-162.22.2.el9_1.x86_64.rpm | ee878864c43155522036932fed3e7d25 | - | |
| perf-5.14.0-162.22.2.el9_1.x86_64.rpm | 04e9b1f169e3fe226b694e6cf8d1da3e | - | |
| python3-perf-5.14.0-162.22.2.el9_1.x86_64.rpm | 0ff6147948d44b6aac0dc2287bd6a4c3 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
