Stay Connected:

ELSA-2024-0897

ELSA-2024-0897 - kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2024-03-06

Description


[4.18.0-513.18.1.el8_9.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Drop not needed patch

[4.18.0-513.18.1.el8_9]
- net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646}
- smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
- smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
- nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- net-sysfs: add check for netdevice being present to speed_show (Michal Schmidt) [RHEL-20924 RHEL-16007]
- netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20698 RHEL-19721] {CVE-2023-6817}

[4.18.0-513.17.1.el8_9]
- redhat: rewrite genlog and support Y- tags (Jan Stancek)
- smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21662 RHEL-18990] {CVE-2023-6606}
- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17884 RHEL-2410]
- blk-mq: use quiesced elevator switch when reinitializing queues (Ming Lei) [RHEL-21785 RHEL-19944]
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (Ming Lei) [RHEL-20232 RHEL-8128]

[4.18.0-513.16.1.el8_9]
- tracing/timerlat: Add user-space interface (Chris White) [RHEL-20362 RHEL-15142]
- tracing/osnoise: Skip running osnoise if all instances are off (Chris White) [RHEL-20362 RHEL-15142]
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (Chris White) [RHEL-20362 RHEL-15142]
- tracing/timerlat: Always wakeup the timerlat thread (Chris White) [RHEL-20362 RHEL-15142]
- tracing/osnoise: Fix notify new tracing_max_latency (Chris White) [RHEL-20362 RHEL-15142]
- tracing/timerlat: Notify new max thread latency (Chris White) [RHEL-20362 RHEL-15142]
- trace/osnoise: make use of the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142]
- kthread: add the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142]
- x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (Prarit Bhargava) [RHEL-7238 RHEL-4244]
- HID: check empty report_list in hid_validate_values() (Desnes Nunes) [RHEL-19274 RHEL-19237] {CVE-2023-1073}
- s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-9444 RHEL-2831]
- blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19111 RHEL-18055]

[4.18.0-513.15.1.el8_9]
- IB/ipoib: Fix mcast list locking (Daniel Vacek) [RHEL-19699 RHEL-19244]
- RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Daniel Vacek) [RHEL-19699 RHEL-19244]
- x86/sev: Check for user-space IOIO pointing to kernel space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
- x86/sev: Check IOBM for IOIO exceptions from user-space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
- x86/sev: Disable MMIO emulation from user mode (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
- x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}


Related CVEs


CVE-2022-41858
CVE-2023-1838
CVE-2023-6535
CVE-2023-4623
CVE-2023-6606
CVE-2024-0646
CVE-2023-6356
CVE-2023-2166
CVE-2023-4921
CVE-2023-5717
CVE-2023-40283
CVE-2023-6610
CVE-2023-6817
CVE-2023-46813
CVE-2022-3545
CVE-2023-2176
CVE-2023-1073
CVE-2023-6536
CVE-2023-45871

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) kernel-4.18.0-513.18.1.el8_9.src.rpm802ccc85e17be969541b024d92fb471b-ol8_aarch64_baseos_latest
kernel-4.18.0-513.18.1.el8_9.src.rpm802ccc85e17be969541b024d92fb471b-ol8_aarch64_codeready_builder
kernel-4.18.0-513.18.1.el8_9.src.rpm802ccc85e17be969541b024d92fb471b-ol8_aarch64_u9_baseos_patch
bpftool-4.18.0-513.18.1.el8_9.aarch64.rpmcae737cd4ca386b05d9a2f57b94c6af3-ol8_aarch64_baseos_latest
bpftool-4.18.0-513.18.1.el8_9.aarch64.rpmcae737cd4ca386b05d9a2f57b94c6af3-ol8_aarch64_u9_baseos_patch
kernel-cross-headers-4.18.0-513.18.1.el8_9.aarch64.rpm1cd38185c1f082a9ffd49fe3fc7d592c-ol8_aarch64_baseos_latest
kernel-cross-headers-4.18.0-513.18.1.el8_9.aarch64.rpm1cd38185c1f082a9ffd49fe3fc7d592c-ol8_aarch64_u9_baseos_patch
kernel-headers-4.18.0-513.18.1.el8_9.aarch64.rpm602f951cb0d77dfbd119c1a8b05288d3-ol8_aarch64_baseos_latest
kernel-headers-4.18.0-513.18.1.el8_9.aarch64.rpm602f951cb0d77dfbd119c1a8b05288d3-ol8_aarch64_u9_baseos_patch
kernel-tools-4.18.0-513.18.1.el8_9.aarch64.rpme8a6f5205be6504cea25920ab67a6435-ol8_aarch64_baseos_latest
kernel-tools-4.18.0-513.18.1.el8_9.aarch64.rpme8a6f5205be6504cea25920ab67a6435-ol8_aarch64_u9_baseos_patch
kernel-tools-libs-4.18.0-513.18.1.el8_9.aarch64.rpmb54b2a330638106f647818ed00117831-ol8_aarch64_baseos_latest
kernel-tools-libs-4.18.0-513.18.1.el8_9.aarch64.rpmb54b2a330638106f647818ed00117831-ol8_aarch64_u9_baseos_patch
kernel-tools-libs-devel-4.18.0-513.18.1.el8_9.aarch64.rpm6058eb96e7d8d0b9288e61a7e06425f4-ol8_aarch64_codeready_builder
perf-4.18.0-513.18.1.el8_9.aarch64.rpmf9bde34398af8792e47eee42c206c7c8-ol8_aarch64_baseos_latest
perf-4.18.0-513.18.1.el8_9.aarch64.rpmf9bde34398af8792e47eee42c206c7c8-ol8_aarch64_u9_baseos_patch
python3-perf-4.18.0-513.18.1.el8_9.aarch64.rpm9f7c134fff46533f7e1762287b5a4421-ol8_aarch64_baseos_latest
python3-perf-4.18.0-513.18.1.el8_9.aarch64.rpm9f7c134fff46533f7e1762287b5a4421-ol8_aarch64_u9_baseos_patch
Oracle Linux 8 (x86_64) kernel-4.18.0-513.18.1.el8_9.src.rpm802ccc85e17be969541b024d92fb471b-ol8_x86_64_baseos_latest
kernel-4.18.0-513.18.1.el8_9.src.rpm802ccc85e17be969541b024d92fb471b-ol8_x86_64_codeready_builder
kernel-4.18.0-513.18.1.el8_9.src.rpm802ccc85e17be969541b024d92fb471b-ol8_x86_64_u9_baseos_patch
bpftool-4.18.0-513.18.1.el8_9.x86_64.rpmeeeee71046aa77def3f5654977099dee-ol8_x86_64_baseos_latest
bpftool-4.18.0-513.18.1.el8_9.x86_64.rpmeeeee71046aa77def3f5654977099dee-ol8_x86_64_u9_baseos_patch
kernel-4.18.0-513.18.1.el8_9.x86_64.rpmd0f1158f03105e26cb1500f639023040-ol8_x86_64_baseos_latest
kernel-4.18.0-513.18.1.el8_9.x86_64.rpmd0f1158f03105e26cb1500f639023040-ol8_x86_64_u9_baseos_patch
kernel-abi-stablelists-4.18.0-513.18.1.el8_9.noarch.rpmf346b504b67389aa850c00f696ebc5d3-ol8_x86_64_baseos_latest
kernel-abi-stablelists-4.18.0-513.18.1.el8_9.noarch.rpmf346b504b67389aa850c00f696ebc5d3-ol8_x86_64_u9_baseos_patch
kernel-core-4.18.0-513.18.1.el8_9.x86_64.rpm4e5aba0bfe2d860c8dd26681ca645b56-ol8_x86_64_baseos_latest
kernel-core-4.18.0-513.18.1.el8_9.x86_64.rpm4e5aba0bfe2d860c8dd26681ca645b56-ol8_x86_64_u9_baseos_patch
kernel-cross-headers-4.18.0-513.18.1.el8_9.x86_64.rpme08efb41da5d62828fd5b68f1253d468-ol8_x86_64_baseos_latest
kernel-cross-headers-4.18.0-513.18.1.el8_9.x86_64.rpme08efb41da5d62828fd5b68f1253d468-ol8_x86_64_u9_baseos_patch
kernel-debug-4.18.0-513.18.1.el8_9.x86_64.rpmc0ab68f3b5f7bb6589b973c49ba06421-ol8_x86_64_baseos_latest
kernel-debug-4.18.0-513.18.1.el8_9.x86_64.rpmc0ab68f3b5f7bb6589b973c49ba06421-ol8_x86_64_u9_baseos_patch
kernel-debug-core-4.18.0-513.18.1.el8_9.x86_64.rpm9d620ff52d2a17b21e18ddcca230a391-ol8_x86_64_baseos_latest
kernel-debug-core-4.18.0-513.18.1.el8_9.x86_64.rpm9d620ff52d2a17b21e18ddcca230a391-ol8_x86_64_u9_baseos_patch
kernel-debug-devel-4.18.0-513.18.1.el8_9.x86_64.rpmf7104db543ea0b9713b2094ec16b98eb-ol8_x86_64_baseos_latest
kernel-debug-devel-4.18.0-513.18.1.el8_9.x86_64.rpmf7104db543ea0b9713b2094ec16b98eb-ol8_x86_64_u9_baseos_patch
kernel-debug-modules-4.18.0-513.18.1.el8_9.x86_64.rpmc412ef7662b36c35321c0210f78ce9d0-ol8_x86_64_baseos_latest
kernel-debug-modules-4.18.0-513.18.1.el8_9.x86_64.rpmc412ef7662b36c35321c0210f78ce9d0-ol8_x86_64_u9_baseos_patch
kernel-debug-modules-extra-4.18.0-513.18.1.el8_9.x86_64.rpmd88f9c1633ae07cba4ee20428bdf9afa-ol8_x86_64_baseos_latest
kernel-debug-modules-extra-4.18.0-513.18.1.el8_9.x86_64.rpmd88f9c1633ae07cba4ee20428bdf9afa-ol8_x86_64_u9_baseos_patch
kernel-devel-4.18.0-513.18.1.el8_9.x86_64.rpm14e315e6c633ddc709070be238200207-ol8_x86_64_baseos_latest
kernel-devel-4.18.0-513.18.1.el8_9.x86_64.rpm14e315e6c633ddc709070be238200207-ol8_x86_64_u9_baseos_patch
kernel-doc-4.18.0-513.18.1.el8_9.noarch.rpm6a1b17968712893b878d7a46f2ae3f10-ol8_x86_64_baseos_latest
kernel-doc-4.18.0-513.18.1.el8_9.noarch.rpm6a1b17968712893b878d7a46f2ae3f10-ol8_x86_64_u9_baseos_patch
kernel-headers-4.18.0-513.18.1.el8_9.x86_64.rpm99819bde2593e086225cdce8b49c92f2-ol8_x86_64_baseos_latest
kernel-headers-4.18.0-513.18.1.el8_9.x86_64.rpm99819bde2593e086225cdce8b49c92f2-ol8_x86_64_u9_baseos_patch
kernel-modules-4.18.0-513.18.1.el8_9.x86_64.rpm0bd254f3985bf95baa9f9dcdba56d398-ol8_x86_64_baseos_latest
kernel-modules-4.18.0-513.18.1.el8_9.x86_64.rpm0bd254f3985bf95baa9f9dcdba56d398-ol8_x86_64_u9_baseos_patch
kernel-modules-extra-4.18.0-513.18.1.el8_9.x86_64.rpm903e70520e040ba0d2b0ac40714b4781-ol8_x86_64_baseos_latest
kernel-modules-extra-4.18.0-513.18.1.el8_9.x86_64.rpm903e70520e040ba0d2b0ac40714b4781-ol8_x86_64_u9_baseos_patch
kernel-tools-4.18.0-513.18.1.el8_9.x86_64.rpm310fc60f1444a7cf22b0096b63f87a42-ol8_x86_64_baseos_latest
kernel-tools-4.18.0-513.18.1.el8_9.x86_64.rpm310fc60f1444a7cf22b0096b63f87a42-ol8_x86_64_u9_baseos_patch
kernel-tools-libs-4.18.0-513.18.1.el8_9.x86_64.rpm873c175ff8547c7212bca08b966a22ac-ol8_x86_64_baseos_latest
kernel-tools-libs-4.18.0-513.18.1.el8_9.x86_64.rpm873c175ff8547c7212bca08b966a22ac-ol8_x86_64_u9_baseos_patch
kernel-tools-libs-devel-4.18.0-513.18.1.el8_9.x86_64.rpm947c38e91ecb4f31b16097b1184b671c-ol8_x86_64_codeready_builder
perf-4.18.0-513.18.1.el8_9.x86_64.rpmd34d3e4a3f4a5079088c4cb48906c205-ol8_x86_64_baseos_latest
perf-4.18.0-513.18.1.el8_9.x86_64.rpmd34d3e4a3f4a5079088c4cb48906c205-ol8_x86_64_u9_baseos_patch
python3-perf-4.18.0-513.18.1.el8_9.x86_64.rpmaa718e2e061f0f0414d0a80607f40de6-ol8_x86_64_baseos_latest
python3-perf-4.18.0-513.18.1.el8_9.x86_64.rpmaa718e2e061f0f0414d0a80607f40de6-ol8_x86_64_u9_baseos_patch



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights