ELSA-2024-10274

ELSA-2024-10274 - kernel security update

Type:SECURITY
Impact:MODERATE
Release Date:2024-11-26

Description


- [5.14.0-503.15.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.15.1_5]
- USB: serial: mos7840: fix crash on resume (Desnes Nunes) [RHEL-65484 RHEL-59050] {CVE-2024-42244}
- attr: block mode changes of symlinks (CKI Backport Bot) [RHEL-61231 RHEL-60822]
- ice: Adjust PTP init for 2x50G E825C devices (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Add NAC Topology device capability parser (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Add support for E825-C TS PLL handling (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Change CGU regs struct to anonymous (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Introduce ETH56G PHY model for E825C products (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Introduce ice_get_base_incval() helper (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Move CGU block (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Add PHY OFFSET_READY register clearing (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Implement Tx interrupt enablement functions (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Introduce helper to get tmr_cmd_reg values (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Introduce ice_ptp_hw struct (Petr Oros) [RHEL-64017 RHEL-29210]
- wifi: rtw89: limit the PPDU length for VHT rate to 0x40000 (Narpat Mali) [RHEL-61753 RHEL-35542]
- wifi: rtw89: 885xbx: apply common settings to 8851B, 8852B and 8852BT (Narpat Mali) [RHEL-61753 RHEL-35542]
- wifi: rtw89: 8852b: fix definition of KIP register number (Narpat Mali) [RHEL-61753 RHEL-35542]
- wifi: rtw89: 8852b: set AMSDU limit to 5000 (Narpat Mali) [RHEL-61753 RHEL-35542]
- bpf: Fix overrunning reservations in ringbuf (CKI Backport Bot) [RHEL-62940] {CVE-2024-41009}
- net: tcp: accept old ack during closing (Jamie Bainbridge) [RHEL-61424 RHEL-60572]
- cxl/port: Fix use-after-free, permit out-of-order decoder shutdown (CKI Backport Bot) [RHEL-66837] {CVE-2024-50226}
- ethtool: check device is present when getting link settings (Michal Schmidt) [RHEL-60581 RHEL-57750]
- iommu/amd: Fix argument order in amd_iommu_dev_flush_pasid_all() (CKI Backport Bot) [RHEL-59982 RHEL-59981]


Related CVEs


CVE-2024-42244
CVE-2024-50226
CVE-2024-41009

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) kernel-5.14.0-503.15.1.el9_5.src.rpme4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c-ol9_aarch64_appstream
kernel-5.14.0-503.15.1.el9_5.src.rpme4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c-ol9_aarch64_baseos_latest
kernel-5.14.0-503.15.1.el9_5.src.rpme4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c-ol9_aarch64_codeready_builder
kernel-5.14.0-503.15.1.el9_5.src.rpme4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c-ol9_aarch64_u5_baseos_patch
bpftool-7.4.0-503.15.1.el9_5.aarch64.rpmdf71c51d58ed66829fedd27f3053f1bb68bd096a4b4a2cd8059bed0e577504ad-ol9_aarch64_baseos_latest
bpftool-7.4.0-503.15.1.el9_5.aarch64.rpmdf71c51d58ed66829fedd27f3053f1bb68bd096a4b4a2cd8059bed0e577504ad-ol9_aarch64_u5_baseos_patch
kernel-cross-headers-5.14.0-503.15.1.el9_5.aarch64.rpm9929338ed89b67fdc135f470d9aaaebf08ff8e0c40c64ff48a9b42f399b5bfce-ol9_aarch64_codeready_builder
kernel-headers-5.14.0-503.15.1.el9_5.aarch64.rpmb87e5059d7d636da95d45ddaf4c0ee20bd5ad733d9843f26c75205e5d8fef10d-ol9_aarch64_appstream
kernel-tools-5.14.0-503.15.1.el9_5.aarch64.rpm47d6c83712909dc0c22facf623e3b259826ca0538e6ffe7633dd868bd4fcc8e8-ol9_aarch64_baseos_latest
kernel-tools-5.14.0-503.15.1.el9_5.aarch64.rpm47d6c83712909dc0c22facf623e3b259826ca0538e6ffe7633dd868bd4fcc8e8-ol9_aarch64_u5_baseos_patch
kernel-tools-libs-5.14.0-503.15.1.el9_5.aarch64.rpme7bfc796df960384ebe23102b613c57f2ded54b752ee777fc4993f8e124805c5-ol9_aarch64_baseos_latest
kernel-tools-libs-5.14.0-503.15.1.el9_5.aarch64.rpme7bfc796df960384ebe23102b613c57f2ded54b752ee777fc4993f8e124805c5-ol9_aarch64_u5_baseos_patch
kernel-tools-libs-devel-5.14.0-503.15.1.el9_5.aarch64.rpm8278f10f08bcceb695d0f73db774db31797c86ab88719dbdc5b977d0adf12db2-ol9_aarch64_codeready_builder
perf-5.14.0-503.15.1.el9_5.aarch64.rpme25ebb4fcadaa9f900929c930e1c0c7b35f92e0bd4ca9624e64e50b0724ae4a0-ol9_aarch64_appstream
python3-perf-5.14.0-503.15.1.el9_5.aarch64.rpm8ebe6584f97ac61558ce6883c5b9a80c70692340ce3c113d6762106f39da3a82-ol9_aarch64_baseos_latest
python3-perf-5.14.0-503.15.1.el9_5.aarch64.rpm8ebe6584f97ac61558ce6883c5b9a80c70692340ce3c113d6762106f39da3a82-ol9_aarch64_u5_baseos_patch
rtla-5.14.0-503.15.1.el9_5.aarch64.rpmb3b1cada1b8300c016acf52b182ea7344baa4b57b515668e10cff433b5ac3797-ol9_aarch64_appstream
rv-5.14.0-503.15.1.el9_5.aarch64.rpma433fbe2d1489448654730732007d045207eba4cf9306c9456d3cc62a8e6e976-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) kernel-5.14.0-503.15.1.el9_5.src.rpme4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c-ol9_x86_64_appstream
kernel-5.14.0-503.15.1.el9_5.src.rpme4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c-ol9_x86_64_baseos_latest
kernel-5.14.0-503.15.1.el9_5.src.rpme4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c-ol9_x86_64_codeready_builder
kernel-5.14.0-503.15.1.el9_5.src.rpme4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c-ol9_x86_64_u5_baseos_patch
bpftool-7.4.0-503.15.1.el9_5.x86_64.rpm58a711916e1585cf58bc7b52648d74d75529bd27d0327778b79c0d8235e52078-ol9_x86_64_baseos_latest
bpftool-7.4.0-503.15.1.el9_5.x86_64.rpm58a711916e1585cf58bc7b52648d74d75529bd27d0327778b79c0d8235e52078-ol9_x86_64_u5_baseos_patch
kernel-5.14.0-503.15.1.el9_5.x86_64.rpm9c9e18dabbb3e956e18b6ef073eac4214ce26c419bba5485b1a8031331d07136-ol9_x86_64_baseos_latest
kernel-5.14.0-503.15.1.el9_5.x86_64.rpm9c9e18dabbb3e956e18b6ef073eac4214ce26c419bba5485b1a8031331d07136-ol9_x86_64_u5_baseos_patch
kernel-abi-stablelists-5.14.0-503.15.1.el9_5.noarch.rpm464e125a0d3ea6f4eaf8fcf6046c58e0c1896791adf11c20e4d3b58e02ee6e02-ol9_x86_64_baseos_latest
kernel-abi-stablelists-5.14.0-503.15.1.el9_5.noarch.rpm464e125a0d3ea6f4eaf8fcf6046c58e0c1896791adf11c20e4d3b58e02ee6e02-ol9_x86_64_u5_baseos_patch
kernel-core-5.14.0-503.15.1.el9_5.x86_64.rpm51d915cd8e64f7403762d44c82b795dd1fb403ccdaa90f49c0ec1a0038a8f901-ol9_x86_64_baseos_latest
kernel-core-5.14.0-503.15.1.el9_5.x86_64.rpm51d915cd8e64f7403762d44c82b795dd1fb403ccdaa90f49c0ec1a0038a8f901-ol9_x86_64_u5_baseos_patch
kernel-cross-headers-5.14.0-503.15.1.el9_5.x86_64.rpm36ab964aa7d9dbd7b79cc59605cb605e4a5254d33b0356a4c0e7c916889077a4-ol9_x86_64_codeready_builder
kernel-debug-5.14.0-503.15.1.el9_5.x86_64.rpm0d1064a99e1e091eb5f3fe3a8739c962d5d2a96adbe72a9a046bce92470631df-ol9_x86_64_baseos_latest
kernel-debug-5.14.0-503.15.1.el9_5.x86_64.rpm0d1064a99e1e091eb5f3fe3a8739c962d5d2a96adbe72a9a046bce92470631df-ol9_x86_64_u5_baseos_patch
kernel-debug-core-5.14.0-503.15.1.el9_5.x86_64.rpm55d1028252de3d9fe01b252f195f64f9bc5bad04883acd137725db1b89335230-ol9_x86_64_baseos_latest
kernel-debug-core-5.14.0-503.15.1.el9_5.x86_64.rpm55d1028252de3d9fe01b252f195f64f9bc5bad04883acd137725db1b89335230-ol9_x86_64_u5_baseos_patch
kernel-debug-devel-5.14.0-503.15.1.el9_5.x86_64.rpmeb95785d50d152754b7a2b1dba428dc2f2ce93bc1f1ca7afb4aa4bcffddd7d14-ol9_x86_64_appstream
kernel-debug-devel-matched-5.14.0-503.15.1.el9_5.x86_64.rpmdc6c8e47bd114f81d30bf976f8824fc4237082dbe00f793675d65145bbc7e414-ol9_x86_64_appstream
kernel-debug-modules-5.14.0-503.15.1.el9_5.x86_64.rpm400ece405ecbe264e926972eea6ca92853836f86401f03d2c2aead1afec346e4-ol9_x86_64_baseos_latest
kernel-debug-modules-5.14.0-503.15.1.el9_5.x86_64.rpm400ece405ecbe264e926972eea6ca92853836f86401f03d2c2aead1afec346e4-ol9_x86_64_u5_baseos_patch
kernel-debug-modules-core-5.14.0-503.15.1.el9_5.x86_64.rpmf1cd08facdd1a618e22ab332d4c53eedc3ffe6778952610125f39a9a38dc2320-ol9_x86_64_baseos_latest
kernel-debug-modules-core-5.14.0-503.15.1.el9_5.x86_64.rpmf1cd08facdd1a618e22ab332d4c53eedc3ffe6778952610125f39a9a38dc2320-ol9_x86_64_u5_baseos_patch
kernel-debug-modules-extra-5.14.0-503.15.1.el9_5.x86_64.rpm515f0a51a1115a90101dce143ba542b69a47974940834a6bf4fada3491faf8a1-ol9_x86_64_baseos_latest
kernel-debug-modules-extra-5.14.0-503.15.1.el9_5.x86_64.rpm515f0a51a1115a90101dce143ba542b69a47974940834a6bf4fada3491faf8a1-ol9_x86_64_u5_baseos_patch
kernel-debug-uki-virt-5.14.0-503.15.1.el9_5.x86_64.rpm9f877c750c3ab9e70ca3bbfa7c184b771cbd31165c7271457bf421958ef201ce-ol9_x86_64_baseos_latest
kernel-debug-uki-virt-5.14.0-503.15.1.el9_5.x86_64.rpm9f877c750c3ab9e70ca3bbfa7c184b771cbd31165c7271457bf421958ef201ce-ol9_x86_64_u5_baseos_patch
kernel-devel-5.14.0-503.15.1.el9_5.x86_64.rpm0b21ca9f1bb9452b5898a8f53be882087c9b08a3561d2fe7ccfebe6a30918f74-ol9_x86_64_appstream
kernel-devel-matched-5.14.0-503.15.1.el9_5.x86_64.rpm1ac3947106d83be3fd5e1d321e48e2f821bae0ec7c0aabd62ef35d7772d6137b-ol9_x86_64_appstream
kernel-doc-5.14.0-503.15.1.el9_5.noarch.rpm395852bd29447fb494f35e25627c4c53f9377f0a7fb541d731ebf49d7be40dd6-ol9_x86_64_appstream
kernel-headers-5.14.0-503.15.1.el9_5.x86_64.rpm032d58c168f8eb880950761539b900196bc885020fabfb3078c60c94e8c719f9-ol9_x86_64_appstream
kernel-modules-5.14.0-503.15.1.el9_5.x86_64.rpm7cfdb2adceef010801dfb34a374d434a0aec304c449be576be3f3f29cd435643-ol9_x86_64_baseos_latest
kernel-modules-5.14.0-503.15.1.el9_5.x86_64.rpm7cfdb2adceef010801dfb34a374d434a0aec304c449be576be3f3f29cd435643-ol9_x86_64_u5_baseos_patch
kernel-modules-core-5.14.0-503.15.1.el9_5.x86_64.rpmcbd1eb9a9fefecd9bc0003d512814c723343ba52a1ce42d52d35e9576deba39a-ol9_x86_64_baseos_latest
kernel-modules-core-5.14.0-503.15.1.el9_5.x86_64.rpmcbd1eb9a9fefecd9bc0003d512814c723343ba52a1ce42d52d35e9576deba39a-ol9_x86_64_u5_baseos_patch
kernel-modules-extra-5.14.0-503.15.1.el9_5.x86_64.rpmbb408cfeefc7491a7d01853ca5a0f4f28731307d3a784bb4d3425fe5e3768acb-ol9_x86_64_baseos_latest
kernel-modules-extra-5.14.0-503.15.1.el9_5.x86_64.rpmbb408cfeefc7491a7d01853ca5a0f4f28731307d3a784bb4d3425fe5e3768acb-ol9_x86_64_u5_baseos_patch
kernel-tools-5.14.0-503.15.1.el9_5.x86_64.rpm39ab062c2b562343232dc8808f9cf2e459f2db9c43ac4e38f482d42e3cf78109-ol9_x86_64_baseos_latest
kernel-tools-5.14.0-503.15.1.el9_5.x86_64.rpm39ab062c2b562343232dc8808f9cf2e459f2db9c43ac4e38f482d42e3cf78109-ol9_x86_64_u5_baseos_patch
kernel-tools-libs-5.14.0-503.15.1.el9_5.x86_64.rpm8efa9687bc65214cb477edfa28748547390d04d50e954766c49a97b88dd957c9-ol9_x86_64_baseos_latest
kernel-tools-libs-5.14.0-503.15.1.el9_5.x86_64.rpm8efa9687bc65214cb477edfa28748547390d04d50e954766c49a97b88dd957c9-ol9_x86_64_u5_baseos_patch
kernel-tools-libs-devel-5.14.0-503.15.1.el9_5.x86_64.rpm16059d27e3871e48ff8dbe7c9e1f24cc29179215df63ddae34e2388fe09f1064-ol9_x86_64_codeready_builder
kernel-uki-virt-5.14.0-503.15.1.el9_5.x86_64.rpm41af49fc24dc634bbb69481cfe300cba16a2510f6841b7dfa985a73907eff194-ol9_x86_64_baseos_latest
kernel-uki-virt-5.14.0-503.15.1.el9_5.x86_64.rpm41af49fc24dc634bbb69481cfe300cba16a2510f6841b7dfa985a73907eff194-ol9_x86_64_u5_baseos_patch
kernel-uki-virt-addons-5.14.0-503.15.1.el9_5.x86_64.rpme8129e553a075b8193545e9a661ed954e503b008f74e46666a24217f19b2fab9-ol9_x86_64_baseos_latest
kernel-uki-virt-addons-5.14.0-503.15.1.el9_5.x86_64.rpme8129e553a075b8193545e9a661ed954e503b008f74e46666a24217f19b2fab9-ol9_x86_64_u5_baseos_patch
libperf-5.14.0-503.15.1.el9_5.x86_64.rpmf30c09b91f4656e757a4b552a458d9a3b3a08523b05b1cb55abae07fc9a2180b-ol9_x86_64_codeready_builder
perf-5.14.0-503.15.1.el9_5.x86_64.rpma22aaeda59fda1581d3f65c2926038729e3812804d3fbe1ca2c2caca1d9759ee-ol9_x86_64_appstream
python3-perf-5.14.0-503.15.1.el9_5.x86_64.rpmcdacd9454b7193348fd174214ac797101e041b08d45bdb41ac5966a0b655861e-ol9_x86_64_baseos_latest
python3-perf-5.14.0-503.15.1.el9_5.x86_64.rpmcdacd9454b7193348fd174214ac797101e041b08d45bdb41ac5966a0b655861e-ol9_x86_64_u5_baseos_patch
rtla-5.14.0-503.15.1.el9_5.x86_64.rpm400b34ca48872886c3c483fe24d9450ff9d63b44af1a11a3772d6a40658d6fac-ol9_x86_64_appstream
rv-5.14.0-503.15.1.el9_5.x86_64.rpm2c10c275391d5f60866e78703539c9bb1981f03f9422f2523fbc5d7f53853314-ol9_x86_64_appstream



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete