ELSA-2024-10274

ELSA-2024-10274 - kernel security update

Type:SECURITY
Severity:MODERATE
Release Date:2024-11-26

Description


- [5.14.0-503.15.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.15.1_5]
- USB: serial: mos7840: fix crash on resume (Desnes Nunes) [RHEL-65484 RHEL-59050] {CVE-2024-42244}
- attr: block mode changes of symlinks (CKI Backport Bot) [RHEL-61231 RHEL-60822]
- ice: Adjust PTP init for 2x50G E825C devices (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Add NAC Topology device capability parser (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Add support for E825-C TS PLL handling (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Change CGU regs struct to anonymous (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Introduce ETH56G PHY model for E825C products (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Introduce ice_get_base_incval() helper (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Move CGU block (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Add PHY OFFSET_READY register clearing (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Implement Tx interrupt enablement functions (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Introduce helper to get tmr_cmd_reg values (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Introduce ice_ptp_hw struct (Petr Oros) [RHEL-64017 RHEL-29210]
- wifi: rtw89: limit the PPDU length for VHT rate to 0x40000 (Narpat Mali) [RHEL-61753 RHEL-35542]
- wifi: rtw89: 885xbx: apply common settings to 8851B, 8852B and 8852BT (Narpat Mali) [RHEL-61753 RHEL-35542]
- wifi: rtw89: 8852b: fix definition of KIP register number (Narpat Mali) [RHEL-61753 RHEL-35542]
- wifi: rtw89: 8852b: set AMSDU limit to 5000 (Narpat Mali) [RHEL-61753 RHEL-35542]
- bpf: Fix overrunning reservations in ringbuf (CKI Backport Bot) [RHEL-62940] {CVE-2024-41009}
- net: tcp: accept old ack during closing (Jamie Bainbridge) [RHEL-61424 RHEL-60572]
- cxl/port: Fix use-after-free, permit out-of-order decoder shutdown (CKI Backport Bot) [RHEL-66837] {CVE-2024-50226}
- ethtool: check device is present when getting link settings (Michal Schmidt) [RHEL-60581 RHEL-57750]
- iommu/amd: Fix argument order in amd_iommu_dev_flush_pasid_all() (CKI Backport Bot) [RHEL-59982 RHEL-59981]


Related CVEs


CVE-2024-42244
CVE-2024-50226
CVE-2024-41009

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) kernel-5.14.0-503.15.1.el9_5.src.rpm1264b0120322101f941755310c7af0ac-ol9_aarch64_appstream
kernel-5.14.0-503.15.1.el9_5.src.rpm1264b0120322101f941755310c7af0ac-ol9_aarch64_baseos_latest
kernel-5.14.0-503.15.1.el9_5.src.rpm1264b0120322101f941755310c7af0ac-ol9_aarch64_codeready_builder
kernel-5.14.0-503.15.1.el9_5.src.rpm1264b0120322101f941755310c7af0ac-ol9_aarch64_u5_baseos_patch
bpftool-7.4.0-503.15.1.el9_5.aarch64.rpm8cd321d84ef1f5aab8293cbb9d963136-ol9_aarch64_baseos_latest
bpftool-7.4.0-503.15.1.el9_5.aarch64.rpm8cd321d84ef1f5aab8293cbb9d963136-ol9_aarch64_u5_baseos_patch
kernel-cross-headers-5.14.0-503.15.1.el9_5.aarch64.rpm12587e5f7def8cca02ec6a7fe6e0d3ab-ol9_aarch64_codeready_builder
kernel-headers-5.14.0-503.15.1.el9_5.aarch64.rpm56cab18b66e9b55662ede9395cabb7f3-ol9_aarch64_appstream
kernel-tools-5.14.0-503.15.1.el9_5.aarch64.rpma02cebf4c1613b65f22075429577cb62-ol9_aarch64_baseos_latest
kernel-tools-5.14.0-503.15.1.el9_5.aarch64.rpma02cebf4c1613b65f22075429577cb62-ol9_aarch64_u5_baseos_patch
kernel-tools-libs-5.14.0-503.15.1.el9_5.aarch64.rpm78088bdb58b3a3883a5af9cac49454c1-ol9_aarch64_baseos_latest
kernel-tools-libs-5.14.0-503.15.1.el9_5.aarch64.rpm78088bdb58b3a3883a5af9cac49454c1-ol9_aarch64_u5_baseos_patch
kernel-tools-libs-devel-5.14.0-503.15.1.el9_5.aarch64.rpm1786c980840d85684d3ba29ae9569b80-ol9_aarch64_codeready_builder
perf-5.14.0-503.15.1.el9_5.aarch64.rpm14d4b5de9fc7448216ac2f121d2e177a-ol9_aarch64_appstream
python3-perf-5.14.0-503.15.1.el9_5.aarch64.rpm0258da10d9f0d3172462d0420550afd0-ol9_aarch64_baseos_latest
python3-perf-5.14.0-503.15.1.el9_5.aarch64.rpm0258da10d9f0d3172462d0420550afd0-ol9_aarch64_u5_baseos_patch
rtla-5.14.0-503.15.1.el9_5.aarch64.rpm2ca1f852910a1ab97314de18c94a6de6-ol9_aarch64_appstream
rv-5.14.0-503.15.1.el9_5.aarch64.rpm7af6ef33d1299d86621cd8cee155271f-ol9_aarch64_appstream
Oracle Linux 9 (x86_64) kernel-5.14.0-503.15.1.el9_5.src.rpm1264b0120322101f941755310c7af0ac-ol9_x86_64_appstream
kernel-5.14.0-503.15.1.el9_5.src.rpm1264b0120322101f941755310c7af0ac-ol9_x86_64_baseos_latest
kernel-5.14.0-503.15.1.el9_5.src.rpm1264b0120322101f941755310c7af0ac-ol9_x86_64_codeready_builder
kernel-5.14.0-503.15.1.el9_5.src.rpm1264b0120322101f941755310c7af0ac-ol9_x86_64_u5_baseos_patch
bpftool-7.4.0-503.15.1.el9_5.x86_64.rpm5d57bdd54780deda8bf95ce7cf61c124-ol9_x86_64_baseos_latest
bpftool-7.4.0-503.15.1.el9_5.x86_64.rpm5d57bdd54780deda8bf95ce7cf61c124-ol9_x86_64_u5_baseos_patch
kernel-5.14.0-503.15.1.el9_5.x86_64.rpmada3e73a9ae3286548d2bdaec83f535f-ol9_x86_64_baseos_latest
kernel-5.14.0-503.15.1.el9_5.x86_64.rpmada3e73a9ae3286548d2bdaec83f535f-ol9_x86_64_u5_baseos_patch
kernel-abi-stablelists-5.14.0-503.15.1.el9_5.noarch.rpm66074da7a985db6e878ee749c730f21e-ol9_x86_64_baseos_latest
kernel-abi-stablelists-5.14.0-503.15.1.el9_5.noarch.rpm66074da7a985db6e878ee749c730f21e-ol9_x86_64_u5_baseos_patch
kernel-core-5.14.0-503.15.1.el9_5.x86_64.rpm861f52fbb655e8ce61f6d24f084265b8-ol9_x86_64_baseos_latest
kernel-core-5.14.0-503.15.1.el9_5.x86_64.rpm861f52fbb655e8ce61f6d24f084265b8-ol9_x86_64_u5_baseos_patch
kernel-cross-headers-5.14.0-503.15.1.el9_5.x86_64.rpm18ef65c50efe8c0e566f51d9af3353db-ol9_x86_64_codeready_builder
kernel-debug-5.14.0-503.15.1.el9_5.x86_64.rpm673e262cd62da3b4b0d12ef8753279d0-ol9_x86_64_baseos_latest
kernel-debug-5.14.0-503.15.1.el9_5.x86_64.rpm673e262cd62da3b4b0d12ef8753279d0-ol9_x86_64_u5_baseos_patch
kernel-debug-core-5.14.0-503.15.1.el9_5.x86_64.rpmea5bfb438f6e61ad7dcce853bb515827-ol9_x86_64_baseos_latest
kernel-debug-core-5.14.0-503.15.1.el9_5.x86_64.rpmea5bfb438f6e61ad7dcce853bb515827-ol9_x86_64_u5_baseos_patch
kernel-debug-devel-5.14.0-503.15.1.el9_5.x86_64.rpmcaf01a63f7e9c9411ef21e603f0e09ef-ol9_x86_64_appstream
kernel-debug-devel-matched-5.14.0-503.15.1.el9_5.x86_64.rpmf2210c0ebbecc4aa99e61a98ff0e1c7d-ol9_x86_64_appstream
kernel-debug-modules-5.14.0-503.15.1.el9_5.x86_64.rpm93732f2523a0916ce465d271ff3cea73-ol9_x86_64_baseos_latest
kernel-debug-modules-5.14.0-503.15.1.el9_5.x86_64.rpm93732f2523a0916ce465d271ff3cea73-ol9_x86_64_u5_baseos_patch
kernel-debug-modules-core-5.14.0-503.15.1.el9_5.x86_64.rpmf6116d0eedbfdfe79d82c020fc28f26d-ol9_x86_64_baseos_latest
kernel-debug-modules-core-5.14.0-503.15.1.el9_5.x86_64.rpmf6116d0eedbfdfe79d82c020fc28f26d-ol9_x86_64_u5_baseos_patch
kernel-debug-modules-extra-5.14.0-503.15.1.el9_5.x86_64.rpm6a97b74cb85a625780f7c38fcdfad9aa-ol9_x86_64_baseos_latest
kernel-debug-modules-extra-5.14.0-503.15.1.el9_5.x86_64.rpm6a97b74cb85a625780f7c38fcdfad9aa-ol9_x86_64_u5_baseos_patch
kernel-debug-uki-virt-5.14.0-503.15.1.el9_5.x86_64.rpm473395ce31b7f53ff53bd30d76450563-ol9_x86_64_baseos_latest
kernel-debug-uki-virt-5.14.0-503.15.1.el9_5.x86_64.rpm473395ce31b7f53ff53bd30d76450563-ol9_x86_64_u5_baseos_patch
kernel-devel-5.14.0-503.15.1.el9_5.x86_64.rpm4e4a3a45501004eee7ee63d4bbcdf308-ol9_x86_64_appstream
kernel-devel-matched-5.14.0-503.15.1.el9_5.x86_64.rpmb20ea4789872ce6157090f60e3a81b4e-ol9_x86_64_appstream
kernel-doc-5.14.0-503.15.1.el9_5.noarch.rpmea84a301b5e28511452855bedb2c4822-ol9_x86_64_appstream
kernel-headers-5.14.0-503.15.1.el9_5.x86_64.rpmec074dcac5a05dabd6b06ac3dd978b46-ol9_x86_64_appstream
kernel-modules-5.14.0-503.15.1.el9_5.x86_64.rpmf2224a29b34e3d3ce2e9867b9a70a8f0-ol9_x86_64_baseos_latest
kernel-modules-5.14.0-503.15.1.el9_5.x86_64.rpmf2224a29b34e3d3ce2e9867b9a70a8f0-ol9_x86_64_u5_baseos_patch
kernel-modules-core-5.14.0-503.15.1.el9_5.x86_64.rpmf2fb11d368ce2cd7c568468ad35a1fa3-ol9_x86_64_baseos_latest
kernel-modules-core-5.14.0-503.15.1.el9_5.x86_64.rpmf2fb11d368ce2cd7c568468ad35a1fa3-ol9_x86_64_u5_baseos_patch
kernel-modules-extra-5.14.0-503.15.1.el9_5.x86_64.rpm50bd82bff26131ca024d3015da92f635-ol9_x86_64_baseos_latest
kernel-modules-extra-5.14.0-503.15.1.el9_5.x86_64.rpm50bd82bff26131ca024d3015da92f635-ol9_x86_64_u5_baseos_patch
kernel-tools-5.14.0-503.15.1.el9_5.x86_64.rpm88d1d30633944143060ae28880adb544-ol9_x86_64_baseos_latest
kernel-tools-5.14.0-503.15.1.el9_5.x86_64.rpm88d1d30633944143060ae28880adb544-ol9_x86_64_u5_baseos_patch
kernel-tools-libs-5.14.0-503.15.1.el9_5.x86_64.rpmab10bc46c7497de78fede07b6768101d-ol9_x86_64_baseos_latest
kernel-tools-libs-5.14.0-503.15.1.el9_5.x86_64.rpmab10bc46c7497de78fede07b6768101d-ol9_x86_64_u5_baseos_patch
kernel-tools-libs-devel-5.14.0-503.15.1.el9_5.x86_64.rpm8cf024583e86cacfadc49cf3c0fcf984-ol9_x86_64_codeready_builder
kernel-uki-virt-5.14.0-503.15.1.el9_5.x86_64.rpmae0506586ecf81cfb3f541fb2139f4f8-ol9_x86_64_baseos_latest
kernel-uki-virt-5.14.0-503.15.1.el9_5.x86_64.rpmae0506586ecf81cfb3f541fb2139f4f8-ol9_x86_64_u5_baseos_patch
kernel-uki-virt-addons-5.14.0-503.15.1.el9_5.x86_64.rpm0ebf7535eff10cfe8b5563486a644590-ol9_x86_64_baseos_latest
kernel-uki-virt-addons-5.14.0-503.15.1.el9_5.x86_64.rpm0ebf7535eff10cfe8b5563486a644590-ol9_x86_64_u5_baseos_patch
libperf-5.14.0-503.15.1.el9_5.x86_64.rpm0e9b703ce1fe0cb93b8e7525642ae584-ol9_x86_64_codeready_builder
perf-5.14.0-503.15.1.el9_5.x86_64.rpmffd9baeda212b9f5d0a97f571045cd79-ol9_x86_64_appstream
python3-perf-5.14.0-503.15.1.el9_5.x86_64.rpm5a3555a32a64ade80283577244a3f73e-ol9_x86_64_baseos_latest
python3-perf-5.14.0-503.15.1.el9_5.x86_64.rpm5a3555a32a64ade80283577244a3f73e-ol9_x86_64_u5_baseos_patch
rtla-5.14.0-503.15.1.el9_5.x86_64.rpm1b77027c4fed0af4daa6572471b8e927-ol9_x86_64_appstream
rv-5.14.0-503.15.1.el9_5.x86_64.rpm6c37641792fe71523559c6a2313ff30b-ol9_x86_64_appstream


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete