ELSA-2024-10274

ULN >
Oracle Linux Errata repository >
ELSA-2024-10274

ELSA-2024-10274 - kernel security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-11-26

Description

- [5.14.0-503.15.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.15.1_5]
- USB: serial: mos7840: fix crash on resume (Desnes Nunes) [RHEL-65484 RHEL-59050] {CVE-2024-42244}
- attr: block mode changes of symlinks (CKI Backport Bot) [RHEL-61231 RHEL-60822]
- ice: Adjust PTP init for 2x50G E825C devices (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Add NAC Topology device capability parser (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Add support for E825-C TS PLL handling (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Change CGU regs struct to anonymous (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Introduce ETH56G PHY model for E825C products (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Introduce ice_get_base_incval() helper (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Move CGU block (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Add PHY OFFSET_READY register clearing (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Implement Tx interrupt enablement functions (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Introduce helper to get tmr_cmd_reg values (Petr Oros) [RHEL-64017 RHEL-29210]
- ice: Introduce ice_ptp_hw struct (Petr Oros) [RHEL-64017 RHEL-29210]
- wifi: rtw89: limit the PPDU length for VHT rate to 0x40000 (Narpat Mali) [RHEL-61753 RHEL-35542]
- wifi: rtw89: 885xbx: apply common settings to 8851B, 8852B and 8852BT (Narpat Mali) [RHEL-61753 RHEL-35542]
- wifi: rtw89: 8852b: fix definition of KIP register number (Narpat Mali) [RHEL-61753 RHEL-35542]
- wifi: rtw89: 8852b: set AMSDU limit to 5000 (Narpat Mali) [RHEL-61753 RHEL-35542]
- bpf: Fix overrunning reservations in ringbuf (CKI Backport Bot) [RHEL-62940] {CVE-2024-41009}
- net: tcp: accept old ack during closing (Jamie Bainbridge) [RHEL-61424 RHEL-60572]
- cxl/port: Fix use-after-free, permit out-of-order decoder shutdown (CKI Backport Bot) [RHEL-66837] {CVE-2024-50226}
- ethtool: check device is present when getting link settings (Michal Schmidt) [RHEL-60581 RHEL-57750]
- iommu/amd: Fix argument order in amd_iommu_dev_flush_pasid_all() (CKI Backport Bot) [RHEL-59982 RHEL-59981]

Related CVEs

CVE-2024-42244

CVE-2024-50226

CVE-2024-41009

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-503.15.1.el9_5.src.rpm	e4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c	-	ol9_aarch64_appstream
	kernel-5.14.0-503.15.1.el9_5.src.rpm	e4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-503.15.1.el9_5.src.rpm	e4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-503.15.1.el9_5.src.rpm	e4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c	-	ol9_aarch64_u5_baseos_patch
	bpftool-7.4.0-503.15.1.el9_5.aarch64.rpm	df71c51d58ed66829fedd27f3053f1bb68bd096a4b4a2cd8059bed0e577504ad	-	ol9_aarch64_baseos_latest
	bpftool-7.4.0-503.15.1.el9_5.aarch64.rpm	df71c51d58ed66829fedd27f3053f1bb68bd096a4b4a2cd8059bed0e577504ad	-	ol9_aarch64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.15.1.el9_5.aarch64.rpm	9929338ed89b67fdc135f470d9aaaebf08ff8e0c40c64ff48a9b42f399b5bfce	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-503.15.1.el9_5.aarch64.rpm	b87e5059d7d636da95d45ddaf4c0ee20bd5ad733d9843f26c75205e5d8fef10d	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-503.15.1.el9_5.aarch64.rpm	47d6c83712909dc0c22facf623e3b259826ca0538e6ffe7633dd868bd4fcc8e8	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-503.15.1.el9_5.aarch64.rpm	47d6c83712909dc0c22facf623e3b259826ca0538e6ffe7633dd868bd4fcc8e8	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.15.1.el9_5.aarch64.rpm	e7bfc796df960384ebe23102b613c57f2ded54b752ee777fc4993f8e124805c5	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-503.15.1.el9_5.aarch64.rpm	e7bfc796df960384ebe23102b613c57f2ded54b752ee777fc4993f8e124805c5	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.15.1.el9_5.aarch64.rpm	8278f10f08bcceb695d0f73db774db31797c86ab88719dbdc5b977d0adf12db2	-	ol9_aarch64_codeready_builder
	perf-5.14.0-503.15.1.el9_5.aarch64.rpm	e25ebb4fcadaa9f900929c930e1c0c7b35f92e0bd4ca9624e64e50b0724ae4a0	-	ol9_aarch64_appstream
	python3-perf-5.14.0-503.15.1.el9_5.aarch64.rpm	8ebe6584f97ac61558ce6883c5b9a80c70692340ce3c113d6762106f39da3a82	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-503.15.1.el9_5.aarch64.rpm	8ebe6584f97ac61558ce6883c5b9a80c70692340ce3c113d6762106f39da3a82	-	ol9_aarch64_u5_baseos_patch
	rtla-5.14.0-503.15.1.el9_5.aarch64.rpm	b3b1cada1b8300c016acf52b182ea7344baa4b57b515668e10cff433b5ac3797	-	ol9_aarch64_appstream
	rv-5.14.0-503.15.1.el9_5.aarch64.rpm	a433fbe2d1489448654730732007d045207eba4cf9306c9456d3cc62a8e6e976	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	kernel-5.14.0-503.15.1.el9_5.src.rpm	e4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c	-	ol9_x86_64_appstream
	kernel-5.14.0-503.15.1.el9_5.src.rpm	e4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.15.1.el9_5.src.rpm	e4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-503.15.1.el9_5.src.rpm	e4421f40fb9370744484d1cd54d37479700b99fffbb1f609eec46771e2f3a66c	-	ol9_x86_64_u5_baseos_patch
	bpftool-7.4.0-503.15.1.el9_5.x86_64.rpm	58a711916e1585cf58bc7b52648d74d75529bd27d0327778b79c0d8235e52078	-	ol9_x86_64_baseos_latest
	bpftool-7.4.0-503.15.1.el9_5.x86_64.rpm	58a711916e1585cf58bc7b52648d74d75529bd27d0327778b79c0d8235e52078	-	ol9_x86_64_u5_baseos_patch
	kernel-5.14.0-503.15.1.el9_5.x86_64.rpm	9c9e18dabbb3e956e18b6ef073eac4214ce26c419bba5485b1a8031331d07136	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.15.1.el9_5.x86_64.rpm	9c9e18dabbb3e956e18b6ef073eac4214ce26c419bba5485b1a8031331d07136	-	ol9_x86_64_u5_baseos_patch
	kernel-abi-stablelists-5.14.0-503.15.1.el9_5.noarch.rpm	464e125a0d3ea6f4eaf8fcf6046c58e0c1896791adf11c20e4d3b58e02ee6e02	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-503.15.1.el9_5.noarch.rpm	464e125a0d3ea6f4eaf8fcf6046c58e0c1896791adf11c20e4d3b58e02ee6e02	-	ol9_x86_64_u5_baseos_patch
	kernel-core-5.14.0-503.15.1.el9_5.x86_64.rpm	51d915cd8e64f7403762d44c82b795dd1fb403ccdaa90f49c0ec1a0038a8f901	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-503.15.1.el9_5.x86_64.rpm	51d915cd8e64f7403762d44c82b795dd1fb403ccdaa90f49c0ec1a0038a8f901	-	ol9_x86_64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.15.1.el9_5.x86_64.rpm	36ab964aa7d9dbd7b79cc59605cb605e4a5254d33b0356a4c0e7c916889077a4	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-503.15.1.el9_5.x86_64.rpm	0d1064a99e1e091eb5f3fe3a8739c962d5d2a96adbe72a9a046bce92470631df	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-503.15.1.el9_5.x86_64.rpm	0d1064a99e1e091eb5f3fe3a8739c962d5d2a96adbe72a9a046bce92470631df	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-core-5.14.0-503.15.1.el9_5.x86_64.rpm	55d1028252de3d9fe01b252f195f64f9bc5bad04883acd137725db1b89335230	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-503.15.1.el9_5.x86_64.rpm	55d1028252de3d9fe01b252f195f64f9bc5bad04883acd137725db1b89335230	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-devel-5.14.0-503.15.1.el9_5.x86_64.rpm	eb95785d50d152754b7a2b1dba428dc2f2ce93bc1f1ca7afb4aa4bcffddd7d14	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-503.15.1.el9_5.x86_64.rpm	dc6c8e47bd114f81d30bf976f8824fc4237082dbe00f793675d65145bbc7e414	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-503.15.1.el9_5.x86_64.rpm	400ece405ecbe264e926972eea6ca92853836f86401f03d2c2aead1afec346e4	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-503.15.1.el9_5.x86_64.rpm	400ece405ecbe264e926972eea6ca92853836f86401f03d2c2aead1afec346e4	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-core-5.14.0-503.15.1.el9_5.x86_64.rpm	f1cd08facdd1a618e22ab332d4c53eedc3ffe6778952610125f39a9a38dc2320	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-503.15.1.el9_5.x86_64.rpm	f1cd08facdd1a618e22ab332d4c53eedc3ffe6778952610125f39a9a38dc2320	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-extra-5.14.0-503.15.1.el9_5.x86_64.rpm	515f0a51a1115a90101dce143ba542b69a47974940834a6bf4fada3491faf8a1	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-503.15.1.el9_5.x86_64.rpm	515f0a51a1115a90101dce143ba542b69a47974940834a6bf4fada3491faf8a1	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-uki-virt-5.14.0-503.15.1.el9_5.x86_64.rpm	9f877c750c3ab9e70ca3bbfa7c184b771cbd31165c7271457bf421958ef201ce	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-503.15.1.el9_5.x86_64.rpm	9f877c750c3ab9e70ca3bbfa7c184b771cbd31165c7271457bf421958ef201ce	-	ol9_x86_64_u5_baseos_patch
	kernel-devel-5.14.0-503.15.1.el9_5.x86_64.rpm	0b21ca9f1bb9452b5898a8f53be882087c9b08a3561d2fe7ccfebe6a30918f74	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-503.15.1.el9_5.x86_64.rpm	1ac3947106d83be3fd5e1d321e48e2f821bae0ec7c0aabd62ef35d7772d6137b	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-503.15.1.el9_5.noarch.rpm	395852bd29447fb494f35e25627c4c53f9377f0a7fb541d731ebf49d7be40dd6	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-503.15.1.el9_5.x86_64.rpm	032d58c168f8eb880950761539b900196bc885020fabfb3078c60c94e8c719f9	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-503.15.1.el9_5.x86_64.rpm	7cfdb2adceef010801dfb34a374d434a0aec304c449be576be3f3f29cd435643	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-503.15.1.el9_5.x86_64.rpm	7cfdb2adceef010801dfb34a374d434a0aec304c449be576be3f3f29cd435643	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-core-5.14.0-503.15.1.el9_5.x86_64.rpm	cbd1eb9a9fefecd9bc0003d512814c723343ba52a1ce42d52d35e9576deba39a	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-503.15.1.el9_5.x86_64.rpm	cbd1eb9a9fefecd9bc0003d512814c723343ba52a1ce42d52d35e9576deba39a	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-extra-5.14.0-503.15.1.el9_5.x86_64.rpm	bb408cfeefc7491a7d01853ca5a0f4f28731307d3a784bb4d3425fe5e3768acb	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-503.15.1.el9_5.x86_64.rpm	bb408cfeefc7491a7d01853ca5a0f4f28731307d3a784bb4d3425fe5e3768acb	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-5.14.0-503.15.1.el9_5.x86_64.rpm	39ab062c2b562343232dc8808f9cf2e459f2db9c43ac4e38f482d42e3cf78109	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-503.15.1.el9_5.x86_64.rpm	39ab062c2b562343232dc8808f9cf2e459f2db9c43ac4e38f482d42e3cf78109	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.15.1.el9_5.x86_64.rpm	8efa9687bc65214cb477edfa28748547390d04d50e954766c49a97b88dd957c9	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-503.15.1.el9_5.x86_64.rpm	8efa9687bc65214cb477edfa28748547390d04d50e954766c49a97b88dd957c9	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.15.1.el9_5.x86_64.rpm	16059d27e3871e48ff8dbe7c9e1f24cc29179215df63ddae34e2388fe09f1064	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-503.15.1.el9_5.x86_64.rpm	41af49fc24dc634bbb69481cfe300cba16a2510f6841b7dfa985a73907eff194	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-503.15.1.el9_5.x86_64.rpm	41af49fc24dc634bbb69481cfe300cba16a2510f6841b7dfa985a73907eff194	-	ol9_x86_64_u5_baseos_patch
	kernel-uki-virt-addons-5.14.0-503.15.1.el9_5.x86_64.rpm	e8129e553a075b8193545e9a661ed954e503b008f74e46666a24217f19b2fab9	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-503.15.1.el9_5.x86_64.rpm	e8129e553a075b8193545e9a661ed954e503b008f74e46666a24217f19b2fab9	-	ol9_x86_64_u5_baseos_patch
	libperf-5.14.0-503.15.1.el9_5.x86_64.rpm	f30c09b91f4656e757a4b552a458d9a3b3a08523b05b1cb55abae07fc9a2180b	-	ol9_x86_64_codeready_builder
	perf-5.14.0-503.15.1.el9_5.x86_64.rpm	a22aaeda59fda1581d3f65c2926038729e3812804d3fbe1ca2c2caca1d9759ee	-	ol9_x86_64_appstream
	python3-perf-5.14.0-503.15.1.el9_5.x86_64.rpm	cdacd9454b7193348fd174214ac797101e041b08d45bdb41ac5966a0b655861e	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-503.15.1.el9_5.x86_64.rpm	cdacd9454b7193348fd174214ac797101e041b08d45bdb41ac5966a0b655861e	-	ol9_x86_64_u5_baseos_patch
	rtla-5.14.0-503.15.1.el9_5.x86_64.rpm	400b34ca48872886c3c483fe24d9450ff9d63b44af1a11a3772d6a40658d6fac	-	ol9_x86_64_appstream
	rv-5.14.0-503.15.1.el9_5.x86_64.rpm	2c10c275391d5f60866e78703539c9bb1981f03f9422f2523fbc5d7f53853314	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691