ELSA-2024-10939

ULN >
Oracle Linux Errata repository >
ELSA-2024-10939

ELSA-2024-10939 - kernel security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-12-11

Description

[5.14.0-503.16.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.16.1_5]
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Mete Durlu) [RHEL-64902 RHEL-55873]
- net/smc: fix illegal rmb_desc access in SMC-D connection dump (Steve Best) [RHEL-65436 RHEL-27748] {CVE-2024-26615}
- gitlab-ci: use zstream builder container image (Michael Hofmann)
- netfilter: nft_payload: sanitize offset and length before calling skb_checksum() (CKI Backport Bot) [RHEL-66856] {CVE-2024-50251}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (CKI Backport Bot) [RHEL-65401] {CVE-2024-49949}
- block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-58761 RHEL-54768] {CVE-2024-43854}
- proc: fix dentry/inode overinstantiating under /proc//net (Joel Savitz) [RHEL-62824 RHEL-57703]
- iommu: Restore lost return in iommu_report_device_fault() (CKI Backport Bot) [RHEL-67364] {CVE-2024-44994}
- net: ena: Extend customer metrics reporting support (Kamal Heib) [RHEL-66933 RHEL-59968]
- net: ena: Add ENA Express metrics support (Kamal Heib) [RHEL-66933 RHEL-59968]
- xsk: fix batch alloc API on non-coherent systems (Felix Maurer) [RHEL-59884 RHEL-58954]
- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66106] {CVE-2024-46695}
- PCI/AER: Disable AER service on suspend (Lenny Szubowicz) [RHEL-67037 RHEL-22265]
- ACPI: PM: s2idle: Evaluate all Low-Power S0 Idle _DSM functions (Mark Langsdorf) [RHEL-67037 RHEL-54149]
- mptcp: fallback when MPTCP opts are dropped after 1st data (CKI Backport Bot) [RHEL-62216 RHEL-62218]
- cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (David Arcari) [RHEL-61469 RHEL-45016]
- cpufreq/amd-pstate: Add the missing cpufreq_cpu_put() (David Arcari) [RHEL-61469 RHEL-45016]
- cpufreq/amd-pstate: Fix the scaling_max_freq setting on shared memory CPPC systems (David Arcari) [RHEL-61469 RHEL-45016]
- cpufreq/amd-pstate-ut: Convert nominal_freq to khz during comparisons (David Arcari) [RHEL-61469 RHEL-45016]
- cpufreq/amd-pstate: fix setting policy current frequency value (David Arcari) [RHEL-61469 RHEL-45016]
- netfilter: flowtable: initialise extack before use (CKI Backport Bot) [RHEL-58545] {CVE-2024-45018}

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-503.16.1.el9_5.src.rpm	5f4baa58782fbb06b736df4320d5429d5aac079988b510788ea5878c6030e5bf	-	ol9_aarch64_appstream
	kernel-5.14.0-503.16.1.el9_5.src.rpm	5f4baa58782fbb06b736df4320d5429d5aac079988b510788ea5878c6030e5bf	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-503.16.1.el9_5.src.rpm	5f4baa58782fbb06b736df4320d5429d5aac079988b510788ea5878c6030e5bf	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-503.16.1.el9_5.src.rpm	5f4baa58782fbb06b736df4320d5429d5aac079988b510788ea5878c6030e5bf	-	ol9_aarch64_u5_baseos_patch
	bpftool-7.4.0-503.16.1.el9_5.aarch64.rpm	c236bfef7f1d3c263a3bcf725377a0e488565814643650848287e0373a0920e1	-	ol9_aarch64_baseos_latest
	bpftool-7.4.0-503.16.1.el9_5.aarch64.rpm	c236bfef7f1d3c263a3bcf725377a0e488565814643650848287e0373a0920e1	-	ol9_aarch64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.16.1.el9_5.aarch64.rpm	55bda6709bf0571b8af10626779b8f697d44c6f7d38a6482de321a25ae9fd768	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-503.16.1.el9_5.aarch64.rpm	da2d99f6cf49661f0c927f4072651045c5a425a4a20699947991ce1cfa225154	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-503.16.1.el9_5.aarch64.rpm	ff870239f7e3931e83407a2a083f3dcdcaa2f773f3e08d1a7189c530a5bb7980	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-503.16.1.el9_5.aarch64.rpm	ff870239f7e3931e83407a2a083f3dcdcaa2f773f3e08d1a7189c530a5bb7980	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.16.1.el9_5.aarch64.rpm	c6653f578b86489c5f70caee8335ecfebcafc45d0ece03e7c7428cf49526d0cc	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-503.16.1.el9_5.aarch64.rpm	c6653f578b86489c5f70caee8335ecfebcafc45d0ece03e7c7428cf49526d0cc	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.16.1.el9_5.aarch64.rpm	073cca1d4a0b80759ee15cab9550739fc58b98a55a2d9c3dd32f95105e5afcc6	-	ol9_aarch64_codeready_builder
	perf-5.14.0-503.16.1.el9_5.aarch64.rpm	b685b6f4d270215d6bdb9bbf84b6a7119a130508e584c78fd5b13e83066d9530	-	ol9_aarch64_appstream
	python3-perf-5.14.0-503.16.1.el9_5.aarch64.rpm	fa1c11da4538d5074726da90fba9c928d518521e5eca7608dcf97b034aa7c27f	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-503.16.1.el9_5.aarch64.rpm	fa1c11da4538d5074726da90fba9c928d518521e5eca7608dcf97b034aa7c27f	-	ol9_aarch64_u5_baseos_patch
	rtla-5.14.0-503.16.1.el9_5.aarch64.rpm	bbc34e7be2948720a6d5021dea0ea1b63a1228286169fc5ba28a4d18e45155d5	-	ol9_aarch64_appstream
	rv-5.14.0-503.16.1.el9_5.aarch64.rpm	b4702d4d9176d0d315c3719a30d8c7b04206c21bc6d17f1f3677bb394b540917	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	kernel-5.14.0-503.16.1.el9_5.src.rpm	5f4baa58782fbb06b736df4320d5429d5aac079988b510788ea5878c6030e5bf	-	ol9_x86_64_appstream
	kernel-5.14.0-503.16.1.el9_5.src.rpm	5f4baa58782fbb06b736df4320d5429d5aac079988b510788ea5878c6030e5bf	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.16.1.el9_5.src.rpm	5f4baa58782fbb06b736df4320d5429d5aac079988b510788ea5878c6030e5bf	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-503.16.1.el9_5.src.rpm	5f4baa58782fbb06b736df4320d5429d5aac079988b510788ea5878c6030e5bf	-	ol9_x86_64_u5_baseos_patch
	bpftool-7.4.0-503.16.1.el9_5.x86_64.rpm	9052af96182789ec0f8fed132ff3d173eb8a186ab710d585fca877e05c6f7839	-	ol9_x86_64_baseos_latest
	bpftool-7.4.0-503.16.1.el9_5.x86_64.rpm	9052af96182789ec0f8fed132ff3d173eb8a186ab710d585fca877e05c6f7839	-	ol9_x86_64_u5_baseos_patch
	kernel-5.14.0-503.16.1.el9_5.x86_64.rpm	443df1f019674a4174779001f78a1c2a10d8f698b6aa00e85ec7741d297b8815	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.16.1.el9_5.x86_64.rpm	443df1f019674a4174779001f78a1c2a10d8f698b6aa00e85ec7741d297b8815	-	ol9_x86_64_u5_baseos_patch
	kernel-abi-stablelists-5.14.0-503.16.1.el9_5.noarch.rpm	269c5ab51833b2748052117d1b329645906856d6f60179a979bf64a6625fbb00	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-503.16.1.el9_5.noarch.rpm	269c5ab51833b2748052117d1b329645906856d6f60179a979bf64a6625fbb00	-	ol9_x86_64_u5_baseos_patch
	kernel-core-5.14.0-503.16.1.el9_5.x86_64.rpm	312410ee53b797ae5f31fcc194eaca1422363993ffe86e9986667aa1a9e67fbe	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-503.16.1.el9_5.x86_64.rpm	312410ee53b797ae5f31fcc194eaca1422363993ffe86e9986667aa1a9e67fbe	-	ol9_x86_64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.16.1.el9_5.x86_64.rpm	be4c56d798c38ebec1ec295ed161cdf1cd38673dfc98ea4d7df40df319c83c52	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-503.16.1.el9_5.x86_64.rpm	fdb21d6d2a18ffe8a360fbbfcb44105880320c2e2d01cfec1f31d21510519a8d	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-503.16.1.el9_5.x86_64.rpm	fdb21d6d2a18ffe8a360fbbfcb44105880320c2e2d01cfec1f31d21510519a8d	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-core-5.14.0-503.16.1.el9_5.x86_64.rpm	590239b904063a0005261cb804d5023b175708d3ee0942a3404cf194c81e0413	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-503.16.1.el9_5.x86_64.rpm	590239b904063a0005261cb804d5023b175708d3ee0942a3404cf194c81e0413	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-devel-5.14.0-503.16.1.el9_5.x86_64.rpm	037c4d4aa03bb9e2b3f0fabf596fd3bef5dae5025503f08a98ed60f9c07dec3a	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-503.16.1.el9_5.x86_64.rpm	641454306de7551be61088ce6fdc0e1cd1debd77fe1250edd8f13db981809904	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-503.16.1.el9_5.x86_64.rpm	1e7676e30fa722f5ac2ecdcbcf80c0c28a3e617d5882944d2a917dac49318328	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-503.16.1.el9_5.x86_64.rpm	1e7676e30fa722f5ac2ecdcbcf80c0c28a3e617d5882944d2a917dac49318328	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-core-5.14.0-503.16.1.el9_5.x86_64.rpm	2ed166567cd86e52be1fd95a443737de5d8b815ef24a15181eb5b91a4cf58f4a	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-503.16.1.el9_5.x86_64.rpm	2ed166567cd86e52be1fd95a443737de5d8b815ef24a15181eb5b91a4cf58f4a	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-extra-5.14.0-503.16.1.el9_5.x86_64.rpm	95f424ffc2edf05c6fd862e24cd1f57923c1daf5e2ced8cd70dda0cb241cd895	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-503.16.1.el9_5.x86_64.rpm	95f424ffc2edf05c6fd862e24cd1f57923c1daf5e2ced8cd70dda0cb241cd895	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-uki-virt-5.14.0-503.16.1.el9_5.x86_64.rpm	3d099355be67c5604ce3be4cf0d2131234cab260637a6914f609e31500a1eccd	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-503.16.1.el9_5.x86_64.rpm	3d099355be67c5604ce3be4cf0d2131234cab260637a6914f609e31500a1eccd	-	ol9_x86_64_u5_baseos_patch
	kernel-devel-5.14.0-503.16.1.el9_5.x86_64.rpm	740604b094be3f72f33bdae6badf24722d854801a97ec21687a5311f36ca6328	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-503.16.1.el9_5.x86_64.rpm	be3efa693740e2fdc4dd3d78e4b6a1f8c9c493bc63a3cf058fbd84ef3252ee67	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-503.16.1.el9_5.noarch.rpm	8f03e3f59e0f20d52edbcf7c536077fad2bd3945de75275ab69cab7ded68db5d	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-503.16.1.el9_5.x86_64.rpm	df539c2fa1ee35c75111fb1efd0279720bc8fe2965af56092fd09d100c7a5e29	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-503.16.1.el9_5.x86_64.rpm	e850e4e22bae822b3fbace63fafba0c7f2b1d1221c324577eae67ee986a51e6a	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-503.16.1.el9_5.x86_64.rpm	e850e4e22bae822b3fbace63fafba0c7f2b1d1221c324577eae67ee986a51e6a	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-core-5.14.0-503.16.1.el9_5.x86_64.rpm	72bc5c3f160005bfd975ba642dd4db7c6ba260a28f9f5a5472a2f742b72b878c	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-503.16.1.el9_5.x86_64.rpm	72bc5c3f160005bfd975ba642dd4db7c6ba260a28f9f5a5472a2f742b72b878c	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-extra-5.14.0-503.16.1.el9_5.x86_64.rpm	f2d81ada46bb1d52c191243b07a419666f9f53169908bb90601df1b1d6907bd6	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-503.16.1.el9_5.x86_64.rpm	f2d81ada46bb1d52c191243b07a419666f9f53169908bb90601df1b1d6907bd6	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-5.14.0-503.16.1.el9_5.x86_64.rpm	1486ea0e3bce787362df6c157ed95f2ec1182edd4a1a62fbde7b1d7136480e30	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-503.16.1.el9_5.x86_64.rpm	1486ea0e3bce787362df6c157ed95f2ec1182edd4a1a62fbde7b1d7136480e30	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.16.1.el9_5.x86_64.rpm	85f57e0d4e668e90b9a7d29154ca77edd8e628877806dfcc8db200ab2fd965ea	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-503.16.1.el9_5.x86_64.rpm	85f57e0d4e668e90b9a7d29154ca77edd8e628877806dfcc8db200ab2fd965ea	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.16.1.el9_5.x86_64.rpm	deb1fa8ab8b88542805d32513b91b2180320d384a966ab0a51e2cc6735980dac	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-503.16.1.el9_5.x86_64.rpm	4a6a5496878bd51d600a67f3b8c4fb8566dff2e8756d272f898f72d3b4ffa291	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-503.16.1.el9_5.x86_64.rpm	4a6a5496878bd51d600a67f3b8c4fb8566dff2e8756d272f898f72d3b4ffa291	-	ol9_x86_64_u5_baseos_patch
	kernel-uki-virt-addons-5.14.0-503.16.1.el9_5.x86_64.rpm	6fe5dcbbae23ed523227037ef8394f69c51cc8146f338eced2f7b245f0426976	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-503.16.1.el9_5.x86_64.rpm	6fe5dcbbae23ed523227037ef8394f69c51cc8146f338eced2f7b245f0426976	-	ol9_x86_64_u5_baseos_patch
	libperf-5.14.0-503.16.1.el9_5.x86_64.rpm	7e2203c15f489689d6422052701ef687eb65afe2e1673043fefb241b1a30acb9	-	ol9_x86_64_codeready_builder
	perf-5.14.0-503.16.1.el9_5.x86_64.rpm	5a406f6e4646511b26504c9cc5e0336eadd51ccf8b1f7ebd89ccec198eadd6d5	-	ol9_x86_64_appstream
	python3-perf-5.14.0-503.16.1.el9_5.x86_64.rpm	69bf39ae3fcbf447dfd047fbf2f5cdab64ea0516592066e7bd1b406db1f83c24	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-503.16.1.el9_5.x86_64.rpm	69bf39ae3fcbf447dfd047fbf2f5cdab64ea0516592066e7bd1b406db1f83c24	-	ol9_x86_64_u5_baseos_patch
	rtla-5.14.0-503.16.1.el9_5.x86_64.rpm	4fbf55f033f8bb3b42474feffbcaeb9a8eb0112170de95ec6aa64bb8c67db447	-	ol9_x86_64_appstream
	rv-5.14.0-503.16.1.el9_5.x86_64.rpm	7dffb4a46d6760f1d8f65d7da14d9ff5e639d323b16af5936372448c9f4455b9	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691