ELSA-2024-10943

ULN >
Oracle Linux Errata repository >
ELSA-2024-10943

ELSA-2024-10943 - kernel security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-12-11

Description

[4.18.0-553.32.1_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]

[4.18.0-553.32.1_10]
- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66965] {CVE-2024-50192}
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66965] {CVE-2024-50192}
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Ming Lei) [RHEL-65158] {CVE-2024-50082}
- gfs2: fix double destroy_workqueue error (Andreas Gruenbacher) [RHEL-62869]
- Revert 'GFS2: Don't add all glocks to the lru' (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Use list_move_tail instead of list_del/list_add_tail (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Revise glock reference counting model (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Switch to a per-filesystem glock workqueue (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Report when glocks cannot be freed for a long time (Andreas Gruenbacher) [RHEL-62869]
- gfs2: gfs2_glock_get cleanup (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Invert the GLF_INITIAL flag (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename handle_callback to request_demote (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_FROZEN to GLF_HAVE_FROZEN_REPLY (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_REPLY_PENDING to GLF_HAVE_REPLY (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_FREEING to GLF_UNLOCKED (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Remove useless return statement in run_queue (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Remove unnecessary function prototype (Andreas Gruenbacher) [RHEL-62869]
- gfs2: finish_xmote cleanup (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Replace gfs2_glock_queue_put with gfs2_glock_put_async (Andreas Gruenbacher) [RHEL-62869]
- KVM: selftests: memslot_perf_test: increase guest sync timeout (Maxim Levitsky) [RHEL-19080]
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-68025] {CVE-2024-50264}
- md/raid5: Wait sync io to finish before changing group cnt (Nigel Croxon) [RHEL-58585]

[4.18.0-553.31.1_10]
- xfrm: fix one more kernel-infoleak in algo dumping (Sabrina Dubroca) [RHEL-65955] {CVE-2024-50110}
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (Florian Westphal) [RHEL-66862] {CVE-2024-50256}
- netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n (Florian Westphal) [RHEL-66862]
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Florian Westphal) [RHEL-66862]
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (Paulo Alcantara) [RHEL-7988]
- cifs: handle cache lookup errors different than -ENOENT (Paulo Alcantara) [RHEL-7988]
- cifs: don't take exclusive lock for updating target hints (Paulo Alcantara) [RHEL-7988]
- cifs: avoid re-lookups in dfs_cache_find() (Paulo Alcantara) [RHEL-7988]
- cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) [RHEL-7988]
- cifs: don't refresh cached referrals from unactive mounts (Paulo Alcantara) [RHEL-7988]
- cifs: return ENOENT for DFS lookup_cache_entry() (Paulo Alcantara) [RHEL-7988]
- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66104] {CVE-2024-46695}
- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-67823]
- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-67823]
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Salter) [RHEL-66042] {CVE-2024-50099}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Davide Caratti) [RHEL-65399] {CVE-2024-49949}
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66457] {CVE-2024-50142}

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	kernel-4.18.0-553.32.1.el8_10.src.rpm	cbd3c6fa392843f9b440d3cbb65a241e816736eea10cdd468ba5c18b24d35f3a	-	ol8_aarch64_baseos_latest
	kernel-4.18.0-553.32.1.el8_10.src.rpm	cbd3c6fa392843f9b440d3cbb65a241e816736eea10cdd468ba5c18b24d35f3a	-	ol8_aarch64_codeready_builder
	kernel-4.18.0-553.32.1.el8_10.src.rpm	cbd3c6fa392843f9b440d3cbb65a241e816736eea10cdd468ba5c18b24d35f3a	-	ol8_aarch64_u10_baseos_patch
	bpftool-4.18.0-553.32.1.el8_10.aarch64.rpm	e1ce18376ac870aa9807988ba269cdf8a6070a9a5085428f651973f127247558	-	ol8_aarch64_baseos_latest
	bpftool-4.18.0-553.32.1.el8_10.aarch64.rpm	e1ce18376ac870aa9807988ba269cdf8a6070a9a5085428f651973f127247558	-	ol8_aarch64_u10_baseos_patch
	kernel-cross-headers-4.18.0-553.32.1.el8_10.aarch64.rpm	4d6e09dcebcc7487a3ea88e4670dadc793fe9a66afb3c2030baf389a928956f5	-	ol8_aarch64_baseos_latest
	kernel-cross-headers-4.18.0-553.32.1.el8_10.aarch64.rpm	4d6e09dcebcc7487a3ea88e4670dadc793fe9a66afb3c2030baf389a928956f5	-	ol8_aarch64_u10_baseos_patch
	kernel-headers-4.18.0-553.32.1.el8_10.aarch64.rpm	4ea2a7a3c2b630f2607490e423e85177358f5ba32c02189775478a284b4ca728	-	ol8_aarch64_baseos_latest
	kernel-headers-4.18.0-553.32.1.el8_10.aarch64.rpm	4ea2a7a3c2b630f2607490e423e85177358f5ba32c02189775478a284b4ca728	-	ol8_aarch64_u10_baseos_patch
	kernel-tools-4.18.0-553.32.1.el8_10.aarch64.rpm	fc749b6b317da990871128a3e39cd2c4e295fea797837bf0a73d494bc71d0790	-	ol8_aarch64_baseos_latest
	kernel-tools-4.18.0-553.32.1.el8_10.aarch64.rpm	fc749b6b317da990871128a3e39cd2c4e295fea797837bf0a73d494bc71d0790	-	ol8_aarch64_u10_baseos_patch
	kernel-tools-libs-4.18.0-553.32.1.el8_10.aarch64.rpm	d1ba8c33d3d658d35fd9fe65d2cf2f3d97f2b70b10af7c643e9ef641e5ced6c4	-	ol8_aarch64_baseos_latest
	kernel-tools-libs-4.18.0-553.32.1.el8_10.aarch64.rpm	d1ba8c33d3d658d35fd9fe65d2cf2f3d97f2b70b10af7c643e9ef641e5ced6c4	-	ol8_aarch64_u10_baseos_patch
	kernel-tools-libs-devel-4.18.0-553.32.1.el8_10.aarch64.rpm	afd5192c52010611a7a86888a9c52b400a9cd36a76714aac8c575a9d68678be4	-	ol8_aarch64_codeready_builder
	perf-4.18.0-553.32.1.el8_10.aarch64.rpm	4ed24fddaa7113ccb0c6e4b437c35c75b8e1ffc6a086ea62c770b4cd360a244e	-	ol8_aarch64_baseos_latest
	perf-4.18.0-553.32.1.el8_10.aarch64.rpm	4ed24fddaa7113ccb0c6e4b437c35c75b8e1ffc6a086ea62c770b4cd360a244e	-	ol8_aarch64_u10_baseos_patch
	python3-perf-4.18.0-553.32.1.el8_10.aarch64.rpm	d1188086b42dfd85a54e06e12c422fea493fe97999f27ecc60e56e8409fa38d4	-	ol8_aarch64_baseos_latest
	python3-perf-4.18.0-553.32.1.el8_10.aarch64.rpm	d1188086b42dfd85a54e06e12c422fea493fe97999f27ecc60e56e8409fa38d4	-	ol8_aarch64_u10_baseos_patch

Oracle Linux 8 (x86_64)	kernel-4.18.0-553.32.1.el8_10.src.rpm	cbd3c6fa392843f9b440d3cbb65a241e816736eea10cdd468ba5c18b24d35f3a	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-553.32.1.el8_10.src.rpm	cbd3c6fa392843f9b440d3cbb65a241e816736eea10cdd468ba5c18b24d35f3a	-	ol8_x86_64_codeready_builder
	kernel-4.18.0-553.32.1.el8_10.src.rpm	cbd3c6fa392843f9b440d3cbb65a241e816736eea10cdd468ba5c18b24d35f3a	-	ol8_x86_64_u10_baseos_patch
	bpftool-4.18.0-553.32.1.el8_10.x86_64.rpm	4be0efc65f78f7640bf1ed5e72be9e5983d7016dd3be1c98b52dbc062a7548a4	-	ol8_x86_64_baseos_latest
	bpftool-4.18.0-553.32.1.el8_10.x86_64.rpm	4be0efc65f78f7640bf1ed5e72be9e5983d7016dd3be1c98b52dbc062a7548a4	-	ol8_x86_64_u10_baseos_patch
	kernel-4.18.0-553.32.1.el8_10.x86_64.rpm	bb5fdf02c142bfdc298605a57d9eecb6db91354cba49e1cab850fbecf1ccf0d7	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-553.32.1.el8_10.x86_64.rpm	bb5fdf02c142bfdc298605a57d9eecb6db91354cba49e1cab850fbecf1ccf0d7	-	ol8_x86_64_u10_baseos_patch
	kernel-abi-stablelists-4.18.0-553.32.1.el8_10.noarch.rpm	64e29b485a1b417fd86dc96dbc3b1bab5265089d10d97e06ec1e09b748483c0b	-	ol8_x86_64_baseos_latest
	kernel-abi-stablelists-4.18.0-553.32.1.el8_10.noarch.rpm	64e29b485a1b417fd86dc96dbc3b1bab5265089d10d97e06ec1e09b748483c0b	-	ol8_x86_64_u10_baseos_patch
	kernel-core-4.18.0-553.32.1.el8_10.x86_64.rpm	45d0b43e9450850737067285494d228f921be9d4c078d870ba7897ecc27c4ac3	-	ol8_x86_64_baseos_latest
	kernel-core-4.18.0-553.32.1.el8_10.x86_64.rpm	45d0b43e9450850737067285494d228f921be9d4c078d870ba7897ecc27c4ac3	-	ol8_x86_64_u10_baseos_patch
	kernel-cross-headers-4.18.0-553.32.1.el8_10.x86_64.rpm	5343774ecc4e114bfbc05269bb93ca189f6641753b622164608a158147a03448	-	ol8_x86_64_baseos_latest
	kernel-cross-headers-4.18.0-553.32.1.el8_10.x86_64.rpm	5343774ecc4e114bfbc05269bb93ca189f6641753b622164608a158147a03448	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-4.18.0-553.32.1.el8_10.x86_64.rpm	dfd9e5a669262bbf8c68ad979d699e42f8f5da0d51c23c01ab3ffb8233359ac6	-	ol8_x86_64_baseos_latest
	kernel-debug-4.18.0-553.32.1.el8_10.x86_64.rpm	dfd9e5a669262bbf8c68ad979d699e42f8f5da0d51c23c01ab3ffb8233359ac6	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-core-4.18.0-553.32.1.el8_10.x86_64.rpm	8e3e2e3d925302306000f338afaeaa7b46dfec948e62146fc0ca520bf2f9fe56	-	ol8_x86_64_baseos_latest
	kernel-debug-core-4.18.0-553.32.1.el8_10.x86_64.rpm	8e3e2e3d925302306000f338afaeaa7b46dfec948e62146fc0ca520bf2f9fe56	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-devel-4.18.0-553.32.1.el8_10.x86_64.rpm	9b8552e9c088d0be7b22da5811b775366f38824dff2357a26e9acc4a09a4dc38	-	ol8_x86_64_baseos_latest
	kernel-debug-devel-4.18.0-553.32.1.el8_10.x86_64.rpm	9b8552e9c088d0be7b22da5811b775366f38824dff2357a26e9acc4a09a4dc38	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-modules-4.18.0-553.32.1.el8_10.x86_64.rpm	c956f28d7ae56021098272466c6511f2f7d299ab7cd0479f12d190a400023afb	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-4.18.0-553.32.1.el8_10.x86_64.rpm	c956f28d7ae56021098272466c6511f2f7d299ab7cd0479f12d190a400023afb	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpm	1e4e61fc06c432e88116409aa120741ca8801e50b10791062578b0b1f74110c3	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpm	1e4e61fc06c432e88116409aa120741ca8801e50b10791062578b0b1f74110c3	-	ol8_x86_64_u10_baseos_patch
	kernel-devel-4.18.0-553.32.1.el8_10.x86_64.rpm	2dbe25b1fc4db618c867603629003136cba5671a8de64714beab59ba14de2204	-	ol8_x86_64_baseos_latest
	kernel-devel-4.18.0-553.32.1.el8_10.x86_64.rpm	2dbe25b1fc4db618c867603629003136cba5671a8de64714beab59ba14de2204	-	ol8_x86_64_u10_baseos_patch
	kernel-doc-4.18.0-553.32.1.el8_10.noarch.rpm	1589e6bce3f3bdbb5f89259632fcc6204c817b4c8ac71f47f38a74df82f94dfb	-	ol8_x86_64_baseos_latest
	kernel-doc-4.18.0-553.32.1.el8_10.noarch.rpm	1589e6bce3f3bdbb5f89259632fcc6204c817b4c8ac71f47f38a74df82f94dfb	-	ol8_x86_64_u10_baseos_patch
	kernel-headers-4.18.0-553.32.1.el8_10.x86_64.rpm	39ac9e3fb7752a5f47e96e32c154edcbb7d0afd5e344f10c979e2f67d8146024	-	ol8_x86_64_baseos_latest
	kernel-headers-4.18.0-553.32.1.el8_10.x86_64.rpm	39ac9e3fb7752a5f47e96e32c154edcbb7d0afd5e344f10c979e2f67d8146024	-	ol8_x86_64_u10_baseos_patch
	kernel-modules-4.18.0-553.32.1.el8_10.x86_64.rpm	341f9657e86c7ae693ab92a4ec8dd63056fdfcfdb84f19301aa4cdb816780400	-	ol8_x86_64_baseos_latest
	kernel-modules-4.18.0-553.32.1.el8_10.x86_64.rpm	341f9657e86c7ae693ab92a4ec8dd63056fdfcfdb84f19301aa4cdb816780400	-	ol8_x86_64_u10_baseos_patch
	kernel-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpm	45d6644fa8ffb1b6c4bd4a11a6032c0c689b16a7031b55845ecd6ead81268abd	-	ol8_x86_64_baseos_latest
	kernel-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpm	45d6644fa8ffb1b6c4bd4a11a6032c0c689b16a7031b55845ecd6ead81268abd	-	ol8_x86_64_u10_baseos_patch
	kernel-tools-4.18.0-553.32.1.el8_10.x86_64.rpm	2054b1433a3dd8d8e390076b00474115b3ff0c172bb7acccbfb575357964c2d9	-	ol8_x86_64_baseos_latest
	kernel-tools-4.18.0-553.32.1.el8_10.x86_64.rpm	2054b1433a3dd8d8e390076b00474115b3ff0c172bb7acccbfb575357964c2d9	-	ol8_x86_64_u10_baseos_patch
	kernel-tools-libs-4.18.0-553.32.1.el8_10.x86_64.rpm	b4e348e32a69d6039c670f91fcc8a62e5134e7ffe7552552324413664b248c56	-	ol8_x86_64_baseos_latest
	kernel-tools-libs-4.18.0-553.32.1.el8_10.x86_64.rpm	b4e348e32a69d6039c670f91fcc8a62e5134e7ffe7552552324413664b248c56	-	ol8_x86_64_u10_baseos_patch
	kernel-tools-libs-devel-4.18.0-553.32.1.el8_10.x86_64.rpm	e288242b51618325e35f6dc96d61afa7e7846ff5fb06daf09a0f2237c5d2a05e	-	ol8_x86_64_codeready_builder
	perf-4.18.0-553.32.1.el8_10.x86_64.rpm	c742c792906a65b7f76facb6a38b8b165813691b959d1a77922fba9ac4a3da03	-	ol8_x86_64_baseos_latest
	perf-4.18.0-553.32.1.el8_10.x86_64.rpm	c742c792906a65b7f76facb6a38b8b165813691b959d1a77922fba9ac4a3da03	-	ol8_x86_64_u10_baseos_patch
	python3-perf-4.18.0-553.32.1.el8_10.x86_64.rpm	f6c56d8419a6a060941b31f277678c5c480d9975e454c80cbe0c7be3f063a64e	-	ol8_x86_64_baseos_latest
	python3-perf-4.18.0-553.32.1.el8_10.x86_64.rpm	f6c56d8419a6a060941b31f277678c5c480d9975e454c80cbe0c7be3f063a64e	-	ol8_x86_64_u10_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691