ELSA-2024-10943

ELSA-2024-10943 - kernel security update

Type:SECURITY
Severity:MODERATE
Release Date:2024-12-11

Description


[4.18.0-553.32.1_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]

[4.18.0-553.32.1_10]
- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66965] {CVE-2024-50192}
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66965] {CVE-2024-50192}
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Ming Lei) [RHEL-65158] {CVE-2024-50082}
- gfs2: fix double destroy_workqueue error (Andreas Gruenbacher) [RHEL-62869]
- Revert 'GFS2: Don't add all glocks to the lru' (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Use list_move_tail instead of list_del/list_add_tail (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Revise glock reference counting model (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Switch to a per-filesystem glock workqueue (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Report when glocks cannot be freed for a long time (Andreas Gruenbacher) [RHEL-62869]
- gfs2: gfs2_glock_get cleanup (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Invert the GLF_INITIAL flag (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename handle_callback to request_demote (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_FROZEN to GLF_HAVE_FROZEN_REPLY (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_REPLY_PENDING to GLF_HAVE_REPLY (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_FREEING to GLF_UNLOCKED (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Remove useless return statement in run_queue (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Remove unnecessary function prototype (Andreas Gruenbacher) [RHEL-62869]
- gfs2: finish_xmote cleanup (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Replace gfs2_glock_queue_put with gfs2_glock_put_async (Andreas Gruenbacher) [RHEL-62869]
- KVM: selftests: memslot_perf_test: increase guest sync timeout (Maxim Levitsky) [RHEL-19080]
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-68025] {CVE-2024-50264}
- md/raid5: Wait sync io to finish before changing group cnt (Nigel Croxon) [RHEL-58585]

[4.18.0-553.31.1_10]
- xfrm: fix one more kernel-infoleak in algo dumping (Sabrina Dubroca) [RHEL-65955] {CVE-2024-50110}
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (Florian Westphal) [RHEL-66862] {CVE-2024-50256}
- netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n (Florian Westphal) [RHEL-66862]
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Florian Westphal) [RHEL-66862]
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (Paulo Alcantara) [RHEL-7988]
- cifs: handle cache lookup errors different than -ENOENT (Paulo Alcantara) [RHEL-7988]
- cifs: don't take exclusive lock for updating target hints (Paulo Alcantara) [RHEL-7988]
- cifs: avoid re-lookups in dfs_cache_find() (Paulo Alcantara) [RHEL-7988]
- cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) [RHEL-7988]
- cifs: don't refresh cached referrals from unactive mounts (Paulo Alcantara) [RHEL-7988]
- cifs: return ENOENT for DFS lookup_cache_entry() (Paulo Alcantara) [RHEL-7988]
- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66104] {CVE-2024-46695}
- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-67823]
- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-67823]
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Salter) [RHEL-66042] {CVE-2024-50099}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Davide Caratti) [RHEL-65399] {CVE-2024-49949}
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66457] {CVE-2024-50142}


Related CVEs


CVE-2024-46695
CVE-2024-50099
CVE-2024-50264
CVE-2024-49949
CVE-2024-50142
CVE-2024-50192
CVE-2024-50256
CVE-2024-50082
CVE-2024-50110

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) kernel-4.18.0-553.32.1.el8_10.src.rpm5623424c7ec473fd0ec2a9a2c93d6b70-ol8_aarch64_baseos_latest
kernel-4.18.0-553.32.1.el8_10.src.rpm5623424c7ec473fd0ec2a9a2c93d6b70-ol8_aarch64_codeready_builder
kernel-4.18.0-553.32.1.el8_10.src.rpm5623424c7ec473fd0ec2a9a2c93d6b70-ol8_aarch64_u10_baseos_patch
bpftool-4.18.0-553.32.1.el8_10.aarch64.rpm3fa61088bc0e5dde70b24651f140f721-ol8_aarch64_baseos_latest
bpftool-4.18.0-553.32.1.el8_10.aarch64.rpm3fa61088bc0e5dde70b24651f140f721-ol8_aarch64_u10_baseos_patch
kernel-cross-headers-4.18.0-553.32.1.el8_10.aarch64.rpma9a5954a313b815bb68e49485496b3cc-ol8_aarch64_baseos_latest
kernel-cross-headers-4.18.0-553.32.1.el8_10.aarch64.rpma9a5954a313b815bb68e49485496b3cc-ol8_aarch64_u10_baseos_patch
kernel-headers-4.18.0-553.32.1.el8_10.aarch64.rpmb1a33e6c6f996a4c68718fcc87a6b9c0-ol8_aarch64_baseos_latest
kernel-headers-4.18.0-553.32.1.el8_10.aarch64.rpmb1a33e6c6f996a4c68718fcc87a6b9c0-ol8_aarch64_u10_baseos_patch
kernel-tools-4.18.0-553.32.1.el8_10.aarch64.rpmec94171833ae51302cfb98bd5f2cd95d-ol8_aarch64_baseos_latest
kernel-tools-4.18.0-553.32.1.el8_10.aarch64.rpmec94171833ae51302cfb98bd5f2cd95d-ol8_aarch64_u10_baseos_patch
kernel-tools-libs-4.18.0-553.32.1.el8_10.aarch64.rpm298d100e5c6e6c0e4cb730e6b3cc8693-ol8_aarch64_baseos_latest
kernel-tools-libs-4.18.0-553.32.1.el8_10.aarch64.rpm298d100e5c6e6c0e4cb730e6b3cc8693-ol8_aarch64_u10_baseos_patch
kernel-tools-libs-devel-4.18.0-553.32.1.el8_10.aarch64.rpm90c805b13d55ebd4bc3a73fdaaf8c8ce-ol8_aarch64_codeready_builder
perf-4.18.0-553.32.1.el8_10.aarch64.rpmf544d496dc48492fb1f2c09dc6146ad1-ol8_aarch64_baseos_latest
perf-4.18.0-553.32.1.el8_10.aarch64.rpmf544d496dc48492fb1f2c09dc6146ad1-ol8_aarch64_u10_baseos_patch
python3-perf-4.18.0-553.32.1.el8_10.aarch64.rpm2e0b9956a09b185e4c44a480441ccc4f-ol8_aarch64_baseos_latest
python3-perf-4.18.0-553.32.1.el8_10.aarch64.rpm2e0b9956a09b185e4c44a480441ccc4f-ol8_aarch64_u10_baseos_patch
Oracle Linux 8 (x86_64) kernel-4.18.0-553.32.1.el8_10.src.rpm5623424c7ec473fd0ec2a9a2c93d6b70-ol8_x86_64_baseos_latest
kernel-4.18.0-553.32.1.el8_10.src.rpm5623424c7ec473fd0ec2a9a2c93d6b70-ol8_x86_64_codeready_builder
kernel-4.18.0-553.32.1.el8_10.src.rpm5623424c7ec473fd0ec2a9a2c93d6b70-ol8_x86_64_u10_baseos_patch
bpftool-4.18.0-553.32.1.el8_10.x86_64.rpm8700fb457d541a2994720de5e799a577-ol8_x86_64_baseos_latest
bpftool-4.18.0-553.32.1.el8_10.x86_64.rpm8700fb457d541a2994720de5e799a577-ol8_x86_64_u10_baseos_patch
kernel-4.18.0-553.32.1.el8_10.x86_64.rpmfc71e3a9171d427ce573e61b447684ec-ol8_x86_64_baseos_latest
kernel-4.18.0-553.32.1.el8_10.x86_64.rpmfc71e3a9171d427ce573e61b447684ec-ol8_x86_64_u10_baseos_patch
kernel-abi-stablelists-4.18.0-553.32.1.el8_10.noarch.rpm02b89906cbbe2d3569fec5480bfabc50-ol8_x86_64_baseos_latest
kernel-abi-stablelists-4.18.0-553.32.1.el8_10.noarch.rpm02b89906cbbe2d3569fec5480bfabc50-ol8_x86_64_u10_baseos_patch
kernel-core-4.18.0-553.32.1.el8_10.x86_64.rpmf6ffe8bf20b198cb93b03698632d797f-ol8_x86_64_baseos_latest
kernel-core-4.18.0-553.32.1.el8_10.x86_64.rpmf6ffe8bf20b198cb93b03698632d797f-ol8_x86_64_u10_baseos_patch
kernel-cross-headers-4.18.0-553.32.1.el8_10.x86_64.rpmef8dad5343dc9b56b4d9e5824a9dc338-ol8_x86_64_baseos_latest
kernel-cross-headers-4.18.0-553.32.1.el8_10.x86_64.rpmef8dad5343dc9b56b4d9e5824a9dc338-ol8_x86_64_u10_baseos_patch
kernel-debug-4.18.0-553.32.1.el8_10.x86_64.rpmd2eae2db4ce44f576b4dce022446c50f-ol8_x86_64_baseos_latest
kernel-debug-4.18.0-553.32.1.el8_10.x86_64.rpmd2eae2db4ce44f576b4dce022446c50f-ol8_x86_64_u10_baseos_patch
kernel-debug-core-4.18.0-553.32.1.el8_10.x86_64.rpm68dffb0b401f53e16592d068a810562e-ol8_x86_64_baseos_latest
kernel-debug-core-4.18.0-553.32.1.el8_10.x86_64.rpm68dffb0b401f53e16592d068a810562e-ol8_x86_64_u10_baseos_patch
kernel-debug-devel-4.18.0-553.32.1.el8_10.x86_64.rpm75d512ed659ca5e5b409d8a76d17a951-ol8_x86_64_baseos_latest
kernel-debug-devel-4.18.0-553.32.1.el8_10.x86_64.rpm75d512ed659ca5e5b409d8a76d17a951-ol8_x86_64_u10_baseos_patch
kernel-debug-modules-4.18.0-553.32.1.el8_10.x86_64.rpmec579a4e9d0e79f4950bafb02c06f742-ol8_x86_64_baseos_latest
kernel-debug-modules-4.18.0-553.32.1.el8_10.x86_64.rpmec579a4e9d0e79f4950bafb02c06f742-ol8_x86_64_u10_baseos_patch
kernel-debug-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpm1cfe626324821f5238358cc8be99a85c-ol8_x86_64_baseos_latest
kernel-debug-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpm1cfe626324821f5238358cc8be99a85c-ol8_x86_64_u10_baseos_patch
kernel-devel-4.18.0-553.32.1.el8_10.x86_64.rpm9205232f83fd160ba5bf6041fa180e3d-ol8_x86_64_baseos_latest
kernel-devel-4.18.0-553.32.1.el8_10.x86_64.rpm9205232f83fd160ba5bf6041fa180e3d-ol8_x86_64_u10_baseos_patch
kernel-doc-4.18.0-553.32.1.el8_10.noarch.rpm2ccbf07f09c88f5aaa1b82d167f46904-ol8_x86_64_baseos_latest
kernel-doc-4.18.0-553.32.1.el8_10.noarch.rpm2ccbf07f09c88f5aaa1b82d167f46904-ol8_x86_64_u10_baseos_patch
kernel-headers-4.18.0-553.32.1.el8_10.x86_64.rpm8d7c8cec1af579f2c242fc3264c479e4-ol8_x86_64_baseos_latest
kernel-headers-4.18.0-553.32.1.el8_10.x86_64.rpm8d7c8cec1af579f2c242fc3264c479e4-ol8_x86_64_u10_baseos_patch
kernel-modules-4.18.0-553.32.1.el8_10.x86_64.rpm00d63bd1a7fd67e913dea8a8920f071f-ol8_x86_64_baseos_latest
kernel-modules-4.18.0-553.32.1.el8_10.x86_64.rpm00d63bd1a7fd67e913dea8a8920f071f-ol8_x86_64_u10_baseos_patch
kernel-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpmfbea07cd1d0bc9e1a3175c9ab07b9cd0-ol8_x86_64_baseos_latest
kernel-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpmfbea07cd1d0bc9e1a3175c9ab07b9cd0-ol8_x86_64_u10_baseos_patch
kernel-tools-4.18.0-553.32.1.el8_10.x86_64.rpm472b998f705ade9afb887cba153791ef-ol8_x86_64_baseos_latest
kernel-tools-4.18.0-553.32.1.el8_10.x86_64.rpm472b998f705ade9afb887cba153791ef-ol8_x86_64_u10_baseos_patch
kernel-tools-libs-4.18.0-553.32.1.el8_10.x86_64.rpm42e88f0462644a8a95fdb5f5f527e954-ol8_x86_64_baseos_latest
kernel-tools-libs-4.18.0-553.32.1.el8_10.x86_64.rpm42e88f0462644a8a95fdb5f5f527e954-ol8_x86_64_u10_baseos_patch
kernel-tools-libs-devel-4.18.0-553.32.1.el8_10.x86_64.rpm5d0bcaf12a8c76bc594139670a4ed4b5-ol8_x86_64_codeready_builder
perf-4.18.0-553.32.1.el8_10.x86_64.rpm7d52531ee64aa30bf2bbcceba5148bf9-ol8_x86_64_baseos_latest
perf-4.18.0-553.32.1.el8_10.x86_64.rpm7d52531ee64aa30bf2bbcceba5148bf9-ol8_x86_64_u10_baseos_patch
python3-perf-4.18.0-553.32.1.el8_10.x86_64.rpmb4c2dd473acda6ed29ad03f81f826f43-ol8_x86_64_baseos_latest
python3-perf-4.18.0-553.32.1.el8_10.x86_64.rpmb4c2dd473acda6ed29ad03f81f826f43-ol8_x86_64_u10_baseos_patch


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete