ELSA-2024-10943

ULN >
Oracle Linux Errata repository >
ELSA-2024-10943

ELSA-2024-10943 - kernel security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-12-11

Description

[4.18.0-553.32.1_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]

[4.18.0-553.32.1_10]
- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66965] {CVE-2024-50192}
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66965] {CVE-2024-50192}
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Ming Lei) [RHEL-65158] {CVE-2024-50082}
- gfs2: fix double destroy_workqueue error (Andreas Gruenbacher) [RHEL-62869]
- Revert 'GFS2: Don't add all glocks to the lru' (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Use list_move_tail instead of list_del/list_add_tail (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Revise glock reference counting model (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Switch to a per-filesystem glock workqueue (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Report when glocks cannot be freed for a long time (Andreas Gruenbacher) [RHEL-62869]
- gfs2: gfs2_glock_get cleanup (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Invert the GLF_INITIAL flag (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename handle_callback to request_demote (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_FROZEN to GLF_HAVE_FROZEN_REPLY (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_REPLY_PENDING to GLF_HAVE_REPLY (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_FREEING to GLF_UNLOCKED (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Remove useless return statement in run_queue (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Remove unnecessary function prototype (Andreas Gruenbacher) [RHEL-62869]
- gfs2: finish_xmote cleanup (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Replace gfs2_glock_queue_put with gfs2_glock_put_async (Andreas Gruenbacher) [RHEL-62869]
- KVM: selftests: memslot_perf_test: increase guest sync timeout (Maxim Levitsky) [RHEL-19080]
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-68025] {CVE-2024-50264}
- md/raid5: Wait sync io to finish before changing group cnt (Nigel Croxon) [RHEL-58585]

[4.18.0-553.31.1_10]
- xfrm: fix one more kernel-infoleak in algo dumping (Sabrina Dubroca) [RHEL-65955] {CVE-2024-50110}
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (Florian Westphal) [RHEL-66862] {CVE-2024-50256}
- netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n (Florian Westphal) [RHEL-66862]
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Florian Westphal) [RHEL-66862]
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (Paulo Alcantara) [RHEL-7988]
- cifs: handle cache lookup errors different than -ENOENT (Paulo Alcantara) [RHEL-7988]
- cifs: don't take exclusive lock for updating target hints (Paulo Alcantara) [RHEL-7988]
- cifs: avoid re-lookups in dfs_cache_find() (Paulo Alcantara) [RHEL-7988]
- cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) [RHEL-7988]
- cifs: don't refresh cached referrals from unactive mounts (Paulo Alcantara) [RHEL-7988]
- cifs: return ENOENT for DFS lookup_cache_entry() (Paulo Alcantara) [RHEL-7988]
- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66104] {CVE-2024-46695}
- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-67823]
- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-67823]
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Salter) [RHEL-66042] {CVE-2024-50099}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Davide Caratti) [RHEL-65399] {CVE-2024-49949}
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66457] {CVE-2024-50142}

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	kernel-4.18.0-553.32.1.el8_10.src.rpm	5623424c7ec473fd0ec2a9a2c93d6b70	-	ol8_aarch64_baseos_latest
	kernel-4.18.0-553.32.1.el8_10.src.rpm	5623424c7ec473fd0ec2a9a2c93d6b70	-	ol8_aarch64_codeready_builder
	kernel-4.18.0-553.32.1.el8_10.src.rpm	5623424c7ec473fd0ec2a9a2c93d6b70	-	ol8_aarch64_u10_baseos_patch
	bpftool-4.18.0-553.32.1.el8_10.aarch64.rpm	3fa61088bc0e5dde70b24651f140f721	-	ol8_aarch64_baseos_latest
	bpftool-4.18.0-553.32.1.el8_10.aarch64.rpm	3fa61088bc0e5dde70b24651f140f721	-	ol8_aarch64_u10_baseos_patch
	kernel-cross-headers-4.18.0-553.32.1.el8_10.aarch64.rpm	a9a5954a313b815bb68e49485496b3cc	-	ol8_aarch64_baseos_latest
	kernel-cross-headers-4.18.0-553.32.1.el8_10.aarch64.rpm	a9a5954a313b815bb68e49485496b3cc	-	ol8_aarch64_u10_baseos_patch
	kernel-headers-4.18.0-553.32.1.el8_10.aarch64.rpm	b1a33e6c6f996a4c68718fcc87a6b9c0	-	ol8_aarch64_baseos_latest
	kernel-headers-4.18.0-553.32.1.el8_10.aarch64.rpm	b1a33e6c6f996a4c68718fcc87a6b9c0	-	ol8_aarch64_u10_baseos_patch
	kernel-tools-4.18.0-553.32.1.el8_10.aarch64.rpm	ec94171833ae51302cfb98bd5f2cd95d	-	ol8_aarch64_baseos_latest
	kernel-tools-4.18.0-553.32.1.el8_10.aarch64.rpm	ec94171833ae51302cfb98bd5f2cd95d	-	ol8_aarch64_u10_baseos_patch
	kernel-tools-libs-4.18.0-553.32.1.el8_10.aarch64.rpm	298d100e5c6e6c0e4cb730e6b3cc8693	-	ol8_aarch64_baseos_latest
	kernel-tools-libs-4.18.0-553.32.1.el8_10.aarch64.rpm	298d100e5c6e6c0e4cb730e6b3cc8693	-	ol8_aarch64_u10_baseos_patch
	kernel-tools-libs-devel-4.18.0-553.32.1.el8_10.aarch64.rpm	90c805b13d55ebd4bc3a73fdaaf8c8ce	-	ol8_aarch64_codeready_builder
	perf-4.18.0-553.32.1.el8_10.aarch64.rpm	f544d496dc48492fb1f2c09dc6146ad1	-	ol8_aarch64_baseos_latest
	perf-4.18.0-553.32.1.el8_10.aarch64.rpm	f544d496dc48492fb1f2c09dc6146ad1	-	ol8_aarch64_u10_baseos_patch
	python3-perf-4.18.0-553.32.1.el8_10.aarch64.rpm	2e0b9956a09b185e4c44a480441ccc4f	-	ol8_aarch64_baseos_latest
	python3-perf-4.18.0-553.32.1.el8_10.aarch64.rpm	2e0b9956a09b185e4c44a480441ccc4f	-	ol8_aarch64_u10_baseos_patch

Oracle Linux 8 (x86_64)	kernel-4.18.0-553.32.1.el8_10.src.rpm	5623424c7ec473fd0ec2a9a2c93d6b70	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-553.32.1.el8_10.src.rpm	5623424c7ec473fd0ec2a9a2c93d6b70	-	ol8_x86_64_codeready_builder
	kernel-4.18.0-553.32.1.el8_10.src.rpm	5623424c7ec473fd0ec2a9a2c93d6b70	-	ol8_x86_64_u10_baseos_patch
	bpftool-4.18.0-553.32.1.el8_10.x86_64.rpm	8700fb457d541a2994720de5e799a577	-	ol8_x86_64_baseos_latest
	bpftool-4.18.0-553.32.1.el8_10.x86_64.rpm	8700fb457d541a2994720de5e799a577	-	ol8_x86_64_u10_baseos_patch
	kernel-4.18.0-553.32.1.el8_10.x86_64.rpm	fc71e3a9171d427ce573e61b447684ec	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-553.32.1.el8_10.x86_64.rpm	fc71e3a9171d427ce573e61b447684ec	-	ol8_x86_64_u10_baseos_patch
	kernel-abi-stablelists-4.18.0-553.32.1.el8_10.noarch.rpm	02b89906cbbe2d3569fec5480bfabc50	-	ol8_x86_64_baseos_latest
	kernel-abi-stablelists-4.18.0-553.32.1.el8_10.noarch.rpm	02b89906cbbe2d3569fec5480bfabc50	-	ol8_x86_64_u10_baseos_patch
	kernel-core-4.18.0-553.32.1.el8_10.x86_64.rpm	f6ffe8bf20b198cb93b03698632d797f	-	ol8_x86_64_baseos_latest
	kernel-core-4.18.0-553.32.1.el8_10.x86_64.rpm	f6ffe8bf20b198cb93b03698632d797f	-	ol8_x86_64_u10_baseos_patch
	kernel-cross-headers-4.18.0-553.32.1.el8_10.x86_64.rpm	ef8dad5343dc9b56b4d9e5824a9dc338	-	ol8_x86_64_baseos_latest
	kernel-cross-headers-4.18.0-553.32.1.el8_10.x86_64.rpm	ef8dad5343dc9b56b4d9e5824a9dc338	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-4.18.0-553.32.1.el8_10.x86_64.rpm	d2eae2db4ce44f576b4dce022446c50f	-	ol8_x86_64_baseos_latest
	kernel-debug-4.18.0-553.32.1.el8_10.x86_64.rpm	d2eae2db4ce44f576b4dce022446c50f	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-core-4.18.0-553.32.1.el8_10.x86_64.rpm	68dffb0b401f53e16592d068a810562e	-	ol8_x86_64_baseos_latest
	kernel-debug-core-4.18.0-553.32.1.el8_10.x86_64.rpm	68dffb0b401f53e16592d068a810562e	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-devel-4.18.0-553.32.1.el8_10.x86_64.rpm	75d512ed659ca5e5b409d8a76d17a951	-	ol8_x86_64_baseos_latest
	kernel-debug-devel-4.18.0-553.32.1.el8_10.x86_64.rpm	75d512ed659ca5e5b409d8a76d17a951	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-modules-4.18.0-553.32.1.el8_10.x86_64.rpm	ec579a4e9d0e79f4950bafb02c06f742	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-4.18.0-553.32.1.el8_10.x86_64.rpm	ec579a4e9d0e79f4950bafb02c06f742	-	ol8_x86_64_u10_baseos_patch
	kernel-debug-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpm	1cfe626324821f5238358cc8be99a85c	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpm	1cfe626324821f5238358cc8be99a85c	-	ol8_x86_64_u10_baseos_patch
	kernel-devel-4.18.0-553.32.1.el8_10.x86_64.rpm	9205232f83fd160ba5bf6041fa180e3d	-	ol8_x86_64_baseos_latest
	kernel-devel-4.18.0-553.32.1.el8_10.x86_64.rpm	9205232f83fd160ba5bf6041fa180e3d	-	ol8_x86_64_u10_baseos_patch
	kernel-doc-4.18.0-553.32.1.el8_10.noarch.rpm	2ccbf07f09c88f5aaa1b82d167f46904	-	ol8_x86_64_baseos_latest
	kernel-doc-4.18.0-553.32.1.el8_10.noarch.rpm	2ccbf07f09c88f5aaa1b82d167f46904	-	ol8_x86_64_u10_baseos_patch
	kernel-headers-4.18.0-553.32.1.el8_10.x86_64.rpm	8d7c8cec1af579f2c242fc3264c479e4	-	ol8_x86_64_baseos_latest
	kernel-headers-4.18.0-553.32.1.el8_10.x86_64.rpm	8d7c8cec1af579f2c242fc3264c479e4	-	ol8_x86_64_u10_baseos_patch
	kernel-modules-4.18.0-553.32.1.el8_10.x86_64.rpm	00d63bd1a7fd67e913dea8a8920f071f	-	ol8_x86_64_baseos_latest
	kernel-modules-4.18.0-553.32.1.el8_10.x86_64.rpm	00d63bd1a7fd67e913dea8a8920f071f	-	ol8_x86_64_u10_baseos_patch
	kernel-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpm	fbea07cd1d0bc9e1a3175c9ab07b9cd0	-	ol8_x86_64_baseos_latest
	kernel-modules-extra-4.18.0-553.32.1.el8_10.x86_64.rpm	fbea07cd1d0bc9e1a3175c9ab07b9cd0	-	ol8_x86_64_u10_baseos_patch
	kernel-tools-4.18.0-553.32.1.el8_10.x86_64.rpm	472b998f705ade9afb887cba153791ef	-	ol8_x86_64_baseos_latest
	kernel-tools-4.18.0-553.32.1.el8_10.x86_64.rpm	472b998f705ade9afb887cba153791ef	-	ol8_x86_64_u10_baseos_patch
	kernel-tools-libs-4.18.0-553.32.1.el8_10.x86_64.rpm	42e88f0462644a8a95fdb5f5f527e954	-	ol8_x86_64_baseos_latest
	kernel-tools-libs-4.18.0-553.32.1.el8_10.x86_64.rpm	42e88f0462644a8a95fdb5f5f527e954	-	ol8_x86_64_u10_baseos_patch
	kernel-tools-libs-devel-4.18.0-553.32.1.el8_10.x86_64.rpm	5d0bcaf12a8c76bc594139670a4ed4b5	-	ol8_x86_64_codeready_builder
	perf-4.18.0-553.32.1.el8_10.x86_64.rpm	7d52531ee64aa30bf2bbcceba5148bf9	-	ol8_x86_64_baseos_latest
	perf-4.18.0-553.32.1.el8_10.x86_64.rpm	7d52531ee64aa30bf2bbcceba5148bf9	-	ol8_x86_64_u10_baseos_patch
	python3-perf-4.18.0-553.32.1.el8_10.x86_64.rpm	b4c2dd473acda6ed29ad03f81f826f43	-	ol8_x86_64_baseos_latest
	python3-perf-4.18.0-553.32.1.el8_10.x86_64.rpm	b4c2dd473acda6ed29ad03f81f826f43	-	ol8_x86_64_u10_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691