ELSA-2024-11486
- ULN >
- Oracle Linux Errata repository >
- ELSA-2024-11486
ELSA-2024-11486 - kernel security update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2025-01-06 |
Description
[5.14.0-503.19.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-503.19.1_5]
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66462 RHEL-66461] {CVE-2024-50142}
- xfrm: fix one more kernel-infoleak in algo dumping (CKI Backport Bot) [RHEL-65960] {CVE-2024-50110}
- Revert 'Merge: [qed] softlockup triggered by ethtool -d [rhel-9.5.z]' (Lucas Zampieri) [RHEL-61705]
- tracing/hwlat: Fix a race during cpuhp processing (Tomas Glozar) [RHEL-69468]
- tracing/timerlat: Fix a race during cpuhp processing (Tomas Glozar) [RHEL-69468] {CVE-2024-49866}
- tracing/timerlat: Drop interface_lock in stop_kthread() (Tomas Glozar) [RHEL-69468]
- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (Tomas Glozar) [RHEL-69468]
- ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [RHEL-61416 RHEL-60255]
[5.14.0-503.18.1_5]
- bpf: Fix a kernel verifier crash in stacksafe() (CKI Backport Bot) [RHEL-66097 RHEL-66098] {CVE-2024-45020}
- bpf: Fix a sdiv overflow issue (CKI Backport Bot) [RHEL-64598 RHEL-64597] {CVE-2024-49888}
- bpf: Fix out-of-bounds write in trie_get_next_key() (CKI Backport Bot) [RHEL-66877] {CVE-2024-50262}
- bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (CKI Backport Bot) [RHEL-63331] {CVE-2024-47675}
- nfsd: ensure that nfsd4_fattr_args.context is zeroed out (Jay Shin) [RHEL-58884 RHEL-58883] {CVE-2024-46697}
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (Jon Maloy) [RHEL-65872] {CVE-2024-50115}
- net: tighten bad gso csum offset check in virtio_net_hdr (Guillaume Nault) [RHEL-67683]
- udp: fix receiving fraglist GSO packets (Guillaume Nault) [RHEL-67683]
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (CKI Backport Bot) [RHEL-66804] {CVE-2024-50255}
- Bluetooth: ISO: Fix UAF on iso_sock_timeout (Bastien Nocera) [RHEL-66321] {CVE-2024-50124}
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (Bastien Nocera) [RHEL-65928] {CVE-2024-50125}
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (Bastien Nocera) [RHEL-65928] {CVE-2024-27398}
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CKI Backport Bot) [RHEL-44173] {CVE-2024-38564}
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (CKI Backport Bot) [RHEL-66365] {CVE-2024-50148}
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CKI Backport Bot) [RHEL-57716 RHEL-36374] {CVE-2024-27399}
[5.14.0-503.17.1_5]
- arm64: probes: Remove broken LDR (literal) uprobe support (CKI Backport Bot) [RHEL-66046] {CVE-2024-50099}
- qed: put cond_resched() in qed_dmae_operation_wait() (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: allow the callee of qed_mcp_nvm_read() to sleep (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: put cond_resched() in qed_grc_dump_ctx_data() (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: make 'ethtool -d' 10 times faster (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: allow sleep in qed_mcp_trace_dump() (Michal Schmidt) [RHEL-61705 RHEL-6372]
- sched/numa: Fix the potential null pointer dereference in task_numa_work() (CKI Backport Bot) [RHEL-66810] {CVE-2024-50223}
- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66969] {CVE-2024-50192}
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66969] {CVE-2024-50192}
- perf/x86/intel/uncore: Support HBM and CXL PMON counters (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Cleanup unused unit structure (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Support per PMU cpumask (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Save the unit control address of all units (Michael Petlan) [RHEL-65856]
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | kernel-5.14.0-503.19.1.el9_5.src.rpm | b4c7779f4071953b937ca04f22bb7ff5 | - | ol9_aarch64_appstream |
| kernel-5.14.0-503.19.1.el9_5.src.rpm | b4c7779f4071953b937ca04f22bb7ff5 | - | ol9_aarch64_baseos_latest | |
| kernel-5.14.0-503.19.1.el9_5.src.rpm | b4c7779f4071953b937ca04f22bb7ff5 | - | ol9_aarch64_codeready_builder | |
| kernel-5.14.0-503.19.1.el9_5.src.rpm | b4c7779f4071953b937ca04f22bb7ff5 | - | ol9_aarch64_u5_baseos_patch | |
| bpftool-7.4.0-503.19.1.el9_5.aarch64.rpm | 99d2a71c3ab38a5aa71c94b6859045ed | - | ol9_aarch64_baseos_latest | |
| bpftool-7.4.0-503.19.1.el9_5.aarch64.rpm | 99d2a71c3ab38a5aa71c94b6859045ed | - | ol9_aarch64_u5_baseos_patch | |
| kernel-cross-headers-5.14.0-503.19.1.el9_5.aarch64.rpm | aae86aa59e8062f02a86eb43e8dd99cb | - | ol9_aarch64_codeready_builder | |
| kernel-headers-5.14.0-503.19.1.el9_5.aarch64.rpm | 680e681bfc5017ea642bfe48b26ffb27 | - | ol9_aarch64_appstream | |
| kernel-tools-5.14.0-503.19.1.el9_5.aarch64.rpm | 242979137828f4235476c55d7658717e | - | ol9_aarch64_baseos_latest | |
| kernel-tools-5.14.0-503.19.1.el9_5.aarch64.rpm | 242979137828f4235476c55d7658717e | - | ol9_aarch64_u5_baseos_patch | |
| kernel-tools-libs-5.14.0-503.19.1.el9_5.aarch64.rpm | 79529ed2b63748b46d7a363bc02fbc3e | - | ol9_aarch64_baseos_latest | |
| kernel-tools-libs-5.14.0-503.19.1.el9_5.aarch64.rpm | 79529ed2b63748b46d7a363bc02fbc3e | - | ol9_aarch64_u5_baseos_patch | |
| kernel-tools-libs-devel-5.14.0-503.19.1.el9_5.aarch64.rpm | e0d9aa3fcde8fd8af878e4bae4d7c730 | - | ol9_aarch64_codeready_builder | |
| perf-5.14.0-503.19.1.el9_5.aarch64.rpm | 06c819d94d253a3964da4869bbf7a82c | - | ol9_aarch64_appstream | |
| python3-perf-5.14.0-503.19.1.el9_5.aarch64.rpm | 1013a297d94aef747fd6713583248b24 | - | ol9_aarch64_baseos_latest | |
| python3-perf-5.14.0-503.19.1.el9_5.aarch64.rpm | 1013a297d94aef747fd6713583248b24 | - | ol9_aarch64_u5_baseos_patch | |
| rtla-5.14.0-503.19.1.el9_5.aarch64.rpm | 13127df3cae3f1ccb68fe5aa188ddf08 | - | ol9_aarch64_appstream | |
| rv-5.14.0-503.19.1.el9_5.aarch64.rpm | b4d25c38fd3871c9a12fd7052cb88d48 | - | ol9_aarch64_appstream | |
| Oracle Linux 9 (x86_64) | kernel-5.14.0-503.19.1.el9_5.src.rpm | b4c7779f4071953b937ca04f22bb7ff5 | - | ol9_x86_64_appstream |
| kernel-5.14.0-503.19.1.el9_5.src.rpm | b4c7779f4071953b937ca04f22bb7ff5 | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-503.19.1.el9_5.src.rpm | b4c7779f4071953b937ca04f22bb7ff5 | - | ol9_x86_64_codeready_builder | |
| kernel-5.14.0-503.19.1.el9_5.src.rpm | b4c7779f4071953b937ca04f22bb7ff5 | - | ol9_x86_64_u5_baseos_patch | |
| bpftool-7.4.0-503.19.1.el9_5.x86_64.rpm | 31758c1e2244c7402d3cd948c84c7428 | - | ol9_x86_64_baseos_latest | |
| bpftool-7.4.0-503.19.1.el9_5.x86_64.rpm | 31758c1e2244c7402d3cd948c84c7428 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-5.14.0-503.19.1.el9_5.x86_64.rpm | d86d7804fd775be161e75b83a25097bd | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-503.19.1.el9_5.x86_64.rpm | d86d7804fd775be161e75b83a25097bd | - | ol9_x86_64_u5_baseos_patch | |
| kernel-abi-stablelists-5.14.0-503.19.1.el9_5.noarch.rpm | e74c1fabeb4ae95f517f58f710cbf3b9 | - | ol9_x86_64_baseos_latest | |
| kernel-abi-stablelists-5.14.0-503.19.1.el9_5.noarch.rpm | e74c1fabeb4ae95f517f58f710cbf3b9 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-core-5.14.0-503.19.1.el9_5.x86_64.rpm | 2da0a39cb604b736610d59c183f42bca | - | ol9_x86_64_baseos_latest | |
| kernel-core-5.14.0-503.19.1.el9_5.x86_64.rpm | 2da0a39cb604b736610d59c183f42bca | - | ol9_x86_64_u5_baseos_patch | |
| kernel-cross-headers-5.14.0-503.19.1.el9_5.x86_64.rpm | 364cf886463a655a0caa8b178353819c | - | ol9_x86_64_codeready_builder | |
| kernel-debug-5.14.0-503.19.1.el9_5.x86_64.rpm | 57ecdbef10a5da60954c106598dedf17 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-5.14.0-503.19.1.el9_5.x86_64.rpm | 57ecdbef10a5da60954c106598dedf17 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-debug-core-5.14.0-503.19.1.el9_5.x86_64.rpm | 87fc4cf922a39dda7d5ebc2bef292dee | - | ol9_x86_64_baseos_latest | |
| kernel-debug-core-5.14.0-503.19.1.el9_5.x86_64.rpm | 87fc4cf922a39dda7d5ebc2bef292dee | - | ol9_x86_64_u5_baseos_patch | |
| kernel-debug-devel-5.14.0-503.19.1.el9_5.x86_64.rpm | 830a2d235d1ccc7c2a61cd0ede4ea3d2 | - | ol9_x86_64_appstream | |
| kernel-debug-devel-matched-5.14.0-503.19.1.el9_5.x86_64.rpm | 6a51417b864f228266893557078e0725 | - | ol9_x86_64_appstream | |
| kernel-debug-modules-5.14.0-503.19.1.el9_5.x86_64.rpm | b4645110eed99e225a3e459bf3f58f9a | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-5.14.0-503.19.1.el9_5.x86_64.rpm | b4645110eed99e225a3e459bf3f58f9a | - | ol9_x86_64_u5_baseos_patch | |
| kernel-debug-modules-core-5.14.0-503.19.1.el9_5.x86_64.rpm | 064bb78dc72d5f231968bf97243e96ae | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-core-5.14.0-503.19.1.el9_5.x86_64.rpm | 064bb78dc72d5f231968bf97243e96ae | - | ol9_x86_64_u5_baseos_patch | |
| kernel-debug-modules-extra-5.14.0-503.19.1.el9_5.x86_64.rpm | a573b6e949d74f59921ec73b49acfc83 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-extra-5.14.0-503.19.1.el9_5.x86_64.rpm | a573b6e949d74f59921ec73b49acfc83 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-debug-uki-virt-5.14.0-503.19.1.el9_5.x86_64.rpm | 43b500bb74579944523c86e536599003 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-uki-virt-5.14.0-503.19.1.el9_5.x86_64.rpm | 43b500bb74579944523c86e536599003 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-devel-5.14.0-503.19.1.el9_5.x86_64.rpm | 5fe831cd34b348b3561d67ff1d74a065 | - | ol9_x86_64_appstream | |
| kernel-devel-matched-5.14.0-503.19.1.el9_5.x86_64.rpm | 437cc3764bae3b536d637c944c585864 | - | ol9_x86_64_appstream | |
| kernel-doc-5.14.0-503.19.1.el9_5.noarch.rpm | d145933b47036321b3539cafd865b231 | - | ol9_x86_64_appstream | |
| kernel-headers-5.14.0-503.19.1.el9_5.x86_64.rpm | 61f447a0e1e8dd02fd48ea7c188fac39 | - | ol9_x86_64_appstream | |
| kernel-modules-5.14.0-503.19.1.el9_5.x86_64.rpm | a3894b0408843fd902d3158f3a7000b0 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-5.14.0-503.19.1.el9_5.x86_64.rpm | a3894b0408843fd902d3158f3a7000b0 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-modules-core-5.14.0-503.19.1.el9_5.x86_64.rpm | db1c8c1d01cd062b190198b747cb1ab8 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-core-5.14.0-503.19.1.el9_5.x86_64.rpm | db1c8c1d01cd062b190198b747cb1ab8 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-modules-extra-5.14.0-503.19.1.el9_5.x86_64.rpm | efbe45d28de3d4347d8899327b2ef520 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-extra-5.14.0-503.19.1.el9_5.x86_64.rpm | efbe45d28de3d4347d8899327b2ef520 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-tools-5.14.0-503.19.1.el9_5.x86_64.rpm | a13c0ae7b0353fa9f0982213b66d431f | - | ol9_x86_64_baseos_latest | |
| kernel-tools-5.14.0-503.19.1.el9_5.x86_64.rpm | a13c0ae7b0353fa9f0982213b66d431f | - | ol9_x86_64_u5_baseos_patch | |
| kernel-tools-libs-5.14.0-503.19.1.el9_5.x86_64.rpm | bbf9fabe60fbaac9a20c6708c6b68dab | - | ol9_x86_64_baseos_latest | |
| kernel-tools-libs-5.14.0-503.19.1.el9_5.x86_64.rpm | bbf9fabe60fbaac9a20c6708c6b68dab | - | ol9_x86_64_u5_baseos_patch | |
| kernel-tools-libs-devel-5.14.0-503.19.1.el9_5.x86_64.rpm | 3e06e887586355f306c1577ee6dd8b3e | - | ol9_x86_64_codeready_builder | |
| kernel-uki-virt-5.14.0-503.19.1.el9_5.x86_64.rpm | 07c34c924b4bcf9792975dd999c60aa8 | - | ol9_x86_64_baseos_latest | |
| kernel-uki-virt-5.14.0-503.19.1.el9_5.x86_64.rpm | 07c34c924b4bcf9792975dd999c60aa8 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-uki-virt-addons-5.14.0-503.19.1.el9_5.x86_64.rpm | 9891e2f475035b65873339badfcee6e3 | - | ol9_x86_64_baseos_latest | |
| kernel-uki-virt-addons-5.14.0-503.19.1.el9_5.x86_64.rpm | 9891e2f475035b65873339badfcee6e3 | - | ol9_x86_64_u5_baseos_patch | |
| libperf-5.14.0-503.19.1.el9_5.x86_64.rpm | 4cf5e2004541d34aa2700b0303ad6aee | - | ol9_x86_64_codeready_builder | |
| perf-5.14.0-503.19.1.el9_5.x86_64.rpm | fff28a41a27557e70aacc9d04b6979ca | - | ol9_x86_64_appstream | |
| python3-perf-5.14.0-503.19.1.el9_5.x86_64.rpm | 0cfcebb021ef91cf885d62d17f7401f2 | - | ol9_x86_64_baseos_latest | |
| python3-perf-5.14.0-503.19.1.el9_5.x86_64.rpm | 0cfcebb021ef91cf885d62d17f7401f2 | - | ol9_x86_64_u5_baseos_patch | |
| rtla-5.14.0-503.19.1.el9_5.x86_64.rpm | 12adddc1eddf14da5dceb285021bbe5e | - | ol9_x86_64_appstream | |
| rv-5.14.0-503.19.1.el9_5.x86_64.rpm | 860e2a094cfc8bf5ab32d8a0deab8653 | - | ol9_x86_64_appstream | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
