ELSA-2024-11486
- ULN >
- Oracle Linux Errata repository >
- ELSA-2024-11486
ELSA-2024-11486 - kernel security update
| Type: | SECURITY |
| Impact: | MODERATE |
| Release Date: | 2025-01-06 |
Description
[5.14.0-503.19.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-503.19.1_5]
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66462 RHEL-66461] {CVE-2024-50142}
- xfrm: fix one more kernel-infoleak in algo dumping (CKI Backport Bot) [RHEL-65960] {CVE-2024-50110}
- Revert 'Merge: [qed] softlockup triggered by ethtool -d [rhel-9.5.z]' (Lucas Zampieri) [RHEL-61705]
- tracing/hwlat: Fix a race during cpuhp processing (Tomas Glozar) [RHEL-69468]
- tracing/timerlat: Fix a race during cpuhp processing (Tomas Glozar) [RHEL-69468] {CVE-2024-49866}
- tracing/timerlat: Drop interface_lock in stop_kthread() (Tomas Glozar) [RHEL-69468]
- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (Tomas Glozar) [RHEL-69468]
- ceph: remove the incorrect Fw reference check when dirtying pages (Xiubo Li) [RHEL-61416 RHEL-60255]
[5.14.0-503.18.1_5]
- bpf: Fix a kernel verifier crash in stacksafe() (CKI Backport Bot) [RHEL-66097 RHEL-66098] {CVE-2024-45020}
- bpf: Fix a sdiv overflow issue (CKI Backport Bot) [RHEL-64598 RHEL-64597] {CVE-2024-49888}
- bpf: Fix out-of-bounds write in trie_get_next_key() (CKI Backport Bot) [RHEL-66877] {CVE-2024-50262}
- bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (CKI Backport Bot) [RHEL-63331] {CVE-2024-47675}
- nfsd: ensure that nfsd4_fattr_args.context is zeroed out (Jay Shin) [RHEL-58884 RHEL-58883] {CVE-2024-46697}
- KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (Jon Maloy) [RHEL-65872] {CVE-2024-50115}
- net: tighten bad gso csum offset check in virtio_net_hdr (Guillaume Nault) [RHEL-67683]
- udp: fix receiving fraglist GSO packets (Guillaume Nault) [RHEL-67683]
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (CKI Backport Bot) [RHEL-66804] {CVE-2024-50255}
- Bluetooth: ISO: Fix UAF on iso_sock_timeout (Bastien Nocera) [RHEL-66321] {CVE-2024-50124}
- Bluetooth: SCO: Fix UAF on sco_sock_timeout (Bastien Nocera) [RHEL-65928] {CVE-2024-50125}
- Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (Bastien Nocera) [RHEL-65928] {CVE-2024-27398}
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CKI Backport Bot) [RHEL-44173] {CVE-2024-38564}
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (CKI Backport Bot) [RHEL-66365] {CVE-2024-50148}
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CKI Backport Bot) [RHEL-57716 RHEL-36374] {CVE-2024-27399}
[5.14.0-503.17.1_5]
- arm64: probes: Remove broken LDR (literal) uprobe support (CKI Backport Bot) [RHEL-66046] {CVE-2024-50099}
- qed: put cond_resched() in qed_dmae_operation_wait() (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: allow the callee of qed_mcp_nvm_read() to sleep (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: put cond_resched() in qed_grc_dump_ctx_data() (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: make 'ethtool -d' 10 times faster (Michal Schmidt) [RHEL-61705 RHEL-6372]
- qed: allow sleep in qed_mcp_trace_dump() (Michal Schmidt) [RHEL-61705 RHEL-6372]
- sched/numa: Fix the potential null pointer dereference in task_numa_work() (CKI Backport Bot) [RHEL-66810] {CVE-2024-50223}
- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66969] {CVE-2024-50192}
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66969] {CVE-2024-50192}
- perf/x86/intel/uncore: Support HBM and CXL PMON counters (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Cleanup unused unit structure (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Support per PMU cpumask (Michael Petlan) [RHEL-65856]
- perf/x86/uncore: Save the unit control address of all units (Michael Petlan) [RHEL-65856]
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | kernel-5.14.0-503.19.1.el9_5.src.rpm | e2c3db3b19e41aa15552b6caccd9f1f96bd008b212223092bd69631c372a98a8 | - | ol9_aarch64_appstream |
| kernel-5.14.0-503.19.1.el9_5.src.rpm | e2c3db3b19e41aa15552b6caccd9f1f96bd008b212223092bd69631c372a98a8 | - | ol9_aarch64_baseos_latest | |
| kernel-5.14.0-503.19.1.el9_5.src.rpm | e2c3db3b19e41aa15552b6caccd9f1f96bd008b212223092bd69631c372a98a8 | - | ol9_aarch64_codeready_builder | |
| kernel-5.14.0-503.19.1.el9_5.src.rpm | e2c3db3b19e41aa15552b6caccd9f1f96bd008b212223092bd69631c372a98a8 | - | ol9_aarch64_u5_baseos_patch | |
| bpftool-7.4.0-503.19.1.el9_5.aarch64.rpm | a6b551bdf929e4e23dd1c8606a7e5123d8f8d51de4c0a779c795c7a32c82c400 | - | ol9_aarch64_baseos_latest | |
| bpftool-7.4.0-503.19.1.el9_5.aarch64.rpm | a6b551bdf929e4e23dd1c8606a7e5123d8f8d51de4c0a779c795c7a32c82c400 | - | ol9_aarch64_u5_baseos_patch | |
| kernel-cross-headers-5.14.0-503.19.1.el9_5.aarch64.rpm | 30435584c20d1fa36dd93c414a38d0217b564adff0b164cd5dc02ca367e22b0f | - | ol9_aarch64_codeready_builder | |
| kernel-headers-5.14.0-503.19.1.el9_5.aarch64.rpm | 855f4d9c4975a7e9b17bc20389b7b8589ea9d3b50ad524580da7a659464d589e | - | ol9_aarch64_appstream | |
| kernel-tools-5.14.0-503.19.1.el9_5.aarch64.rpm | 51ce400d7d64d1960419abbb325726afdd19bde329ec37aed5fcb784fcf0e39c | - | ol9_aarch64_baseos_latest | |
| kernel-tools-5.14.0-503.19.1.el9_5.aarch64.rpm | 51ce400d7d64d1960419abbb325726afdd19bde329ec37aed5fcb784fcf0e39c | - | ol9_aarch64_u5_baseos_patch | |
| kernel-tools-libs-5.14.0-503.19.1.el9_5.aarch64.rpm | 6eda4875c80083e5301227038b54003f10ef71048ed8901883719e95018b0df3 | - | ol9_aarch64_baseos_latest | |
| kernel-tools-libs-5.14.0-503.19.1.el9_5.aarch64.rpm | 6eda4875c80083e5301227038b54003f10ef71048ed8901883719e95018b0df3 | - | ol9_aarch64_u5_baseos_patch | |
| kernel-tools-libs-devel-5.14.0-503.19.1.el9_5.aarch64.rpm | 9042b8063e1ddba41f521f32cdac040b4c7b1016ec5d3346b345d87b747e0721 | - | ol9_aarch64_codeready_builder | |
| perf-5.14.0-503.19.1.el9_5.aarch64.rpm | 71ba3bb375a335085eb6951a886fb8b03971606c584784167c78ac1b317d2718 | - | ol9_aarch64_appstream | |
| python3-perf-5.14.0-503.19.1.el9_5.aarch64.rpm | ebc2eddefaec611cad07946f800d556e6945fe5f08b5fb1845c78b4321677fcd | - | ol9_aarch64_baseos_latest | |
| python3-perf-5.14.0-503.19.1.el9_5.aarch64.rpm | ebc2eddefaec611cad07946f800d556e6945fe5f08b5fb1845c78b4321677fcd | - | ol9_aarch64_u5_baseos_patch | |
| rtla-5.14.0-503.19.1.el9_5.aarch64.rpm | 40632a5b10e18eed8c301d0b4f28e6f103d866bc2441c1f1c73cff3dc83cdff8 | - | ol9_aarch64_appstream | |
| rv-5.14.0-503.19.1.el9_5.aarch64.rpm | b4ef2608e85013238f85dfca4891ec66b8e1f27352cb328bacc6c5c0e3eb5e5e | - | ol9_aarch64_appstream | |
| Oracle Linux 9 (x86_64) | kernel-5.14.0-503.19.1.el9_5.src.rpm | e2c3db3b19e41aa15552b6caccd9f1f96bd008b212223092bd69631c372a98a8 | - | ol9_x86_64_appstream |
| kernel-5.14.0-503.19.1.el9_5.src.rpm | e2c3db3b19e41aa15552b6caccd9f1f96bd008b212223092bd69631c372a98a8 | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-503.19.1.el9_5.src.rpm | e2c3db3b19e41aa15552b6caccd9f1f96bd008b212223092bd69631c372a98a8 | - | ol9_x86_64_codeready_builder | |
| kernel-5.14.0-503.19.1.el9_5.src.rpm | e2c3db3b19e41aa15552b6caccd9f1f96bd008b212223092bd69631c372a98a8 | - | ol9_x86_64_u5_baseos_patch | |
| bpftool-7.4.0-503.19.1.el9_5.x86_64.rpm | a2df56514e6e8e2207254a5d267f9ff916f6b410228d757d7d698651f4bd5aee | - | ol9_x86_64_baseos_latest | |
| bpftool-7.4.0-503.19.1.el9_5.x86_64.rpm | a2df56514e6e8e2207254a5d267f9ff916f6b410228d757d7d698651f4bd5aee | - | ol9_x86_64_u5_baseos_patch | |
| kernel-5.14.0-503.19.1.el9_5.x86_64.rpm | 7291a0a2de59c7a669ea4468d48e19d2a2784dec8a559dc070f7fb25532f80e2 | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-503.19.1.el9_5.x86_64.rpm | 7291a0a2de59c7a669ea4468d48e19d2a2784dec8a559dc070f7fb25532f80e2 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-abi-stablelists-5.14.0-503.19.1.el9_5.noarch.rpm | 5458a4224506808f6690e8cffa641a42688fd8a09901bd3198af2e8192adf4c1 | - | ol9_x86_64_baseos_latest | |
| kernel-abi-stablelists-5.14.0-503.19.1.el9_5.noarch.rpm | 5458a4224506808f6690e8cffa641a42688fd8a09901bd3198af2e8192adf4c1 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-core-5.14.0-503.19.1.el9_5.x86_64.rpm | 47071d8ced391369a4990341a62742e15fbe7af6f6bb92d8163d8ceff56030a1 | - | ol9_x86_64_baseos_latest | |
| kernel-core-5.14.0-503.19.1.el9_5.x86_64.rpm | 47071d8ced391369a4990341a62742e15fbe7af6f6bb92d8163d8ceff56030a1 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-cross-headers-5.14.0-503.19.1.el9_5.x86_64.rpm | 23e35d182d0af5b048c64a600bdd28b275b0163449aee07474a0b513d5e0bc8a | - | ol9_x86_64_codeready_builder | |
| kernel-debug-5.14.0-503.19.1.el9_5.x86_64.rpm | b68a859c5d42aca0a3ad6284fa4c8c52ab6b8f5d0fd645ac64cf67f13300808f | - | ol9_x86_64_baseos_latest | |
| kernel-debug-5.14.0-503.19.1.el9_5.x86_64.rpm | b68a859c5d42aca0a3ad6284fa4c8c52ab6b8f5d0fd645ac64cf67f13300808f | - | ol9_x86_64_u5_baseos_patch | |
| kernel-debug-core-5.14.0-503.19.1.el9_5.x86_64.rpm | 8701144f02137e3ddf2bca819041e3b99970579c7da0b38d7f3371cfecffceb0 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-core-5.14.0-503.19.1.el9_5.x86_64.rpm | 8701144f02137e3ddf2bca819041e3b99970579c7da0b38d7f3371cfecffceb0 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-debug-devel-5.14.0-503.19.1.el9_5.x86_64.rpm | 7626bf64227d1ff1679e197022a04435a12717bcd784312b9ea8cea2374a3fa6 | - | ol9_x86_64_appstream | |
| kernel-debug-devel-matched-5.14.0-503.19.1.el9_5.x86_64.rpm | e938ce274f4235eb71c4d602268776bc17407554f93e85f9724e787229ab2cf7 | - | ol9_x86_64_appstream | |
| kernel-debug-modules-5.14.0-503.19.1.el9_5.x86_64.rpm | ff06e5b588e3a2d704b1df3dc127b142f1f310bf543a796df7b1c3690c678970 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-5.14.0-503.19.1.el9_5.x86_64.rpm | ff06e5b588e3a2d704b1df3dc127b142f1f310bf543a796df7b1c3690c678970 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-debug-modules-core-5.14.0-503.19.1.el9_5.x86_64.rpm | e37f3abe738c9a99afd98cef48e9e491aab13d806e3310779bdda83894474421 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-core-5.14.0-503.19.1.el9_5.x86_64.rpm | e37f3abe738c9a99afd98cef48e9e491aab13d806e3310779bdda83894474421 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-debug-modules-extra-5.14.0-503.19.1.el9_5.x86_64.rpm | 7a54b949b0c313026c7cd0948ea3e13e6fa3621d2d44311b69c40aa95c41ae49 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-extra-5.14.0-503.19.1.el9_5.x86_64.rpm | 7a54b949b0c313026c7cd0948ea3e13e6fa3621d2d44311b69c40aa95c41ae49 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-debug-uki-virt-5.14.0-503.19.1.el9_5.x86_64.rpm | 25cf93df8e637be3949237bf97d93c7c7e5d194d020f7fdf09c6e6e497f425ed | - | ol9_x86_64_baseos_latest | |
| kernel-debug-uki-virt-5.14.0-503.19.1.el9_5.x86_64.rpm | 25cf93df8e637be3949237bf97d93c7c7e5d194d020f7fdf09c6e6e497f425ed | - | ol9_x86_64_u5_baseos_patch | |
| kernel-devel-5.14.0-503.19.1.el9_5.x86_64.rpm | eaa002393484b267e4ebb828daf2c8cd9ba1dcc6df701847e7af8f8bd8a179b3 | - | ol9_x86_64_appstream | |
| kernel-devel-matched-5.14.0-503.19.1.el9_5.x86_64.rpm | 4eda1dd6b259d75214021e5af20a89d233e5c74c8b59f7c6abaf0a0162aeb910 | - | ol9_x86_64_appstream | |
| kernel-doc-5.14.0-503.19.1.el9_5.noarch.rpm | d538113c4b4d3e8f42fe0cf1840780f29d72a0dfec26d7ea041bbaae8e47f149 | - | ol9_x86_64_appstream | |
| kernel-headers-5.14.0-503.19.1.el9_5.x86_64.rpm | 2d2de9cd553fc5fdd18c9181b692dddb5ea2d7ac732cb2e4de33b0891b0afe76 | - | ol9_x86_64_appstream | |
| kernel-modules-5.14.0-503.19.1.el9_5.x86_64.rpm | 92fc9b5917e7ac67e2543f948a6a840e9dcfbc4ca39fe177408735f4b3ebb758 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-5.14.0-503.19.1.el9_5.x86_64.rpm | 92fc9b5917e7ac67e2543f948a6a840e9dcfbc4ca39fe177408735f4b3ebb758 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-modules-core-5.14.0-503.19.1.el9_5.x86_64.rpm | 0019f34c37539194e77c43c95c9cb5b3212f20480333b446a33009855173b5b3 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-core-5.14.0-503.19.1.el9_5.x86_64.rpm | 0019f34c37539194e77c43c95c9cb5b3212f20480333b446a33009855173b5b3 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-modules-extra-5.14.0-503.19.1.el9_5.x86_64.rpm | 908fd7a51528f24adc62279fc8699f29fe66e3368961ae5174742bfb962e67a3 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-extra-5.14.0-503.19.1.el9_5.x86_64.rpm | 908fd7a51528f24adc62279fc8699f29fe66e3368961ae5174742bfb962e67a3 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-tools-5.14.0-503.19.1.el9_5.x86_64.rpm | 48e111bda60b8ef4beeed5ae4d16282c960a2dfa45d68288727a7e97847dc868 | - | ol9_x86_64_baseos_latest | |
| kernel-tools-5.14.0-503.19.1.el9_5.x86_64.rpm | 48e111bda60b8ef4beeed5ae4d16282c960a2dfa45d68288727a7e97847dc868 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-tools-libs-5.14.0-503.19.1.el9_5.x86_64.rpm | 594b99ebb7b13e01a5b4f9e5f9d8f0d7b41a4ec756ef8c1b9eee8d92012ef58e | - | ol9_x86_64_baseos_latest | |
| kernel-tools-libs-5.14.0-503.19.1.el9_5.x86_64.rpm | 594b99ebb7b13e01a5b4f9e5f9d8f0d7b41a4ec756ef8c1b9eee8d92012ef58e | - | ol9_x86_64_u5_baseos_patch | |
| kernel-tools-libs-devel-5.14.0-503.19.1.el9_5.x86_64.rpm | bc26d09b79296111d03f857c8febc35a10c2b7c607b1e777c2a55c6fabde8ca2 | - | ol9_x86_64_codeready_builder | |
| kernel-uki-virt-5.14.0-503.19.1.el9_5.x86_64.rpm | d451f3cafae0c7575b95cd6b380219ca79313ca4304ce53c123d24e17c59ac61 | - | ol9_x86_64_baseos_latest | |
| kernel-uki-virt-5.14.0-503.19.1.el9_5.x86_64.rpm | d451f3cafae0c7575b95cd6b380219ca79313ca4304ce53c123d24e17c59ac61 | - | ol9_x86_64_u5_baseos_patch | |
| kernel-uki-virt-addons-5.14.0-503.19.1.el9_5.x86_64.rpm | fa4c6e670a3b19be5fc8f4274c51add078fba454daf8dac0c9c464b64e7fb522 | - | ol9_x86_64_baseos_latest | |
| kernel-uki-virt-addons-5.14.0-503.19.1.el9_5.x86_64.rpm | fa4c6e670a3b19be5fc8f4274c51add078fba454daf8dac0c9c464b64e7fb522 | - | ol9_x86_64_u5_baseos_patch | |
| libperf-5.14.0-503.19.1.el9_5.x86_64.rpm | 01e09729496b469fe7222a8caf44365e19aa1c95e512e4ee8a49d1ae7a562cae | - | ol9_x86_64_codeready_builder | |
| perf-5.14.0-503.19.1.el9_5.x86_64.rpm | 772b0674a89ba16ce22a3c526a01ae136663a7b37c8f872237a74f4f13323009 | - | ol9_x86_64_appstream | |
| python3-perf-5.14.0-503.19.1.el9_5.x86_64.rpm | 3e598432f2df22757ab52c44258f131c25587716e5ad6826832af63d94d8fa9c | - | ol9_x86_64_baseos_latest | |
| python3-perf-5.14.0-503.19.1.el9_5.x86_64.rpm | 3e598432f2df22757ab52c44258f131c25587716e5ad6826832af63d94d8fa9c | - | ol9_x86_64_u5_baseos_patch | |
| rtla-5.14.0-503.19.1.el9_5.x86_64.rpm | 7437a3c35efe41d2f18476bcafad6666de157ad1634296f94cbdaead67ee4f96 | - | ol9_x86_64_appstream | |
| rv-5.14.0-503.19.1.el9_5.x86_64.rpm | 272deaa6b6c76b345f6314df0d7bd22ab25557f3d80941ad1fb23892b4ba4638 | - | ol9_x86_64_appstream | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
