ELSA-2024-12270 - Unbreakable Enterprise kernel security update

Release Date:2024-04-08


- netfilter: nf_tables: reject QUEUE/DROP verdict parameters (Florian Westphal) [Orabug: 36467681] {CVE-2024-1086}

- Fix null ptr in rds_tcp_recv_path (Allison Henderson) [Orabug: 33499812]
- LTS version: v4.14.338 (Saeed Mirzamohammadi)
- crypto: scompress - initialize per-CPU variables on each CPU (Sebastian Andrzej Siewior)
- Revert 'NFSD: Fix possible sleep during nfsd4_release_lockowner()' (Greg Kroah-Hartman)
- i2c: s3c24xx: fix transferring more than one message in polling mode (Marek Szyprowski)
- i2c: s3c24xx: fix read transfers in polling mode (Marek Szyprowski)
- kdb: Fix a potential buffer overflow in kdb_local() (Christophe JAILLET)
- kdb: Censor attempts to set PROMPT without ENABLE_MEM_READ (Daniel Thompson)
- ipvs: avoid stat macros calls from preemptible context (Fedor Pchelkin)
- net: ravb: Fix dma_addr_t truncation in error case (Nikita Yushchenko)
- serial: imx: Correct clock error message in function probe() (Christoph Niedermaier)
- apparmor: avoid crash when parsed profile name is empty (Fedor Pchelkin)
- MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() (Christophe JAILLET)
- MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() (Christophe JAILLET)
- HID: wacom: Correct behavior when processing some confidence == false touches (Jason Gerecke)
- wifi: mwifiex: configure BSSID consistently when starting AP (David Lin)
- wifi: rtlwifi: Convert LNKCTL change to PCIe cap RMW accessors (Ilpo Jarvinen)
- wifi: rtlwifi: Remove bogus and dangerous ASPM disable/enable code (Ilpo Jarvinen)
- fbdev: flush deferred work in fb_deferred_io_fsync() (Nam Cao)
- ALSA: oxygen: Fix right channel of capture volume mixer (Takashi Iwai)
- usb: mon: Fix atomicity violation in mon_bin_vma_fault (Gui-Dong Han)
- usb: chipidea: wait controller resume finished for wakeup irq (Xu Yang)
- usb: dwc: ep0: Update request status in dwc3_ep0_stall_restart (Uttkarsh Aggarwal)
- usb: phy: mxs: remove CONFIG_USB_OTG condition for mxs_phy_is_otg_host() (Xu Yang)
- tick-sched: Fix idle and iowait sleeptime accounting vs CPU hotplug (Heiko Carstens)
- binder: fix unused alloc->free_async_space (Carlos Llamas)
- binder: fix race between mmput() and do_exit() (Carlos Llamas)
- Input: atkbd - use ab83 as id when skipping the getid command (Hans de Goede)
- binder: fix async space check for 0-sized buffers (Carlos Llamas)
- watchdog: bcm2835_wdt: Fix WDIOC_SETTIMEOUT handling (Stefan Wahren)
- watchdog: set cdev owner before adding (Curtis Klein)
- gpu/drm/radeon: fix two memleaks in radeon_vm_init (Zhipeng Lu)
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Zhipeng Lu)
- drm/amd/pm: fix a double-free in si_dpm_init (Zhipeng Lu)
- media: dvbdev: drop refcount on error path in dvb_device_open() (Dan Carpenter)
- media: cx231xx: fix a memleak in cx231xx_init_isoc (Zhipeng Lu)
- drm/radeon/trinity_dpm: fix a memleak in trinity_parse_power_table (Zhipeng Lu)
- drm/radeon/dpm: fix a memleak in sumo_parse_power_table (Zhipeng Lu)
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (Yang Yingliang)
- drm/drv: propagate errors from drm_modeset_register_all() (Dmitry Baryshkov)
- drm/msm/mdp4: flush vblank event on disable (Dmitry Baryshkov)
- ASoC: cs35l34: Fix GPIO name and drop legacy include (Linus Walleij)
- ASoC: cs35l33: Fix GPIO name and drop legacy include (Linus Walleij)
- drm/radeon: check return value of radeon_ring_lock() (Nikita Zhandarovich)
- drm/radeon/r100: Fix integer overflow issues in r100_cs_track_check() (Nikita Zhandarovich)
- drm/radeon/r600_cs: Fix possible int overflows in r600_cs_check_reg() (Nikita Zhandarovich)
- f2fs: fix to avoid dirent corruption (Chao Yu)
- drm/bridge: Fix typo in post_disable() description (Dario Binacchi)
- media: pvrusb2: fix use after free on context disconnection (Ricardo B. Marliere)
- RDMA/usnic: Silence uninitialized symbol smatch warnings (Leon Romanovsky)
- ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() (Eric Dumazet)
- Bluetooth: Fix bogus check for re-auth no supported with non-ssp (Luiz Augusto von Dentz)
- wifi: rtlwifi: rtl8192se: using calculate_bit_shift() (Su Hui)
- wifi: rtlwifi: rtl8192ee: using calculate_bit_shift() (Su Hui)
- wifi: rtlwifi: rtl8192de: using calculate_bit_shift() (Su Hui)
- rtlwifi: rtl8192de: make arrays static const, makes object smaller (Colin Ian King)
- wifi: rtlwifi: rtl8192ce: using calculate_bit_shift() (Su Hui)
- wifi: rtlwifi: rtl8192cu: using calculate_bit_shift() (Su Hui)
- wifi: rtlwifi: rtl8192c: using calculate_bit_shift() (Su Hui)
- wifi: rtlwifi: rtl8188ee: phy: using calculate_bit_shift() (Su Hui)
- wifi: rtlwifi: add calculate_bit_shift() (Su Hui)
- wifi: rtlwifi: rtl8821ae: phy: fix an undefined bitwise shift behavior (Su Hui)
- rtlwifi: Use ffs in _phy_calculate_bit_shift (Joe Perches)
- firmware: ti_sci: Fix an off-by-one in ti_sci_debugfs_create() (Christophe JAILLET)
- net/ncsi: Fix netlink major/minor version numbers (Peter Delevoryas)
- ncsi: internal.h: Fix a spello (Bhaskar Chowdhury)
- wifi: libertas: stop selecting wext (Arnd Bergmann)
- bpf, lpm: Fix check prefixlen before walking trie (Florian Lehner)
- NFSv4.1/pnfs: Ensure we handle the error NFS4ERR_RETURNCONFLICT (Trond Myklebust)
- crypto: scomp - fix req->dst buffer overflow (Chengming Zhou)
- crypto: scompress - Use per-CPU struct instead multiple variables (Sebastian Andrzej Siewior)
- crypto: scompress - return proper error code for allocation failure (Sebastian Andrzej Siewior)
- crypto: sahara - do not resize req->src when doing hash operations (Ovidiu Panait)
- crypto: sahara - fix processing hash requests with req->nbytes < sg->length (Ovidiu Panait)
- crypto: sahara - improve error handling in sahara_sha_process() (Ovidiu Panait)
- crypto: sahara - fix wait_for_completion_timeout() error handling (Ovidiu Panait)
- crypto: sahara - fix ahash reqsize (Ovidiu Panait)
- crypto: virtio - Wait for tasklet to complete on device remove (wangyangxin)
- pstore: ram_core: fix possible overflow in persistent_ram_init_ecc() (Sergey Shtylyov)
- crypto: sahara - fix error handling in sahara_hw_descriptor_create() (Ovidiu Panait)
- crypto: sahara - fix processing requests with cryptlen < sg->length (Ovidiu Panait)
- crypto: sahara - fix ahash selftest failure (Ovidiu Panait)
- crypto: sahara - remove FLAGS_NEW_KEY logic (Ovidiu Panait)
- crypto: af_alg - Disallow multiple in-flight AIO requests (Herbert Xu)
- crypto: ccp - fix memleak in ccp_init_dm_workarea (Dinghao Liu)
- crypto: virtio - Handle dataq logic with tasklet (Gonglei (Arei))
- mtd: Fix gluebi NULL pointer dereference caused by ftl notifier (ZhaoLong Wang)
- calipso: fix memory leak in netlbl_calipso_add_pass() (Gavrilov Ilia)
- netlabel: remove unused parameter in netlbl_netlink_auditinfo() (Zheng Yejian)
- net: netlabel: Fix kerneldoc warnings (Andrew Lunn)
- ACPI: video: check for error while searching for backlight device parent (Nikita Kiryushin)
- mtd: rawnand: Increment IFC_TIMEOUT_MSECS for nand controller response (Ronald Monthero)
- powerpc/imc-pmu: Add a null pointer check in update_events_in_group() (Kunwu Chan)
- powerpc/powernv: Add a null pointer check in opal_event_init() (Kunwu Chan)
- selftests/powerpc: Fix error handling in FPU/VMX preemption tests (Michael Ellerman)
- powerpc/pseries/memhp: Fix access beyond end of drmem array (Nathan Lynch)
- powerpc/pseries/memhotplug: Quieten some DLPAR operations (Laurent Dufour)
- powerpc/44x: select I2C for CURRITUCK (Randy Dunlap)
- powerpc: remove redundant 'default n' from Kconfig-s (Bartlomiej Zolnierkiewicz)
- powerpc: add crtsavres.o to always-y instead of extra-y (Masahiro Yamada)
- EDAC/thunderx: Fix possible out-of-bounds string access (Arnd Bergmann)
- x86/lib: Fix overflow when counting digits (Colin Ian King)
- coresight: etm4x: Fix width of CCITMIN field (James Clark)
- uio: Fix use-after-free in uio_open (Guanghui Feng)
- binder: fix comment on binder_alloc_new_buf() return value (Carlos Llamas)
- drm/crtc: fix uninitialized variable use (Jani Nikula)
- Input: xpad - add Razer Wolverine V2 support (Luca Weiss)
- ARC: fix spare error (Vineet Gupta)
- s390/scm: fix virtual vs physical address confusion (Vineeth Vijayan)
- Input: atkbd - skip ATKBD_CMD_GETID in translated mode (Hans de Goede)
- reset: hisilicon: hi6220: fix Wvoid-pointer-to-enum-cast warning (Krzysztof Kozlowski)
- ring-buffer: Do not record in NMI if the arch does not support cmpxchg in NMI (Steven Rostedt (Google))
- tracing: Add size check when printing trace_marker output (Steven Rostedt (Google))
- tracing: Have large events show up as '[LINE TOO BIG]' instead of nothing (Steven Rostedt (Google))
- drm/crtc: Fix uninit-value bug in drm_mode_setcrtc (Ziqi Zhao)
- jbd2: correct the printing of write_flags in jbd2_write_superblock() (Zhang Yi)
- clk: rockchip: rk3128: Fix HCLK_OTG gate register (Weihao Li)
- drm/exynos: fix a potential error pointer dereference (Xiang Yang)
- ASoC: da7219: Support low DC impedance headset (David Rau)
- net/tg3: fix race condition in tg3_reset_task() (Thinh Tran)
- ASoC: rt5650: add mutex to avoid the jack detection failure (Shuming Fan)
- ASoC: cs43130: Fix incorrect frame delay configuration (Maciej Strozek)
- ASoC: cs43130: Fix the position of const qualifier (Maciej Strozek)
- f2fs: explicitly null-terminate the xattr list (Eric Biggers)
- LTS version: v4.14.337 (Saeed Mirzamohammadi)
- ipv6: remove max_size check inline with ipv4 (Saeed Mirzamohammadi)
- ipv6: make ip6_rt_gc_expire an atomic_t (Saeed Mirzamohammadi)
- net/dst: use a smaller percpu_counter batch for dst entries accounting (Eric Dumazet)
- net: add a route cache full diagnostic message (Peter Oskolkov)
- netfilter: nf_tables: Reject tables of unsupported family (Phil Sutter) [Orabug: 36192153] {CVE-2023-6040}
- fuse: nlookup missing decrement in fuse_direntplus_link (ruanmeisi)
- mm: fix unmap_mapping_range high bits shift bug (Jiajun Xie)
- mm/memory-failure: check the mapcount of the precise page (Matthew Wilcox (Oracle))
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (Michael Chan)
- asix: Add check for usbnet_get_endpoints (Chen Ni)
- net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues (Dinghao Liu)
- net/qla3xxx: switch from 'pci_' to 'dma_' API (Christophe JAILLET)

- mm: avoid conflict between MADV_DOEXEC and upstream advice values (Anthony Yznaga) [Orabug: 36334310]
- net/rds: print PPID/COMM of process doing user reset on RDS connection (Juan Garcia) [Orabug: 36248431]

Related CVEs


Updated Packages

Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 7 (aarch64) kernel-uek-4.14.35-2047.535.2.1.el7uek.src.rpm231f8d50dfc0a3046af9bdf27563cbdc-ol7_aarch64_latest
Oracle Linux 7 (x86_64) kernel-uek-4.14.35-2047.535.2.1.el7uek.src.rpm231f8d50dfc0a3046af9bdf27563cbdc-ol7_x86_64_UEKR5

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team