ELSA-2024-2004

ELSA-2024-2004 - kernel security and bug fix update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2024-04-23

Description

[3.10.0-1160.118.1.0.1]
- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}

[3.10.0-1160.118.1]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)

[3.10.0-1160.118.1]
- iommu/amd: Fix NULL dereference bug in match_hid_uid (Jerry Snitselaar) [RHEL-8721]

[3.10.0-1160.117.1]
- tracing/perf: Fix double put of trace event when init fails (Michael Petlan) [RHEL-18052]
- tracing: Fix race in perf_trace_buf initialization (Michael Petlan) [RHEL-18052]
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16458] {CVE-2023-4623}
- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16458] {CVE-2023-4623}
- gfs2: Fix invalid metadata access in punch_hole (Andrew Price) [RHEL-28785]
- vt: vt_ioctl: fix race in VT_RESIZEX (Jay Shin) [RHEL-28639] {CVE-2020-36558}
- selinux: cleanup and consolidate the XFRM alloc/clone/delete/free code (Ondrej Mosnacek) [RHEL-27751]
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002}
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002}
- cifs: fix panic in smb2_reconnect (Jay Shin) [RHEL-26301]
- af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16144] {CVE-2023-4622}
- NFS: Set the stable writes BDI capability (Benjamin Coddington) [RHEL-22193]
- RDMA/i40iw: Prevent zero-length STAG registration (Kamal Heib) [RHEL-6299] {CVE-2023-25775}
- sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-26402] {CVE-2024-26602}

[3.10.0-1160.116.1]
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002}
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002}
- cifs: fix panic in smb2_reconnect (Jay Shin) [RHEL-26301]

[3.10.0-1160.115.1]
- af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16144] {CVE-2023-4622}
- NFS: Set the stable writes BDI capability (Benjamin Coddington) [RHEL-22193]

Related CVEs

CVE-2023-4623

CVE-2023-2002

CVE-2023-4622

CVE-2023-25775

CVE-2020-36558

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 7 (x86_64)	kernel-3.10.0-1160.118.1.0.1.el7.src.rpm	9a7598afad9fe1cdae999b56e241397fecbb057cc4e7c1b6971c32eb3ef5b574	ELSA-2025-1281	ol7_x86_64_latest
	kernel-3.10.0-1160.118.1.0.1.el7.src.rpm	9a7598afad9fe1cdae999b56e241397fecbb057cc4e7c1b6971c32eb3ef5b574	ELSA-2025-1281	ol7_x86_64_optional_latest
	kernel-3.10.0-1160.118.1.0.1.el7.src.rpm	9a7598afad9fe1cdae999b56e241397fecbb057cc4e7c1b6971c32eb3ef5b574	ELSA-2025-1281	ol7_x86_64_u9_patch
	bpftool-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	d6d61a1691c04b0fa1fa5bbcbca16cd7299776e204564d528632e29c3feaf661	ELSA-2025-1281	ol7_x86_64_latest
	bpftool-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	d6d61a1691c04b0fa1fa5bbcbca16cd7299776e204564d528632e29c3feaf661	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	addf87ec598a3e3db21d623c80a9841b7f42bd06d4ed693f6f4b91c00ca8d4ab	ELSA-2025-1281	ol7_x86_64_latest
	kernel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	addf87ec598a3e3db21d623c80a9841b7f42bd06d4ed693f6f4b91c00ca8d4ab	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-abi-whitelists-3.10.0-1160.118.1.0.1.el7.noarch.rpm	74eeda133f5e15551b38f00ce372d5483b17c6c6ee2b74457785c3c3751f5b50	ELSA-2025-1281	ol7_x86_64_latest
	kernel-abi-whitelists-3.10.0-1160.118.1.0.1.el7.noarch.rpm	74eeda133f5e15551b38f00ce372d5483b17c6c6ee2b74457785c3c3751f5b50	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-debug-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	5e9320b5ed14499575daf3e0b9f55e634b633024a1144cbf6a53dc0023d4a835	ELSA-2025-1281	ol7_x86_64_latest
	kernel-debug-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	5e9320b5ed14499575daf3e0b9f55e634b633024a1144cbf6a53dc0023d4a835	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-debug-devel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	18ea10ff60f24ba3a0464f8a9e9c972b7a56fc7d1c82bf45d6a5b6d7d9cfe3cf	ELSA-2025-1281	ol7_x86_64_latest
	kernel-debug-devel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	18ea10ff60f24ba3a0464f8a9e9c972b7a56fc7d1c82bf45d6a5b6d7d9cfe3cf	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-devel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	8774f1477187d11533ef80cec8a85ab0afcc1898e47a28535e15ea4b7b6ae1b4	ELSA-2025-1281	ol7_x86_64_latest
	kernel-devel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	8774f1477187d11533ef80cec8a85ab0afcc1898e47a28535e15ea4b7b6ae1b4	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-doc-3.10.0-1160.118.1.0.1.el7.noarch.rpm	b7da92935c545b9037918040be98ed73088203704c10f0249009b848657b46f7	ELSA-2025-1281	ol7_x86_64_latest
	kernel-doc-3.10.0-1160.118.1.0.1.el7.noarch.rpm	b7da92935c545b9037918040be98ed73088203704c10f0249009b848657b46f7	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-headers-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	4e95ee8608ae1dc9be16ead35b8c9caf0857f1d9279c5c178820d40ef2d13ce1	ELSA-2025-1281	exadata_dbserver_22.1.23.0.0_x86_64_base
	kernel-headers-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	4e95ee8608ae1dc9be16ead35b8c9caf0857f1d9279c5c178820d40ef2d13ce1	ELSA-2025-1281	exadata_dbserver_22.1.24.0.0_x86_64_base
	kernel-headers-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	4e95ee8608ae1dc9be16ead35b8c9caf0857f1d9279c5c178820d40ef2d13ce1	ELSA-2025-1281	ol7_x86_64_latest
	kernel-headers-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	4e95ee8608ae1dc9be16ead35b8c9caf0857f1d9279c5c178820d40ef2d13ce1	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-tools-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	25cea8a0cae84620f2d168b43de593433422f28b7c36930c6acebb92b09c3824	ELSA-2025-1281	exadata_dbserver_22.1.23.0.0_x86_64_base
	kernel-tools-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	25cea8a0cae84620f2d168b43de593433422f28b7c36930c6acebb92b09c3824	ELSA-2025-1281	exadata_dbserver_22.1.24.0.0_x86_64_base
	kernel-tools-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	25cea8a0cae84620f2d168b43de593433422f28b7c36930c6acebb92b09c3824	ELSA-2025-1281	ol7_x86_64_latest
	kernel-tools-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	25cea8a0cae84620f2d168b43de593433422f28b7c36930c6acebb92b09c3824	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-tools-libs-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	dcb9aca18864f961d76bd0c360a6b19a96c14b57be1228f89e89965eebfb511e	ELSA-2025-1281	exadata_dbserver_22.1.23.0.0_x86_64_base
	kernel-tools-libs-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	dcb9aca18864f961d76bd0c360a6b19a96c14b57be1228f89e89965eebfb511e	ELSA-2025-1281	exadata_dbserver_22.1.24.0.0_x86_64_base
	kernel-tools-libs-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	dcb9aca18864f961d76bd0c360a6b19a96c14b57be1228f89e89965eebfb511e	ELSA-2025-1281	ol7_x86_64_latest
	kernel-tools-libs-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	dcb9aca18864f961d76bd0c360a6b19a96c14b57be1228f89e89965eebfb511e	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-tools-libs-devel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	f8f60a4e9da39c8ee5686e1ea45fe9bf2b162eb1f0ff1aa8074442bdaf07b6d5	ELSA-2025-1281	ol7_x86_64_optional_latest
	perf-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	25681f36230143ae655bfb79216281516bb2304c66ddd7a16d7d178cfceffd3a	ELSA-2025-20019	ol7_x86_64_latest
	perf-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	25681f36230143ae655bfb79216281516bb2304c66ddd7a16d7d178cfceffd3a	ELSA-2025-20019	ol7_x86_64_u9_patch
	python-perf-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	a02ffe8c50c124898ee72f1d9a43e7844dccbc6f57f3bae09b256b3a00bc613a	ELSA-2025-20019	ol7_x86_64_latest
	python-perf-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	a02ffe8c50c124898ee72f1d9a43e7844dccbc6f57f3bae09b256b3a00bc613a	ELSA-2025-20019	ol7_x86_64_u9_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team