ELSA-2024-2004

ULN >
Oracle Linux Errata repository >
ELSA-2024-2004

ELSA-2024-2004 - kernel security and bug fix update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2024-04-23

Description

[3.10.0-1160.118.1.0.1]
- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}

[3.10.0-1160.118.1]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)

[3.10.0-1160.118.1]
- iommu/amd: Fix NULL dereference bug in match_hid_uid (Jerry Snitselaar) [RHEL-8721]

[3.10.0-1160.117.1]
- tracing/perf: Fix double put of trace event when init fails (Michael Petlan) [RHEL-18052]
- tracing: Fix race in perf_trace_buf initialization (Michael Petlan) [RHEL-18052]
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16458] {CVE-2023-4623}
- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16458] {CVE-2023-4623}
- gfs2: Fix invalid metadata access in punch_hole (Andrew Price) [RHEL-28785]
- vt: vt_ioctl: fix race in VT_RESIZEX (Jay Shin) [RHEL-28639] {CVE-2020-36558}
- selinux: cleanup and consolidate the XFRM alloc/clone/delete/free code (Ondrej Mosnacek) [RHEL-27751]
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002}
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002}
- cifs: fix panic in smb2_reconnect (Jay Shin) [RHEL-26301]
- af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16144] {CVE-2023-4622}
- NFS: Set the stable writes BDI capability (Benjamin Coddington) [RHEL-22193]
- RDMA/i40iw: Prevent zero-length STAG registration (Kamal Heib) [RHEL-6299] {CVE-2023-25775}
- sched/membarrier: reduce the ability to hammer on sys_membarrier (Wander Lairson Costa) [RHEL-26402] {CVE-2024-26602}

[3.10.0-1160.116.1]
- bluetooth: Add cmd validity checks at the start of hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002}
- bluetooth: Perform careful capability checks in hci_sock_ioctl() (David Marlin) [RHEL-3682] {CVE-2023-2002}
- cifs: fix panic in smb2_reconnect (Jay Shin) [RHEL-26301]

[3.10.0-1160.115.1]
- af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16144] {CVE-2023-4622}
- NFS: Set the stable writes BDI capability (Benjamin Coddington) [RHEL-22193]

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	kernel-3.10.0-1160.118.1.0.1.el7.src.rpm	bc4e8feecf12602cd25e46ed80f26653	-	ol7_x86_64_latest
	kernel-3.10.0-1160.118.1.0.1.el7.src.rpm	bc4e8feecf12602cd25e46ed80f26653	-	ol7_x86_64_optional_latest
	kernel-3.10.0-1160.118.1.0.1.el7.src.rpm	bc4e8feecf12602cd25e46ed80f26653	-	ol7_x86_64_u9_patch
	bpftool-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	618f3932f231460b891a6b912376a62b	-	ol7_x86_64_latest
	bpftool-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	618f3932f231460b891a6b912376a62b	-	ol7_x86_64_u9_patch
	kernel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	b56f00caa56ba7e5617739b5266e58fb	-	ol7_x86_64_latest
	kernel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	b56f00caa56ba7e5617739b5266e58fb	-	ol7_x86_64_u9_patch
	kernel-abi-whitelists-3.10.0-1160.118.1.0.1.el7.noarch.rpm	70b428866e169a7d3a95d3dabd3161e8	-	ol7_x86_64_latest
	kernel-abi-whitelists-3.10.0-1160.118.1.0.1.el7.noarch.rpm	70b428866e169a7d3a95d3dabd3161e8	-	ol7_x86_64_u9_patch
	kernel-debug-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	351e8a5e85935eb8314c97b242526a19	-	ol7_x86_64_latest
	kernel-debug-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	351e8a5e85935eb8314c97b242526a19	-	ol7_x86_64_u9_patch
	kernel-debug-devel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	cefb5abee5b504b95ae72552d5c361db	-	ol7_x86_64_latest
	kernel-debug-devel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	cefb5abee5b504b95ae72552d5c361db	-	ol7_x86_64_u9_patch
	kernel-devel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	8fdb81b0f58f83b6e3cca5cf1f6d3072	-	ol7_x86_64_latest
	kernel-devel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	8fdb81b0f58f83b6e3cca5cf1f6d3072	-	ol7_x86_64_u9_patch
	kernel-doc-3.10.0-1160.118.1.0.1.el7.noarch.rpm	6593be4d2c9b8b06506d06c7d9cdff49	-	ol7_x86_64_latest
	kernel-doc-3.10.0-1160.118.1.0.1.el7.noarch.rpm	6593be4d2c9b8b06506d06c7d9cdff49	-	ol7_x86_64_u9_patch
	kernel-headers-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	2d09ee01857d7d33b3c5ee6c6306829f	-	ol7_x86_64_latest
	kernel-headers-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	2d09ee01857d7d33b3c5ee6c6306829f	-	ol7_x86_64_u9_patch
	kernel-tools-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	75c2d793e612a017043e9e5dc11addd0	-	ol7_x86_64_latest
	kernel-tools-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	75c2d793e612a017043e9e5dc11addd0	-	ol7_x86_64_u9_patch
	kernel-tools-libs-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	d2c870086fb8aad55893552cb11ac74f	-	ol7_x86_64_latest
	kernel-tools-libs-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	d2c870086fb8aad55893552cb11ac74f	-	ol7_x86_64_u9_patch
	kernel-tools-libs-devel-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	f54302aaa2b65bd71f1d6053e181f255	-	ol7_x86_64_optional_latest
	perf-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	fca6d7ead09e618d497690fa1ab0fc4a	-	ol7_x86_64_latest
	perf-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	fca6d7ead09e618d497690fa1ab0fc4a	-	ol7_x86_64_u9_patch
	python-perf-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	87f537e7b0ddad7c48868826501e16f2	-	ol7_x86_64_latest
	python-perf-3.10.0-1160.118.1.0.1.el7.x86_64.rpm	87f537e7b0ddad7c48868826501e16f2	-	ol7_x86_64_u9_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691