ELSA-2024-2758

ULN >
Oracle Linux Errata repository >
ELSA-2024-2758

ELSA-2024-2758 - kernel security and bug fix update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-05-08

Description

[5.14.0-427.16.1_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-427.16.1_4]
- memory: tegra: Skip SID programming if SID registers aren't set (Robert Foss) [RHEL-32675 RHEL-23656]
- memory: tegra: Add SID override programming for MC clients (Robert Foss) [RHEL-32675 RHEL-23656]
- iommu: Don't reserve 0-length IOVA region (Robert Foss) [RHEL-32675 RHEL-23656]

[5.14.0-427.15.1_4]
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (Michal Schmidt) [RHEL-30110 RHEL-19000]
- ice: avoid the PTP hardware semaphore in gettimex64 path (Michal Schmidt) [RHEL-30110 RHEL-19000]
- ice: add ice_adapter for shared data across PFs on the same NIC (Michal Schmidt) [RHEL-30110 RHEL-19000]
- crypto: iaa - mark tech preview (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix nr_cpus < nr_iaa case (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix comp/decomp delay statistics (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix async_disable descriptor leak (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Remove header table code (Vladis Dronov) [RHEL-32242 RHEL-29685]
- cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Laurent Vivier) [RHEL-32716 RHEL-31381]
- x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30030 RHEL-30031] {CVE-2024-25743 CVE-2024-25742}

[5.14.0-427.14.1_4]
- crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-27009 RHEL-25845]
- crypto: tcrypt - add ffdhe2048(dh) test (Vladis Dronov) [RHEL-27009 RHEL-25845]
- crypto: dh - Make public key test FIPS-only (Vladis Dronov) [RHEL-27009 RHEL-25845]
- printk: allow disabling printk per-console device kthreads at boot (Luis Claudio R. Goncalves) [RHEL-30678 RHEL-17709]
- mm, vmscan: remove ISOLATE_UNMAPPED (Nico Pache) [RHEL-29235 RHEL-28667]
- trace-vmscan-postprocess: sync with tracepoints updates (Nico Pache) [RHEL-29235 RHEL-28667]
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: skip special VMAs in lru_gen_look_around() (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: reclaim offlined memcgs harder (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: try to stop at high watermarks (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: fix underprotected page cache (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: reuse some legacy trace events (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: improve design doc (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: clean up sysfs code (Nico Pache) [RHEL-29235 RHEL-28667]
- cpu/hotplug: Do not bail-out in DYING/STARTING sections (David Arcari) [RHEL-29673 RHEL-19514]
- crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-29079 RHEL-17113] {CVE-2023-6240}

Related CVEs

CVE-2024-25742

CVE-2023-6240

CVE-2024-25743

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-427.16.1.el9_4.src.rpm	44a7039d65e25a29739a9ddb20a5f015	-	ol9_aarch64_appstream
	kernel-5.14.0-427.16.1.el9_4.src.rpm	44a7039d65e25a29739a9ddb20a5f015	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-427.16.1.el9_4.src.rpm	44a7039d65e25a29739a9ddb20a5f015	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-427.16.1.el9_4.src.rpm	44a7039d65e25a29739a9ddb20a5f015	-	ol9_aarch64_u4_baseos_patch
	bpftool-7.3.0-427.16.1.el9_4.aarch64.rpm	6e4f336fbd51ff91efe77348bc0e20ee	-	ol9_aarch64_baseos_latest
	bpftool-7.3.0-427.16.1.el9_4.aarch64.rpm	6e4f336fbd51ff91efe77348bc0e20ee	-	ol9_aarch64_u4_baseos_patch
	kernel-cross-headers-5.14.0-427.16.1.el9_4.aarch64.rpm	4f7afcb53445037120d6aae34c4ba597	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-427.16.1.el9_4.aarch64.rpm	c62b32c5a2937d86add03d8e6ab3036b	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-427.16.1.el9_4.aarch64.rpm	f589df8c163d2418308ee1938e97e0cd	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-427.16.1.el9_4.aarch64.rpm	f589df8c163d2418308ee1938e97e0cd	-	ol9_aarch64_u4_baseos_patch
	kernel-tools-libs-5.14.0-427.16.1.el9_4.aarch64.rpm	a476af1a355d78f928bcc0622c2d9a08	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-427.16.1.el9_4.aarch64.rpm	a476af1a355d78f928bcc0622c2d9a08	-	ol9_aarch64_u4_baseos_patch
	kernel-tools-libs-devel-5.14.0-427.16.1.el9_4.aarch64.rpm	bbce8078abbccfa938c87dc341b235e8	-	ol9_aarch64_codeready_builder
	perf-5.14.0-427.16.1.el9_4.aarch64.rpm	4e72d1d0a3207bf5365cdd4e0e9cf47b	-	ol9_aarch64_appstream
	python3-perf-5.14.0-427.16.1.el9_4.aarch64.rpm	eb1c462b3dcaba00fce08db6cb2bfe49	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-427.16.1.el9_4.aarch64.rpm	eb1c462b3dcaba00fce08db6cb2bfe49	-	ol9_aarch64_u4_baseos_patch

Oracle Linux 9 (x86_64)	kernel-5.14.0-427.16.1.el9_4.src.rpm	44a7039d65e25a29739a9ddb20a5f015	-	ol9_x86_64_appstream
	kernel-5.14.0-427.16.1.el9_4.src.rpm	44a7039d65e25a29739a9ddb20a5f015	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-427.16.1.el9_4.src.rpm	44a7039d65e25a29739a9ddb20a5f015	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-427.16.1.el9_4.src.rpm	44a7039d65e25a29739a9ddb20a5f015	-	ol9_x86_64_u4_baseos_patch
	bpftool-7.3.0-427.16.1.el9_4.x86_64.rpm	f8e971069dd2ea418bb2a47a27041afc	-	ol9_x86_64_baseos_latest
	bpftool-7.3.0-427.16.1.el9_4.x86_64.rpm	f8e971069dd2ea418bb2a47a27041afc	-	ol9_x86_64_u4_baseos_patch
	kernel-5.14.0-427.16.1.el9_4.x86_64.rpm	ea8f978cf032366b4dcfb888c264815a	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-427.16.1.el9_4.x86_64.rpm	ea8f978cf032366b4dcfb888c264815a	-	ol9_x86_64_u4_baseos_patch
	kernel-abi-stablelists-5.14.0-427.16.1.el9_4.noarch.rpm	09e39513cf1a09cc7a5431180f97468c	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-427.16.1.el9_4.noarch.rpm	09e39513cf1a09cc7a5431180f97468c	-	ol9_x86_64_u4_baseos_patch
	kernel-core-5.14.0-427.16.1.el9_4.x86_64.rpm	40b5ff3394d60dc3a24bfe12ffd30dfc	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-427.16.1.el9_4.x86_64.rpm	40b5ff3394d60dc3a24bfe12ffd30dfc	-	ol9_x86_64_u4_baseos_patch
	kernel-cross-headers-5.14.0-427.16.1.el9_4.x86_64.rpm	3dec40b799838c413d6a01e14a159347	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-427.16.1.el9_4.x86_64.rpm	ffaf254621e0fcb082766fd978fb017b	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-427.16.1.el9_4.x86_64.rpm	ffaf254621e0fcb082766fd978fb017b	-	ol9_x86_64_u4_baseos_patch
	kernel-debug-core-5.14.0-427.16.1.el9_4.x86_64.rpm	a458a53018a3dc1bad574751003b4480	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-427.16.1.el9_4.x86_64.rpm	a458a53018a3dc1bad574751003b4480	-	ol9_x86_64_u4_baseos_patch
	kernel-debug-devel-5.14.0-427.16.1.el9_4.x86_64.rpm	f2e995dd739c6cb73b9ae049f25bd18f	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-427.16.1.el9_4.x86_64.rpm	f154b130ff10fafb3385da7b52e7f504	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-427.16.1.el9_4.x86_64.rpm	350bf48f5fa6a4d70d9db3cab1731f08	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-427.16.1.el9_4.x86_64.rpm	350bf48f5fa6a4d70d9db3cab1731f08	-	ol9_x86_64_u4_baseos_patch
	kernel-debug-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm	6d88f5e000080102093d766dc8eaba7f	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm	6d88f5e000080102093d766dc8eaba7f	-	ol9_x86_64_u4_baseos_patch
	kernel-debug-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm	6ef2c459934a2410a7f3242614d7106c	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm	6ef2c459934a2410a7f3242614d7106c	-	ol9_x86_64_u4_baseos_patch
	kernel-devel-5.14.0-427.16.1.el9_4.x86_64.rpm	d20fd95c6fe353696aa14988efedd2a2	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-427.16.1.el9_4.x86_64.rpm	221e285cced37967855f6d78051981de	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-427.16.1.el9_4.noarch.rpm	1edf0c8ee545559c47f70cbfe680efda	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-427.16.1.el9_4.x86_64.rpm	d035f2268fa5adef1053e6c38fb78c5e	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-427.16.1.el9_4.x86_64.rpm	947f2b94261ec8851294419814d8e3d3	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-427.16.1.el9_4.x86_64.rpm	947f2b94261ec8851294419814d8e3d3	-	ol9_x86_64_u4_baseos_patch
	kernel-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm	f0e2837688db2add5641146cfde692bf	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm	f0e2837688db2add5641146cfde692bf	-	ol9_x86_64_u4_baseos_patch
	kernel-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm	5eee7fa8633fae9628b859bd48e35acd	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm	5eee7fa8633fae9628b859bd48e35acd	-	ol9_x86_64_u4_baseos_patch
	kernel-tools-5.14.0-427.16.1.el9_4.x86_64.rpm	532c0be2bfdd7f406f70a9fbc0f13d5f	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-427.16.1.el9_4.x86_64.rpm	532c0be2bfdd7f406f70a9fbc0f13d5f	-	ol9_x86_64_u4_baseos_patch
	kernel-tools-libs-5.14.0-427.16.1.el9_4.x86_64.rpm	442c46e0d10bb5ce9493c4ecb76e4c10	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-427.16.1.el9_4.x86_64.rpm	442c46e0d10bb5ce9493c4ecb76e4c10	-	ol9_x86_64_u4_baseos_patch
	kernel-tools-libs-devel-5.14.0-427.16.1.el9_4.x86_64.rpm	13335cc33a9eb2664479ef881c1d5c72	-	ol9_x86_64_codeready_builder
	libperf-5.14.0-427.16.1.el9_4.x86_64.rpm	184f941aeef1a484f743a047788a03e6	-	ol9_x86_64_codeready_builder
	perf-5.14.0-427.16.1.el9_4.x86_64.rpm	cdffdc53b280ec974bdd3f72e6454caa	-	ol9_x86_64_appstream
	python3-perf-5.14.0-427.16.1.el9_4.x86_64.rpm	0abd2b613215d7adfc95c2311cf820bf	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-427.16.1.el9_4.x86_64.rpm	0abd2b613215d7adfc95c2311cf820bf	-	ol9_x86_64_u4_baseos_patch
	rtla-5.14.0-427.16.1.el9_4.x86_64.rpm	443a2ac6f0fddf1d7633bbfa9cf95b61	-	ol9_x86_64_appstream
	rv-5.14.0-427.16.1.el9_4.x86_64.rpm	3791cdbe6a19bbfc3085c7a55b3c2462	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691