ELSA-2024-2758

ULN >
Oracle Linux Errata repository >
ELSA-2024-2758

ELSA-2024-2758 - kernel security and bug fix update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-05-08

Description

[5.14.0-427.16.1_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-427.16.1_4]
- memory: tegra: Skip SID programming if SID registers aren't set (Robert Foss) [RHEL-32675 RHEL-23656]
- memory: tegra: Add SID override programming for MC clients (Robert Foss) [RHEL-32675 RHEL-23656]
- iommu: Don't reserve 0-length IOVA region (Robert Foss) [RHEL-32675 RHEL-23656]

[5.14.0-427.15.1_4]
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (Michal Schmidt) [RHEL-30110 RHEL-19000]
- ice: avoid the PTP hardware semaphore in gettimex64 path (Michal Schmidt) [RHEL-30110 RHEL-19000]
- ice: add ice_adapter for shared data across PFs on the same NIC (Michal Schmidt) [RHEL-30110 RHEL-19000]
- crypto: iaa - mark tech preview (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix nr_cpus < nr_iaa case (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - fix the missing CRYPTO_ALG_ASYNC in cra_flags (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix comp/decomp delay statistics (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Fix async_disable descriptor leak (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Remove unnecessary debugfs_create_dir() error check in iaa_crypto_debugfs_init() (Vladis Dronov) [RHEL-32242 RHEL-29685]
- crypto: iaa - Remove header table code (Vladis Dronov) [RHEL-32242 RHEL-29685]
- cgroup: cgroup-v1: do not exclude cgrp_dfl_root (Laurent Vivier) [RHEL-32716 RHEL-31381]
- x86/sev: Harden #VC instruction emulation somewhat (Vitaly Kuznetsov) [RHEL-30030 RHEL-30031] {CVE-2024-25743 CVE-2024-25742}

[5.14.0-427.14.1_4]
- crypto: dh - implement FIPS PCT (Vladis Dronov) [RHEL-27009 RHEL-25845]
- crypto: tcrypt - add ffdhe2048(dh) test (Vladis Dronov) [RHEL-27009 RHEL-25845]
- crypto: dh - Make public key test FIPS-only (Vladis Dronov) [RHEL-27009 RHEL-25845]
- printk: allow disabling printk per-console device kthreads at boot (Luis Claudio R. Goncalves) [RHEL-30678 RHEL-17709]
- mm, vmscan: remove ISOLATE_UNMAPPED (Nico Pache) [RHEL-29235 RHEL-28667]
- trace-vmscan-postprocess: sync with tracepoints updates (Nico Pache) [RHEL-29235 RHEL-28667]
- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: skip special VMAs in lru_gen_look_around() (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: reclaim offlined memcgs harder (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: try to stop at high watermarks (Nico Pache) [RHEL-29235 RHEL-28667]
- mm/mglru: fix underprotected page cache (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: reuse some legacy trace events (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: improve design doc (Nico Pache) [RHEL-29235 RHEL-28667]
- mm: multi-gen LRU: clean up sysfs code (Nico Pache) [RHEL-29235 RHEL-28667]
- cpu/hotplug: Do not bail-out in DYING/STARTING sections (David Arcari) [RHEL-29673 RHEL-19514]
- crypto: akcipher - Disable signing and decryption (Herbert Xu) [RHEL-29079 RHEL-17113] {CVE-2023-6240}

Related CVEs

CVE-2024-25742

CVE-2023-6240

CVE-2024-25743

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-427.16.1.el9_4.src.rpm	249fb1c22bce8d06b22470c7bb3e14b96513ce51a837535dd840688d1331f5dc	-	ol9_aarch64_appstream
	kernel-5.14.0-427.16.1.el9_4.src.rpm	249fb1c22bce8d06b22470c7bb3e14b96513ce51a837535dd840688d1331f5dc	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-427.16.1.el9_4.src.rpm	249fb1c22bce8d06b22470c7bb3e14b96513ce51a837535dd840688d1331f5dc	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-427.16.1.el9_4.src.rpm	249fb1c22bce8d06b22470c7bb3e14b96513ce51a837535dd840688d1331f5dc	-	ol9_aarch64_u4_baseos_patch
	bpftool-7.3.0-427.16.1.el9_4.aarch64.rpm	56f7071e4f0f681226314f012a4ef4f14edef1b3654a05ce00c391eafc42a0b1	-	ol9_aarch64_baseos_latest
	bpftool-7.3.0-427.16.1.el9_4.aarch64.rpm	56f7071e4f0f681226314f012a4ef4f14edef1b3654a05ce00c391eafc42a0b1	-	ol9_aarch64_u4_baseos_patch
	kernel-cross-headers-5.14.0-427.16.1.el9_4.aarch64.rpm	28d6697a2d61e0caf24e14533343312d5bfb9881367152b47e13ef6c3b0ce31b	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-427.16.1.el9_4.aarch64.rpm	15184662e9af3eb49a1b3bf4ed33115bc119b66df09f86211cc4fedaad586843	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-427.16.1.el9_4.aarch64.rpm	7dfbf7a244d6907f4b2a7d9e4edb4e3a03abd0abdeb12e30d428e5fc55425f18	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-427.16.1.el9_4.aarch64.rpm	7dfbf7a244d6907f4b2a7d9e4edb4e3a03abd0abdeb12e30d428e5fc55425f18	-	ol9_aarch64_u4_baseos_patch
	kernel-tools-libs-5.14.0-427.16.1.el9_4.aarch64.rpm	f7f1cf398d5bc4804c250d027df35ecdae2d7c73a0178345afd39e229c29594d	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-427.16.1.el9_4.aarch64.rpm	f7f1cf398d5bc4804c250d027df35ecdae2d7c73a0178345afd39e229c29594d	-	ol9_aarch64_u4_baseos_patch
	kernel-tools-libs-devel-5.14.0-427.16.1.el9_4.aarch64.rpm	31ab2ed752847fcae3ae6669e167a68efa02b7c5a74d96ddd85acfcb840608aa	-	ol9_aarch64_codeready_builder
	perf-5.14.0-427.16.1.el9_4.aarch64.rpm	92504b877cff83b3baf75e855b8c24c7a303b47f0a7ce5e0bf4ee1d2500a6845	-	ol9_aarch64_appstream
	python3-perf-5.14.0-427.16.1.el9_4.aarch64.rpm	b5b43dcbd409615a8bda2cfe7cfbca9f7101db1faa2bdb850f520a7096765fc4	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-427.16.1.el9_4.aarch64.rpm	b5b43dcbd409615a8bda2cfe7cfbca9f7101db1faa2bdb850f520a7096765fc4	-	ol9_aarch64_u4_baseos_patch

Oracle Linux 9 (x86_64)	kernel-5.14.0-427.16.1.el9_4.src.rpm	249fb1c22bce8d06b22470c7bb3e14b96513ce51a837535dd840688d1331f5dc	-	ol9_x86_64_appstream
	kernel-5.14.0-427.16.1.el9_4.src.rpm	249fb1c22bce8d06b22470c7bb3e14b96513ce51a837535dd840688d1331f5dc	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-427.16.1.el9_4.src.rpm	249fb1c22bce8d06b22470c7bb3e14b96513ce51a837535dd840688d1331f5dc	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-427.16.1.el9_4.src.rpm	249fb1c22bce8d06b22470c7bb3e14b96513ce51a837535dd840688d1331f5dc	-	ol9_x86_64_u4_baseos_patch
	bpftool-7.3.0-427.16.1.el9_4.x86_64.rpm	a94469d7345a61c310606829f16627221ae9a23095a1a9f322700db507c6a5e0	-	ol9_x86_64_baseos_latest
	bpftool-7.3.0-427.16.1.el9_4.x86_64.rpm	a94469d7345a61c310606829f16627221ae9a23095a1a9f322700db507c6a5e0	-	ol9_x86_64_u4_baseos_patch
	kernel-5.14.0-427.16.1.el9_4.x86_64.rpm	aa0c1b287c4259911a65186a6260fcd949ec62fffda1c01377955f69c26a18c5	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-427.16.1.el9_4.x86_64.rpm	aa0c1b287c4259911a65186a6260fcd949ec62fffda1c01377955f69c26a18c5	-	ol9_x86_64_u4_baseos_patch
	kernel-abi-stablelists-5.14.0-427.16.1.el9_4.noarch.rpm	a16ca1762e4fccd1d02ac65741206826c280783eda10e6554cbc3012c04f9d43	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-427.16.1.el9_4.noarch.rpm	a16ca1762e4fccd1d02ac65741206826c280783eda10e6554cbc3012c04f9d43	-	ol9_x86_64_u4_baseos_patch
	kernel-core-5.14.0-427.16.1.el9_4.x86_64.rpm	67142bcea4a5ed27a5ccd7673ad4738a9039689e3508642415f465f8a904bf3e	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-427.16.1.el9_4.x86_64.rpm	67142bcea4a5ed27a5ccd7673ad4738a9039689e3508642415f465f8a904bf3e	-	ol9_x86_64_u4_baseos_patch
	kernel-cross-headers-5.14.0-427.16.1.el9_4.x86_64.rpm	7bea5bfd9dab73186d4eb1a20afdd0f9d259a763b6daed358bfa3bf5f4904210	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-427.16.1.el9_4.x86_64.rpm	20f90a92d83df6104503cc5cde47df8b02a40a4091547d3ec35ccd875ad9c1b4	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-427.16.1.el9_4.x86_64.rpm	20f90a92d83df6104503cc5cde47df8b02a40a4091547d3ec35ccd875ad9c1b4	-	ol9_x86_64_u4_baseos_patch
	kernel-debug-core-5.14.0-427.16.1.el9_4.x86_64.rpm	169c6680af624ca1764064f6b4ab492027f8568b13c29e984a92300d1ea4aaf8	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-427.16.1.el9_4.x86_64.rpm	169c6680af624ca1764064f6b4ab492027f8568b13c29e984a92300d1ea4aaf8	-	ol9_x86_64_u4_baseos_patch
	kernel-debug-devel-5.14.0-427.16.1.el9_4.x86_64.rpm	2c244bd714e5bcf0bdbd69d42b5a73dc6f6a90d0723de4c5068ac1edaf214d9d	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-427.16.1.el9_4.x86_64.rpm	daf9795a5bf2658636d341909a208e65208aa27fdcb2e3380ed49f9bfec26db2	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-427.16.1.el9_4.x86_64.rpm	cf815270df47aad171b2a1321ea808a4e1c4b8f80a1cca8f4cd518e1083c89bc	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-427.16.1.el9_4.x86_64.rpm	cf815270df47aad171b2a1321ea808a4e1c4b8f80a1cca8f4cd518e1083c89bc	-	ol9_x86_64_u4_baseos_patch
	kernel-debug-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm	0acbf25671fe8ba0c183bb3d295755f9fa5d15f405a3d3f7ee9672f0199acc67	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm	0acbf25671fe8ba0c183bb3d295755f9fa5d15f405a3d3f7ee9672f0199acc67	-	ol9_x86_64_u4_baseos_patch
	kernel-debug-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm	2f5468c437de8e42240d67c9e19d4a2bd60890fd41a0d5af72b28099eb858181	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm	2f5468c437de8e42240d67c9e19d4a2bd60890fd41a0d5af72b28099eb858181	-	ol9_x86_64_u4_baseos_patch
	kernel-devel-5.14.0-427.16.1.el9_4.x86_64.rpm	c0e399d8854ab4c78282fd133d7758d3ba48306dc7f84ecd26bf2380c6b94d0c	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-427.16.1.el9_4.x86_64.rpm	6bfb1b199951dface1a2c942908a8184691ce0c113123c3b47ee6b4588f9549e	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-427.16.1.el9_4.noarch.rpm	017e32e4425fea658eafdc417c17d3e64a8166aa2d861b3f3eb8193ce3ac0409	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-427.16.1.el9_4.x86_64.rpm	09430990c666a53417185f5dfddf79fed386fea953b15747b63e4cef6253d63f	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-427.16.1.el9_4.x86_64.rpm	8d52849a0214139046216e622719a960cc0dbb2cbf8a1a1a65255d8e7c21f0fd	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-427.16.1.el9_4.x86_64.rpm	8d52849a0214139046216e622719a960cc0dbb2cbf8a1a1a65255d8e7c21f0fd	-	ol9_x86_64_u4_baseos_patch
	kernel-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm	b055f7975a0d61b1d7791749dc84ae2d29d8b32bdba9dc75369f58b3386534ab	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-427.16.1.el9_4.x86_64.rpm	b055f7975a0d61b1d7791749dc84ae2d29d8b32bdba9dc75369f58b3386534ab	-	ol9_x86_64_u4_baseos_patch
	kernel-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm	6b0aa2858f1c9e6a11a32424fba82084f6dff8a95b1588b9073a6a0993f0ccef	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-427.16.1.el9_4.x86_64.rpm	6b0aa2858f1c9e6a11a32424fba82084f6dff8a95b1588b9073a6a0993f0ccef	-	ol9_x86_64_u4_baseos_patch
	kernel-tools-5.14.0-427.16.1.el9_4.x86_64.rpm	2d6600f4051932dcbe70adca09ee4357e39e25f8020cc2010733d48f473a7da2	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-427.16.1.el9_4.x86_64.rpm	2d6600f4051932dcbe70adca09ee4357e39e25f8020cc2010733d48f473a7da2	-	ol9_x86_64_u4_baseos_patch
	kernel-tools-libs-5.14.0-427.16.1.el9_4.x86_64.rpm	2695658f3d3a5ee04f6384bddc9fa6e03d6f2609d30e7e95c5ddac497cd9fc08	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-427.16.1.el9_4.x86_64.rpm	2695658f3d3a5ee04f6384bddc9fa6e03d6f2609d30e7e95c5ddac497cd9fc08	-	ol9_x86_64_u4_baseos_patch
	kernel-tools-libs-devel-5.14.0-427.16.1.el9_4.x86_64.rpm	b4deabb0cd11266a5477142534d769c2550cae3ce72995c031c357c09c70c2a4	-	ol9_x86_64_codeready_builder
	libperf-5.14.0-427.16.1.el9_4.x86_64.rpm	744d8b9402a307b13a93c1476c91db0daf96965d60c51d622c1990d680cdcf1d	-	ol9_x86_64_codeready_builder
	perf-5.14.0-427.16.1.el9_4.x86_64.rpm	5803273600939be9c46b3c7fbe248c17ebf3b91f41b8e4344d2d7cf4de55107b	-	ol9_x86_64_appstream
	python3-perf-5.14.0-427.16.1.el9_4.x86_64.rpm	13b3bf5774027125de7b4c365612e73fc507d4723cb6f7b80a44e64265d2a038	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-427.16.1.el9_4.x86_64.rpm	13b3bf5774027125de7b4c365612e73fc507d4723cb6f7b80a44e64265d2a038	-	ol9_x86_64_u4_baseos_patch
	rtla-5.14.0-427.16.1.el9_4.x86_64.rpm	f705e6ba34e48675fcf6ff4f5ed6f8a69bf7669202ce8214d232f2a98d4843de	-	ol9_x86_64_appstream
	rv-5.14.0-427.16.1.el9_4.x86_64.rpm	be8fb0af20781e4ad83b798137f3548eddb60d8af11fee0844123bf4ca4948da	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691