ELSA-2024-4583
- ULN >
- Oracle Linux Errata repository >
- ELSA-2024-4583
ELSA-2024-4583 - kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2024-07-18 |
Description
- [5.14.0-427.26.1_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-427.26.1_4]
- net: ena: Fix incorrect descriptor free behavior (Kamal Heib) [RHEL-39217 RHEL-37430] {CVE-2024-35958}
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Guillaume Nault) [RHEL-41749 RHEL-39837] {CVE-2024-36904}
- mm/mglru: Revert 'don't sync disk for each aging cycle' (Waiman Long) [RHEL-44418]
- tipc: fix UAF in error path (Xin Long) [RHEL-34848 RHEL-34280] {CVE-2024-36886}
- selftest/cgroup: Update test_cpuset_prs.sh to match changes (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Make cpuset.cpus.exclusive independent of cpuset.cpus (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Delay setting of CS_CPU_EXCLUSIVE until valid partition (Waiman Long) [RHEL-45139]
- selftest/cgroup: Fix test_cpuset_prs.sh problems reported by test robot (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Fix remote root partition creation problem (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Optimize isolated partition only generate_sched_domains() calls (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Fix retval in update_cpumask() (Waiman Long) [RHEL-45139]
- cgroup/cpuset: Fix a memory leak in update_exclusive_cpumask() (Waiman Long) [RHEL-45139]
- ice: implement AQ download pkg retry (Petr Oros) [RHEL-38907 RHEL-17318]
- redhat: include resolve_btfids in kernel-devel (Viktor Malik) [RHEL-43426 RHEL-40707]
- blk-cgroup: fix list corruption from resetting io stat (cki-backport-bot) [RHEL-44977] {CVE-2024-38663}
- misc: rtsx: do clear express reg every SD_INT (David Arcari) [RHEL-39985 RHEL-33706]
- misc: rtsx: Fix rts5264 driver status incorrect when card removed (David Arcari) [RHEL-39985 RHEL-33706]
- netfilter: tproxy: bail out if IP has been disabled on the device (cki-backport-bot) [RHEL-44371] {CVE-2024-36270}
- lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (cki-backport-bot) [RHEL-44263 RHEL-44261] {CVE-2024-38543}
- r8169: Fix possible ring buffer corruption on fragmented Tx packets. (cki-backport-bot) [RHEL-44039] {CVE-2024-38586}
- net: micrel: Fix receiving the timestamp in the frame for lan8841 (cki-backport-bot) [RHEL-43996] {CVE-2024-38593}
- vt: fix memory overlapping when deleting chars in the buffer (Waiman Long) [RHEL-43379 RHEL-27780] {CVE-2022-48627}
- net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (Kamal Heib) [RHEL-42728 RHEL-34192] {CVE-2024-26858}
- locking/atomic: Make test_and_*_bit() ordered on failure (Paolo Bonzini) [RHEL-45896]
- mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index (Rafael Aquini) [RHEL-42659 RHEL-31840] {CVE-2024-26783}
- can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (Jose Ignacio Tornos Martinez) [RHEL-42379 RHEL-31530] {CVE-2023-52638}
- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Ken Cox) [RHEL-42226 RHEL-38715] {CVE-2021-47548}
[5.14.0-427.25.1_4]
- nvme: fix reconnection fail due to reserved tag allocation (Maurizio Lombardi) [RHEL-42896 RHEL-36896] {CVE-2024-27435}
- net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg (cki-backport-bot) [RHEL-43625] {CVE-2021-47596}
- scsi: sg: Avoid race in error handling & drop bogus warn (Ewan D. Milne) [RHEL-36106 RHEL-35659]
- scsi: sg: Avoid sg device teardown race (Ewan D. Milne) [RHEL-36106 RHEL-35659]
- netfilter: nf_tables: use timestamp to check for set element timeout (Florian Westphal) [RHEL-38032 RHEL-33985] {CVE-2024-27397}
- netfilter: nft_set_rbtree: Remove unused variable nft_net (Florian Westphal) [RHEL-38032 RHEL-33985]
- netfilter: nft_set_rbtree: prefer sync gc to async worker (Florian Westphal) [RHEL-38032 RHEL-33985]
- netfilter: nft_set_rbtree: rename gc deactivate+erase function (Florian Westphal) [RHEL-38032 RHEL-33985]
- netfilter: nf_tables: de-constify set commit ops function argument (Florian Westphal) [RHEL-38032 RHEL-33985]
- octeontx2-af: avoid off-by-one read from userspace (Kamal Heib) [RHEL-40486 RHEL-39873] {CVE-2024-36957}
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | kernel-5.14.0-427.26.1.el9_4.src.rpm | 48345629650f8403deba8d29b9c0b9e50d5825c75a803f9cea0a6ac7c297be9a | - | ol9_aarch64_appstream |
| kernel-5.14.0-427.26.1.el9_4.src.rpm | 48345629650f8403deba8d29b9c0b9e50d5825c75a803f9cea0a6ac7c297be9a | - | ol9_aarch64_baseos_latest | |
| kernel-5.14.0-427.26.1.el9_4.src.rpm | 48345629650f8403deba8d29b9c0b9e50d5825c75a803f9cea0a6ac7c297be9a | - | ol9_aarch64_codeready_builder | |
| kernel-5.14.0-427.26.1.el9_4.src.rpm | 48345629650f8403deba8d29b9c0b9e50d5825c75a803f9cea0a6ac7c297be9a | - | ol9_aarch64_u4_baseos_patch | |
| bpftool-7.3.0-427.26.1.el9_4.aarch64.rpm | d97cbc9f353a0df726151eee0ad5f9721ce5ce23ae9c8fa0706c5844fad2840e | - | ol9_aarch64_baseos_latest | |
| bpftool-7.3.0-427.26.1.el9_4.aarch64.rpm | d97cbc9f353a0df726151eee0ad5f9721ce5ce23ae9c8fa0706c5844fad2840e | - | ol9_aarch64_u4_baseos_patch | |
| kernel-cross-headers-5.14.0-427.26.1.el9_4.aarch64.rpm | fc16e678cdc0ebf517fed6d3f22b06e162ee853e3b27a0eab878bae3a7a664c3 | - | ol9_aarch64_codeready_builder | |
| kernel-headers-5.14.0-427.26.1.el9_4.aarch64.rpm | ea229b7d570c3ce24a105f970b81f8afcaa7724224727f17973331019cc42f9e | - | ol9_aarch64_appstream | |
| kernel-tools-5.14.0-427.26.1.el9_4.aarch64.rpm | 46019cb202d9befea8c38a878dc776efb5c7cd549dabdfcccad090cd81d8178b | - | ol9_aarch64_baseos_latest | |
| kernel-tools-5.14.0-427.26.1.el9_4.aarch64.rpm | 46019cb202d9befea8c38a878dc776efb5c7cd549dabdfcccad090cd81d8178b | - | ol9_aarch64_u4_baseos_patch | |
| kernel-tools-libs-5.14.0-427.26.1.el9_4.aarch64.rpm | d587c1ae0512ea074b8bcffc819689a1fe125530a6c323d6d5a1c493570fa501 | - | ol9_aarch64_baseos_latest | |
| kernel-tools-libs-5.14.0-427.26.1.el9_4.aarch64.rpm | d587c1ae0512ea074b8bcffc819689a1fe125530a6c323d6d5a1c493570fa501 | - | ol9_aarch64_u4_baseos_patch | |
| kernel-tools-libs-devel-5.14.0-427.26.1.el9_4.aarch64.rpm | 7f6be13501dd2c1be62d7968cbce33389fe3f3954f117ce0a4f14719120e6319 | - | ol9_aarch64_codeready_builder | |
| perf-5.14.0-427.26.1.el9_4.aarch64.rpm | 6cbe9c4c2a1b4cc0606f470c27c32f3996e143141590e374e6b42f460a73ebdd | - | ol9_aarch64_appstream | |
| python3-perf-5.14.0-427.26.1.el9_4.aarch64.rpm | e9b5dd96f48f545242e0d7e1b5e970e319393c7b0363c46e68d7a86606fb6145 | - | ol9_aarch64_baseos_latest | |
| python3-perf-5.14.0-427.26.1.el9_4.aarch64.rpm | e9b5dd96f48f545242e0d7e1b5e970e319393c7b0363c46e68d7a86606fb6145 | - | ol9_aarch64_u4_baseos_patch | |
| Oracle Linux 9 (x86_64) | kernel-5.14.0-427.26.1.el9_4.src.rpm | 48345629650f8403deba8d29b9c0b9e50d5825c75a803f9cea0a6ac7c297be9a | - | ol9_x86_64_appstream |
| kernel-5.14.0-427.26.1.el9_4.src.rpm | 48345629650f8403deba8d29b9c0b9e50d5825c75a803f9cea0a6ac7c297be9a | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-427.26.1.el9_4.src.rpm | 48345629650f8403deba8d29b9c0b9e50d5825c75a803f9cea0a6ac7c297be9a | - | ol9_x86_64_codeready_builder | |
| kernel-5.14.0-427.26.1.el9_4.src.rpm | 48345629650f8403deba8d29b9c0b9e50d5825c75a803f9cea0a6ac7c297be9a | - | ol9_x86_64_u4_baseos_patch | |
| bpftool-7.3.0-427.26.1.el9_4.x86_64.rpm | 40c7b73610249061a6fb89435a4a8f296c221e6fa794e9e5b8095db9b17a1eba | - | ol9_x86_64_baseos_latest | |
| bpftool-7.3.0-427.26.1.el9_4.x86_64.rpm | 40c7b73610249061a6fb89435a4a8f296c221e6fa794e9e5b8095db9b17a1eba | - | ol9_x86_64_u4_baseos_patch | |
| kernel-5.14.0-427.26.1.el9_4.x86_64.rpm | 1b98bbec95f75fa04ebc129339b2e6a2349f1b842624ecee12c54c4ffee38dee | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-427.26.1.el9_4.x86_64.rpm | 1b98bbec95f75fa04ebc129339b2e6a2349f1b842624ecee12c54c4ffee38dee | - | ol9_x86_64_u4_baseos_patch | |
| kernel-abi-stablelists-5.14.0-427.26.1.el9_4.noarch.rpm | a9ece7e11cbe095d6a1305e0c6c5928bf888c96cc92c7d2e2f2c4f1e23530f66 | - | ol9_x86_64_baseos_latest | |
| kernel-abi-stablelists-5.14.0-427.26.1.el9_4.noarch.rpm | a9ece7e11cbe095d6a1305e0c6c5928bf888c96cc92c7d2e2f2c4f1e23530f66 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-core-5.14.0-427.26.1.el9_4.x86_64.rpm | 324db6ca27e3e065963b3d1a2a41dc4dec97d069a68d8beb6d9533f6768419a2 | - | ol9_x86_64_baseos_latest | |
| kernel-core-5.14.0-427.26.1.el9_4.x86_64.rpm | 324db6ca27e3e065963b3d1a2a41dc4dec97d069a68d8beb6d9533f6768419a2 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-cross-headers-5.14.0-427.26.1.el9_4.x86_64.rpm | 4619fc4081db9c2994aa28c728fd52fe2519ac244a237999edd4cb1a499bc4ea | - | ol9_x86_64_codeready_builder | |
| kernel-debug-5.14.0-427.26.1.el9_4.x86_64.rpm | 9bc4174f33c8b25439527df6dc610482529d4fa42f9bb7c7764705898a95f4d0 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-5.14.0-427.26.1.el9_4.x86_64.rpm | 9bc4174f33c8b25439527df6dc610482529d4fa42f9bb7c7764705898a95f4d0 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-core-5.14.0-427.26.1.el9_4.x86_64.rpm | 5896371e212c4312a7a4e1110cbccf199c45c97861f9a514acc2ba08d07899d3 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-core-5.14.0-427.26.1.el9_4.x86_64.rpm | 5896371e212c4312a7a4e1110cbccf199c45c97861f9a514acc2ba08d07899d3 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-devel-5.14.0-427.26.1.el9_4.x86_64.rpm | 73985d2ad92ee6e77c0adb8d32c0d03d105f816f08c321c7fb3050a6fb16389c | - | ol9_x86_64_appstream | |
| kernel-debug-devel-matched-5.14.0-427.26.1.el9_4.x86_64.rpm | 0f9c244b5a38921e05b1ca3fe474fe20cabf91422595fc905dbfe59b737e7331 | - | ol9_x86_64_appstream | |
| kernel-debug-modules-5.14.0-427.26.1.el9_4.x86_64.rpm | d47dd22abdcfd3e15e589cc93f2ba53eae7c0802eef058f08bc0e1fdd18023b3 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-5.14.0-427.26.1.el9_4.x86_64.rpm | d47dd22abdcfd3e15e589cc93f2ba53eae7c0802eef058f08bc0e1fdd18023b3 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-modules-core-5.14.0-427.26.1.el9_4.x86_64.rpm | dce20b3947f329872a3e5f0b8837830e22f291d4210edeccee3c902355253423 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-core-5.14.0-427.26.1.el9_4.x86_64.rpm | dce20b3947f329872a3e5f0b8837830e22f291d4210edeccee3c902355253423 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-modules-extra-5.14.0-427.26.1.el9_4.x86_64.rpm | 841a4443de97812ec9d0ce2815d5d42125f56fd0741044c5bd73783900f5973b | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-extra-5.14.0-427.26.1.el9_4.x86_64.rpm | 841a4443de97812ec9d0ce2815d5d42125f56fd0741044c5bd73783900f5973b | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-uki-virt-5.14.0-427.26.1.el9_4.x86_64.rpm | e622cd9633d82620f6143bebd525149cc8e175cf6fb02a1ad269f3c0436bb7c4 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-uki-virt-5.14.0-427.26.1.el9_4.x86_64.rpm | e622cd9633d82620f6143bebd525149cc8e175cf6fb02a1ad269f3c0436bb7c4 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-devel-5.14.0-427.26.1.el9_4.x86_64.rpm | d5245fec7c788aba6e45df8d8f233be2f608f63c6db5eb5ccb69c888003b2785 | - | ol9_x86_64_appstream | |
| kernel-devel-matched-5.14.0-427.26.1.el9_4.x86_64.rpm | c1b6aab0fad1ea03de7ca4cacee63cb2eaaaaecf8d619f658c3ef47e92d0e991 | - | ol9_x86_64_appstream | |
| kernel-doc-5.14.0-427.26.1.el9_4.noarch.rpm | da020b18687d291f9f6f901be49abd3901082b0ed2f58f26a8162696315cb97b | - | ol9_x86_64_appstream | |
| kernel-headers-5.14.0-427.26.1.el9_4.x86_64.rpm | 0f570c16c93cb76b1e5954cf5be481527e32154238b4a0ebc3e3b00e59459724 | - | ol9_x86_64_appstream | |
| kernel-modules-5.14.0-427.26.1.el9_4.x86_64.rpm | e2994c29a18d598686f1a39dff304581bfc13ffe3a78cf6583d4a72bcbe28084 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-5.14.0-427.26.1.el9_4.x86_64.rpm | e2994c29a18d598686f1a39dff304581bfc13ffe3a78cf6583d4a72bcbe28084 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-modules-core-5.14.0-427.26.1.el9_4.x86_64.rpm | df0b241017727c0383c79c68e6bb44b023d9c5ddc60b2610da1d4fbb25e098c0 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-core-5.14.0-427.26.1.el9_4.x86_64.rpm | df0b241017727c0383c79c68e6bb44b023d9c5ddc60b2610da1d4fbb25e098c0 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-modules-extra-5.14.0-427.26.1.el9_4.x86_64.rpm | 4de222988a282a3b191bc5f9a02fb74e742ca1959dc676cebfcaf4dce7cfed22 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-extra-5.14.0-427.26.1.el9_4.x86_64.rpm | 4de222988a282a3b191bc5f9a02fb74e742ca1959dc676cebfcaf4dce7cfed22 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-tools-5.14.0-427.26.1.el9_4.x86_64.rpm | 9117be355834cc195db3f3ac8dde1f2e008e6f6429c853cbdae4d54cee50d49c | - | ol9_x86_64_baseos_latest | |
| kernel-tools-5.14.0-427.26.1.el9_4.x86_64.rpm | 9117be355834cc195db3f3ac8dde1f2e008e6f6429c853cbdae4d54cee50d49c | - | ol9_x86_64_u4_baseos_patch | |
| kernel-tools-libs-5.14.0-427.26.1.el9_4.x86_64.rpm | 1f5a7b4584e39c1677d5d636fe692cfd6222b957da6a225c8bd61cd095b6ed68 | - | ol9_x86_64_baseos_latest | |
| kernel-tools-libs-5.14.0-427.26.1.el9_4.x86_64.rpm | 1f5a7b4584e39c1677d5d636fe692cfd6222b957da6a225c8bd61cd095b6ed68 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-tools-libs-devel-5.14.0-427.26.1.el9_4.x86_64.rpm | d28b95a9b7797dc65d0cfc95f4471e291678d1a96dbdba69de5f85c49df48b94 | - | ol9_x86_64_codeready_builder | |
| kernel-uki-virt-5.14.0-427.26.1.el9_4.x86_64.rpm | 3a77d6fe36f2b9596504c0ec9f6d5db2d2cd6b66dd0d6ad590c3c3c0d8d2a0b7 | - | ol9_x86_64_baseos_latest | |
| kernel-uki-virt-5.14.0-427.26.1.el9_4.x86_64.rpm | 3a77d6fe36f2b9596504c0ec9f6d5db2d2cd6b66dd0d6ad590c3c3c0d8d2a0b7 | - | ol9_x86_64_u4_baseos_patch | |
| libperf-5.14.0-427.26.1.el9_4.x86_64.rpm | 0d5e05cdd355b892e47a5047219a2654368760787e29a14044c5d7ed58ad41a6 | - | ol9_x86_64_codeready_builder | |
| perf-5.14.0-427.26.1.el9_4.x86_64.rpm | 3e8ade19ce24fa0f0caff3a964931765b14767269113a012e4e065eaee5a5fe8 | - | ol9_x86_64_appstream | |
| python3-perf-5.14.0-427.26.1.el9_4.x86_64.rpm | 33e4a8299546ae30609e222c13d0bce30b778beb2496f44b80d5c796a5da1a82 | - | ol9_x86_64_baseos_latest | |
| python3-perf-5.14.0-427.26.1.el9_4.x86_64.rpm | 33e4a8299546ae30609e222c13d0bce30b778beb2496f44b80d5c796a5da1a82 | - | ol9_x86_64_u4_baseos_patch | |
| rtla-5.14.0-427.26.1.el9_4.x86_64.rpm | 5cc854def106117c8d68299c32a8a5187b167e707695b42361107ff8e719b129 | - | ol9_x86_64_appstream | |
| rv-5.14.0-427.26.1.el9_4.x86_64.rpm | f2fb6acff82798b3ff70a07c28f49e02e3337c7c5071c619f5d97a6f9b0c95e8 | - | ol9_x86_64_appstream | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
