ELSA-2024-4928
- ULN >
- Oracle Linux Errata repository >
- ELSA-2024-4928
ELSA-2024-4928 - kernel security update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2024-07-31 |
Description
- [5.14.0-427.28.1_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-427.28.1_4]
- mlxbf_gige: call request_irq() after NAPI initialized (Kamal Heib) [RHEL-43012 RHEL-37179] {CVE-2024-35907}
- mlxbf_gige: stop PHY during open() error paths (Kamal Heib) [RHEL-43012 RHEL-37179] {CVE-2024-35907}
- mlxbf_gige: stop interface during shutdown (Kamal Heib) [RHEL-41708 RHEL-37244] {CVE-2024-35885}
- net: amd-xgbe: Fix skb data length underflow (Ken Cox) [RHEL-43796 RHEL-43794] {CVE-2022-48743}
- nfp: flower: handle acti_netdevs allocation failure (Ken Cox) [RHEL-42852 RHEL-35158] {CVE-2024-27046}
- block: add check that partition length needs to be aligned with block size (Ming Lei) [RHEL-45501 RHEL-26616] {CVE-2023-52458}
- nfsd: hold a lighter-weight client reference over CB_RECALL_ANY (Benjamin Coddington) [RHEL-45517 RHEL-31513]
- NFSD: CREATE_SESSION must never cache NFS4ERR_DELAY replies (Benjamin Coddington) [RHEL-45517 RHEL-31513]
- NFSD: Document the phases of CREATE_SESSION (Benjamin Coddington) [RHEL-45517 RHEL-31513]
- NFSD: Fix the NFSv4.1 CREATE_SESSION operation (Benjamin Coddington) [RHEL-45517 RHEL-31513]
- icmp: prevent possible NULL dereferences from icmp_build_probe() (Antoine Tenart) [RHEL-42974 RHEL-37002] {CVE-2024-35857}
- NFSv4.1: fix handling NFS4ERR_DELAY when testing for session trunking (Scott Mayhew) [RHEL-45360 RHEL-24133]
- RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (Aristeu Rozanski) [RHEL-46335 RHEL-38634]
- RAS/AMD/ATL: Fix MI300 bank hash (Aristeu Rozanski) [RHEL-46335 RHEL-38634]
- net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Hangbin Liu) [RHEL-42689 RHEL-33271] {CVE-2024-26852}
- epoll: be better about file lifetimes (Pavel Reichl) [RHEL-44091 RHEL-44083] {CVE-2024-38580}
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (Dick Kennedy) [RHEL-40659 RHEL-40665 RHEL-24508 RHEL-39793] {CVE-2024-36924}
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (Dick Kennedy) [RHEL-40659 RHEL-40669 RHEL-24508 RHEL-39887] {CVE-2024-36952}
- bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel (Viktor Malik) [RHEL-42640 RHEL-31726] {CVE-2024-26737}
- can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv (Ken Cox) [RHEL-41489 RHEL-38415] {CVE-2021-47459}
- wifi: ath11k: restore country code during resume (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: refactor setting country code logic (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- bus: mhi: host: Add mhi_power_down_keep_dev() API to support system suspend/hibernation (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- net: qrtr: support suspend/hibernation (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: support hibernation (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: thermal: don't try to register multiple times (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: fix warning on DMA ring capabilities event (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: do not dump SRNG statistics during resume (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: remove MHI LOOPBACK channels (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
- wifi: ath11k: rearrange IRQ enable/disable in reset path (Jose Ignacio Tornos Martinez) [RHEL-46230 RHEL-12349]
[5.14.0-427.27.1_4]
- drm/ast: Fix soft lockup (CKI Backport Bot) [RHEL-45716]
- dm: call the resume method on internal suspend (Benjamin Marzinski) [RHEL-41838 RHEL-33217] {CVE-2024-26880}
- KVM: arm64: Do not re-initialize the KVM lock (Sebastian Ott) [RHEL-37528 RHEL-36279]
- KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (Sebastian Ott) [RHEL-37528 RHEL-36279]
- KVM: arm64: Fix host-programmed guest events in nVHE (Sebastian Ott) [RHEL-37528 RHEL-36279]
- KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (Sebastian Ott) [RHEL-37528 RHEL-36279]
- KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (Sebastian Ott) [RHEL-37528 RHEL-36279]
- KVM: arm64: Fix double-free following kvm_pgtable_stage2_free_unlinked() (Sebastian Ott) [RHEL-37528 RHEL-36279]
- octeontx2-af: Use separate handlers for interrupts (Kamal Heib) [RHEL-42846 RHEL-35170] {CVE-2024-27030}
- Squashfs: check the inode number is not the invalid value of zero (Abhi Das) [RHEL-42811 RHEL-35098] {CVE-2024-26982}
- net: fix sk_memory_allocated_{add|sub} vs softirqs (Paolo Abeni) [RHEL-36773 RHEL-34070]
- tcp: sk_forced_mem_schedule() optimization (Paolo Abeni) [RHEL-36773 RHEL-34070]
- net: make SK_MEMORY_PCPU_RESERV tunable (Paolo Abeni) [RHEL-36773 RHEL-34070]
- ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Pavel Reichl) [RHEL-42655 RHEL-31690] {CVE-2024-26773}
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (John Meneghini) [RHEL-42528 RHEL-38200] {CVE-2023-52809}
- KVM: x86/mmu: Retry fault before acquiring mmu_lock if mapping is changing (Maxim Levitsky) [RHEL-43388]
- s390/cpum_cf: make crypto counters upward compatible across machine types (Tobias Huschle) [RHEL-40398 RHEL-36047]
- RAS: enable CONFIG_RAS_FMPM (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS: Avoid build errors when CONFIG_DEBUG_FS=n (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/FMPM: Safely handle saved records of various sizes (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/FMPM: Avoid NULL ptr deref in get_saved_records() (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- Merge tag 'edac_updates_for_v6.9' of git://git.kernel.org/pub/scm/linux/kernel/git/ras/ras (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/FMPM: Fix off by one when unwinding on error (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/FMPM: Add debugfs interface to print record entries (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/FMPM: Save SPA values (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS: Export helper to get ras_debugfs_dir (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/ATL: Fix bit overflow in denorm_addr_df4_np2() (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS: Introduce a FRU memory poison manager (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- x86/cpu/amd: Provide a separate accessor for Node ID (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/ATL: Add MI300 row retirement support (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- Documentation: Move RAS section to admin-guide (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/ATL: Add MI300 DRAM to normalized address translation support (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/ATL: Fix array overflow in get_logical_coh_st_fabric_id_mi300() (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- RAS/AMD/ATL: Add MI300 support (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- Documentation: RAS: Add index and address translation section (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
- cpu/SMT: Make SMT control more robust against enumeration failures (Aristeu Rozanski) [RHEL-36212 RHEL-17008]
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | kernel-5.14.0-427.28.1.el9_4.src.rpm | 4717b047a3efd63c17649741efc182a7 | - | ol9_aarch64_appstream |
| kernel-5.14.0-427.28.1.el9_4.src.rpm | 4717b047a3efd63c17649741efc182a7 | - | ol9_aarch64_baseos_latest | |
| kernel-5.14.0-427.28.1.el9_4.src.rpm | 4717b047a3efd63c17649741efc182a7 | - | ol9_aarch64_codeready_builder | |
| kernel-5.14.0-427.28.1.el9_4.src.rpm | 4717b047a3efd63c17649741efc182a7 | - | ol9_aarch64_u4_baseos_patch | |
| bpftool-7.3.0-427.28.1.el9_4.aarch64.rpm | a64a186ae7f9eb12ed7d3ed43371f17c | - | ol9_aarch64_baseos_latest | |
| bpftool-7.3.0-427.28.1.el9_4.aarch64.rpm | a64a186ae7f9eb12ed7d3ed43371f17c | - | ol9_aarch64_u4_baseos_patch | |
| kernel-cross-headers-5.14.0-427.28.1.el9_4.aarch64.rpm | b122cbfd8d76cc560e6e22176d9b93ae | - | ol9_aarch64_codeready_builder | |
| kernel-headers-5.14.0-427.28.1.el9_4.aarch64.rpm | 25559f7a063d0da62fd97ebc9e0668c6 | - | ol9_aarch64_appstream | |
| kernel-tools-5.14.0-427.28.1.el9_4.aarch64.rpm | f4ce5d57cd177be5872951be7fcd1faa | - | ol9_aarch64_baseos_latest | |
| kernel-tools-5.14.0-427.28.1.el9_4.aarch64.rpm | f4ce5d57cd177be5872951be7fcd1faa | - | ol9_aarch64_u4_baseos_patch | |
| kernel-tools-libs-5.14.0-427.28.1.el9_4.aarch64.rpm | fe4b44775f72e276672ec501fa9dc8e4 | - | ol9_aarch64_baseos_latest | |
| kernel-tools-libs-5.14.0-427.28.1.el9_4.aarch64.rpm | fe4b44775f72e276672ec501fa9dc8e4 | - | ol9_aarch64_u4_baseos_patch | |
| kernel-tools-libs-devel-5.14.0-427.28.1.el9_4.aarch64.rpm | 796207db8ab291462fa11130a6c30012 | - | ol9_aarch64_codeready_builder | |
| perf-5.14.0-427.28.1.el9_4.aarch64.rpm | 110fb9ed95854e2e263a322a3d5a6f8e | - | ol9_aarch64_appstream | |
| python3-perf-5.14.0-427.28.1.el9_4.aarch64.rpm | b9ef3a41086584df88a0088fb6526469 | - | ol9_aarch64_baseos_latest | |
| python3-perf-5.14.0-427.28.1.el9_4.aarch64.rpm | b9ef3a41086584df88a0088fb6526469 | - | ol9_aarch64_u4_baseos_patch | |
| Oracle Linux 9 (x86_64) | kernel-5.14.0-427.28.1.el9_4.src.rpm | 4717b047a3efd63c17649741efc182a7 | - | ol9_x86_64_appstream |
| kernel-5.14.0-427.28.1.el9_4.src.rpm | 4717b047a3efd63c17649741efc182a7 | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-427.28.1.el9_4.src.rpm | 4717b047a3efd63c17649741efc182a7 | - | ol9_x86_64_codeready_builder | |
| kernel-5.14.0-427.28.1.el9_4.src.rpm | 4717b047a3efd63c17649741efc182a7 | - | ol9_x86_64_u4_baseos_patch | |
| bpftool-7.3.0-427.28.1.el9_4.x86_64.rpm | d513ab23f930704d7909128e3280403f | - | ol9_x86_64_baseos_latest | |
| bpftool-7.3.0-427.28.1.el9_4.x86_64.rpm | d513ab23f930704d7909128e3280403f | - | ol9_x86_64_u4_baseos_patch | |
| kernel-5.14.0-427.28.1.el9_4.x86_64.rpm | d62d0efb451079502ad227b22e4c6b45 | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-427.28.1.el9_4.x86_64.rpm | d62d0efb451079502ad227b22e4c6b45 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-abi-stablelists-5.14.0-427.28.1.el9_4.noarch.rpm | 1cba320943a92ae24432645ca2384816 | - | ol9_x86_64_baseos_latest | |
| kernel-abi-stablelists-5.14.0-427.28.1.el9_4.noarch.rpm | 1cba320943a92ae24432645ca2384816 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-core-5.14.0-427.28.1.el9_4.x86_64.rpm | 4d9c692b62ea4c65a236a0c4ecfff206 | - | ol9_x86_64_baseos_latest | |
| kernel-core-5.14.0-427.28.1.el9_4.x86_64.rpm | 4d9c692b62ea4c65a236a0c4ecfff206 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-cross-headers-5.14.0-427.28.1.el9_4.x86_64.rpm | 6620c1dff9dfda34dfb9f610fa77338e | - | ol9_x86_64_codeready_builder | |
| kernel-debug-5.14.0-427.28.1.el9_4.x86_64.rpm | af0ff8e7aacbc744f94e6abd973ddade | - | ol9_x86_64_baseos_latest | |
| kernel-debug-5.14.0-427.28.1.el9_4.x86_64.rpm | af0ff8e7aacbc744f94e6abd973ddade | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-core-5.14.0-427.28.1.el9_4.x86_64.rpm | 8934f9a42f9e330a4f30386bd4377ec2 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-core-5.14.0-427.28.1.el9_4.x86_64.rpm | 8934f9a42f9e330a4f30386bd4377ec2 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-devel-5.14.0-427.28.1.el9_4.x86_64.rpm | 382d3ed83858a04a9120f809d5cd2709 | - | ol9_x86_64_appstream | |
| kernel-debug-devel-matched-5.14.0-427.28.1.el9_4.x86_64.rpm | b4ed8f8d7509ffd00d421f7eb74adea7 | - | ol9_x86_64_appstream | |
| kernel-debug-modules-5.14.0-427.28.1.el9_4.x86_64.rpm | e685087dfe246e21aeb595adb3bdda39 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-5.14.0-427.28.1.el9_4.x86_64.rpm | e685087dfe246e21aeb595adb3bdda39 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-modules-core-5.14.0-427.28.1.el9_4.x86_64.rpm | 023c2c4ab47506af89a4f0b27cae1cde | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-core-5.14.0-427.28.1.el9_4.x86_64.rpm | 023c2c4ab47506af89a4f0b27cae1cde | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-modules-extra-5.14.0-427.28.1.el9_4.x86_64.rpm | 9e3c60b4cb627f5c0eef829192d50f05 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-extra-5.14.0-427.28.1.el9_4.x86_64.rpm | 9e3c60b4cb627f5c0eef829192d50f05 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-uki-virt-5.14.0-427.28.1.el9_4.x86_64.rpm | ca039b90f55a1519037fddbb43db2a3f | - | ol9_x86_64_baseos_latest | |
| kernel-debug-uki-virt-5.14.0-427.28.1.el9_4.x86_64.rpm | ca039b90f55a1519037fddbb43db2a3f | - | ol9_x86_64_u4_baseos_patch | |
| kernel-devel-5.14.0-427.28.1.el9_4.x86_64.rpm | 5ca19d4a680a4962e1cc3db634d57b12 | - | ol9_x86_64_appstream | |
| kernel-devel-matched-5.14.0-427.28.1.el9_4.x86_64.rpm | 95f6d22690accde7a3439da7b43a7764 | - | ol9_x86_64_appstream | |
| kernel-doc-5.14.0-427.28.1.el9_4.noarch.rpm | 4114956eccef5d4855cefaafd7362ef4 | - | ol9_x86_64_appstream | |
| kernel-headers-5.14.0-427.28.1.el9_4.x86_64.rpm | 6379e873a6c63a02bb1726df93294807 | - | ol9_x86_64_appstream | |
| kernel-modules-5.14.0-427.28.1.el9_4.x86_64.rpm | 68a47f602b2c22d35017669a5810d804 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-5.14.0-427.28.1.el9_4.x86_64.rpm | 68a47f602b2c22d35017669a5810d804 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-modules-core-5.14.0-427.28.1.el9_4.x86_64.rpm | 5158bba1ddc579bdeca906647123d8f7 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-core-5.14.0-427.28.1.el9_4.x86_64.rpm | 5158bba1ddc579bdeca906647123d8f7 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-modules-extra-5.14.0-427.28.1.el9_4.x86_64.rpm | 8187d74b6adefbd7cbf65dbf3f330222 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-extra-5.14.0-427.28.1.el9_4.x86_64.rpm | 8187d74b6adefbd7cbf65dbf3f330222 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-tools-5.14.0-427.28.1.el9_4.x86_64.rpm | cb655730db42244c25b80340e364a3e5 | - | ol9_x86_64_baseos_latest | |
| kernel-tools-5.14.0-427.28.1.el9_4.x86_64.rpm | cb655730db42244c25b80340e364a3e5 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-tools-libs-5.14.0-427.28.1.el9_4.x86_64.rpm | 1b36b62797cd06d11e2b15542d477b80 | - | ol9_x86_64_baseos_latest | |
| kernel-tools-libs-5.14.0-427.28.1.el9_4.x86_64.rpm | 1b36b62797cd06d11e2b15542d477b80 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-tools-libs-devel-5.14.0-427.28.1.el9_4.x86_64.rpm | 105bd75454240ec397a5b19c8608ad69 | - | ol9_x86_64_codeready_builder | |
| kernel-uki-virt-5.14.0-427.28.1.el9_4.x86_64.rpm | a8b8dfb8e35f7864193c1eb235acece9 | - | ol9_x86_64_baseos_latest | |
| kernel-uki-virt-5.14.0-427.28.1.el9_4.x86_64.rpm | a8b8dfb8e35f7864193c1eb235acece9 | - | ol9_x86_64_u4_baseos_patch | |
| libperf-5.14.0-427.28.1.el9_4.x86_64.rpm | 6d2f16e389c53390fad44c4f755d62fd | - | ol9_x86_64_codeready_builder | |
| perf-5.14.0-427.28.1.el9_4.x86_64.rpm | e0f7316abfe7a825776dc93bb15ccf7c | - | ol9_x86_64_appstream | |
| python3-perf-5.14.0-427.28.1.el9_4.x86_64.rpm | 1016ca65a9f9252ac57a641dfb85cd26 | - | ol9_x86_64_baseos_latest | |
| python3-perf-5.14.0-427.28.1.el9_4.x86_64.rpm | 1016ca65a9f9252ac57a641dfb85cd26 | - | ol9_x86_64_u4_baseos_patch | |
| rtla-5.14.0-427.28.1.el9_4.x86_64.rpm | d39d97150564e81a19d7838e874262d8 | - | ol9_x86_64_appstream | |
| rv-5.14.0-427.28.1.el9_4.x86_64.rpm | 2c722448efa15fa70454113fa1bba1e9 | - | ol9_x86_64_appstream | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
