ELSA-2024-5363
- ULN >
- Oracle Linux Errata repository >
- ELSA-2024-5363
ELSA-2024-5363 - kernel security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2024-08-14 |
Description
[5.14.0-427.31.1_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-427.31.1_4]
- net: fix __dst_negative_advice() race (CKI Backport Bot) [RHEL-46798] {CVE-2024-36971}
- net: annotate data-races around sk->sk_dst_pending_confirm (CKI Backport Bot) [RHEL-46798] {CVE-2024-36971}
[5.14.0-427.30.1_4]
- dmaengine: idxd: add a write() method for applications to submit work (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823}
- dmaengine: idxd: add a new security check to deal with a hardware erratum (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823}
- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (Jerry Snitselaar) [RHEL-35840] {CVE-2024-21823}
- tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (Mark Salter) [RHEL-49538 RHEL-39308]
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jon Maloy) [RHEL-44467] {CVE-2024-37353}
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Izabela Bakollari) [RHEL-36271 RHEL-26682] {CVE-2024-26600}
- eeprom: at24: fix memory corruption race condition (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- eeprom: at24: Use dev_err_probe for nvmem register failure (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- eeprom: at24: Add support for 24c1025 EEPROM (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- eeprom: at24: remove struct at24_client (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- at24: Support probing while in non-zero ACPI D state (CKI Backport Bot) [RHEL-42970] {CVE-2024-35848}
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CKI Backport Bot) [RHEL-44439] {CVE-2024-37356}
- cxl/region: Fix cxlr_pmem leaks (cki-backport-bot) [RHEL-44486] {CVE-2024-38391}
- tls: fix missing memory barrier in tls_init (cki-backport-bot) [RHEL-44480] {CVE-2024-36489}
- igc: avoid returning frame twice in XDP_REDIRECT (Corinna Vinschen) [RHEL-42714 RHEL-33266] {CVE-2024-26853}
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Hangbin Liu) [RHEL-44404 RHEL-44402] {CVE-2024-33621}
- ipvlan: add ipvlan_route_v6_outbound() helper (Davide Caratti) [RHEL-44404 RHEL-32205]
- ipvlan: properly track tx_errors (Davide Caratti) [RHEL-44404 RHEL-32205]
- wifi: nl80211: don't free NULL coalescing rule (Jose Ignacio Tornos Martinez) [RHEL-41698 RHEL-39754] {CVE-2024-36941}
- wifi: iwlwifi: dbg-tlv: ensure NUL termination (Jose Ignacio Tornos Martinez) [RHEL-41658 RHEL-37028] {CVE-2024-35845}
- mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work (Ivan Vecera) [RHEL-41556 RHEL-37018] {CVE-2024-35852}
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [RHEL-44215] {CVE-2024-38558}
- wifi: iwlwifi: read txq->read_ptr under lock (Jose Ignacio Tornos Martinez) [RHEL-41520 RHEL-39799] {CVE-2024-36922}
- wifi: cfg80211: check A-MSDU format more carefully (Jose Ignacio Tornos Martinez) [RHEL-38754 RHEL-37345] {CVE-2024-35937}
- ice: fix memory corruption bug with suspend and rebuild (Petr Oros) [RHEL-49858 RHEL-17486] {CVE-2024-35911}
- ipv6: prevent possible NULL deref in fib6_nh_init() (Hangbin Liu) [RHEL-48182 RHEL-45826] {CVE-2024-40961}
- netns: Make get_net_ns() handle zero refcount net (Paolo Abeni) [RHEL-48117 RHEL-46610] {CVE-2024-40958}
- net: do not leave a dangling sk pointer, when socket creation fails (Paolo Abeni) [RHEL-48072 RHEL-46610] {CVE-2024-40954}
- net: ethtool: fix the error condition in ethtool_get_phy_stats_ethtool() (CKI Backport Bot) [RHEL-47902] {CVE-2024-40928}
- net: netlink: af_netlink: Prevent empty skb by adding a check on len. (Ivan Vecera) [RHEL-43619 RHEL-30344] {CVE-2021-47606}
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CKI Backport Bot) [RHEL-46921] {CVE-2024-39487}
- nfs: fix panic when nfs4_ff_layout_prepare_ds() fails (Benjamin Coddington) [RHEL-42732 RHEL-34875] {CVE-2024-26868}
- efi: fix panic in kdump kernel (Steve Best) [RHEL-42920 RHEL-36998] {CVE-2024-35800}
- ipv6: fix potential 'struct net' leak in inet6_rtm_getaddr() (Hangbin Liu) [RHEL-41735 RHEL-31050] {CVE-2024-27417}
- netfilter: nf_tables: do not compare internal table flags on updates (Florian Westphal) [RHEL-41682 RHEL-33985] {CVE-2024-27065}
- ipv6: Fix potential uninit-value access in __ip6_make_skb() (Antoine Tenart) [RHEL-41466 RHEL-39786] {CVE-2024-36903}
- netfilter: nf_tables: honor table dormant flag from netdev release event path (Florian Westphal) [RHEL-40056 RHEL-33985] {CVE-2024-36005}
- cifs: fix underflow in parse_server_interfaces() (Paulo Alcantara) [RHEL-34636 RHEL-31245] {CVE-2024-26828}
- drm/i915/audio: Fix audio time stamp programming for DP (CKI Backport Bot) [RHEL-45843]
- platform/x86: wmi: Fix opening of char device (David Arcari) [RHEL-42548 RHEL-38260] {CVE-2023-52864}
- platform/x86: wmi: remove unnecessary initializations (David Arcari) [RHEL-42548 RHEL-38260] {CVE-2023-52864}
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (CKI Backport Bot) [RHEL-43170] {CVE-2024-36017}
- netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (Florian Westphal) [RHEL-40062 RHEL-33985] {CVE-2024-26808}
- ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr (Jiri Benc) [RHEL-39017 RHEL-32372] {CVE-2024-35969}
- netfilter: nf_tables: flush pending destroy work before exit_net release (Florian Westphal) [RHEL-38765 RHEL-33985] {CVE-2024-35899}
- vt: fix unicode buffer corruption when deleting characters (Andrew Halaney) [RHEL-42947 RHEL-24205] {CVE-2024-35823}
[5.14.0-427.29.1_4]
- net: Avoid address overwrite in kernel_connect (Davide Caratti) [RHEL-45728 RHEL-30875]
- net: replace calls to sock->ops->connect() with kernel_connect() (Davide Caratti) [RHEL-45728 RHEL-33410]
- i40e: fix vf may be used uninitialized in this function warning (Kamal Heib) [RHEL-41638 RHEL-39704] {CVE-2024-36020}
- cifs: translate network errors on send to -ECONNABORTED (Jay Shin) [RHEL-47047 RHEL-31245]
- wifi: brcmfmac: pcie: handle randbuf allocation failure (Jose Ignacio Tornos Martinez) [RHEL-44132] {CVE-2024-38575}
- wifi: iwlwifi: mvm: guard against invalid STA ID on removal (Jose Ignacio Tornos Martinez) [RHEL-43208 RHEL-39803] {CVE-2024-36921}
- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (Jose Ignacio Tornos Martinez) [RHEL-42906 RHEL-36809] {CVE-2024-35789}
- wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (Jose Ignacio Tornos Martinez) [RHEL-42886 RHEL-36900] {CVE-2024-27434}
- wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work (Jose Ignacio Tornos Martinez) [RHEL-42860 RHEL-35142] {CVE-2024-27052}
- wifi: mt76: mt7925e: fix use-after-free in free_irq() (Jose Ignacio Tornos Martinez) [RHEL-42856 RHEL-35148] {CVE-2024-27049}
- wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete (Jose Ignacio Tornos Martinez) [RHEL-42743 RHEL-34187] {CVE-2024-26897}
- wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (Jose Ignacio Tornos Martinez) [RHEL-42383 RHEL-35199] {CVE-2023-52651}
- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-41402 RHEL-39781] {CVE-2024-36929}
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | kernel-5.14.0-427.31.1.el9_4.src.rpm | 26679f4cceaeaffdccb4f351f6da5d38 | - | ol9_aarch64_appstream |
| kernel-5.14.0-427.31.1.el9_4.src.rpm | 26679f4cceaeaffdccb4f351f6da5d38 | - | ol9_aarch64_baseos_latest | |
| kernel-5.14.0-427.31.1.el9_4.src.rpm | 26679f4cceaeaffdccb4f351f6da5d38 | - | ol9_aarch64_codeready_builder | |
| kernel-5.14.0-427.31.1.el9_4.src.rpm | 26679f4cceaeaffdccb4f351f6da5d38 | - | ol9_aarch64_u4_baseos_patch | |
| bpftool-7.3.0-427.31.1.el9_4.aarch64.rpm | bc43a24d3c5370cabc78889ab04cdb44 | - | ol9_aarch64_baseos_latest | |
| bpftool-7.3.0-427.31.1.el9_4.aarch64.rpm | bc43a24d3c5370cabc78889ab04cdb44 | - | ol9_aarch64_u4_baseos_patch | |
| kernel-cross-headers-5.14.0-427.31.1.el9_4.aarch64.rpm | cb962eaebc210aa64b8f6672e1ee49ac | - | ol9_aarch64_codeready_builder | |
| kernel-headers-5.14.0-427.31.1.el9_4.aarch64.rpm | 5120dd034c01e451e3134192975e01fc | - | ol9_aarch64_appstream | |
| kernel-tools-5.14.0-427.31.1.el9_4.aarch64.rpm | d9b2619a0a787acfc63c3272f6ddecb2 | - | ol9_aarch64_baseos_latest | |
| kernel-tools-5.14.0-427.31.1.el9_4.aarch64.rpm | d9b2619a0a787acfc63c3272f6ddecb2 | - | ol9_aarch64_u4_baseos_patch | |
| kernel-tools-libs-5.14.0-427.31.1.el9_4.aarch64.rpm | a817c45179e797d9d0ea196cccaba5e5 | - | ol9_aarch64_baseos_latest | |
| kernel-tools-libs-5.14.0-427.31.1.el9_4.aarch64.rpm | a817c45179e797d9d0ea196cccaba5e5 | - | ol9_aarch64_u4_baseos_patch | |
| kernel-tools-libs-devel-5.14.0-427.31.1.el9_4.aarch64.rpm | 2689d6737205037ddcbbb34dfcae8d0e | - | ol9_aarch64_codeready_builder | |
| perf-5.14.0-427.31.1.el9_4.aarch64.rpm | b5ece4f80eab98211764642c89634fd1 | - | ol9_aarch64_appstream | |
| python3-perf-5.14.0-427.31.1.el9_4.aarch64.rpm | 2d26a45777f9bcdde753f5eec92b242c | - | ol9_aarch64_baseos_latest | |
| python3-perf-5.14.0-427.31.1.el9_4.aarch64.rpm | 2d26a45777f9bcdde753f5eec92b242c | - | ol9_aarch64_u4_baseos_patch | |
| Oracle Linux 9 (x86_64) | kernel-5.14.0-427.31.1.el9_4.src.rpm | 26679f4cceaeaffdccb4f351f6da5d38 | - | ol9_x86_64_appstream |
| kernel-5.14.0-427.31.1.el9_4.src.rpm | 26679f4cceaeaffdccb4f351f6da5d38 | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-427.31.1.el9_4.src.rpm | 26679f4cceaeaffdccb4f351f6da5d38 | - | ol9_x86_64_codeready_builder | |
| kernel-5.14.0-427.31.1.el9_4.src.rpm | 26679f4cceaeaffdccb4f351f6da5d38 | - | ol9_x86_64_u4_baseos_patch | |
| bpftool-7.3.0-427.31.1.el9_4.x86_64.rpm | 7e2ac6e32850c08fea0c5f366ce1a4d0 | - | ol9_x86_64_baseos_latest | |
| bpftool-7.3.0-427.31.1.el9_4.x86_64.rpm | 7e2ac6e32850c08fea0c5f366ce1a4d0 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-5.14.0-427.31.1.el9_4.x86_64.rpm | 6c8196e3e739d786f1efd6871b4e50b4 | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-427.31.1.el9_4.x86_64.rpm | 6c8196e3e739d786f1efd6871b4e50b4 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-abi-stablelists-5.14.0-427.31.1.el9_4.noarch.rpm | 7ba5560ba83746e37e679ba3ae481ed9 | - | ol9_x86_64_baseos_latest | |
| kernel-abi-stablelists-5.14.0-427.31.1.el9_4.noarch.rpm | 7ba5560ba83746e37e679ba3ae481ed9 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-core-5.14.0-427.31.1.el9_4.x86_64.rpm | adbe63f713f2ad928343b0e0fdb27f0f | - | ol9_x86_64_baseos_latest | |
| kernel-core-5.14.0-427.31.1.el9_4.x86_64.rpm | adbe63f713f2ad928343b0e0fdb27f0f | - | ol9_x86_64_u4_baseos_patch | |
| kernel-cross-headers-5.14.0-427.31.1.el9_4.x86_64.rpm | 01f558a696915abb90a5c18d46a6fc6b | - | ol9_x86_64_codeready_builder | |
| kernel-debug-5.14.0-427.31.1.el9_4.x86_64.rpm | c2d3b57fea6a11dcbad441b93129c176 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-5.14.0-427.31.1.el9_4.x86_64.rpm | c2d3b57fea6a11dcbad441b93129c176 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-core-5.14.0-427.31.1.el9_4.x86_64.rpm | e0ecca5ba0dc7b89b2d4ecc09571bd91 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-core-5.14.0-427.31.1.el9_4.x86_64.rpm | e0ecca5ba0dc7b89b2d4ecc09571bd91 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-devel-5.14.0-427.31.1.el9_4.x86_64.rpm | 3687fbf9d4e197ac89e9b3b1ed6b4aec | - | ol9_x86_64_appstream | |
| kernel-debug-devel-matched-5.14.0-427.31.1.el9_4.x86_64.rpm | 61044759b15404939c816a1357bca8b8 | - | ol9_x86_64_appstream | |
| kernel-debug-modules-5.14.0-427.31.1.el9_4.x86_64.rpm | 1c8f988f6bec3d11a3f685c2efd2a7f7 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-5.14.0-427.31.1.el9_4.x86_64.rpm | 1c8f988f6bec3d11a3f685c2efd2a7f7 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-modules-core-5.14.0-427.31.1.el9_4.x86_64.rpm | d52c48b456bf1d93bf3772f5a790ea4f | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-core-5.14.0-427.31.1.el9_4.x86_64.rpm | d52c48b456bf1d93bf3772f5a790ea4f | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-modules-extra-5.14.0-427.31.1.el9_4.x86_64.rpm | ca0244eeb5c184b959ee358f8e482385 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-extra-5.14.0-427.31.1.el9_4.x86_64.rpm | ca0244eeb5c184b959ee358f8e482385 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-debug-uki-virt-5.14.0-427.31.1.el9_4.x86_64.rpm | a7a68ab7f4ffbd6937c0d16938da1d2f | - | ol9_x86_64_baseos_latest | |
| kernel-debug-uki-virt-5.14.0-427.31.1.el9_4.x86_64.rpm | a7a68ab7f4ffbd6937c0d16938da1d2f | - | ol9_x86_64_u4_baseos_patch | |
| kernel-devel-5.14.0-427.31.1.el9_4.x86_64.rpm | 6f414e9aac08a3c9d911e7292ca88bae | - | ol9_x86_64_appstream | |
| kernel-devel-matched-5.14.0-427.31.1.el9_4.x86_64.rpm | 2c8b58c08fbe8cade2caf9976529d381 | - | ol9_x86_64_appstream | |
| kernel-doc-5.14.0-427.31.1.el9_4.noarch.rpm | acff37243a38ac6a457ed5f75f1d033c | - | ol9_x86_64_appstream | |
| kernel-headers-5.14.0-427.31.1.el9_4.x86_64.rpm | a120c4b3ed6ab216e80ea4869112f459 | - | ol9_x86_64_appstream | |
| kernel-modules-5.14.0-427.31.1.el9_4.x86_64.rpm | 8703a3d2c0b02859c9f63e62a3a1eded | - | ol9_x86_64_baseos_latest | |
| kernel-modules-5.14.0-427.31.1.el9_4.x86_64.rpm | 8703a3d2c0b02859c9f63e62a3a1eded | - | ol9_x86_64_u4_baseos_patch | |
| kernel-modules-core-5.14.0-427.31.1.el9_4.x86_64.rpm | c24797259ecac71b5b72fcb119cae883 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-core-5.14.0-427.31.1.el9_4.x86_64.rpm | c24797259ecac71b5b72fcb119cae883 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-modules-extra-5.14.0-427.31.1.el9_4.x86_64.rpm | 6f7808f36e543a52bb87288cd9dbc135 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-extra-5.14.0-427.31.1.el9_4.x86_64.rpm | 6f7808f36e543a52bb87288cd9dbc135 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-tools-5.14.0-427.31.1.el9_4.x86_64.rpm | 94b89f013931f7f892cc196b6a123ffe | - | ol9_x86_64_baseos_latest | |
| kernel-tools-5.14.0-427.31.1.el9_4.x86_64.rpm | 94b89f013931f7f892cc196b6a123ffe | - | ol9_x86_64_u4_baseos_patch | |
| kernel-tools-libs-5.14.0-427.31.1.el9_4.x86_64.rpm | 9b090c8a403717da49978382abc0e853 | - | ol9_x86_64_baseos_latest | |
| kernel-tools-libs-5.14.0-427.31.1.el9_4.x86_64.rpm | 9b090c8a403717da49978382abc0e853 | - | ol9_x86_64_u4_baseos_patch | |
| kernel-tools-libs-devel-5.14.0-427.31.1.el9_4.x86_64.rpm | 2c85ecd9506a345b5504db0237792340 | - | ol9_x86_64_codeready_builder | |
| kernel-uki-virt-5.14.0-427.31.1.el9_4.x86_64.rpm | e464492162ad48a71a1faffdeef59f84 | - | ol9_x86_64_baseos_latest | |
| kernel-uki-virt-5.14.0-427.31.1.el9_4.x86_64.rpm | e464492162ad48a71a1faffdeef59f84 | - | ol9_x86_64_u4_baseos_patch | |
| libperf-5.14.0-427.31.1.el9_4.x86_64.rpm | 7852f3ad25df0764ae3091eb79129e00 | - | ol9_x86_64_codeready_builder | |
| perf-5.14.0-427.31.1.el9_4.x86_64.rpm | 0640825b2bcb1c09d7e35502f24bf5eb | - | ol9_x86_64_appstream | |
| python3-perf-5.14.0-427.31.1.el9_4.x86_64.rpm | 1fc6a26fe16088af9d77be9920516e6f | - | ol9_x86_64_baseos_latest | |
| python3-perf-5.14.0-427.31.1.el9_4.x86_64.rpm | 1fc6a26fe16088af9d77be9920516e6f | - | ol9_x86_64_u4_baseos_patch | |
| rtla-5.14.0-427.31.1.el9_4.x86_64.rpm | 882227f5d0c6ed1fcc8035ddc6f10c8a | - | ol9_x86_64_appstream | |
| rv-5.14.0-427.31.1.el9_4.x86_64.rpm | ecb69bb7838cea4d79072b5d34c550b3 | - | ol9_x86_64_appstream | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:
- Oracle customers - enter a support request
- Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process
