Stay Connected:

ELSA-2024-6567

ELSA-2024-6567 - kernel security update

Type:SECURITY
Severity:MODERATE
Release Date:2024-09-11

Description


[5.14.0-427.35.1_4.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-427.35.1_4]
- usb-storage: alauda: Check whether the media is initialized (CKI Backport Bot) [RHEL-43716] {CVE-2024-38619}
- ceph: force sending a cap update msg back to MDS for revoke op (Xiubo Li) [RHEL-55437]
- ceph: periodically flush the cap releases (Xiubo Li) [RHEL-55437]
- mm: avoid overflows in dirty throttling logic (Jay Shin) [RHEL-51848 RHEL-50004] {CVE-2024-42131}
- Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (Jay Shin) [RHEL-51701 RHEL-50004] {CVE-2024-42102}
- mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Jay Shin) [RHEL-42628 RHEL-5619] {CVE-2024-26720}
- net: fix out-of-bounds access in ops_init (Paolo Abeni) [RHEL-43188 RHEL-46610] {CVE-2024-36883}
- nvme: avoid double free special payload (CKI Backport Bot) [RHEL-51311] {CVE-2024-41073}
- kernfs: change kernfs_rename_lock into a read-write lock (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: Separate kernfs_pr_cont_buf and rename_lock (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: fix missing kernfs_iattr_rwsem locking (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: Use a per-fs rwsem to protect per-fs list of kernfs_super_info (Jay Shin) [RHEL-55253 RHEL-52956]
- kernfs: Introduce separate rwsem to protect inode attributes (Jay Shin) [RHEL-55253 RHEL-52956]
- xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47894 RHEL-47892] {CVE-2024-40927}
- Bluetooth: af_bluetooth: Fix deadlock (Bastien Nocera) [RHEL-34161] {CVE-2024-26886}
- xdp: Remove WARN() from __xdp_reg_mem_model() (CKI Backport Bot) [RHEL-51586] {CVE-2024-42082}
- nfsd: don't take fi_lock in nfsd_break_deleg_cb() (Benjamin Coddington) [RHEL-42578 RHEL-34875]
- nfsd: fix RELEASE_LOCKOWNER (Benjamin Coddington) [RHEL-42578 RHEL-34875] {CVE-2024-26629}
- net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727]
- net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (CKI Backport Bot) [RHEL-43729 RHEL-43727]
- net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43729] {CVE-2024-36979}
- efivarfs: force RO when remounting if SetVariable is not supported (Pavel Reichl) [RHEL-42343 RHEL-26588] {CVE-2023-52463}
- ACPI: arm64: export acpi_arch_thermal_cpufreq_pctg() (Charles Mirabile) [RHEL-34234 RHEL-1697]
- ACPI: processor: reduce CPUFREQ thermal reduction pctg for Tegra241 (Charles Mirabile) [RHEL-34234 RHEL-1697]
- ACPI: thermal: Add Thermal fast Sampling Period (_TFP) support (Scott Weaver) [RHEL-34234 RHEL-1697]

[5.14.0-427.34.1_4]
- mm: prevent derefencing NULL ptr in pfn_section_valid() (Jarod Wilson) [RHEL-51140 RHEL-51138] {CVE-2024-41055}
- mm, kmsan: fix infinite recursion due to RCU critical section (Jarod Wilson) [RHEL-51140 RHEL-51138] {CVE-2024-41055}
- ppp: reject claimed-as-LCP but actually malformed packets (CKI Backport Bot) [RHEL-51061 RHEL-51059] {CVE-2024-41044}
- x86: stop playing stack games in profile_pc() (CKI Backport Bot) [RHEL-51651] {CVE-2024-42096}
- PCI/MSI: Fix UAF in msi_capability_init (CKI Backport Bot) [RHEL-51438] {CVE-2024-41096}
- iommufd: Fix missing update of domains_itree after splitting iopt_area (Jerry Snitselaar) [RHEL-42518 RHEL-28780] {CVE-2023-52801}
- mm: cachestat: fix folio read-after-free in cache walk (Nico Pache) [RHEL-41739 RHEL-5619] {CVE-2024-26630}
- regmap: maple: Fix cache corruption in regcache_maple_drop() (Jaroslav Kysela) [RHEL-43179 RHEL-39706] {CVE-2024-36019}
- mm: cachestat: fix two shmem bugs (Nico Pache) [RHEL-36912] {CVE-2024-35797}
- kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address (Steve Best) [RHEL-42778 RHEL-34985] {CVE-2024-26946}
- mm/hugetlb: fix missing hugetlb_lock for resv uncharge (Rafael Aquini) [RHEL-43132 RHEL-37467] {CVE-2024-36000}
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-52675 RHEL-50366]
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-52675 RHEL-50366]
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-52675 RHEL-50366]
- gpio: tegra186: Fix tegra186_gpio_is_accessible() check (Charles Mirabile) [RHEL-49347 RHEL-32452]
- net/sched: Fix UAF when resolving a clash (CKI Backport Bot) [RHEL-51022 RHEL-51020] {CVE-2024-41040}
- KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (Maxim Levitsky) [RHEL-41462 RHEL-32430] {CVE-2024-35791}
- cxl/region: Fix memregion leaks in devm_cxl_add_region() (John W. Linville) [RHEL-47965 RHEL-23582] {CVE-2024-40936}
- x86/coco: Require seeding RNG with RDRAND on CoCo systems (Lenny Szubowicz) [RHEL-42986 RHEL-37269] {CVE-2024-35875}
- scsi: qedf: Ensure the copied buf is NUL terminated (cki-backport-bot) [RHEL-44203] {CVE-2024-38559}


Related CVEs


CVE-2024-41096
CVE-2024-42082
CVE-2024-42131
CVE-2023-52801
CVE-2024-26720
CVE-2024-36019
CVE-2024-35791
CVE-2024-41073
CVE-2024-42102
CVE-2024-40927
CVE-2024-41040
CVE-2023-52463
CVE-2024-26886
CVE-2024-35875
CVE-2024-36883
CVE-2024-36979
CVE-2024-38619
CVE-2024-40936
CVE-2024-41044
CVE-2024-26629
CVE-2024-26946
CVE-2024-42096
CVE-2024-38559
CVE-2024-26630
CVE-2024-41055
CVE-2024-35797
CVE-2024-36000

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) kernel-5.14.0-427.35.1.el9_4.src.rpmf18862aa4f814ad95f960f74745d2e35-ol9_aarch64_appstream
kernel-5.14.0-427.35.1.el9_4.src.rpmf18862aa4f814ad95f960f74745d2e35-ol9_aarch64_baseos_latest
kernel-5.14.0-427.35.1.el9_4.src.rpmf18862aa4f814ad95f960f74745d2e35-ol9_aarch64_codeready_builder
kernel-5.14.0-427.35.1.el9_4.src.rpmf18862aa4f814ad95f960f74745d2e35-ol9_aarch64_u4_baseos_patch
bpftool-7.3.0-427.35.1.el9_4.aarch64.rpm2ef3b8927d5954b43fb7f718dbe69134-ol9_aarch64_baseos_latest
bpftool-7.3.0-427.35.1.el9_4.aarch64.rpm2ef3b8927d5954b43fb7f718dbe69134-ol9_aarch64_u4_baseos_patch
kernel-cross-headers-5.14.0-427.35.1.el9_4.aarch64.rpm8907d2801bb8076ae7cd3756e2173176-ol9_aarch64_codeready_builder
kernel-headers-5.14.0-427.35.1.el9_4.aarch64.rpm2eb8c589c87978e604e9c0ce8d941d40-ol9_aarch64_appstream
kernel-tools-5.14.0-427.35.1.el9_4.aarch64.rpma9b687b331e5454edbcb205b7091cb93-ol9_aarch64_baseos_latest
kernel-tools-5.14.0-427.35.1.el9_4.aarch64.rpma9b687b331e5454edbcb205b7091cb93-ol9_aarch64_u4_baseos_patch
kernel-tools-libs-5.14.0-427.35.1.el9_4.aarch64.rpmdd721d7d32ed8350af472be1e27ba1a7-ol9_aarch64_baseos_latest
kernel-tools-libs-5.14.0-427.35.1.el9_4.aarch64.rpmdd721d7d32ed8350af472be1e27ba1a7-ol9_aarch64_u4_baseos_patch
kernel-tools-libs-devel-5.14.0-427.35.1.el9_4.aarch64.rpmed3a7461b03459c8a9931091363a923b-ol9_aarch64_codeready_builder
perf-5.14.0-427.35.1.el9_4.aarch64.rpm10953212139ac9aeec6b6d33dfc006ed-ol9_aarch64_appstream
python3-perf-5.14.0-427.35.1.el9_4.aarch64.rpm3df464dd8da2104ea38ce52e96b092eb-ol9_aarch64_baseos_latest
python3-perf-5.14.0-427.35.1.el9_4.aarch64.rpm3df464dd8da2104ea38ce52e96b092eb-ol9_aarch64_u4_baseos_patch
Oracle Linux 9 (x86_64) kernel-5.14.0-427.35.1.el9_4.src.rpmf18862aa4f814ad95f960f74745d2e35-ol9_x86_64_appstream
kernel-5.14.0-427.35.1.el9_4.src.rpmf18862aa4f814ad95f960f74745d2e35-ol9_x86_64_baseos_latest
kernel-5.14.0-427.35.1.el9_4.src.rpmf18862aa4f814ad95f960f74745d2e35-ol9_x86_64_codeready_builder
kernel-5.14.0-427.35.1.el9_4.src.rpmf18862aa4f814ad95f960f74745d2e35-ol9_x86_64_u4_baseos_patch
bpftool-7.3.0-427.35.1.el9_4.x86_64.rpme8385c613c90357151d6ef4fa44c8630-ol9_x86_64_baseos_latest
bpftool-7.3.0-427.35.1.el9_4.x86_64.rpme8385c613c90357151d6ef4fa44c8630-ol9_x86_64_u4_baseos_patch
kernel-5.14.0-427.35.1.el9_4.x86_64.rpm20dd4bc66fc64692fa153a9f49744607-ol9_x86_64_baseos_latest
kernel-5.14.0-427.35.1.el9_4.x86_64.rpm20dd4bc66fc64692fa153a9f49744607-ol9_x86_64_u4_baseos_patch
kernel-abi-stablelists-5.14.0-427.35.1.el9_4.noarch.rpm6b4a1c59c45710575745595faab6578d-ol9_x86_64_baseos_latest
kernel-abi-stablelists-5.14.0-427.35.1.el9_4.noarch.rpm6b4a1c59c45710575745595faab6578d-ol9_x86_64_u4_baseos_patch
kernel-core-5.14.0-427.35.1.el9_4.x86_64.rpm7521ecaaf2709732355e88549bbacaf1-ol9_x86_64_baseos_latest
kernel-core-5.14.0-427.35.1.el9_4.x86_64.rpm7521ecaaf2709732355e88549bbacaf1-ol9_x86_64_u4_baseos_patch
kernel-cross-headers-5.14.0-427.35.1.el9_4.x86_64.rpm6f8abdb91ee33159a1e5e5dab5510af5-ol9_x86_64_codeready_builder
kernel-debug-5.14.0-427.35.1.el9_4.x86_64.rpm0a1782dfe8b0e33b907c6dad0b04081b-ol9_x86_64_baseos_latest
kernel-debug-5.14.0-427.35.1.el9_4.x86_64.rpm0a1782dfe8b0e33b907c6dad0b04081b-ol9_x86_64_u4_baseos_patch
kernel-debug-core-5.14.0-427.35.1.el9_4.x86_64.rpm01e4a8f705aa5539b16c06ae8397a487-ol9_x86_64_baseos_latest
kernel-debug-core-5.14.0-427.35.1.el9_4.x86_64.rpm01e4a8f705aa5539b16c06ae8397a487-ol9_x86_64_u4_baseos_patch
kernel-debug-devel-5.14.0-427.35.1.el9_4.x86_64.rpm1f40da8d003674a948a249b50641c3d1-ol9_x86_64_appstream
kernel-debug-devel-matched-5.14.0-427.35.1.el9_4.x86_64.rpmee1f6c74cb51223ad947f7b8ca16e16f-ol9_x86_64_appstream
kernel-debug-modules-5.14.0-427.35.1.el9_4.x86_64.rpm90ed1c76fc0d8cfa44de195c1730de95-ol9_x86_64_baseos_latest
kernel-debug-modules-5.14.0-427.35.1.el9_4.x86_64.rpm90ed1c76fc0d8cfa44de195c1730de95-ol9_x86_64_u4_baseos_patch
kernel-debug-modules-core-5.14.0-427.35.1.el9_4.x86_64.rpm3bdacf8882ab9aad6cb433a736c4c241-ol9_x86_64_baseos_latest
kernel-debug-modules-core-5.14.0-427.35.1.el9_4.x86_64.rpm3bdacf8882ab9aad6cb433a736c4c241-ol9_x86_64_u4_baseos_patch
kernel-debug-modules-extra-5.14.0-427.35.1.el9_4.x86_64.rpmb7d57c9aef6442e591b188f9f1c4ddfb-ol9_x86_64_baseos_latest
kernel-debug-modules-extra-5.14.0-427.35.1.el9_4.x86_64.rpmb7d57c9aef6442e591b188f9f1c4ddfb-ol9_x86_64_u4_baseos_patch
kernel-debug-uki-virt-5.14.0-427.35.1.el9_4.x86_64.rpm50bd8a3570e44a18e52a02cc98d1cabb-ol9_x86_64_baseos_latest
kernel-debug-uki-virt-5.14.0-427.35.1.el9_4.x86_64.rpm50bd8a3570e44a18e52a02cc98d1cabb-ol9_x86_64_u4_baseos_patch
kernel-devel-5.14.0-427.35.1.el9_4.x86_64.rpmae1a69a5c62afc67dba9df034888b580-ol9_x86_64_appstream
kernel-devel-matched-5.14.0-427.35.1.el9_4.x86_64.rpm741d80e0887e5ed8ebc7778c3a92d238-ol9_x86_64_appstream
kernel-doc-5.14.0-427.35.1.el9_4.noarch.rpm1d57b8d483aae8df4d333a41e5d7c692-ol9_x86_64_appstream
kernel-headers-5.14.0-427.35.1.el9_4.x86_64.rpm4f9e14d22eb77c42c1bea89717d22002-ol9_x86_64_appstream
kernel-modules-5.14.0-427.35.1.el9_4.x86_64.rpma386d123088f99d261d98df5d0fd5a55-ol9_x86_64_baseos_latest
kernel-modules-5.14.0-427.35.1.el9_4.x86_64.rpma386d123088f99d261d98df5d0fd5a55-ol9_x86_64_u4_baseos_patch
kernel-modules-core-5.14.0-427.35.1.el9_4.x86_64.rpmcb4c8333e41b88ac67be7223c16ad04e-ol9_x86_64_baseos_latest
kernel-modules-core-5.14.0-427.35.1.el9_4.x86_64.rpmcb4c8333e41b88ac67be7223c16ad04e-ol9_x86_64_u4_baseos_patch
kernel-modules-extra-5.14.0-427.35.1.el9_4.x86_64.rpmffc957b3bd3e465661cb43558cc5f000-ol9_x86_64_baseos_latest
kernel-modules-extra-5.14.0-427.35.1.el9_4.x86_64.rpmffc957b3bd3e465661cb43558cc5f000-ol9_x86_64_u4_baseos_patch
kernel-tools-5.14.0-427.35.1.el9_4.x86_64.rpm26b003cc3b345751097b108f90d10303-ol9_x86_64_baseos_latest
kernel-tools-5.14.0-427.35.1.el9_4.x86_64.rpm26b003cc3b345751097b108f90d10303-ol9_x86_64_u4_baseos_patch
kernel-tools-libs-5.14.0-427.35.1.el9_4.x86_64.rpm457f5a19629e478299330568642fa14b-ol9_x86_64_baseos_latest
kernel-tools-libs-5.14.0-427.35.1.el9_4.x86_64.rpm457f5a19629e478299330568642fa14b-ol9_x86_64_u4_baseos_patch
kernel-tools-libs-devel-5.14.0-427.35.1.el9_4.x86_64.rpm66239aaa69d51ac10ee94a2b153b5b47-ol9_x86_64_codeready_builder
kernel-uki-virt-5.14.0-427.35.1.el9_4.x86_64.rpm5ece09745d2437144417cf1108ec48a9-ol9_x86_64_baseos_latest
kernel-uki-virt-5.14.0-427.35.1.el9_4.x86_64.rpm5ece09745d2437144417cf1108ec48a9-ol9_x86_64_u4_baseos_patch
libperf-5.14.0-427.35.1.el9_4.x86_64.rpm3d646ca8126fac0b53b24559ed1c3fda-ol9_x86_64_codeready_builder
perf-5.14.0-427.35.1.el9_4.x86_64.rpm2fa79ca85e3e8141ecd41dbfde9d7d50-ol9_x86_64_appstream
python3-perf-5.14.0-427.35.1.el9_4.x86_64.rpm15d89ce476e02c60970a3fb30432a434-ol9_x86_64_baseos_latest
python3-perf-5.14.0-427.35.1.el9_4.x86_64.rpm15d89ce476e02c60970a3fb30432a434-ol9_x86_64_u4_baseos_patch
rtla-5.14.0-427.35.1.el9_4.x86_64.rpm1734fd982b1a3823e40a1b15a6ef5b1a-ol9_x86_64_appstream
rv-5.14.0-427.35.1.el9_4.x86_64.rpm10953bb163eeb5407bc0ec0280b336dd-ol9_x86_64_appstream


This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights