ELSA-2024-9605

ULN >
Oracle Linux Errata repository >
ELSA-2024-9605

ELSA-2024-9605 - kernel security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-11-19

Description

- [5.14.0-503.14.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.14.1_5]
- ext4: fix off by one issue in alloc_flex_gd() (Pavel Reichl) [RHEL-65318]
- ping: fix address binding wrt vrf (Antoine Tenart) [RHEL-57564 RHEL-50920]
- smb: client: stop flooding dmesg in smb2_calc_signature() (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: print failed session logoffs with FYI (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: propagate error from cifs_construct_tcon() (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: fix DFS failover in multiuser mounts (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: fix DFS interlink failover (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: improve purging of cached referrals (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: avoid unnecessary reconnects when refreshing referrals (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (Paulo Alcantara) [RHEL-36346 RHEL-57983]
- smb: client: fix deadlock in smb2_find_smb_tcon() (Paulo Alcantara) [RHEL-36346 RHEL-57983]
- cifs: Fix reacquisition of volume cookie on still-live connection (Paulo Alcantara) [RHEL-36346 RHEL-57983]

[5.14.0-503.13.1_5]
- efi: libstub: Move screen_info handling to common code (Maxim Levitsky) [RHEL-65344]
- mpls: Reduce skb re-allocations due to skb_cow() (Guillaume Nault) [RHEL-61697]
- mptcp: pm: Fix uaf in __timer_delete_sync (CKI Backport Bot) [RHEL-64678 RHEL-60737] {CVE-2024-46858}
- ceph: fix cap ref leak via netfs init_request (Patrick Donnelly) [RHEL-62667 RHEL-61459]
- gitlab-ci: provide consistent kcidb_tree_name (Michael Hofmann)

[5.14.0-503.12.1_5]
- net: nexthop: Initialize all fields in dumped nexthops (Antoine Tenart) [RHEL-55080] {CVE-2024-42283}
- tracing/osnoise: Fix build when timerlat is not enabled (Tomas Glozar) [RHEL-61870 RHEL-39968]
- tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (Tomas Glozar) [RHEL-61870 RHEL-39968]
- tracing/timerlat: Only clear timer if a kthread exists (Tomas Glozar) [RHEL-61870 RHEL-39968]
- tracing/osnoise: Use a cpumask to know what threads are kthreads (Tomas Glozar) [RHEL-61870 RHEL-39968]
- iommufd: Require drivers to supply the cache_invalidate_user ops (CKI Backport Bot) [RHEL-60681 RHEL-60761] {CVE-2024-46824}
- Revert 'fw loader: Remove the now superfluous sentinel element from ctl_table array' (Eric Chanudet) [RHEL-62925 RHEL-50129]
- smb: client: fix hang in wait_for_response() for negproto (Jay Shin) [RHEL-61607 RHEL-57983]

Related CVEs

CVE-2024-46824

CVE-2024-46858

CVE-2024-42283

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-503.14.1.el9_5.src.rpm	ae350c2e6537dd8fc0155ea6ac974b61	-	ol9_aarch64_appstream
	kernel-5.14.0-503.14.1.el9_5.src.rpm	ae350c2e6537dd8fc0155ea6ac974b61	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-503.14.1.el9_5.src.rpm	ae350c2e6537dd8fc0155ea6ac974b61	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-503.14.1.el9_5.src.rpm	ae350c2e6537dd8fc0155ea6ac974b61	-	ol9_aarch64_u5_baseos_patch
	bpftool-7.4.0-503.14.1.el9_5.aarch64.rpm	c08756cf418802f7fed8b7095a77eb02	-	ol9_aarch64_baseos_latest
	bpftool-7.4.0-503.14.1.el9_5.aarch64.rpm	c08756cf418802f7fed8b7095a77eb02	-	ol9_aarch64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.14.1.el9_5.aarch64.rpm	de948ded13cfb9c44c11d117b5bcf1d0	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-503.14.1.el9_5.aarch64.rpm	a9ece315c44a1c0a4fbfa909a35c1699	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-503.14.1.el9_5.aarch64.rpm	72639e508797d5a6f0939a58dc6975b3	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-503.14.1.el9_5.aarch64.rpm	72639e508797d5a6f0939a58dc6975b3	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.14.1.el9_5.aarch64.rpm	a4a7127d8fb963f99f0a1722d5cb4401	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-503.14.1.el9_5.aarch64.rpm	a4a7127d8fb963f99f0a1722d5cb4401	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.14.1.el9_5.aarch64.rpm	3d890380e197a3d463f5208f69c5f208	-	ol9_aarch64_codeready_builder
	perf-5.14.0-503.14.1.el9_5.aarch64.rpm	43ca27ac8245a901418222b751200113	-	ol9_aarch64_appstream
	python3-perf-5.14.0-503.14.1.el9_5.aarch64.rpm	d4bf2ffbaf0e95eea5425890fe8c4bd4	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-503.14.1.el9_5.aarch64.rpm	d4bf2ffbaf0e95eea5425890fe8c4bd4	-	ol9_aarch64_u5_baseos_patch
	rtla-5.14.0-503.14.1.el9_5.aarch64.rpm	723e9b42afb0a3d6befe4959b18e9f41	-	ol9_aarch64_appstream
	rv-5.14.0-503.14.1.el9_5.aarch64.rpm	91beac102c03df8552cb6eaf95c25f59	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	kernel-5.14.0-503.14.1.el9_5.src.rpm	ae350c2e6537dd8fc0155ea6ac974b61	-	ol9_x86_64_appstream
	kernel-5.14.0-503.14.1.el9_5.src.rpm	ae350c2e6537dd8fc0155ea6ac974b61	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.14.1.el9_5.src.rpm	ae350c2e6537dd8fc0155ea6ac974b61	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-503.14.1.el9_5.src.rpm	ae350c2e6537dd8fc0155ea6ac974b61	-	ol9_x86_64_u5_baseos_patch
	bpftool-7.4.0-503.14.1.el9_5.x86_64.rpm	f57ef5c0997d07910f220c725b4737a5	-	ol9_x86_64_baseos_latest
	bpftool-7.4.0-503.14.1.el9_5.x86_64.rpm	f57ef5c0997d07910f220c725b4737a5	-	ol9_x86_64_u5_baseos_patch
	kernel-5.14.0-503.14.1.el9_5.x86_64.rpm	d68a0bb8d0c33e336aa1fdaa1d6db5fd	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.14.1.el9_5.x86_64.rpm	d68a0bb8d0c33e336aa1fdaa1d6db5fd	-	ol9_x86_64_u5_baseos_patch
	kernel-abi-stablelists-5.14.0-503.14.1.el9_5.noarch.rpm	10a096858a732dbad3db7d66bf0a7951	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-503.14.1.el9_5.noarch.rpm	10a096858a732dbad3db7d66bf0a7951	-	ol9_x86_64_u5_baseos_patch
	kernel-core-5.14.0-503.14.1.el9_5.x86_64.rpm	aef8db04be93e23e85d4e29bb73c0954	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-503.14.1.el9_5.x86_64.rpm	aef8db04be93e23e85d4e29bb73c0954	-	ol9_x86_64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.14.1.el9_5.x86_64.rpm	d76f5bc40c3acd30a11214dd661d45ee	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-503.14.1.el9_5.x86_64.rpm	c03f6c9c78d6b90f4a3a0df076594cc4	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-503.14.1.el9_5.x86_64.rpm	c03f6c9c78d6b90f4a3a0df076594cc4	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-core-5.14.0-503.14.1.el9_5.x86_64.rpm	4a01f1d3bd874ac6438799532a2de21e	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-503.14.1.el9_5.x86_64.rpm	4a01f1d3bd874ac6438799532a2de21e	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-devel-5.14.0-503.14.1.el9_5.x86_64.rpm	41cabf00a9f0793b79e3be76bffd692d	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-503.14.1.el9_5.x86_64.rpm	f67d7855782662945c305029e5ed1ec6	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-503.14.1.el9_5.x86_64.rpm	a738f5663ac0c793960835d4d33ca807	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-503.14.1.el9_5.x86_64.rpm	a738f5663ac0c793960835d4d33ca807	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-core-5.14.0-503.14.1.el9_5.x86_64.rpm	a176e140ccae26d7b04a4124b48df32c	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-503.14.1.el9_5.x86_64.rpm	a176e140ccae26d7b04a4124b48df32c	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-extra-5.14.0-503.14.1.el9_5.x86_64.rpm	ce70c8e842a71bd4b90011b1cb19afec	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-503.14.1.el9_5.x86_64.rpm	ce70c8e842a71bd4b90011b1cb19afec	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-uki-virt-5.14.0-503.14.1.el9_5.x86_64.rpm	5db9030f48facbe38ccf89bdf09144fe	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-503.14.1.el9_5.x86_64.rpm	5db9030f48facbe38ccf89bdf09144fe	-	ol9_x86_64_u5_baseos_patch
	kernel-devel-5.14.0-503.14.1.el9_5.x86_64.rpm	db6cb3b617d82665f126fa5569f36824	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-503.14.1.el9_5.x86_64.rpm	9b0420f145ee250a8343d5fe239f20b6	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-503.14.1.el9_5.noarch.rpm	de1118b956b7c4a48a4f200977413495	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-503.14.1.el9_5.x86_64.rpm	3f1c654e43c4210f31c107499e7a3bb0	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-503.14.1.el9_5.x86_64.rpm	bb25f6c9c5c3acb76dc20b4c9a1ff00a	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-503.14.1.el9_5.x86_64.rpm	bb25f6c9c5c3acb76dc20b4c9a1ff00a	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-core-5.14.0-503.14.1.el9_5.x86_64.rpm	8d3c5610d95eb83ba2d7a86e3e8a5ba1	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-503.14.1.el9_5.x86_64.rpm	8d3c5610d95eb83ba2d7a86e3e8a5ba1	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-extra-5.14.0-503.14.1.el9_5.x86_64.rpm	336caabf19c49435dfc8e95ca8066d4e	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-503.14.1.el9_5.x86_64.rpm	336caabf19c49435dfc8e95ca8066d4e	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-5.14.0-503.14.1.el9_5.x86_64.rpm	e7b7c24e68696b454e836a864b97d074	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-503.14.1.el9_5.x86_64.rpm	e7b7c24e68696b454e836a864b97d074	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.14.1.el9_5.x86_64.rpm	0b95b521be3a99d9e5cfa91394545483	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-503.14.1.el9_5.x86_64.rpm	0b95b521be3a99d9e5cfa91394545483	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.14.1.el9_5.x86_64.rpm	35c803b47d2546a0cc17ea4c83d83a1e	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-503.14.1.el9_5.x86_64.rpm	e4fbf6f1b663e740cf23396300fc5b18	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-503.14.1.el9_5.x86_64.rpm	e4fbf6f1b663e740cf23396300fc5b18	-	ol9_x86_64_u5_baseos_patch
	kernel-uki-virt-addons-5.14.0-503.14.1.el9_5.x86_64.rpm	ead70fd14ad046c73ce8867b8cbc9109	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-503.14.1.el9_5.x86_64.rpm	ead70fd14ad046c73ce8867b8cbc9109	-	ol9_x86_64_u5_baseos_patch
	libperf-5.14.0-503.14.1.el9_5.x86_64.rpm	3abf12e5364d8bf4519ac8653ff8956c	-	ol9_x86_64_codeready_builder
	perf-5.14.0-503.14.1.el9_5.x86_64.rpm	914163f0d4217d6b7aabe80dfc782f6a	-	ol9_x86_64_appstream
	python3-perf-5.14.0-503.14.1.el9_5.x86_64.rpm	be151c6b723ae4fce954fd1b59920457	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-503.14.1.el9_5.x86_64.rpm	be151c6b723ae4fce954fd1b59920457	-	ol9_x86_64_u5_baseos_patch
	rtla-5.14.0-503.14.1.el9_5.x86_64.rpm	4c69ffe9636829894e08c3b0841d22b1	-	ol9_x86_64_appstream
	rv-5.14.0-503.14.1.el9_5.x86_64.rpm	8459bfc0b2177ba987b2e47d9335cd5a	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections:

Oracle customers - enter a support request
Vulnerability scanning tools vendors and project maintainers - follow the standard ISV process

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691