ELSA-2024-9605

ULN >
Oracle Linux Errata repository >
ELSA-2024-9605

ELSA-2024-9605 - kernel security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2024-11-19

Description

- [5.14.0-503.14.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates

[5.14.0-503.14.1_5]
- ext4: fix off by one issue in alloc_flex_gd() (Pavel Reichl) [RHEL-65318]
- ping: fix address binding wrt vrf (Antoine Tenart) [RHEL-57564 RHEL-50920]
- smb: client: stop flooding dmesg in smb2_calc_signature() (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: print failed session logoffs with FYI (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: propagate error from cifs_construct_tcon() (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: fix DFS failover in multiuser mounts (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: fix DFS interlink failover (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: improve purging of cached referrals (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: avoid unnecessary reconnects when refreshing referrals (Paulo Alcantara) [RHEL-36346 RHEL-61193]
- smb: client: handle lack of FSCTL_GET_REPARSE_POINT support (Paulo Alcantara) [RHEL-36346 RHEL-57983]
- smb: client: fix deadlock in smb2_find_smb_tcon() (Paulo Alcantara) [RHEL-36346 RHEL-57983]
- cifs: Fix reacquisition of volume cookie on still-live connection (Paulo Alcantara) [RHEL-36346 RHEL-57983]

[5.14.0-503.13.1_5]
- efi: libstub: Move screen_info handling to common code (Maxim Levitsky) [RHEL-65344]
- mpls: Reduce skb re-allocations due to skb_cow() (Guillaume Nault) [RHEL-61697]
- mptcp: pm: Fix uaf in __timer_delete_sync (CKI Backport Bot) [RHEL-64678 RHEL-60737] {CVE-2024-46858}
- ceph: fix cap ref leak via netfs init_request (Patrick Donnelly) [RHEL-62667 RHEL-61459]
- gitlab-ci: provide consistent kcidb_tree_name (Michael Hofmann)

[5.14.0-503.12.1_5]
- net: nexthop: Initialize all fields in dumped nexthops (Antoine Tenart) [RHEL-55080] {CVE-2024-42283}
- tracing/osnoise: Fix build when timerlat is not enabled (Tomas Glozar) [RHEL-61870 RHEL-39968]
- tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (Tomas Glozar) [RHEL-61870 RHEL-39968]
- tracing/timerlat: Only clear timer if a kthread exists (Tomas Glozar) [RHEL-61870 RHEL-39968]
- tracing/osnoise: Use a cpumask to know what threads are kthreads (Tomas Glozar) [RHEL-61870 RHEL-39968]
- iommufd: Require drivers to supply the cache_invalidate_user ops (CKI Backport Bot) [RHEL-60681 RHEL-60761] {CVE-2024-46824}
- Revert 'fw loader: Remove the now superfluous sentinel element from ctl_table array' (Eric Chanudet) [RHEL-62925 RHEL-50129]
- smb: client: fix hang in wait_for_response() for negproto (Jay Shin) [RHEL-61607 RHEL-57983]

Related CVEs

CVE-2024-46824

CVE-2024-46858

CVE-2024-42283

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	kernel-5.14.0-503.14.1.el9_5.src.rpm	5efa0b1e23d8840152061d7abcafeb00736234c96f893295c72a651484eebfe1	-	ol9_aarch64_appstream
	kernel-5.14.0-503.14.1.el9_5.src.rpm	5efa0b1e23d8840152061d7abcafeb00736234c96f893295c72a651484eebfe1	-	ol9_aarch64_baseos_latest
	kernel-5.14.0-503.14.1.el9_5.src.rpm	5efa0b1e23d8840152061d7abcafeb00736234c96f893295c72a651484eebfe1	-	ol9_aarch64_codeready_builder
	kernel-5.14.0-503.14.1.el9_5.src.rpm	5efa0b1e23d8840152061d7abcafeb00736234c96f893295c72a651484eebfe1	-	ol9_aarch64_u5_baseos_patch
	bpftool-7.4.0-503.14.1.el9_5.aarch64.rpm	f4606b5e9fc53d70705ca3aa619af9656ddcee402710ac1cdfdd4c83d105db27	-	ol9_aarch64_baseos_latest
	bpftool-7.4.0-503.14.1.el9_5.aarch64.rpm	f4606b5e9fc53d70705ca3aa619af9656ddcee402710ac1cdfdd4c83d105db27	-	ol9_aarch64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.14.1.el9_5.aarch64.rpm	e04e5be6f89198a35a0989d63200414cbd2e330f9ad254679226713f4e8a3486	-	ol9_aarch64_codeready_builder
	kernel-headers-5.14.0-503.14.1.el9_5.aarch64.rpm	4a6aefa0b8480a1e226bda2676c491b8f2455c5dfb7a0ea373ce4b04e5bdbfee	-	ol9_aarch64_appstream
	kernel-tools-5.14.0-503.14.1.el9_5.aarch64.rpm	c40329c92f0fb44920516128529ad70bd88ddcb46b2352108517e528df30c425	-	ol9_aarch64_baseos_latest
	kernel-tools-5.14.0-503.14.1.el9_5.aarch64.rpm	c40329c92f0fb44920516128529ad70bd88ddcb46b2352108517e528df30c425	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.14.1.el9_5.aarch64.rpm	04a56cce23f2a9c7fec418f9376618ee1c21232884d336efcce6921c5b2eb564	-	ol9_aarch64_baseos_latest
	kernel-tools-libs-5.14.0-503.14.1.el9_5.aarch64.rpm	04a56cce23f2a9c7fec418f9376618ee1c21232884d336efcce6921c5b2eb564	-	ol9_aarch64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.14.1.el9_5.aarch64.rpm	5c3c793581a2398b5ad1ca04264130f528617d432d5c42c3c2a4028bd38e186a	-	ol9_aarch64_codeready_builder
	perf-5.14.0-503.14.1.el9_5.aarch64.rpm	905fd1ca7b865182c4265eb40cb39b127059966e24a87026275703da88dcc121	-	ol9_aarch64_appstream
	python3-perf-5.14.0-503.14.1.el9_5.aarch64.rpm	c6783985416d44586dc6cf35aa6af69b6b7e577a1ca84debc7ea8c6931ed3d6a	-	ol9_aarch64_baseos_latest
	python3-perf-5.14.0-503.14.1.el9_5.aarch64.rpm	c6783985416d44586dc6cf35aa6af69b6b7e577a1ca84debc7ea8c6931ed3d6a	-	ol9_aarch64_u5_baseos_patch
	rtla-5.14.0-503.14.1.el9_5.aarch64.rpm	045ed1ee320f36cbfc11e30c0d90937e2dae6bf06b6ff14120dfe387d550e694	-	ol9_aarch64_appstream
	rv-5.14.0-503.14.1.el9_5.aarch64.rpm	13bb9ca0d26fb31ea587484f8057e882ba2c496468b6d77c72d5d2a97cffde63	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	kernel-5.14.0-503.14.1.el9_5.src.rpm	5efa0b1e23d8840152061d7abcafeb00736234c96f893295c72a651484eebfe1	-	ol9_x86_64_appstream
	kernel-5.14.0-503.14.1.el9_5.src.rpm	5efa0b1e23d8840152061d7abcafeb00736234c96f893295c72a651484eebfe1	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.14.1.el9_5.src.rpm	5efa0b1e23d8840152061d7abcafeb00736234c96f893295c72a651484eebfe1	-	ol9_x86_64_codeready_builder
	kernel-5.14.0-503.14.1.el9_5.src.rpm	5efa0b1e23d8840152061d7abcafeb00736234c96f893295c72a651484eebfe1	-	ol9_x86_64_u5_baseos_patch
	bpftool-7.4.0-503.14.1.el9_5.x86_64.rpm	b1e7ee45e670fa6e7ab935d0c78a239d8ebe5419d29351fda488886fb3e2f46e	-	ol9_x86_64_baseos_latest
	bpftool-7.4.0-503.14.1.el9_5.x86_64.rpm	b1e7ee45e670fa6e7ab935d0c78a239d8ebe5419d29351fda488886fb3e2f46e	-	ol9_x86_64_u5_baseos_patch
	kernel-5.14.0-503.14.1.el9_5.x86_64.rpm	be9fe962757ccd586687b8d45b408729d2a3355a19e4a78e5cadcf459bf2a2dd	-	ol9_x86_64_baseos_latest
	kernel-5.14.0-503.14.1.el9_5.x86_64.rpm	be9fe962757ccd586687b8d45b408729d2a3355a19e4a78e5cadcf459bf2a2dd	-	ol9_x86_64_u5_baseos_patch
	kernel-abi-stablelists-5.14.0-503.14.1.el9_5.noarch.rpm	8e9f9cebb1d08ee300899cfc9c48e967cba1a6e4a5c74963aefc58a6caa640ea	-	ol9_x86_64_baseos_latest
	kernel-abi-stablelists-5.14.0-503.14.1.el9_5.noarch.rpm	8e9f9cebb1d08ee300899cfc9c48e967cba1a6e4a5c74963aefc58a6caa640ea	-	ol9_x86_64_u5_baseos_patch
	kernel-core-5.14.0-503.14.1.el9_5.x86_64.rpm	726ce32a67cc1d2c7755b9c34857f5479164ee425253fa428f7bd43ea8f0d934	-	ol9_x86_64_baseos_latest
	kernel-core-5.14.0-503.14.1.el9_5.x86_64.rpm	726ce32a67cc1d2c7755b9c34857f5479164ee425253fa428f7bd43ea8f0d934	-	ol9_x86_64_u5_baseos_patch
	kernel-cross-headers-5.14.0-503.14.1.el9_5.x86_64.rpm	20b70aa95b0e78669017fa849c70eede6f6b426c548c1cfc1e0aa104c77efa83	-	ol9_x86_64_codeready_builder
	kernel-debug-5.14.0-503.14.1.el9_5.x86_64.rpm	f56db480c3a7120eef1138d663e0a39f1f14443b4acb966885fb810f6e81e33c	-	ol9_x86_64_baseos_latest
	kernel-debug-5.14.0-503.14.1.el9_5.x86_64.rpm	f56db480c3a7120eef1138d663e0a39f1f14443b4acb966885fb810f6e81e33c	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-core-5.14.0-503.14.1.el9_5.x86_64.rpm	727ee4186e89c149a079516d50571e8f3041a4d96e6f8c59efb21ba5cbad1aea	-	ol9_x86_64_baseos_latest
	kernel-debug-core-5.14.0-503.14.1.el9_5.x86_64.rpm	727ee4186e89c149a079516d50571e8f3041a4d96e6f8c59efb21ba5cbad1aea	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-devel-5.14.0-503.14.1.el9_5.x86_64.rpm	9a015d4f17f8c0435cbaa8eb087f4858d73ee1ee38ba85412528550c340c8366	-	ol9_x86_64_appstream
	kernel-debug-devel-matched-5.14.0-503.14.1.el9_5.x86_64.rpm	da2ae75c23908603017f4dec518113c3d6a42bbcc0aae8aa45f1a63878704538	-	ol9_x86_64_appstream
	kernel-debug-modules-5.14.0-503.14.1.el9_5.x86_64.rpm	b7e2ca003c44dc7c4a0392289a03ae78acf1066bc59a541f7684a30953336fb6	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-5.14.0-503.14.1.el9_5.x86_64.rpm	b7e2ca003c44dc7c4a0392289a03ae78acf1066bc59a541f7684a30953336fb6	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-core-5.14.0-503.14.1.el9_5.x86_64.rpm	58a587ba65f826a2c7330ef22881b51dcdd05e67e3c8dbde5754a5b7ed0a87f0	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-core-5.14.0-503.14.1.el9_5.x86_64.rpm	58a587ba65f826a2c7330ef22881b51dcdd05e67e3c8dbde5754a5b7ed0a87f0	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-modules-extra-5.14.0-503.14.1.el9_5.x86_64.rpm	7f38f75aa12a567b8d67613ebaf3a4809fc3c4a7b536c7cead1e153285dc50ac	-	ol9_x86_64_baseos_latest
	kernel-debug-modules-extra-5.14.0-503.14.1.el9_5.x86_64.rpm	7f38f75aa12a567b8d67613ebaf3a4809fc3c4a7b536c7cead1e153285dc50ac	-	ol9_x86_64_u5_baseos_patch
	kernel-debug-uki-virt-5.14.0-503.14.1.el9_5.x86_64.rpm	22507daefaafe220c00522a01707b19d98ab0499ed5fd9603c28b2fdf4d5537e	-	ol9_x86_64_baseos_latest
	kernel-debug-uki-virt-5.14.0-503.14.1.el9_5.x86_64.rpm	22507daefaafe220c00522a01707b19d98ab0499ed5fd9603c28b2fdf4d5537e	-	ol9_x86_64_u5_baseos_patch
	kernel-devel-5.14.0-503.14.1.el9_5.x86_64.rpm	cb5d77d555448053dcc719ead61c4c75de06085fa971aea21025c860b6cc8553	-	ol9_x86_64_appstream
	kernel-devel-matched-5.14.0-503.14.1.el9_5.x86_64.rpm	071445c0912f27ecafc2490ed95dadd0593273cb1b650c8b4407697aeb35b12e	-	ol9_x86_64_appstream
	kernel-doc-5.14.0-503.14.1.el9_5.noarch.rpm	789f1f0ee08890f6f3d42ff3a81562810f039ccadbb0410769f658da0bcce7b5	-	ol9_x86_64_appstream
	kernel-headers-5.14.0-503.14.1.el9_5.x86_64.rpm	393ec76360baa5058fbfa76f327e7904fea9b546778af04a4bf772e912c585a2	-	ol9_x86_64_appstream
	kernel-modules-5.14.0-503.14.1.el9_5.x86_64.rpm	6493f48f25e3747f1b8195a96eed1b85464c3f22f0c29206ec5b87641c1f8215	-	ol9_x86_64_baseos_latest
	kernel-modules-5.14.0-503.14.1.el9_5.x86_64.rpm	6493f48f25e3747f1b8195a96eed1b85464c3f22f0c29206ec5b87641c1f8215	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-core-5.14.0-503.14.1.el9_5.x86_64.rpm	907699a6cc26b8df33cad484af59e669a6131be3a83e0afe255deddb20e426c1	-	ol9_x86_64_baseos_latest
	kernel-modules-core-5.14.0-503.14.1.el9_5.x86_64.rpm	907699a6cc26b8df33cad484af59e669a6131be3a83e0afe255deddb20e426c1	-	ol9_x86_64_u5_baseos_patch
	kernel-modules-extra-5.14.0-503.14.1.el9_5.x86_64.rpm	2b94045e62d69d4d59422a32b27d6bdb11410b89c463ba181dee34ab9fec493a	-	ol9_x86_64_baseos_latest
	kernel-modules-extra-5.14.0-503.14.1.el9_5.x86_64.rpm	2b94045e62d69d4d59422a32b27d6bdb11410b89c463ba181dee34ab9fec493a	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-5.14.0-503.14.1.el9_5.x86_64.rpm	a67c7bd4ef46aa72264aab7df6bb9fc77bd87749b9d5f1ca1dcd123a6b0b78b7	-	ol9_x86_64_baseos_latest
	kernel-tools-5.14.0-503.14.1.el9_5.x86_64.rpm	a67c7bd4ef46aa72264aab7df6bb9fc77bd87749b9d5f1ca1dcd123a6b0b78b7	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-5.14.0-503.14.1.el9_5.x86_64.rpm	6c47c035a6cfe36601a7324372edb70ecb80df67b0102f6b1cc67db87f8e1690	-	ol9_x86_64_baseos_latest
	kernel-tools-libs-5.14.0-503.14.1.el9_5.x86_64.rpm	6c47c035a6cfe36601a7324372edb70ecb80df67b0102f6b1cc67db87f8e1690	-	ol9_x86_64_u5_baseos_patch
	kernel-tools-libs-devel-5.14.0-503.14.1.el9_5.x86_64.rpm	0391171ce91c52a04e8c4077f95dd4ee54aafeef94db2a06a7b5a543cf7f0ca1	-	ol9_x86_64_codeready_builder
	kernel-uki-virt-5.14.0-503.14.1.el9_5.x86_64.rpm	696dcb3f0341ee8895be4b9bc2305348ea8657ad8337ff940d7c65aaeff32abc	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-5.14.0-503.14.1.el9_5.x86_64.rpm	696dcb3f0341ee8895be4b9bc2305348ea8657ad8337ff940d7c65aaeff32abc	-	ol9_x86_64_u5_baseos_patch
	kernel-uki-virt-addons-5.14.0-503.14.1.el9_5.x86_64.rpm	d498270ac5eb504ddb04c931263a62c0c97b21ea35987578a364869e5866e756	-	ol9_x86_64_baseos_latest
	kernel-uki-virt-addons-5.14.0-503.14.1.el9_5.x86_64.rpm	d498270ac5eb504ddb04c931263a62c0c97b21ea35987578a364869e5866e756	-	ol9_x86_64_u5_baseos_patch
	libperf-5.14.0-503.14.1.el9_5.x86_64.rpm	8ce539c4587b50e393e9787354f1325b81816d657e0d630323b1ed774a44bac6	-	ol9_x86_64_codeready_builder
	perf-5.14.0-503.14.1.el9_5.x86_64.rpm	f81eaf90011c75a0dafd6ab8cd66b47d6814d466edb044c8a174ef51407c718f	-	ol9_x86_64_appstream
	python3-perf-5.14.0-503.14.1.el9_5.x86_64.rpm	1b5e27bcfe0c419a2e300e6b0518740f056825e45d0be42762b74fc3be4f7a67	-	ol9_x86_64_baseos_latest
	python3-perf-5.14.0-503.14.1.el9_5.x86_64.rpm	1b5e27bcfe0c419a2e300e6b0518740f056825e45d0be42762b74fc3be4f7a67	-	ol9_x86_64_u5_baseos_patch
	rtla-5.14.0-503.14.1.el9_5.x86_64.rpm	86398821fda74263ce072cef33c64a47ec7b2de6b416cb925f6aaec05871d0ec	-	ol9_x86_64_appstream
	rv-5.14.0-503.14.1.el9_5.x86_64.rpm	c395a1d31dcde0bddc857eb0a9cb741e6eb0428e941a0c3cc859a126bb938b13	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691