[El-errata] ELSA-2024-12169 Important: Oracle Linux 8 kernel security update

Fri Feb 23 11:33:12 UTC 2024

Oracle Linux Security Advisory ELSA-2024-12169

http://linux.oracle.com/errata/ELSA-2024-12169.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-core-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-cross-headers-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-debug-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-debug-core-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-debug-devel-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-debug-modules-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-debug-modules-extra-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-devel-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-doc-4.18.0-513.18.0.1.el8_9.noarch.rpm
kernel-headers-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-modules-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-modules-extra-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-tools-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-tools-libs-4.18.0-513.18.0.1.el8_9.x86_64.rpm
perf-4.18.0-513.18.0.1.el8_9.x86_64.rpm
python3-perf-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-tools-libs-devel-4.18.0-513.18.0.1.el8_9.x86_64.rpm
kernel-abi-stablelists-4.18.0-513.18.0.1.el8_9.noarch.rpm

aarch64:
bpftool-4.18.0-513.18.0.1.el8_9.aarch64.rpm
kernel-cross-headers-4.18.0-513.18.0.1.el8_9.aarch64.rpm
kernel-headers-4.18.0-513.18.0.1.el8_9.aarch64.rpm
kernel-tools-4.18.0-513.18.0.1.el8_9.aarch64.rpm
kernel-tools-libs-4.18.0-513.18.0.1.el8_9.aarch64.rpm
perf-4.18.0-513.18.0.1.el8_9.aarch64.rpm
python3-perf-4.18.0-513.18.0.1.el8_9.aarch64.rpm
kernel-tools-libs-devel-4.18.0-513.18.0.1.el8_9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-513.18.0.1.el8_9.src.rpm

Related CVEs:

CVE-2022-3545
CVE-2022-41858
CVE-2023-1073
CVE-2023-1838
CVE-2023-2166
CVE-2023-4921
CVE-2023-5717
CVE-2023-6356
CVE-2023-6535
CVE-2023-6536
CVE-2023-6606
CVE-2023-6610
CVE-2023-6817
CVE-2023-40283
CVE-2023-45871
CVE-2024-0646

Description of changes:

[4.18.0-513.18.0.1.el8_9.OL8]
- drivers: net: slip: fix NPD bug in sl_tx_timeout() {CVE-2022-41858}
- nfp: fix use-after-free in area_cache_get() {CVE-2022-3545}
- HID: check empty report_list in hid_validate_values() {CVE-2023-1073}
- Fix double fget() in vhost_net_set_backend() {CVE-2023-1838}
- can: af_can: fix NULL pointer dereference in can_rcv_filter {CVE-2023-2166}
- net: sched: sch_qfq: Fix UAF in qfq_dequeue() {CVE-2023-4921}
- perf: Disallow mis-matched inherited group reads {CVE-2023-5717}
- perf/core: Fix potential NULL deref {CVE-2023-5717}
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356}
- nvmet-tcp: fix a crash in nvmet_req_complete() {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356}
- nvmet-tcp: remove boilerplate code {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356}
- nvmet-tcp: Fix the H2C expected PDU len calculation {CVE-2023-6536 CVE-2023-6535 CVE-2023-6356}
- smb: client: fix potential OOB in cifs_dump_detail() {CVE-2023-6610}
- smb: client: fix potential OOB in smb2_dump_detail() {CVE-2023-6610}
- smb: client: fix OOB in smbCalcSize() {CVE-2023-6606}
- net: tls, update curr on splice as well {CVE-2024-0646}
- netfilter: nft_set_pipapo: skip inactive elements during set walk {CVE-2023-6817}
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb {CVE-2023-40283}
- igb: set max size RX buffer when store bad packet is enabled {CVE-2023-45871}