[El-errata] ELSA-2024-12208 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Mar 13 08:57:38 UTC 2024


Oracle Linux Security Advisory ELSA-2024-12208

http://linux.oracle.com/errata/ELSA-2024-12208.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:


aarch64:
bpftool-5.15.0-204.147.6.2.el9uek.aarch64.rpm
kernel-uek-5.15.0-204.147.6.2.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-204.147.6.2.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-204.147.6.2.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-204.147.6.2.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-204.147.6.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-204.147.6.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-204.147.6.2.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-204.147.6.2.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-204.147.6.2.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-204.147.6.2.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-204.147.6.2.el9uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-204.147.6.2.el9uek.src.rpm

Related CVEs:

CVE-2024-1085




Description of changes:

[5.15.0-204.147.6.2.el9uek]
- smb3: Replace smb2pdu 1-element arrays with flex-arrays (Kees Cook)  [Orabug: 36353543]
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Shradha Gupta)  [Orabug: 36358874]
- hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Souradeep Chakrabarti) 
- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (Michael Kelley) 
- netfilter: ipset: Missing gc cancellations fixed (Jozsef Kadlecsik) 
- netfilter: ipset: fix performance regression in swap operation (Jozsef Kadlecsik) 
- netfilter: nft_set_rbtree: skip end interval element from gc (Pablo Neira Ayuso) 
- netfilter: nf_tables: set dormant flag on hook register failure (Florian Westphal)

[5.15.0-204.147.6.1.el9uek]
- arm64: Minimize tlb flush due to vttbr writes on AmpereOne (Ganapatrao Kulkarni)  [Orabug: 36359078]

[5.15.0-204.147.6.el9uek]
- keys, dns: Fix size check of V1 server-list header (David Howells) 
- net/rds: Supporting SIOCOUTQ to read pending sends (Devesh Sharma)  [Orabug: 34460809]
- KVM: x86: smm: preserve interrupt shadow in SMRAM (Maxim Levitsky)  [Orabug: 36171472]

[5.15.0-204.147.5.el9uek]
- tcp: fix excessive TLP and RACK timeouts from HZ rounding (Neal Cardwell)  [Orabug: 36289786]
- uek-rpm: Make few builtin options to modules back -- hardening (Harshit Mogalapalli)  [Orabug: 36196579]
- iommufd/iova_bitmap: Consider page offset for the pages to be pinned (Joao Martins)  [Orabug: 36197723]
- iommufd/iova_bitmap: Handle recording beyond the mapped pages (Joao Martins)  [Orabug: 36197723]
- iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array (Joao Martins)  [Orabug: 36197723]
- iommufd/iova_bitmap: Bounds check mapped::pages access (Joao Martins)  [Orabug: 36197723]
- Revert "iommu/amd: Improve dirty read io-pgtable walker" (Joao Martins)  [Orabug: 36197723]

[5.15.0-204.147.4.el9uek]
- uek-rpm: Disable MCORE2 in container kernel configs (Harshit Mogalapalli)  [Orabug: 36267828]
- md: fix regression for null-ptr-deference in __md_stop() (Yu Kuai)  [Orabug: 36230125]
- md: Free resources in __md_stop (Xiao Ni)  [Orabug: 36230125]
- md: Change active_io to percpu (Xiao Ni)  [Orabug: 36230125]
- md: Factor out is_md_suspended helper (Xiao Ni)  [Orabug: 36230125]
- hwmon: (opbmc) E6/AST2600 platform enabled (Jan Zdarek)  [Orabug: 36222931]

[5.15.0-204.147.3.el9uek]
- Revert "tcp: fix excessive TLP and RACK timeouts from HZ rounding" (Sherry Yang)  [Orabug: 36241828]
- mm: avoid heavy swap lock contention when unmapping with padata (Anthony Yznaga)  [Orabug: 36073084]
- mm: use less threads when unmapping some large VMAs (Anthony Yznaga)  [Orabug: 36073084]
- crypto: qat - add NULL pointer check (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - fix mutex ordering in adf_rl (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - fix error path in add_update_sla() (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - add sysfs_added flag for rate limiting (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - add sysfs_added flag for ras (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - prevent underflow in rp2srv_store() (Dan Carpenter)  [Orabug: 36156923]
- Documentation: ABI: debugfs-driver-qat: fix fw_counters path (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - move adf_cfg_services (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - add num_rps sysfs attribute (Ciunas Bennett)  [Orabug: 36156923]
- crypto: qat - add rp2svc sysfs attribute (Ciunas Bennett)  [Orabug: 36156923]
- crypto: qat - add rate limiting sysfs interface (Ciunas Bennett)  [Orabug: 36156923]
- crypto: qat - add rate limiting feature to qat_4xxx (Damian Muszynski)  [Orabug: 36156923]
- units: add missing header (Andy Shevchenko)  [Orabug: 36156923]
- units: Add BYTES_PER_*BIT (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - add retrieval of fw capabilities (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - add bits.h to icp_qat_hw.h (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - move admin api (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - fix ring to service map for QAT GEN4 (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - use masks for AE groups (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - refactor fw config related functions (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - count QAT GEN4 errors (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - add error counters (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - add handling of errors from ERRSOU3 for QAT GEN4 (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - add adf_get_aram_base() helper function (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - add handling of compression related errors for QAT GEN4 (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - add handling of errors from ERRSOU2 for QAT GEN4 (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - add reporting of errors from ERRSOU1 for QAT GEN4 (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - add reporting of correctable errors for QAT GEN4 (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - add infrastructure for error reporting (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - fix double free during reset (Svyatoslav Pankratov)  [Orabug: 36156923]
- crypto: qat - add cnv_errors debugfs file (Lucas Segarra Fernandez)  [Orabug: 36156923]
- crypto: qat - add pm_status debugfs file (Lucas Segarra Fernandez)  [Orabug: 36156923]
- crypto: qat - refactor included headers (Lucas Segarra Fernandez)  [Orabug: 36156923]
- crypto: qat - add namespace to driver (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - Remove zlib-deflate (Herbert Xu)  [Orabug: 36156923]
- crypto: qat - enable dc chaining service (Adam Guerin)  [Orabug: 36156923]
- crypto: qat - consolidate services structure (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - fix unregistration of compression algorithms (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - fix unregistration of crypto algorithms (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - ignore subsequent state up commands (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - do not shadow error code (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - fix state machines cleanup paths (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - refactor deprecated strncpy (Justin Stitt)  [Orabug: 36156923]
- crypto: qat - Use list_for_each_entry() helper (Jinjie Ruan)  [Orabug: 36156923]
- crypto: qat - fix crypto capability detection for 4xxx (Adam Guerin)  [Orabug: 36156923]
- crypto: qat - Remove unused function declarations (Yue Haibing)  [Orabug: 36156923]
- crypto: qat - use kfree_sensitive instead of memset/kfree() (Yang Yingliang)  [Orabug: 36156923]
- crypto: qat - replace the if statement with min() (You Kangren)  [Orabug: 36156923]
- crypto: qat - add heartbeat counters check (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - add heartbeat feature (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - add measure clock frequency (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - drop obsolete heartbeat interface (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - add internal timer for qat 4xxx (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - add fw_counters debugfs file (Lucas Segarra Fernandez)  [Orabug: 36156923]
- crypto: qat - change value of default idle filter (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - do not export adf_init_admin_pm() (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - expose pm_idle_enabled through sysfs (Lucas Segarra Fernandez)  [Orabug: 36156923]
- crypto: qat - extend configuration for 4xxx (Adam Guerin)  [Orabug: 36156923]
- Documentation: qat: change kernel version (Meadhbh)  [Orabug: 36156923]
- Documentation: qat: rewrite description (Bagas Sanjaya)  [Orabug: 36156923]
- Documentation: qat: Use code block for qat sysfs example (Bagas Sanjaya)  [Orabug: 36156923]
- crypto: qat - refactor fw config logic for 4xxx (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - make fw images name constant (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - move returns to default case (Adam Guerin)  [Orabug: 36156923]
- crypto: qat - update slice mask for 4xxx devices (Karthikeyan Gopal)  [Orabug: 36156923]
- crypto: qat - set deprecated capabilities as reserved (Karthikeyan Gopal)  [Orabug: 36156923]
- crypto: qat - add missing function declaration in adf_dbgfs.h (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - move dbgfs init to separate file (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - Move driver to drivers/crypto/intel/qat (Tom Zanussi)  [Orabug: 36156923]
- crypto: qat - drop redundant adf_enable_aer() (Bjorn Helgaas)  [Orabug: 36156923]
- crypto: qat - simplify adf_enable_aer() (Uwe Kleine-König)  [Orabug: 36156923]
- crypto: qat - fix apply custom thread-service mapping for dc service (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - add support for 402xx devices (Damian Muszynski)  [Orabug: 36156923]
- crypto: qat - make state machine functions static (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - refactor device restart logic (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - replace state machine calls (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - remove ADF_STATUS_PF_RUNNING flag from probe (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - fix concurrency issue when device state changes (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - expose device config through sysfs for 4xxx (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - delay sysfs initialization (Shashank Gupta)  [Orabug: 36156923]
- crypto: qat - Include algapi.h for low-level Crypto API (Herbert Xu)  [Orabug: 36156923]
- crypto: qat - Use request_complete helpers (Herbert Xu)  [Orabug: 36156923]
- crypto: qat - add qat_zlib_deflate (Lucas Segarra Fernandez)  [Orabug: 36156923]
- crypto: qat - extend buffer list logic interface (Lucas Segarra Fernandez)  [Orabug: 36156923]
- crypto: qat - fix spelling mistakes from 'bufer' to 'buffer' (Meadhbh Fitzpatrick)  [Orabug: 36156923]
- crypto: qat - add limit to linked list parsing (Adam Guerin)  [Orabug: 36156923]
- crypto: qat - add check to validate firmware images (Srinivas Kerekare)  [Orabug: 36156923]
- crypto: qat - relocate and rename adf_sriov_prepare_restart() (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - change behaviour of adf_cfg_add_key_value_param() (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - Removes the x86 dependency on the QAT drivers (Yoan Picchi)  [Orabug: 36156923]
- crypto: qat - Fix unsigned function returning negative constant (Haowen Bai)  [Orabug: 36156923]
- crypto: qat - remove line wrapping for pfvf_ops functions (Marco Chiappero)  [Orabug: 36156923]
- crypto: qat - use u32 variables in all GEN4 pfvf_ops (Marco Chiappero)  [Orabug: 36156923]
- crypto: qat - replace disable_vf2pf_interrupts() (Marco Chiappero)  [Orabug: 36156923]
- crypto: qat - leverage the GEN2 VF mask definiton (Marco Chiappero)  [Orabug: 36156923]
- crypto: qat - rework the VF2PF interrupt handling logic (Marco Chiappero)  [Orabug: 36156923]
- crypto: qat - fix off-by-one error in PFVF debug print (Marco Chiappero)  [Orabug: 36156923]
- crypto: qat - fix wording and formatting in code comment (Marco Chiappero)  [Orabug: 36156923]
- crypto: qat - test PFVF registers for spurious interrupts on GEN4 (Marco Chiappero)  [Orabug: 36156923]
- crypto: qat - add check for invalid PFVF protocol version 0 (Wojciech Ziemba)  [Orabug: 36156923]
- crypto: qat - add missing restarting event notification in VFs (Marco Chiappero)  [Orabug: 36156923]
- crypto: qat - remove unnecessary tests to detect PFVF support (Marco Chiappero)  [Orabug: 36156923]
- crypto: qat - remove unused PFVF stubs (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - remove unneeded braces (Marco Chiappero)  [Orabug: 36156923]
- crypto: qat - fix ETR sources enabled by default on GEN2 devices (Marco Chiappero)  [Orabug: 36156923]
- crypto: qat - stop using iommu_present() (Robin Murphy)  [Orabug: 36156923]
- crypto: qat - remove unneeded assignment (Giovanni Cabiddu)  [Orabug: 36156923]
- crypto: qat - don't cast parameter in bit operations (Andy Shevchenko)  [Orabug: 36156923]
- Revert "selftests/bpf: Test tail call counting with bpf2bpf and data on stack" (Samasth Norway Ananda)  [Orabug: 36204961]
- netfilter: nf_tables: check if catch-all set element is active in next generation (Pablo Neira Ayuso)  [Orabug: 36250951]  {CVE-2024-1085}

[5.15.0-204.147.2.el9uek]
- LTS version: v5.15.147 (Vijayendra Suman) 
- net: usb: ax88179_178a: move priv to driver_priv (Justin Chen) 
- net: usb: ax88179_178a: remove redundant init code (Justin Chen) 
- tracing/kprobes: Fix symbol counting logic by looking at modules as well (Andrii Nakryiko) 
- kallsyms: Make module_kallsyms_on_each_symbol generally available (Jiri Olsa) 
- netfilter: nf_tables: Reject tables of unsupported family (Phil Sutter) 
- perf inject: Fix GEN_ELF_TEXT_OFFSET for jit (Adrian Hunter) 
- ipv6: remove max_size check inline with ipv4 (Jon Maxwell) 
- net: tls, update curr on splice as well (John Fastabend) 
- mmc: sdhci-sprd: Fix eMMC init failure after hw reset (Wenchao Chen) 
- mmc: core: Cancel delayed work before releasing host (Geert Uytterhoeven) 
- mmc: rpmb: fixes pause retune on all RPMB partitions. (Jorge Ramirez-Ortiz) 
- mmc: meson-mx-sdhc: Fix initialization frozen issue (Ziyang Huang) 
- mm: fix unmap_mapping_range high bits shift bug (Jiajun Xie) 
- x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect (Jinghao Jia) 
- firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards (Takashi Sakamoto) 
- mm/memory-failure: check the mapcount of the precise page (Matthew Wilcox (Oracle)) 
- selftests: secretmem: floor the memory size to the multiple of page_size (Muhammad Usama Anjum) 
- net: Implement missing SO_TIMESTAMPING_NEW cmsg support (Thomas Lange) 
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (Michael Chan) 
- asix: Add check for usbnet_get_endpoints (Chen Ni) 
- octeontx2-af: Re-enable MAC TX in otx2_stop processing (Naveen Mamindlapalli) 
- octeontx2-af: Always configure NIX TX link credits based on max frame size (Naveen Mamindlapalli) 
- octeontx2-af: Set NIX link credits based on max LMAC (Sunil Goutham) 
- octeontx2-af: Don't enable Pause frames by default (Hariprasad Kelam) 
- net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues (Dinghao Liu) 
- igc: Fix hicredit calculation (Rodrigo Cataldo) 
- i40e: Restore VF MSI-X state during PCI reset (Andrii Staikov) 
- ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux (Mark Brown) 
- ASoC: meson: g12a-toacodec: Fix event generation (Mark Brown) 
- ASoC: meson: g12a-tohdmitx: Validate written enum values (Mark Brown) 
- ASoC: meson: g12a-toacodec: Validate written enum values (Mark Brown) 
- i40e: fix use-after-free in i40e_aqc_add_filters() (Ke Xiao) 
- net: Save and restore msg_namelen in sock_sendmsg (Marc Dionne) 
- netfilter: nft_immediate: drop chain reference counter on error (Pablo Neira Ayuso) 
- net: bcmgenet: Fix FCS generation for fragmented skbuffs (Adrian Cinal) 
- sfc: fix a double-free bug in efx_probe_filters (Zhipeng Lu) 
- ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init (Stefan Wahren) 
- net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps (Vadim Fedorenko) 
- can: raw: add support for SO_MARK (Marc Kleine-Budde) 
- can: raw: add support for SO_TXTIME/SCM_TXTIME (Marc Kleine-Budde) 
- net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) (Jörn-Thorben Hinz) 
- r8169: Fix PCI error on system resume (Kai-Heng Feng) 
- net: sched: em_text: fix possible memory leak in em_text_destroy() (Hangyu Hua) 
- mlxbf_gige: fix receive packet race condition (David Thompson) 
- ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable (Chancel Liu) 
- igc: Check VLAN EtherType mask (Kurt Kanzenbach) 
- igc: Check VLAN TCI mask (Kurt Kanzenbach) 
- igc: Report VLAN EtherType matching back to user (Kurt Kanzenbach) 
- i40e: Fix filter input checks to prevent config with invalid values (Sudheer Mogilappagari) 
- drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern (Khaled Almahallawy) 
- octeontx2-af: Fix marking couple of structure as __packed (Suman Ghosh) 
- nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local (Siddh Raman Pant) 
- drm/bridge: ti-sn65dsi86: Never store more than msg->size bytes in AUX xfer (Douglas Anderson) 
- Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" (Bjorn Helgaas) 
- ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 (Siddhesh Dharme) 
- block: Don't invalidate pagecache for invalid falloc modes (Sarthak Kukreti)

[5.15.0-204.146.1.el9uek]
- uek-rpm: Update the kABI files for new symbol (Yifei Liu)  [Orabug: 36183477]
- x86: KVM: SVM: refresh AVIC inhibition in svm_leave_nested() (Maxim Levitsky)  [Orabug: 36183624]
- KVM: x86: SVM: allow AVIC to co-exist with a nested guest running (Maxim Levitsky)  [Orabug: 36183624]
- KVM: x86: allow per cpu apicv inhibit reasons (Maxim Levitsky)  [Orabug: 36183624]
- rds: Add count for ready receive cache (Hans Westgaard Ry)  [Orabug: 36186035]




More information about the El-errata mailing list