[El-errata] ELSA-2024-12779 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Oct 15 11:34:27 UTC 2024
Oracle Linux Security Advisory ELSA-2024-12779
http://linux.oracle.com/errata/ELSA-2024-12779.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-4.14.35-2047.541.4.1.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2047.541.4.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2047.541.4.1.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2047.541.4.1.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2047.541.4.1.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2047.541.4.1.el7uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.541.4.1.el7uek.src.rpm
Related CVEs:
CVE-2022-3566
CVE-2022-3567
CVE-2023-52803
CVE-2024-36894
CVE-2024-36905
CVE-2024-37078
CVE-2024-38619
CVE-2024-39469
CVE-2024-39487
CVE-2024-39499
CVE-2024-39501
CVE-2024-39509
CVE-2024-40901
CVE-2024-40902
CVE-2024-40904
CVE-2024-40912
CVE-2024-40932
CVE-2024-40941
CVE-2024-40942
CVE-2024-40943
CVE-2024-40959
CVE-2024-40974
CVE-2024-40978
CVE-2024-40981
CVE-2024-40987
CVE-2024-40988
CVE-2024-41006
CVE-2024-41034
CVE-2024-41035
CVE-2024-41044
CVE-2024-41046
CVE-2024-41089
CVE-2024-41095
CVE-2024-41097
CVE-2024-42070
CVE-2024-42084
CVE-2024-42089
CVE-2024-42090
CVE-2024-42094
CVE-2024-42096
CVE-2024-42097
CVE-2024-42101
CVE-2024-42104
CVE-2024-42105
CVE-2024-42106
CVE-2024-42115
CVE-2024-42143
CVE-2024-42145
CVE-2024-42148
CVE-2024-42153
CVE-2024-42154
CVE-2024-42157
CVE-2024-42223
CVE-2024-42224
CVE-2024-42232
CVE-2024-42236
CVE-2024-44952
CVE-2024-46738
Description of changes:
[4.14.35-2047.541.4.1.el7uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37137499]
[4.14.35-2047.541.4.el7uek]
- selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang) [Orabug: 37063821]
- selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang) [Orabug: 37063821]
- Revert "selftests/net: reap zerocopy completions passed up as ancillary data." (Harshit Mogalapalli) [Orabug: 37063821]
- Revert "selftests: fix OOM in msg_zerocopy selftest" (Harshit Mogalapalli) [Orabug: 37063821]
- Revert "selftests: make order checking verbose in msg_zerocopy selftest" (Harshit Mogalapalli) [Orabug: 37063821]
[4.14.35-2047.541.3.el7uek]
- ALSA: timer: Relax start tick time check for slave timer elements (Takashi Iwai)
- driver core: Fix uevent_show() vs driver detach race (Dan Williams) [Orabug: 37029154] {CVE-2024-44952}
- VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (David Fernandez Gonzalez) [Orabug: 37037206] {CVE-2024-46738}
[4.14.35-2047.541.2.el7uek]
- Revert "selftests/mm: conform test to TAP format output" (Samasth Norway Ananda) [Orabug: 36997529]
- Revert "selftests/kcmp: Make the test output consistent and clear" (Samasth Norway Ananda) [Orabug: 36997529]
[4.14.35-2047.541.1.el7uek]
- LTS version v4.14.351 (Yifei Liu)
- i2c: rcar: bring hardware to known state when probing (Wolfram Sang)
- nilfs2: fix kernel bug on rename operation of broken directory (Ryusuke Konishi) [Orabug: 36896822] {CVE-2024-41034}
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Eric Dumazet)
- libceph: fix race between delayed_work() and ceph_monc_stop() (Ilya Dryomov) [Orabug: 36930130] {CVE-2024-42232}
- hpet: Support 32-bit userspace (He Zhe)
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (Alan Stern) [Orabug: 36896827] {CVE-2024-41035}
- usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() (Lee Jones) [Orabug: 36930140] {CVE-2024-42236}
- USB: Add USB_QUIRK_NO_SET_INTF quirk for START BP-850k (WangYuli)
- USB: serial: option: add Rolling RW350-GL variants (Vanillan Wang)
- USB: serial: option: add Netprisma LCUK54 series modules (Mank Wang)
- USB: serial: option: add support for Foxconn T99W651 (Slark Xiao)
- USB: serial: option: add Fibocom FM350-GL (Bjørn Mork)
- USB: serial: option: add Telit FN912 rmnet compositions (Daniele Palmas)
- USB: serial: option: add Telit generic core-dump composition (Daniele Palmas)
- ARM: davinci: Convert comma to semicolon (Chen Ni)
- ppp: reject claimed-as-LCP but actually malformed packets (Dmitry Antipov) [Orabug: 36896857] {CVE-2024-41044}
- net: ethernet: lantiq_etop: fix double free in detach (Aleksander Jan Bajkowski) [Orabug: 36896864] {CVE-2024-41046}
- net: lantiq_etop: add blank line after declaration (Aleksander Jan Bajkowski)
- tcp: fix incorrect undo caused by DSACK of TLP retransmit (Neal Cardwell)
- nilfs2: fix incorrect inode allocation from reserved inodes (Ryusuke Konishi)
- i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr (Piotr Wojtaszczyk) [Orabug: 36897910] {CVE-2024-42153}
- i2c/busses: Convert timers to use timer_setup() (Kees Cook)
- i2c: pnx: move header into the driver (Wolfram Sang)
- media: dw2102: fix a potential buffer overflow (Mauro Carvalho Chehab)
- bnx2x: Fix multiple UBSAN array-index-out-of-bounds (Ghadi Elie Rahme) [Orabug: 36897887] {CVE-2024-42148}
- drm/amdgpu/atomfirmware: silence UBSAN warning (Alex Deucher)
- drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes (Ma Ke) [Orabug: 36897641] {CVE-2024-42101}
- fsnotify: Do not generate events for O_PATH file descriptors (Jan Kara)
- Bluetooth: Fix incorrect pointer arithmatic in ext_adv_report_evt (Jaganath Kanakkassery)
- mm: optimize the redundant loop of mm_update_owner_next() (Jinliang Zheng)
- nilfs2: add missing check for inode numbers on directory entries (Ryusuke Konishi) [Orabug: 36897653] {CVE-2024-42104}
- nilfs2: fix inode number range checks (Ryusuke Konishi) [Orabug: 36897659] {CVE-2024-42105}
- inet_diag: Initialize pad field in struct inet_diag_req_v2 (Shigeru Yoshida) [Orabug: 36897667] {CVE-2024-42106}
- selftests: make order checking verbose in msg_zerocopy selftest (Zijian Zhang)
- selftests: fix OOM in msg_zerocopy selftest (Zijian Zhang)
- selftests/net: reap zerocopy completions passed up as ancillary data. (Sowmini Varadhan)
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (Sam Sun) [Orabug: 36825249] {CVE-2024-39487}
- tcp_metrics: validate source addr length (Jakub Kicinski) [Orabug: 36897917] {CVE-2024-42154}
- UPSTREAM: tcp: fix DSACK undo in fast recovery to call tcp_try_to_open() (Neal Cardwell)
- s390/pkey: Wipe sensitive data on failure (Holger Dengler) [Orabug: 36897935] {CVE-2024-42157}
- jffs2: Fix potential illegal address access in jffs2_free_inode (Wang Yong) [Orabug: 36897698] {CVE-2024-42115}
- powerpc/xmon: Check cpu id in commands "c#", "dp#" and "dx#" (Greg Kurz)
- orangefs: fix out-of-bounds fsid access (Mike Marshall) [Orabug: 36897838] {CVE-2024-42143}
- powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (Michael Ellerman)
- i2c: i801: Annotate apanel_addr as __ro_after_init (Heiner Kallweit)
- media: dvb-frontends: tda10048: Fix integer overflow (Ricardo Ribalda) [Orabug: 36897977] {CVE-2024-42223}
- media: s2255: Use refcount_t instead of atomic_t for num_channels (Ricardo Ribalda)
- media: dvb-frontends: tda18271c2dd: Remove casting during div (Ricardo Ribalda)
- net: dsa: mv88e6xxx: Correct check for empty list (Simon Horman) [Orabug: 36897983] {CVE-2024-42224}
- Input: ff-core - prefer struct_size over open coded arithmetic (Erick Archer)
- firmware: dmi: Stop decoding on broken entry (Jean Delvare)
- sctp: prefer struct_size over open coded arithmetic (Erick Archer)
- media: dw2102: Don't translate i2c read into write (Michael Bunk)
- IB/core: Implement a limit on UMAD receive List (Michael Guralnik) [Orabug: 36897848] {CVE-2024-42145}
- media: dvb-usb: dib0700_devices: Add missing release_firmware() (Ricardo Ribalda)
- media: dvb: as102-fe: Fix as10x_register_addr packing (Ricardo Ribalda)
- LTS version v4.14.350 (Yifei Liu)
- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (felix) [Orabug: 36940548] {CVE-2023-52803}
- arm64: dts: rockchip: Add sound-dai-cells for RK3368 (Alex Bee)
- tcp: Fix data races around icsk->icsk_af_ops. (Kuniyuki Iwashima) [Orabug: 34719867] {CVE-2022-3566}
- ipv6: Fix data races around sk->sk_prot. (Kuniyuki Iwashima) [Orabug: 34719907] {CVE-2022-3567}
- ipv6: annotate some data-races around sk->sk_prot (Eric Dumazet)
- pwm: stm32: Refuse too small period requests (Uwe Kleine-König)
- ftruncate: pass a signed offset (Arnd Bergmann) [Orabug: 36897559] {CVE-2024-42084}
- batman-adv: Don't accept TT entries for out-of-spec VIDs (Vegard Nossum)
- batman-adv: include gfp.h for GFP_* defines (Sven Eckelmann)
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes (Ma Ke) [Orabug: 36897381] {CVE-2024-41089}
- drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes (Ma Ke) [Orabug: 36897446] {CVE-2024-41095}
- hexagon: fix fadvise64_64 calling conventions (Arnd Bergmann)
- tty: mcf: MCF54418 has 10 UARTS (Jean-Michel Hautbois)
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (Nikita Zhandarovich) [Orabug: 36897452] {CVE-2024-41097}
- usb: musb: da8xx: fix a resource leak in probe() (Dan Carpenter)
- usb: gadget: printer: SS+ support (Oliver Neukum)
- net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez)
- iio: adc: ad7266: Fix variable checking bug (Fernando Yang)
- mmc: sdhci-pci: Convert PCIBIOS_* return codes to errnos (Ilpo Järvinen)
- x86: stop playing stack games in profile_pc() (Linus Torvalds) [Orabug: 36897617] {CVE-2024-42096}
- i2c: ocores: set IACK bit after core is enabled (Grygorii Tertychnyi)
- i2c: ocores: stop transfer on timeout (Federico Vaga)
- nvme: fixup comment for nvme RDMA Provider Type (Hannes Reinecke)
- soc: ti: wkup_m3_ipc: Send NULL dummy message instead of pointer message (Andrew Davis)
- media: dvbdev: Initialize sbuf (Ricardo Ribalda)
- ALSA: emux: improve patch ioctl data validation (Oswald Buddenhagen) [Orabug: 36897626] {CVE-2024-42097}
- net/iucv: Avoid explicit cpumask var allocation on stack (Dawei Li) [Orabug: 36897609] {CVE-2024-42094}
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Pablo Neira Ayuso) [Orabug: 36897501] {CVE-2024-42070}
- ASoC: fsl-asoc-card: set priv->pdev before using it (Elinor Montmasson) [Orabug: 36897579] {CVE-2024-42089}
- drm/amdgpu: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835993] {CVE-2024-40987}
- pinctrl: rockchip: fix pinmux reset in rockchip_pmx_set (Huang-Huang Bao)
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO3-B pins (Huang-Huang Bao)
- pinctrl: rockchip: fix pinmux bits for RK3328 GPIO2-B pins (Huang-Huang Bao)
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (Hagar Hemdan) [Orabug: 36897587] {CVE-2024-42090}
- usb: xhci: do not perform Soft Retry for some xHCI hosts (Stanislaw Gruszka)
- xhci: Set correct transferred length for cancelled bulk transfers (Mathias Nyman)
- xhci: Use soft retry to recover faster from transaction errors (Mathias Nyman)
- usb: xhci: Remove ep_trb from xhci_cleanup_halted_endpoint() (Lu Baolu)
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (Breno Leitao) [Orabug: 36835697] {CVE-2024-40901}
- scsi: mpt3sas: Gracefully handle online firmware update (Suganath Prabu)
logging macros (Joe Perches)
- iio: dac: ad5592r: fix temperature channel scaling value (Marc Ferland)
- iio: dac: ad5592r: un-indent code-block for scale read (Alexandru Ardelean)
- iio: dac: ad5592r-base: Replace indio_dev->mlock with own device lock (Sergiu Cuciurean)
- x86/amd_nb: Check for invalid SMN reads (Yazen Ghannam)
- PCI: Add PCI_ERROR_RESPONSE and related definitions (Naveen Naidu)
- ARM: dts: samsung: smdk4412: fix keypad no-autorepeat (Krzysztof Kozlowski)
- ARM: dts: samsung: exynos4412-origen: fix keypad no-autorepeat (Krzysztof Kozlowski)
- ARM: dts: samsung: smdkv310: fix keypad no-autorepeat (Krzysztof Kozlowski)
- gcov: add support for GCC 14 (Peter Oberparleiter)
- drm/radeon: fix UBSAN warning in kv_dpm.c (Alex Deucher) [Orabug: 36835998] {CVE-2024-40988}
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (Raju Rangoju)
- dmaengine: ioatdma: Fix missing kmem_cache_destroy() (Nikita Shubin)
- regulator: core: Fix modpost error "regulator_get_regmap" undefined (Biju Das)
- net: usb: rtl8150 fix unintiatilzed variables in rtl8150_get_link_ksettings (Oliver Neukum)
- virtio_net: checksum offloading handling fix (Heng Qi)
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (Eric Dumazet) [Orabug: 36835853] {CVE-2024-40959}
- netrom: Fix a memory leak in nr_heartbeat_expiry() (Gavrilov Ilia) [Orabug: 36836088] {CVE-2024-41006}
- cipso: fix total option length computation (Ondrej Mosnacek)
- MIPS: Routerboard 532: Fix vendor retry check code (Ilpo Järvinen)
- udf: udftime: prevent overflow in udf_disk_stamp_to_time() (Roman Smirnov)
- udf: Simplify calls to udf_disk_stamp_to_time (Deepa Dinamani)
- udf: Sanitize nanoseconds for time stamps (Jan Kara)
- usb: misc: uss720: check for incompatible versions of the Belkin F5U002 (Alex Henrie)
- powerpc/io: Avoid clang null pointer arithmetic warnings (Michael Ellerman)
- powerpc/pseries: Enforce hcall result buffer validity and size (Nathan Lynch) [Orabug: 36835927] {CVE-2024-40974}
- scsi: qedi: Fix crash while reading debugfs attribute (Manish Rangankar) [Orabug: 36835948] {CVE-2024-40978}
- batman-adv: bypass empty buckets in batadv_purge_orig_ref() (Eric Dumazet) [Orabug: 36835967] {CVE-2024-40981}
- rcutorture: Fix rcu_torture_one_read() pipe_count overflow comment (Paul E. McKenney)
- usb-storage: alauda: Check whether the media is initialized (Shichao Lai) [Orabug: 36753735] {CVE-2024-38619}
- hugetlb_encode.h: fix undefined behaviour (34 << 26) (Matthias Goergens)
- mm/hugetlb: add mmap() encodings for 32MB and 512MB page sizes (Anshuman Khandual)
- nilfs2: fix potential kernel bug due to lack of writeback flag waiting (Ryusuke Konishi) [Orabug: 36774572] {CVE-2024-37078}
- intel_th: pci: Add Lunar Lake support (Alexander Shishkin)
- intel_th: pci: Add Meteor Lake-S support (Alexander Shishkin)
- intel_th: pci: Add Sapphire Rapids SOC support (Alexander Shishkin)
- intel_th: pci: Add Granite Rapids SOC support (Alexander Shishkin)
- intel_th: pci: Add Granite Rapids support (Alexander Shishkin)
- dmaengine: axi-dmac: fix possible race in remove() (Nuno Sa)
- ocfs2: fix races between hole punching and AIO+DIO (Su Yue) [Orabug: 36835818] {CVE-2024-40943}
- ocfs2: use coarse time for new created files (Su Yue)
- fs/proc: fix softlockup in __read_vmcore (Rik van Riel)
- vmci: prevent speculation leaks by sanitizing event in event_deliver() (Hagar Gamal Halim Hemdan) [Orabug: 36835583] {CVE-2024-39499}
- drm/exynos/vidi: fix memory leak in .get_modes() (Jani Nikula) [Orabug: 36835787] {CVE-2024-40932}
- drivers: core: synchronize really_probe() and dev_uevent() (Dirk Behme) [Orabug: 36835590] {CVE-2024-39501}
- net/ipv6: Fix the RT cache flush via sysctl using a previous delay (Petr Pavlu)
- ipv6/route: Add a missing check on proc_dointvec (Aditya Pakki)
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz)
- tcp: fix race in tcp_v6_syn_recv_sock() (Eric Dumazet)
- drm/bridge/panel: Fix runtime warning on panel bridge release (Adam Miotk)
- iommu/amd: Fix sysfs leak in iommu init (Kun(llfl))
- HID: core: remove unnecessary WARN_ON() in implement() (Nikita Zhandarovich) [Orabug: 36835690] {CVE-2024-39509}
- Input: try trimming too long modalias strings (Dmitry Torokhov)
- xhci: Apply broken streams quirk to Etron EJ188 xHCI host (Kuangyi Chiang)
- xhci: Apply reset resume quirk to Etron EJ188 xHCI host (Kuangyi Chiang)
- jfs: xattr: fix buffer overflow for invalid xattr (Greg Kroah-Hartman) [Orabug: 36835702] {CVE-2024-40902}
- mei: me: release irq in mei_me_pci_resume error path (Tomas Winkler)
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (Alan Stern) [Orabug: 36835710] {CVE-2024-40904}
- nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors (Ryusuke Konishi) [Orabug: 36774648] {CVE-2024-39469}
- nilfs2: return the mapped address from nilfs_get_page() (Matthew Wilcox (Oracle))
- nilfs2: Remove check for PageError (Matthew Wilcox (Oracle))
- selftests/mm: compaction_test: fix bogus test success on Aarch64 (Dev Jain)
- selftests/mm: conform test to TAP format output (Muhammad Usama Anjum)
- selftests/mm: compaction_test: fix incorrect write of zero to nr_hugepages (Dev Jain)
- media: mc: mark the media devnode as registered from the, start (Hans Verkuil)
- serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (Hugo Villeneuve)
- serial: sc16is7xx: replace hardcoded divisor value with BIT() macro (Hugo Villeneuve)
- usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (Wesley Cheng) [Orabug: 36683256] {CVE-2024-36894}
- af_unix: Annotate data-race of sk->sk_shutdown in sk_diag_fill(). (Kuniyuki Iwashima)
- af_unix: Use skb_queue_len_lockless() in sk_diag_show_rqlen(). (Kuniyuki Iwashima)
- af_unix: Use unix_recvq_full_lockless() in unix_stream_connect(). (Kuniyuki Iwashima)
- af_unix: Annotate data-race of net->unx.sysctl_max_dgram_qlen. (Kuniyuki Iwashima)
- af_unix: Annotate data-races around sk->sk_state in UNIX_DIAG. (Kuniyuki Iwashima)
- af_unix: Annotate data-races around sk->sk_state in sendmsg() and recvmsg(). (Kuniyuki Iwashima)
- af_unix: Annotate data-races around sk->sk_state in unix_write_space() and poll(). (Kuniyuki Iwashima)
- af_unix: Fix data races around sk->sk_shutdown. (Kuniyuki Iwashima)
- af_unix: Annotate data-race of sk->sk_state in unix_inq_len(). (Kuniyuki Iwashima)
- af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima)
- af_unix: ensure POLLOUT on remote close() for connected dgram socket (Jason Baron)
- ptp: Fix error message on failed pin verification (Karol Kolacinski)
- tcp: count CLOSE-WAIT sockets for TCP_MIB_CURRESTAB (Jason Xing)
- ipv6: sr: block BH in seg6_output_core() and seg6_input_core() (Eric Dumazet)
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation (Emmanuel Grumbach) [Orabug: 36835809] {CVE-2024-40941}
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (Remi Pommarel) [Orabug: 36835736] {CVE-2024-40912}
- wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects (Nicolas Escande) [Orabug: 36835813] {CVE-2024-40942}
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (Eric Dumazet) [Orabug: 36683297] {CVE-2024-36905}
- Revert "tcp: remove redundant check on tskb" (Vegard Nossum)
- Revert "tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets" (Vegard Nossum)
- Revert "scsi: target: Fix SELinux error when systemd-modules loads the target module" (Vegard Nossum)
More information about the El-errata
mailing list