[El-errata] ELSA-2024-12611 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Sep 12 12:44:28 UTC 2024
Oracle Linux Security Advisory ELSA-2024-12611
http://linux.oracle.com/errata/ELSA-2024-12611.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-uek-4.14.35-2047.540.4.1.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2047.540.4.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2047.540.4.1.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2047.540.4.1.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2047.540.4.1.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2047.540.4.1.el7uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.540.4.1.el7uek.src.rpm
Related CVEs:
CVE-2023-52796
CVE-2024-33621
CVE-2024-36015
CVE-2024-36016
CVE-2024-36286
CVE-2024-36484
CVE-2024-37353
CVE-2024-37356
CVE-2024-38549
CVE-2024-38558
CVE-2024-38559
CVE-2024-38560
CVE-2024-38565
CVE-2024-38567
CVE-2024-38578
CVE-2024-38579
CVE-2024-38582
CVE-2024-38583
CVE-2024-38589
CVE-2024-38596
CVE-2024-38599
CVE-2024-38601
CVE-2024-38612
CVE-2024-38613
CVE-2024-38618
CVE-2024-38621
CVE-2024-38627
CVE-2024-38633
CVE-2024-38634
CVE-2024-38637
CVE-2024-38659
CVE-2024-38780
CVE-2024-39276
CVE-2024-39292
CVE-2024-39301
CVE-2024-39475
CVE-2024-39480
CVE-2024-39488
CVE-2024-39489
CVE-2024-40968
Description of changes:
[4.14.35-2047.540.4.1.el7uek]
- Revert "selftests/kcmp: Make the test output consistent and clear" (Samasth Norway Ananda) [Orabug: 37029311]
[4.14.35-2047.540.4.el7uek]
- kdb: Use the passed prompt in kdb_position_cursor() (Douglas Anderson)
- ipvs: Avoid unnecessary calls to skb_is_gso_sctp (Ismael Luceno)
- printk: add kthread for long-running print (Stephen Brennan) [Orabug: 36208661]
[4.14.35-2047.540.3.el7uek]
- MIPS: Octeon: Add PCIe link status check (Dave Kleikamp) [Orabug: 36952386] {CVE-2024-40968}
[4.14.35-2047.540.2.el7uek]
- fsnotify: clear PARENT_WATCHED flags lazily (Amir Goldstein) [Orabug: 36922242]
- cifs: fix panic in smb2_reconnect (Ronnie Sahlberg) [Orabug: 36314494]
- cifs: convert cifs_put_smb_ses from static to global (Dai Ngo) [Orabug: 36314494]
- net: relax socket state check at accept time. (Paolo Abeni) [Orabug: 36768890] {CVE-2024-36484}
[4.14.35-2047.540.1.el7uek]
- x86/cpu: Avoid cpuinfo-induced IPI pileups (Paul E. McKenney) [Orabug: 35773812]
- LTS version v4.14.349 (Yifei Liu)
- x86/kvm: Disable all PV features on crash (Vitaly Kuznetsov)
- x86/kvm: Disable kvmclock on all CPUs on shutdown (Vitaly Kuznetsov)
- x86/kvm: Teardown PV features on boot CPU as well (Vitaly Kuznetsov)
- nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov)
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774600] {CVE-2024-39276}
- sparc: move struct termio to asm/termios.h (Mike Gilbert)
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson)
- kdb: Merge identical case statements in kdb_read() (Daniel Thompson)
- kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson)
- kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) [Orabug: 36809289] {CVE-2024-39480}
- sparc64: Fix number of online CPUs (Sam Ravnborg)
- intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin)
- net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774613] {CVE-2024-39301}
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier)
- netfilter: nft_dynset: relax superfluous check on set updates (Pablo Neira Ayuso)
- netfilter: nft_dynset: report EOPNOTSUPP on missing set feature (Pablo Neira Ayuso)
- netfilter: nf_tables: don't skip expired elements during walk (Pablo Neira Ayuso)
- netfilter: nf_tables: drop map element references from preparation phase (Pablo Neira Ayuso)
- netfilter: nf_tables: pass ctx to nf_tables_expr_destroy() (Pablo Neira Ayuso)
- netfilter: nftables: rename set element data activation/deactivation functions (Pablo Neira Ayuso)
- netfilter: nf_tables: pass context to nft_set_destroy() (Pablo Neira Ayuso)
- netfilter: nf_tables: fix set double-free in abort path (Pablo Neira Ayuso)
- netfilter: nf_tables: add nft_set_is_anonymous() helper (Pablo Neira Ayuso)
- fbdev: savage: Handle err return when savagefb_check_var failed (Cai Xinchen) [Orabug: 36809265] {CVE-2024-39475}
- media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil)
- media: mxl5xx: Move xpt structures off stack (Nathan Chancellor)
- arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen)
- arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski)
- ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov)
- neighbour: fix unaligned access to pneigh_entry (Qingfang DENG)
- nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753565] {CVE-2024-38583}
- fs/nilfs2: convert timers to use timer_setup() (Kees Cook)
- mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz)
- binder: fix max_thread type inconsistency (Carlos Llamas)
- ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753730] {CVE-2024-38618}
- ALSA: timer: Simplify timer hw resolution calls (Takashi Iwai)
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763552] {CVE-2024-33621}
- ipvlan: add ipvlan_route_v6_outbound() helper (Eric Dumazet) [Orabug: 36940543] {CVE-2023-52796}
- ipvlan: properly track tx_errors (Eric Dumazet)
- net: add DEV_STATS_READ() helper (Eric Dumazet)
- kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada)
- net:fec: Add fec_enet_deinit() (Xiaolei Wang)
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran)
- smsc95xx: use usbnet->driver_priv (Andre Edich)
- smsc95xx: remove redundant function arguments (Andre Edich)
- enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763837] {CVE-2024-38659}
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763846] {CVE-2024-38780}
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran)
- nvmet: fix ns enable/disable possible hang (Sagi Grimberg)
- spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko)
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug: 36763571] {CVE-2024-36286}
- net: fec: avoid lock evasion when reading pps_enable (Wei Fang)
- net: fec: remove redundant variable 'inc' (Colin Ian King)
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763588] {CVE-2024-37353}
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825259] {CVE-2024-39488}
- openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole)
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763592] {CVE-2024-37356}
- params: lift param_set_uint_minmax to common code (Sagi Grimberg)
- ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825263] {CVE-2024-39489}
- x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada)
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun)
- media: cec: cec-api: add locking in cec_release() (Hans Verkuil)
- um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie)
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde)
- media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763603] {CVE-2024-38621}
- um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768584] {CVE-2024-39292}
- um: Fix return value in ubd_init() (Duoming Zhou)
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu)
- Input: ims-pcu - fix printf string overflow (Arnd Bergmann)
- libsubcmd: Fix parse-options memory leak (Ian Rogers)
- f2fs: add error prints for debugging mount failure (Sahitya Tummala)
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap)
- ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678065] {CVE-2024-36015}
- stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763764] {CVE-2024-38627}
- usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff)
- greybus: arche-ctrl: move device table to its right location (Arnd Bergmann)
- serial: max3100: Fix bitwise types (Andy Shevchenko)
- serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763815] {CVE-2024-38633}
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug: 36763820] {CVE-2024-38634}
- firmware: dmi-id: add a release callback function (Arnd Bergmann)
- dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni)
- greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763833] {CVE-2024-38637}
- sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov)
- sched/topology: Don't set SD_BALANCE_WAKE on cpuset domain relax (Valentin Schneider)
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet)
- netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753582] {CVE-2024-38589}
- RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky)
- RDMA/ipoib: Fix use of sizeof() (Kamal Heib)
- selftests/kcmp: remove unused open mode (Edward Liaw)
- selftests/kcmp: Make the test output consistent and clear (Gautam Menghani)
- ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara)
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter)
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt)
- fbdev: sh7760fb: allow modular build (Randy Dunlap)
- media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda)
- media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov)
- powerpc/fsl-soc: hide unused const variable (Arnd Bergmann)
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753415] {CVE-2024-38549}
- fbdev: shmobile: fix snprintf truncation (Arnd Bergmann)
- mtd: rawnand: hynix: fixed typo (Maxim Korotkov)
- ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753711] {CVE-2024-38612}
- ipv6: sr: fix incorrect unregister order (Hangbin Liu)
- ipv6: sr: add missing seg6_local_exit (Hangbin Liu)
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753463] {CVE-2024-38558}
- net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet)
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753600] {CVE-2024-38596}
- m68k: mac: Fix reboot hang on Mac IIci (Finn Thain)
- m68k/mac: Use '030 reset method on SE/30 (Finn Thain)
- m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753715] {CVE-2024-38613}
- net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet)
- wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter)
- scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753468] {CVE-2024-38559}
- scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753473] {CVE-2024-38560}
- Revert "sh: Handle calling csum_partial with misaligned data" (Guenter Roeck)
- sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven)
- wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753486] {CVE-2024-38565}
- wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753509] {CVE-2024-38567}
- macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" (Finn Thain)
- macintosh/via-macii, macintosh/adb-iop: Clean up whitespace (Finn Thain)
- m68k/mac: Add mutual exclusion for IOP interrupt polling (Finn Thain)
- macintosh/via-macii: Remove BUG_ON assertions (Finn Thain)
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui)
- scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov)
- scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang)
- ACPI: disable -Wstringop-truncation (Arnd Bergmann)
- irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu)
- scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney)
- scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney)
- scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney)
- wifi: ath10k: poll service ready message before failing (Baochen Qiang)
- nfsd: drop st_mutex before calling move_to_close_lru() (NeilBrown)
- null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun)
- jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753652] {CVE-2024-38599}
- crypto: ccp - drop platform ifdef checks (Arnd Bergmann)
- parisc: add missing export of __cmpxchg_u8() (Al Viro)
- nilfs2: fix out-of-range warning (Arnd Bergmann)
- ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753537] {CVE-2024-38578}
- firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart)
- crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753542] {CVE-2024-38579}
- ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart)
- ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang)
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang)
- net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas)
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev)
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678069] {CVE-2024-36016}
- nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753558] {CVE-2024-38582}
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi)
- ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753662] {CVE-2024-38601}
More information about the El-errata
mailing list