[Oraclevm-errata] OVMSA-2023-0023 Important: Oracle VM 3 Extended Lifecycle Support (ELS) Unbreakable Enterprise kernel security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Fri Nov 3 14:06:22 UTC 2023


Oracle VM Security Advisory OVMSA-2023-0023

The following updated rpms for Oracle VM 3 Extended Lifecycle Support (ELS) have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-124.79.2.el6uek.x86_64.rpm
kernel-uek-firmware-4.1.12-124.79.2.el6uek.noarch.rpm



Related CVEs:

CVE-2022-34918
CVE-2023-2513
CVE-2023-4387
CVE-2023-22024
CVE-2023-3772
CVE-2023-35001
CVE-2023-4206
CVE-2023-3611
CVE-2023-4459
CVE-2023-3776




Description of changes:

[4.1.12-124.79.2.el6uek]
- net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis)  [Orabug: 35814273]  {CVE-2023-4206}
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Pedro Tammela)  [Orabug: 35636291]  {CVE-2023-3611}
- rds: Fix lack of reentrancy for connection reset with dst addr zero (Håkon Bugge)  [Orabug: 35741584] [Orabug: 35818110]  {CVE-2023-22024}

[4.1.12-124.79.1.el6uek]
- xfrm: add NULL check in xfrm_update_ae_params (Lin Ma)  [Orabug: 35754509]  {CVE-2023-3772}
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu)  [Orabug: 35732892]  {CVE-2023-4459}
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu)  [Orabug: 35732764]  {CVE-2023-4387}
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free (M A Ramdhan)  [Orabug: 35636313]  {CVE-2023-3776}
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Thadeu Lima de Souza Cascardo)  [Orabug: 35609787]  {CVE-2023-35001}
- ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li)  [Orabug: 35382025]  {CVE-2023-2513}
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li)  [Orabug: 35382025]  {CVE-2023-2513}
- netfilter: nf_tables: stricter validation of element data (Pablo Neira Ayuso)  [Orabug: 34362008]  {CVE-2022-34918}




More information about the Oraclevm-errata mailing list