A kernel security update has been released for Oracle Linux 7.

El-errata: ELSA-2023-12109 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2023-12109

  http://linux.oracle.com/errata/ELSA-2023-12109.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-doc-4.1.12-124.71.3.el7uek.noarch.rpm
kernel-uek-firmware-4.1.12-124.71.3.el7uek.noarch.rpm
kernel-uek-4.1.12-124.71.3.el7uek.x86_64.rpm
kernel-uek-devel-4.1.12-124.71.3.el7uek.x86_64.rpm
kernel-uek-debug-4.1.12-124.71.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.1.12-124.71.3.el7uek.x86_64.rpm

SRPMS:
  http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.1.12-124.71.3.el7uek.src.rpm

Related CVEs:

CVE-2022-3524
CVE-2022-3564
CVE-2022-3628
CVE-2022-42895
CVE-2022-42896
CVE-2022-4662



Description of changes:

[4.1.12-124.71.3.el7uek]
- USB: core: Prevent nested device-reset calls (Alan Stern) [Orabug: 34951641] {CVE-2022-4662}
- Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (Luiz Augusto von Dentz) [Orabug: 34833307] {CVE-2022-42896} {CVE-2022-42896}
- Bluetooth: L2CAP: Introduce proper defines for PSM ranges (Johan Hedberg) [Orabug: 34833307]
- ext4: fix data corruption caused by overlapping unaligned and aligned IO (Lukas Czerner) [Orabug: 34190035]

[4.1.12-124.71.2.el7uek]
- scsi: qla2xxx: Fix use after free in eh_abort path (Quinn Tran) [Orabug: 34970763]
- check-kabi provides exception on broken symbols (Alok Tiwari) [Orabug: 34742865]
- KABI validation broken on UEK4 for symbols change (Alok Tiwari) [Orabug: 34742865]
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu (Maxim Mikityanskiy) [Orabug: 34719829] {CVE-2022-3564}
- Bluetooth: remove unneeded variable in l2cap_stream_rx (Prasanna Karthik) [Orabug: 34719829] {CVE-2022-3564}

[4.1.12-124.71.1.el7uek]
- Bluetooth: L2CAP: Fix attempting to access uninitialized memory (Luiz Augusto von Dentz) [Orabug: 34951662] {CVE-2022-42895} {CVE-2022-42895}
- wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() (Dokyung Song) [Orabug: 34951546] {CVE-2022-3628}
- tcp/udp: Fix memory leak in ipv6_renew_options(). (Kuniyuki Iwashima) [Orabug: 34719347] {CVE-2022-3524}

_______________________________________________