Oracle Linux 6266 Published by

The following security updates have been released for Oracle Linux:

ELSA-2024-5101 Important: Oracle Linux 8 kernel security update
ELSA-2024-12581 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2024-12580 Moderate: Oracle Linux 8 linux-firmware security update
ELSA-2024-12585 Important: Oracle Linux 7 Unbreakable Enterprise kernel-container security update
ELSA-2024-12581 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2024-12584 Important: Oracle Linux 8 Unbreakable Enterprise kernel-container security update
ELSA-2024-12581 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
ELSA-2024-5138 Important: Oracle Linux 9 httpd security update
ELBA-2024-4770 Oracle Linux 9 ktls-utils bug fix update
ELSA-2024-5192 Moderate: Oracle Linux 9 389-ds-base security update
ELBA-2024-12576 Oracle Linux 9 redhat-rpm-config bug fix update
ELSA-2024-12578 Moderate: Oracle Linux 9 linux-firmware security update
ELBA-2024-12575 Oracle Linux 9 mdadm bug fix update
ELBA-2024-12471 Oracle Linux 8 oVirt 4.5 aopalliance bug fix update
ELSA-2024-12583 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
ELSA-2024-12583 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
ELBA-2024-12577 Oracle Linux 7 scap-security-guide bug fix update (aarch64)
ELSA-2024-12579 Moderate: Oracle Linux 7 linux-firmware security update (aarch64)
ELBA-2024-12577 Oracle Linux 7 scap-security-guide bug fix update
ELSA-2024-12579 Moderate: Oracle Linux 7 linux-firmware security update




ELSA-2024-5101 Important: Oracle Linux 8 kernel security update


Oracle Linux Security Advisory ELSA-2024-5101

http://linux.oracle.com/errata/ELSA-2024-5101.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.16.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.16.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.16.1.el8_10.x86_64.rpm
perf-4.18.0-553.16.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.16.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.16.1.el8_10.x86_64.rpm

aarch64:
bpftool-4.18.0-553.16.1.el8_10.aarch64.rpm
kernel-cross-headers-4.18.0-553.16.1.el8_10.aarch64.rpm
kernel-headers-4.18.0-553.16.1.el8_10.aarch64.rpm
kernel-tools-4.18.0-553.16.1.el8_10.aarch64.rpm
kernel-tools-libs-4.18.0-553.16.1.el8_10.aarch64.rpm
kernel-tools-libs-devel-4.18.0-553.16.1.el8_10.aarch64.rpm
perf-4.18.0-553.16.1.el8_10.aarch64.rpm
python3-perf-4.18.0-553.16.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-4.18.0-553.16.1.el8_10.src.rpm

Related CVEs:

CVE-2021-46939
CVE-2021-47018
CVE-2021-47257
CVE-2021-47284
CVE-2021-47304
CVE-2021-47373
CVE-2021-47408
CVE-2021-47461
CVE-2021-47468
CVE-2021-47491
CVE-2021-47548
CVE-2021-47579
CVE-2021-47624
CVE-2022-48632
CVE-2022-48743
CVE-2022-48747
CVE-2022-48757
CVE-2023-28746
CVE-2023-52451
CVE-2023-52463
CVE-2023-52469
CVE-2023-52471
CVE-2023-52486
CVE-2023-52530
CVE-2023-52619
CVE-2023-52622
CVE-2023-52623
CVE-2023-52648
CVE-2023-52653
CVE-2023-52658
CVE-2023-52662
CVE-2023-52679
CVE-2023-52707
CVE-2023-52730
CVE-2023-52756
CVE-2023-52762
CVE-2023-52764
CVE-2023-52775
CVE-2023-52777
CVE-2023-52784
CVE-2023-52791
CVE-2023-52796
CVE-2023-52803
CVE-2023-52811
CVE-2023-52832
CVE-2023-52834
CVE-2023-52845
CVE-2023-52847
CVE-2023-52864
CVE-2024-2201
CVE-2024-21823
CVE-2024-25739
CVE-2024-26586
CVE-2024-26614
CVE-2024-26640
CVE-2024-26660
CVE-2024-26669
CVE-2024-26686
CVE-2024-26698
CVE-2024-26704
CVE-2024-26733
CVE-2024-26740
CVE-2024-26772
CVE-2024-26773
CVE-2024-26802
CVE-2024-26810
CVE-2024-26837
CVE-2024-26840
CVE-2024-26843
CVE-2024-26852
CVE-2024-26853
CVE-2024-26870
CVE-2024-26878
CVE-2024-26908
CVE-2024-26921
CVE-2024-26925
CVE-2024-26940
CVE-2024-26958
CVE-2024-26960
CVE-2024-26961
CVE-2024-27010
CVE-2024-27011
CVE-2024-27019
CVE-2024-27020
CVE-2024-27025
CVE-2024-27065
CVE-2024-27388
CVE-2024-27395
CVE-2024-27434
CVE-2024-31076
CVE-2024-33621
CVE-2024-35790
CVE-2024-35801
CVE-2024-35807
CVE-2024-35810
CVE-2024-35814
CVE-2024-35823
CVE-2024-35824
CVE-2024-35847
CVE-2024-35876
CVE-2024-35893
CVE-2024-35896
CVE-2024-35897
CVE-2024-35899
CVE-2024-35900
CVE-2024-35910
CVE-2024-35912
CVE-2024-35924
CVE-2024-35925
CVE-2024-35930
CVE-2024-35937
CVE-2024-35938
CVE-2024-35946
CVE-2024-35947
CVE-2024-35952
CVE-2024-36000
CVE-2024-36005
CVE-2024-36006
CVE-2024-36010
CVE-2024-36016
CVE-2024-36017
CVE-2024-36020
CVE-2024-36025
CVE-2024-36270
CVE-2024-36286
CVE-2024-36489
CVE-2024-36886
CVE-2024-36889
CVE-2024-36896
CVE-2024-36904
CVE-2024-36905
CVE-2024-36917
CVE-2024-36921
CVE-2024-36927
CVE-2024-36929
CVE-2024-36933
CVE-2024-36940
CVE-2024-36941
CVE-2024-36945
CVE-2024-36950
CVE-2024-36954
CVE-2024-36960
CVE-2024-36971
CVE-2024-36978
CVE-2024-36979
CVE-2024-38538
CVE-2024-38555
CVE-2024-38573
CVE-2024-38575
CVE-2024-38596
CVE-2024-38598
CVE-2024-38615
CVE-2024-38627
CVE-2024-39276
CVE-2024-39472
CVE-2024-39476
CVE-2024-39487
CVE-2024-39502
CVE-2024-40927
CVE-2024-40974

Description of changes:

[4.18.0-553.16.1.el8_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 stats_lock to gather the threads/children stats (Brian Foster) [RHEL-31562] {CVE-2024-26686}
- fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() (Brian Foster) [RHEL-31562] {CVE-2024-26686}
- fs/proc: do_task_stat: use __for_each_thread() (Brian Foster) [RHEL-31562] {CVE-2024-26686}
- exit: Use the correct exit_code in /proc//stat (Brian Foster) [RHEL-31562] {CVE-2024-26686}
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (Ewan D. Milne) [RHEL-38283] {CVE-2023-52811}
- scsi: qla2xxx: Fix double free of fcport (Ewan D. Milne) [RHEL-39549] {CVE-2024-26929}
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (Ewan D. Milne) [RHEL-39549] {CVE-2024-26930}
- scsi: qla2xxx: Fix command flush on cable pull (Ewan D. Milne) [RHEL-39549] {CVE-2024-26931}

[4.18.0-553.13.1.el8_10]
- redhat: remove handling of deleted rhdocs/ directory from genspec.sh (Denys Vlasenko)
- x86/bugs: Fix BHI retpoline check (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Clarify that syscall hardening isn't a BHI mitigation (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Mitigate KVM by default (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (Waiman Long) [RHEL-28202]
- perf/x86/amd/lbr: Use freeze based on availability (Waiman Long) [RHEL-28202]
- Documentation/kernel-parameters: Add spec_rstack_overflow to mitigations=off (Waiman Long) [RHEL-28202]
- KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Waiman Long) [RHEL-28202]
- x86/bugs: Reset speculation control settings on init (Waiman Long) [RHEL-28202]
- KVM: x86: Update KVM-only leaf handling to allow for 100% KVM-only leafs (Waiman Long) [RHEL-28202]
- KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (Waiman Long) [RHEL-28202]
- mptcp: ensure snd_nxt is properly initialized on connect (Davide Caratti) [RHEL-39865] {CVE-2024-36889}
- powerpc/pseries: Enforce hcall result buffer validity and size (Mamatha Inamdar) [RHEL-48291] {CVE-2024-40974}
- wifi: mac80211: fix potential key use-after-free (Jose Ignacio Tornos Martinez) [RHEL-28007] {CVE-2023-52530}
- cppc_cpufreq: Fix possible null pointer dereference (Mark Langsdorf) [RHEL-44137] {CVE-2024-38573}
- net/sched: act_mirred: use the backlog for mirred ingress (Davide Caratti) [RHEL-31718] {CVE-2024-26740}
- vfio/pci: Lock external INTx masking ops (Alex Williamson) [RHEL-31922] {CVE-2024-26810}
- net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Davide Caratti) [RHEL-43464] {CVE-2024-36978}
- tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized (Guillaume Nault) [RHEL-37850] {CVE-2021-47304}
- pstore/ram: Fix crash when setting number of cpus to an odd number (Lenny Szubowicz) [RHEL-29471] {CVE-2023-52619}
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (Jocelyn Falempe) [RHEL-37101] {CVE-2023-52662}
- drm/vmwgfx: Fix the lifetime of the bo cursor memory (Jocelyn Falempe) [RHEL-36962] {CVE-2024-35810}
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (Jocelyn Falempe) [RHEL-34987] {CVE-2024-26940}
- drm/vmwgfx: Unmap the surface before resetting it on a plane state (Jocelyn Falempe) [RHEL-35217] {CVE-2023-52648}
- drm/vmwgfx: Fix invalid reads in fence signaled events (Jocelyn Falempe) [RHEL-40010] {CVE-2024-36960}
- block: Fix wrong offset in bio_truncate() (Ming Lei) [RHEL-43782] {CVE-2022-48747}
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CKI Backport Bot) [RHEL-46913] {CVE-2024-39487}
- net: fix __dst_negative_advice() race (Xin Long) [RHEL-41183] {CVE-2024-36971}
- igc: avoid returning frame twice in XDP_REDIRECT (Corinna Vinschen) [RHEL-33264] {CVE-2024-26853}
- mac802154: fix llsec key resources release in mac802154_llsec_key_del (Steve Best) [RHEL-34967] {CVE-2024-26961}
- cpufreq: exit() callback is optional (Mark Langsdorf) [RHEL-43840] {CVE-2024-38615}
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (Paulo Alcantara) [RHEL-34672]
- cifs: lock chan_lock outside match_session (Paulo Alcantara) [RHEL-34672]
- smb3: workaround negprot bug in some Samba servers (Paulo Alcantara) [RHEL-34672]
- smb3: use netname when available on secondary channels (Paulo Alcantara) [RHEL-34672]
- smb3: fix empty netname context on secondary channels (Paulo Alcantara) [RHEL-34672]
- cifs: populate empty hostnames for extra channels (Paulo Alcantara) [RHEL-34672]
- cifs: always iterate smb sessions using primary channel (Paulo Alcantara) [RHEL-34672]
- cifs: Fix connections leak when tlink setup failed (Paulo Alcantara) [RHEL-34672]
- cifs: Fix memory leak when build ntlmssp negotiate blob failed (Paulo Alcantara) [RHEL-34672]
- cifs: always initialize struct msghdr smb_msg completely (Paulo Alcantara) [RHEL-34672]
- cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Paulo Alcantara) [RHEL-34672]
- cifs: revalidate mapping when doing direct writes (Paulo Alcantara) [RHEL-34672]
- cifs: skip extra NULL byte in filenames (Paulo Alcantara) [RHEL-34672]
- cifs: list_for_each() -> list_for_each_entry() (Paulo Alcantara) [RHEL-34672]
- smb2: small refactor in smb2_check_message() (Paulo Alcantara) [RHEL-34672]
- cifs: Fix crash on unload of cifs_arc4.ko (Paulo Alcantara) [RHEL-34672]
- cifs: remove check of list iterator against head past the loop body (Paulo Alcantara) [RHEL-34672]
- cifs: fix reconnect on smb3 mount types (Paulo Alcantara) [RHEL-34672]
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (Paulo Alcantara) [RHEL-34672]
- cifs: skip trailing separators of prefix paths (Paulo Alcantara) [RHEL-34672]
- cifs: fix ntlmssp on old servers (Paulo Alcantara) [RHEL-34672]
- cifs: fix NULL ptr dereference in refresh_mounts() (Paulo Alcantara) [RHEL-34672]
- cifs: do not skip link targets when an I/O fails (Paulo Alcantara) [RHEL-34672]
- cifs: fix confusing unneeded warning message on smb2.1 and earlier (Paulo Alcantara) [RHEL-34672]
- smb3: fix snapshot mount option (Paulo Alcantara) [RHEL-34672]
- cifs: fix workstation_name for multiuser mounts (Paulo Alcantara) [RHEL-34672]
- cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (Paulo Alcantara) [RHEL-34672]
- cifs: free ntlmsspblob allocated in negotiate (Paulo Alcantara) [RHEL-34672]
- cifs: avoid use of dstaddr as key for fscache client cookie (Paulo Alcantara) [RHEL-34672]
- cifs: add server conn_id to fscache client cookie (Paulo Alcantara) [RHEL-34672]
- cifs: fix missed refcounting of ipc tcon (Paulo Alcantara) [RHEL-34672]
- smb2: clarify rc initialization in smb2_reconnect (Paulo Alcantara) [RHEL-34672]
- cifs: populate server_hostname for extra channels (Paulo Alcantara) [RHEL-34672]
- cifs: nosharesock should be set on new server (Paulo Alcantara) [RHEL-34672]
- cifs: introduce cifs_ses_mark_for_reconnect() helper (Paulo Alcantara) [RHEL-34672]
- cifs: protect srv_count with cifs_tcp_ses_lock (Paulo Alcantara) [RHEL-34672]
- cifs: move debug print out of spinlock (Paulo Alcantara) [RHEL-34672]
- cifs: do not duplicate fscache cookie for secondary channels (Paulo Alcantara) [RHEL-34672]
- cifs: connect individual channel servers to primary channel server (Paulo Alcantara) [RHEL-34672]
- cifs: protect session channel fields with chan_lock (Paulo Alcantara) [RHEL-34672]
- cifs: do not negotiate session if session already exists (Paulo Alcantara) [RHEL-34672]
- smb3: do not setup the fscache_super_cookie until fsinfo initialized (Paulo Alcantara) [RHEL-34672]
- cifs: fix potential use-after-free bugs (Paulo Alcantara) [RHEL-34672]
- cifs: release lock earlier in dequeue_mid error case (Paulo Alcantara) [RHEL-34672]
- smb3: remove trivial dfs compile warning (Paulo Alcantara) [RHEL-34672]
- cifs: support nested dfs links over reconnect (Paulo Alcantara) [RHEL-34672]
- cifs: for compound requests, use open handle if possible (Paulo Alcantara) [RHEL-34672]
- cifs: split out dfs code from cifs_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: convert list_for_each to entry variant (Paulo Alcantara) [RHEL-34672]
- cifs: introduce new helper for cifs_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: fix print of hdr_flags in dfscache_proc_show() (Paulo Alcantara) [RHEL-34672]
- cifs: send workstation name during ntlmssp session setup (Paulo Alcantara) [RHEL-34672]
- cifs: nosharesock should not share socket with future sessions (Paulo Alcantara) [RHEL-34672]
- smb3: add dynamic trace points for socket connection (Paulo Alcantara) [RHEL-34672]
- cifs: Move SMB2_Create definitions to the shared area (Paulo Alcantara) [RHEL-34672]
- cifs: Move more definitions into the shared area (Paulo Alcantara) [RHEL-34672]
- cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (Paulo Alcantara) [RHEL-34672]
- cifs: Create a new shared file holding smb2 pdu definitions (Paulo Alcantara) [RHEL-34672]
- cifs: fix incorrect check for null pointer in header_assemble (Paulo Alcantara) [RHEL-34672]
- smb3: correct server pointer dereferencing check to be more consistent (Paulo Alcantara) [RHEL-34672]
- cifs: Deal with some warnings from W=1 (Paulo Alcantara) [RHEL-34672]
- cifs: fix a sign extension bug (Paulo Alcantara) [RHEL-34672]
- cifs: fix incorrect kernel doc comments (Paulo Alcantara) [RHEL-34672]
- cifs: remove pathname for file from SPDX header (Paulo Alcantara) [RHEL-34672]
- cifs: move SMB FSCTL definitions to common code (Paulo Alcantara) [RHEL-34672]
- cifs: rename cifs_common to smbfs_common (Paulo Alcantara) [RHEL-34672]
- cifs: update FSCTL definitions (Paulo Alcantara) [RHEL-34672]
- cifs: cifs_md4 convert to SPDX identifier (Paulo Alcantara) [RHEL-34672]
- cifs: create a MD4 module and switch cifs.ko to use it (Paulo Alcantara) [RHEL-34672]
- cifs: fork arc4 and create a separate module for it for cifs and other users (Paulo Alcantara) [RHEL-34672]
- smb3: fix posix extensions mount option (Paulo Alcantara) [RHEL-34672]
- cifs: fix wrong release in sess_alloc_buffer() failed path (Paulo Alcantara) [RHEL-34672]
- CIFS: Fix a potencially linear read overflow (Paulo Alcantara) [RHEL-34672]
- cifs: use the correct max-length for dentry_path_raw() (Paulo Alcantara) [RHEL-34672]
- cifs: create sd context must be a multiple of 8 (Paulo Alcantara) [RHEL-34672]
- cifs: do not share tcp sessions of dfs connections (Paulo Alcantara) [RHEL-34672]
- cifs: added WARN_ON for all the count decrements (Paulo Alcantara) [RHEL-34672]
- cifs: fix missing null session check in mount (Paulo Alcantara) [RHEL-34672]
- cifs: handle reconnect of tcon when there is no cached dfs referral (Paulo Alcantara) [RHEL-34672]
- cifs: fix the out of range assignment to bit fields in parse_server_interfaces (Paulo Alcantara) [RHEL-34672]
- smb3: fix typo in header file (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: Add support for negotiating signing algorithm (Paulo Alcantara) [RHEL-34672]
- cifs: prevent NULL deref in cifs_compose_mount_options() (Paulo Alcantara) [RHEL-34672]
- cifs: fix NULL dereference in smb2_check_message() (Paulo Alcantara) [RHEL-34672]
- smbdirect: missing rc checks while waiting for rdma events (Paulo Alcantara) [RHEL-34672]
- cifs: Avoid field over-reading memcpy() (Paulo Alcantara) [RHEL-34672]
- smb311: remove dead code for non compounded posix query info (Paulo Alcantara) [RHEL-34672]
- cifs: fix SMB1 error path in cifs_get_file_info_unix (Paulo Alcantara) [RHEL-34672]
- smb3: fix uninitialized value for port in witness protocol move (Paulo Alcantara) [RHEL-34672]
- cifs: fix unneeded null check (Paulo Alcantara) [RHEL-34672]
- cifs: use SPDX-Licence-Identifier (Paulo Alcantara) [RHEL-34672]
- cifs: convert list_for_each to entry variant in cifs_debug.c (Paulo Alcantara) [RHEL-34672]
- cifs: convert list_for_each to entry variant in smb2misc.c (Paulo Alcantara) [RHEL-34672]
- cifs: missed ref-counting smb session in find (Paulo Alcantara) [RHEL-34672]
- cifs: do not share tcp servers with dfs mounts (Paulo Alcantara) [RHEL-34672]
- cifs: set a minimum of 2 minutes for refreshing dfs cache (Paulo Alcantara) [RHEL-34672]
- cifs: Remove unused inline function is_sysvol_or_netlogon() (Paulo Alcantara) [RHEL-34672]
- cifs: remove duplicated prototype (Paulo Alcantara) [RHEL-34672]
- cifs: fix ipv6 formating in cifs_ses_add_channel (Paulo Alcantara) [RHEL-34672]
- cifs: fix string declarations and assignments in tracepoints (Paulo Alcantara) [RHEL-34672]
- cifs: fix memory leak in smb2_copychunk_range (Paulo Alcantara) [RHEL-34672]
- SMB3: incorrect file id in requests compounded with open (Paulo Alcantara) [RHEL-34672]
- smb3: if max_channels set to more than one channel request multichannel (Paulo Alcantara) [RHEL-34672]
- smb3: do not attempt multichannel to server which does not support it (Paulo Alcantara) [RHEL-34672]
- smb3: when mounting with multichannel include it in requested capabilities (Paulo Alcantara) [RHEL-34672]
- cifs: simplify SWN code with dummy funcs instead of ifdefs (Paulo Alcantara) [RHEL-34672]
- cifs: log mount errors using cifs_errorf() (Paulo Alcantara) [RHEL-34672]
- cifs: switch build_path_from_dentry() to using dentry_path_raw() (Paulo Alcantara) [RHEL-34672]
- cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (Paulo Alcantara) [RHEL-34672]
- cifs: allocate buffer in the caller of build_path_from_dentry() (Paulo Alcantara) [RHEL-34672]
- cifs: make build_path_from_dentry() return const char * (Paulo Alcantara) [RHEL-34672]
- cifs: remove old dead code (Paulo Alcantara) [RHEL-34672]
- fs: cifs: Remove repeated struct declaration (Paulo Alcantara) [RHEL-34672]
- cifs: have cifs_fattr_to_inode() refuse to change type on live inode (Paulo Alcantara) [RHEL-34672]
- cifs: have ->mkdir() handle race with another client sanely (Paulo Alcantara) [RHEL-34672]
- do_cifs_create(): don't set ->i_mode of something we had not created (Paulo Alcantara) [RHEL-34672]
- cifs: Silently ignore unknown oplock break handle (Paulo Alcantara) [RHEL-34672]
- cifs: change noisy error message to FYI (Paulo Alcantara) [RHEL-34672]
- cifs: print MIDs in decimal notation (Paulo Alcantara) [RHEL-34672]
- cifs: minor simplification to smb2_is_network_name_deleted (Paulo Alcantara) [RHEL-34672]
- TCON Reconnect during STATUS_NETWORK_NAME_DELETED (Paulo Alcantara) [RHEL-34672]
- cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (Paulo Alcantara) [RHEL-34672]
- cifs: change confusing field serverName (to ip_addr) (Paulo Alcantara) [RHEL-34672]
- cifs: Reformat DebugData and index connections by conn_id. (Paulo Alcantara) [RHEL-34672]
- cifs: Identify a connection by a conn_id. (Paulo Alcantara) [RHEL-34672]
- smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (Paulo Alcantara) [RHEL-34672]
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (Paulo Alcantara) [RHEL-34672]
- fs/cifs: Simplify bool comparison. (Paulo Alcantara) [RHEL-34672]
- fs/cifs: Assign boolean values to a bool variable (Paulo Alcantara) [RHEL-34672]
- cifs: Avoid error pointer dereference (Paulo Alcantara) [RHEL-34672]
- cifs: Re-indent cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: Unlock on errors in cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: Delete a stray unlock in cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: Tracepoints and logs for tracing credit changes. (Paulo Alcantara) [RHEL-34672]
- cifs: Fix some error pointers handling detected by static checker (Paulo Alcantara) [RHEL-34672]
- smb3: remind users that witness protocol is experimental (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: do not log warning message if server doesn't populate salt (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: update comments clarifying SPNEGO info in negprot response (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot rsp (Paulo Alcantara) [RHEL-34672]
- SMB3: avoid confusing warning message on mount to Azure (Paulo Alcantara) [RHEL-34672]
- md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (Nigel Croxon) [RHEL-46662] {CVE-2024-39476}
- net: fix information leakage in /proc/net/ptype (Hangbin Liu) [RHEL-44000] {CVE-2022-48757}
- usb: typec: ucsi: Limit read size on v1.2 (Desnes Nunes) [RHEL-37286] {CVE-2024-35924}
- minmax: relax check to allow comparison between unsigned arguments and signed constants (Desnes Nunes) [RHEL-37286]
- minmax: allow comparisons of 'int' against 'unsigned char/short' (Desnes Nunes) [RHEL-37286]
- minmax: allow min()/max()/clamp() if the arguments have the same signedness. (Desnes Nunes) [RHEL-37286]
- minmax: add umin(a, b) and umax(a, b) (Desnes Nunes) [RHEL-37286]
- minmax: fix header inclusions (Desnes Nunes) [RHEL-37286]
- minmax: clamp more efficiently by avoiding extra comparison (Desnes Nunes) [RHEL-37286]
- minmax: sanity check constant bounds when clamping (Desnes Nunes) [RHEL-37286]
- tracing: Define the is_signed_type() macro once (Desnes Nunes) [RHEL-37286]
- linux/bits.h: fix compilation error with GENMASK (Desnes Nunes) [RHEL-37286]
- x86/apic: Mask IOAPIC entries when disabling the local APIC (Lenny Szubowicz) [RHEL-18077]
- userfaultfd: fix a race between writeprotect and exit_mmap() (Rafael Aquini) [RHEL-38410] {CVE-2021-47461}
- mm: khugepaged: skip huge page collapse for special files (Waiman Long) [RHEL-38446] {CVE-2021-47491}
- cachefiles: fix memory leak in cachefiles_add_cache() (Andrey Albershteyn) [RHEL-33109] {CVE-2024-26840}
- drm/amd/display: Implement bounds check for stream encoder creation in DCN301 (Michel Dänzer) [RHEL-31429] {CVE-2024-26660}
- net/mlx5: Discard command completions in internal error (Kamal Heib) [RHEL-44231] {CVE-2024-38555}
- drm: Don't unref the same fb many times by mistake due to deadlock handling (CKI Backport Bot) [RHEL-29011] {CVE-2023-52486}
- md: fix resync softlockup when bitmap size is less than array size (Nigel Croxon) [RHEL-43942] {CVE-2024-38598}
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (Davide Caratti) [RHEL-39712] {CVE-2024-36017}
- netfilter: nf_tables: discard table flag update with pending basechain deletion (Phil Sutter) [RHEL-37205] {CVE-2024-35897}
- netfilter: nf_tables: reject table flag and netdev basechain updates (Phil Sutter) [RHEL-37205]
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (Ewan D. Milne) [RHEL-40172] {CVE-2024-36924}
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (Ewan D. Milne) [RHEL-40172] {CVE-2024-36952}
- netfilter: nf_tables: fix memleak in map from abort path (Phil Sutter) [RHEL-35052] {CVE-2024-27011}
- netfilter: nf_tables: reject new basechain after table flag update (Phil Sutter) [RHEL-37193] {CVE-2024-35900}
- netfilter: nf_tables: flush pending destroy work before exit_net release (Phil Sutter) [RHEL-37197] {CVE-2024-35899}
- netfilter: complete validation of user input (Phil Sutter) [RHEL-37210]
- netfilter: validate user input for expected length (Phil Sutter) [RHEL-37210] {CVE-2024-35896}
- netfilter: tproxy: bail out if IP has been disabled on the device (Phil Sutter) [RHEL-44363] {CVE-2024-36270}
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Phil Sutter) [RHEL-44532] {CVE-2024-36286}
- netfilter: nf_tables: do not compare internal table flags on updates (Phil Sutter) [RHEL-35114] {CVE-2024-27065}
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (Phil Sutter) [RHEL-35028] {CVE-2024-27019}
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Phil Sutter) [RHEL-35024] {CVE-2024-27020}
- netfilter: nf_tables: __nft_expr_type_get() selects specific family type (Phil Sutter) [RHEL-35024]
- netfilter: conntrack: serialize hash resizes and cleanups (Phil Sutter) [RHEL-37703] {CVE-2021-47408}
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (Phil Sutter) [RHEL-34217] {CVE-2024-26925}
- netfilter: nf_tables: release batch on table validation from abort path (Phil Sutter) [RHEL-34217]
- ipvlan: add ipvlan_route_v6_outbound() helper (Davide Caratti) [RHEL-38319] {CVE-2023-52796}

[4.18.0-553.12.1.el8_10]
- net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44291] {CVE-2024-38538}
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Michel Dänzer) [RHEL-26893] {CVE-2023-52469}
- SUNRPC: Fix a suspicious RCU usage warning (Scott Mayhew) [RHEL-30503] {CVE-2023-52623}
- ice: Fix some null pointer dereference issues in ice_ptp.c (Petr Oros) [RHEL-26901] {CVE-2023-52471}
- xfs: fix internal error from AGFL exhaustion (Pavel Reichl) [RHEL-45581]
- sched/psi: Fix use-after-free in ep_remove_wait_queue() (Phil Auld) [RHEL-38117] {CVE-2023-52707}
- wait: add wake_up_pollfree() (Phil Auld) [RHEL-38117]
- net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Hangbin Liu) [RHEL-33269] {CVE-2024-26852}
- net: bridge: switchdev: Skip MDB replays of deferred events on offload (Ivan Vecera) [RHEL-33117] {CVE-2024-26837}
- ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Pavel Reichl) [RHEL-31700] {CVE-2024-26772}
- ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Pavel Reichl) [RHEL-31688] {CVE-2024-26773}
- ext4: fix double-free of blocks due to wrong extents moved_len (Pavel Reichl) [RHEL-31612] {CVE-2024-26704}
- vxlan: Pull inner IP header in vxlan_xmit_one(). (Guillaume Nault) [RHEL-31389]
- geneve: Fix incorrect inner network header offset when innerprotoinherit is set (Guillaume Nault) [RHEL-31389]
- vxlan: Pull inner IP header in vxlan_rcv(). (Guillaume Nault) [RHEL-31389]
- geneve: fix header validation in geneve[6]_xmit_skb (Guillaume Nault) [RHEL-31389]
- geneve: make sure to pull inner header in geneve_rx() (Guillaume Nault) [RHEL-31389]
- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Guillaume Nault) [RHEL-31389]
- net: geneve: check skb is large enough for IPv4/IPv6 header (Guillaume Nault) [RHEL-31389]
- net/smc: fix neighbour and rtable leak in smc_ib_find_route() (Tobias Huschle) [RHEL-39744] {CVE-2024-36945}
- igb: Fix string truncation warnings in igb_set_fw_version (Corinna Vinschen) [RHEL-38452] {CVE-2024-36010}
- bonding: stop the device in bond_setup_by_slave() (Hangbin Liu) [RHEL-38327] {CVE-2023-52784}
- i40e: fix vf may be used uninitialized in this function warning (Kamal Heib) [RHEL-39702] {CVE-2024-36020}
- powerpc/64: Fix the definition of the fixmap area (Mamatha Inamdar) [RHEL-27191] {CVE-2021-47018}
- powerpc/mm/hash64: Add a variable to track the end of IO mapping (Mamatha Inamdar) [RHEL-27191] {CVE-2021-47018}
- nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). (Xin Long) [RHEL-39770] {CVE-2024-36933}
- net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (Xin Long) [RHEL-39770]
- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-39779] {CVE-2024-36929}
- tcp: properly terminate timers for kernel sockets (Guillaume Nault) [RHEL-37171] {CVE-2024-35910}
- net: relax socket state check at accept time. (Florian Westphal) [RHEL-39831]
- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (Florian Westphal) [RHEL-39831] {CVE-2024-36905}
- tcp: remove redundant check on tskb (Florian Westphal) [RHEL-39831]
- drm/ast: Fix soft lockup (cki-backport-bot) [RHEL-37438] {CVE-2024-35952}
- null_blk: Fix return value of nullb_device_power_store() (Ming Lei) [RHEL-39341]
- null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (Ming Lei) [RHEL-39341]
- null_blk: fix return value from null_add_dev() (Ming Lei) [RHEL-39341]

[4.18.0-553.11.1.el8_10]
- x86/bugs: Reverse instruction order of CLEAR_CPU_BUFFERS (Waiman Long) [RHEL-42121]
- Revert "x86/bugs: Use fixed addressing for VERW operand" (Waiman Long) [RHEL-42121]
- KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests (Waiman Long) [RHEL-42121]
- x86/rfds: Mitigate Register File Data Sampling (RFDS) (Waiman Long) [RHEL-42121]
- Documentation/hw-vuln: Add documentation for RFDS (Waiman Long) [RHEL-42121]
- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (Waiman Long) [RHEL-42121]
- x86/bugs: Use fixed addressing for VERW operand (Waiman Long) [RHEL-42121]
- KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (Waiman Long) [RHEL-42121]
- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (Waiman Long) [RHEL-42121]
- x86/entry_32: Add VERW just before userspace transition (Waiman Long) [RHEL-42121]
- x86/entry_64: Add VERW just before userspace transition (Waiman Long) [RHEL-42121]
- x86/bugs: Add asm helpers for executing VERW (Waiman Long) [RHEL-42121]
- x86/cpu: Fix Gracemont uarch (Waiman Long) [RHEL-42121]
- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-42121]
- KVM: VMX: Access @flags as a 32-bit value in __vmx_vcpu_run() (Waiman Long) [RHEL-42121]
- x86/asm: Add _ASM_RIP() macro for x86-64 (%rip) suffix (Waiman Long) [RHEL-42121]
- x86/asm: Have the __ASM_FORM macros handle commas in arguments (Waiman Long) [RHEL-42121]
- x86/asm: Allow to pass macros to __ASM_FORM() (Waiman Long) [RHEL-42121]
- wifi: iwlwifi: mvm: guard against invalid STA ID on removal (Jose Ignacio Tornos Martinez) [RHEL-39801] {CVE-2024-36921}
- ipv6: Fix potential uninit-value access in __ip6_make_skb() (Antoine Tenart) [RHEL-39784]
- ipv4: Fix uninit-value access in __ip_make_skb() (Antoine Tenart) [RHEL-39784] {CVE-2024-36927}
- perf mmap: Lazily initialize zstd streams to save memory when not using it (Michael Petlan) [RHEL-34876]
- perf tools: Fix spelling mistake "commpressor" -> "compressor" (Michael Petlan) [RHEL-34876]
- perf record: Introduce data transferred and compressed stats (Michael Petlan) [RHEL-34876]
- perf record: Introduce compressor at mmap buffer object (Michael Petlan) [RHEL-34876]
- perf record: Introduce bytes written stats (Michael Petlan) [RHEL-34876]
- perf record: Introduce data file at mmap buffer object (Michael Petlan) [RHEL-34876]
- perf record: Start threads in the beginning of trace streaming (Alexey Bayduraev) [RHEL-34876]
- perf record: Stop threads in the end of trace streaming (Michael Petlan) [RHEL-34876]
- perf record: Introduce thread local variable (Michael Petlan) [RHEL-34876]
- perf record: Introduce function to propagate control commands (Michael Petlan) [RHEL-34876]
- perf record: Introduce thread specific data array (Michael Petlan) [RHEL-34876]
- tools lib: Introduce fdarray duplicate function (Michael Petlan) [RHEL-34876]
- perf record: Introduce thread affinity and mmap masks (Michael Petlan) [RHEL-34876]
- gfs2: Be more careful with the quota sync generation (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Get rid of some unnecessary quota locking (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Add some missing quota locking (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Fold qd_fish into gfs2_quota_sync (Andreas Gruenbacher) [RHEL-40901]
- gfs2: quota need_sync cleanup (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Fix and clean up function do_qc (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Revert "Add quota_change type" (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Revert "ignore negated quota changes" (Andreas Gruenbacher) [RHEL-40901]
- gfs2: qd_check_sync cleanups (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Check quota consistency on mount (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Minor gfs2_quota_init error path cleanup (Andreas Gruenbacher) [RHEL-40901]
- gfs2: fix kernel BUG in gfs2_quota_cleanup (Edward Adam Davis) [RHEL-40901]
- gfs2: Clean up quota.c:print_message (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Clean up gfs2_alloc_parms initializers (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Two quota=account mode fixes (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Remove useless assignment (Bob Peterson) [RHEL-40901]
- gfs2: simplify slot_get (Bob Peterson) [RHEL-40901]
- gfs2: Simplify qd2offset (Bob Peterson) [RHEL-40901]
- gfs2: Remove quota allocation info from quota file (Bob Peterson) [RHEL-40901]
- gfs2: use constant for array size (Bob Peterson) [RHEL-40901]
- gfs2: Set qd_sync_gen in do_sync (Bob Peterson) [RHEL-40901]
- gfs2: Remove useless err set (Bob Peterson) [RHEL-40901]
- gfs2: Small gfs2_quota_lock cleanup (Bob Peterson) [RHEL-40901]
- gfs2: move qdsb_put and reduce redundancy (Bob Peterson) [RHEL-40901]
- gfs2: Don't try to sync non-changes (Bob Peterson) [RHEL-40901]
- gfs2: Simplify function need_sync (Bob Peterson) [RHEL-40901]
- gfs2: remove unneeded pg_oflow variable (Bob Peterson) [RHEL-40901]
- gfs2: remove unneeded variable done (Bob Peterson) [RHEL-40901]
- gfs2: pass sdp to gfs2_write_buf_to_page (Bob Peterson) [RHEL-40901]
- gfs2: pass sdp in to gfs2_write_disk_quota (Bob Peterson) [RHEL-40901]
- gfs2: Pass sdp to gfs2_adjust_quota (Bob Peterson) [RHEL-40901]
- gfs2: remove dead code for quota writes (Bob Peterson) [RHEL-40901]
- gfs2: Use qd_sbd more consequently (Bob Peterson) [RHEL-40901]
- gfs2: replace 'found' with dedicated list iterator variable (Jakob Koschel) [RHEL-40901]
- gfs2: Some whitespace cleanups (Andreas Gruenbacher) [RHEL-40901]
- gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold (Bob Peterson) [RHEL-40901]
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Guillaume Nault) [RHEL-43961] {CVE-2024-38596}
- af_unix: Fix data-races around sk->sk_shutdown. (Guillaume Nault) [RHEL-43961] {CVE-2024-38596}
- af_unix: Fix data races around sk->sk_shutdown. (Guillaume Nault) [RHEL-43961] {CVE-2024-38596}
- perf/core: Fix event sibling list locking (Daniel Vacek) [RHEL-31798]
- media: bttv: fix use after free error due to btv->timeout timer (Kate Hsuan) [RHEL-38256] {CVE-2023-52847}
- arp: Prevent overflow in arp_req_get(). (Antoine Tenart) [RHEL-31706] {CVE-2024-26733}
- Bluetooth: btusb: Add a new PID/VID 0489/e0c8 for MT7921 (David Marlin) [RHEL-10263]
- mm: swap: fix race between free_swap_and_cache() and swapoff() (Waiman Long) [RHEL-34971] {CVE-2024-26960}
- swap: comments get_swap_device() with usage rule (Waiman Long) [RHEL-34971] {CVE-2024-26960}
- mm/swapfile.c: __swap_entry_free() always free 1 entry (Waiman Long) [RHEL-34971] {CVE-2024-26960}
- mm/swapfile.c: call free_swap_slot() in __swap_entry_free() (Waiman Long) [RHEL-34971] {CVE-2024-26960}
- mm/swapfile.c: use __try_to_reclaim_swap() in free_swap_and_cache() (Waiman Long) [RHEL-34971] {CVE-2024-26960}
- net: amd-xgbe: Fix skb data length underflow (Ken Cox) [RHEL-43788] {CVE-2022-48743}
- ovl: fix warning in ovl_create_real() (cki-backport-bot) [RHEL-43652] {CVE-2021-47579}
- net/sched: initialize noop_qdisc owner (Davide Caratti) [RHEL-35056]
- net/sched: Fix mirred deadlock on device recursion (Davide Caratti) [RHEL-35056] {CVE-2024-27010}
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Pavel Reichl) [RHEL-45029] {CVE-2024-39276}
- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Ken Cox) [RHEL-38713] {CVE-2021-47548}
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Hangbin Liu) [RHEL-44396] {CVE-2024-33621}
- mlxsw: spectrum_acl_tcam: Fix stack corruption (Ivan Vecera) [RHEL-26462] {CVE-2024-26586}
- inet: inet_defrag: prevent sk release while still in use (Antoine Tenart) [RHEL-33398] {CVE-2024-26921}
- skb_expand_head() adjust skb->truesize incorrectly (Antoine Tenart) [RHEL-33398]
- nvmet: fix ns enable/disable possible hang (Ming Lei) [RHEL-43547]

[4.18.0-553.10.1.el8_10]
- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (Scott Mayhew) [RHEL-38264] {CVE-2023-52803}
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-39717] {CVE-2024-36025}
- tcp: add sanity checks to rx zerocopy (Guillaume Nault) [RHEL-29494] {CVE-2024-26640}
- SUNRPC: fix some memleaks in gssx_dec_option_array (Scott Mayhew) [RHEL-35209] {CVE-2024-27388}
- wifi: nl80211: don't free NULL coalescing rule (Jose Ignacio Tornos Martinez) [RHEL-39752] {CVE-2024-36941}
- nfs: fix UAF in direct writes (Scott Mayhew) [RHEL-34975] {CVE-2024-26958}
- NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (Scott Mayhew) [RHEL-33228] {CVE-2024-26870}
- drm/amd/pm: Fix error of MACO flag setting code (Michel Dänzer) [RHEL-15928]
- scsi: aacraid: fix io hangs and improve performance (John Meneghini) [RHEL-23913]
- block: prevent division by zero in blk_rq_stat_sum() (Ming Lei) [RHEL-37279] {CVE-2024-35925}
- block: fix overflow in blk_ioctl_discard() (Ming Lei) [RHEL-39811] {CVE-2024-36917}
- virtio-blk: fix implicit overflow on virtio_max_dma_size (Ming Lei) [RHEL-38131] {CVE-2023-52762}
- nbd: null check for nla_nest_start (Ming Lei) [RHEL-35176] {CVE-2024-27025}
- isdn: mISDN: netjet: Fix crash in nj_probe: (Ken Cox) [RHEL-38444] {CVE-2021-47284}
- isdn: mISDN: Fix sleeping function called from invalid context (Ken Cox) [RHEL-38400] {CVE-2021-47468}
- net/smc: avoid data corruption caused by decline (Tobias Huschle) [RHEL-38234] {CVE-2023-52775}
- ubi: Check for too small LEB size in VTBL code (David Arcari) [RHEL-25092] {CVE-2024-25739}
- i2c: core: Fix atomic xfer check for non-preempt config (Steve Best) [RHEL-38313] {CVE-2023-52791}
- i2c: core: Run atomic i2c xfer when !preemptible (Steve Best) [RHEL-38313] {CVE-2023-52791}
- firewire: ohci: mask bus reset interrupts between ISR and bottom half (Steve Best) [RHEL-39902] {CVE-2024-36950}
- ipv6: init the accept_queue's spinlocks in inet6_create (Guillaume Nault) [RHEL-28899] {CVE-2024-26614}
- tcp: make sure init the accept_queue's spinlocks once (Guillaume Nault) [RHEL-28899] {CVE-2024-26614}
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Steve Best) [RHEL-39352] {CVE-2024-36016}
- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (Ivan Vecera) [RHEL-37484] {CVE-2024-36006}
- pwm: Fix double shift bug (Steve Best) [RHEL-38278] {CVE-2023-52756}
- mmc: sdio: fix possible resource leaks in some error paths (Steve Best) [RHEL-38149] {CVE-2023-52730}
- of: unittest: Fix compile in the non-dynamic case (Steve Best) [RHEL-37070] {CVE-2023-52679}
- of: unittest: Fix of_count_phandle_with_args() expected value message (Steve Best) [RHEL-37070] {CVE-2023-52679}
- of: Fix double free in of_parse_phandle_with_args_map (Steve Best) [RHEL-37070] {CVE-2023-52679}
- pinctrl: core: delete incorrect free in pinctrl_enable() (Steve Best) [RHEL-39756] {CVE-2024-36940}
- pinctrl: core: fix possible memory leak in pinctrl_enable() (Steve Best) [RHEL-39756] {CVE-2024-36940}
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (Desnes Nunes) [RHEL-38331] {CVE-2023-52764}
- tipc: fix a possible memleak in tipc_buf_append (Xin Long) [RHEL-39881] {CVE-2024-36954}
- cifs: fix mid leak during reconnection after timeout threshold (Paulo Alcantara) [RHEL-36222]
- cifs: Fix use-after-free in rdata->read_into_pages() (Paulo Alcantara) [RHEL-36222]
- cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (Paulo Alcantara) [RHEL-36222]
- cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (Paulo Alcantara) [RHEL-36222]
- cifs: destage dirty pages before re-reading them for cache=none (Paulo Alcantara) [RHEL-36222]
- cifs: destage any unwritten data to the server before calling copychunk_write (Paulo Alcantara) [RHEL-36222]
- Adjust cifssb maximum read size (Paulo Alcantara) [RHEL-36222]
- cifs: make locking consistent around the server session status (Paulo Alcantara) [RHEL-36222]
- cifs: fix credit accounting for extra channel (Paulo Alcantara) [RHEL-36222]
- smb3: prevent races updating CurrentMid (Paulo Alcantara) [RHEL-36222]
- cifs: fix missing spinlock around update to ses->status (Paulo Alcantara) [RHEL-36222]
- cifs: use echo_interval even when connection not ready. (Paulo Alcantara) [RHEL-36222]
- cifs: detect dead connections only when echoes are enabled. (Paulo Alcantara) [RHEL-36222]
- cifs: Fix preauth hash corruption (Paulo Alcantara) [RHEL-36222]
- cifs: do not send close in compound create+close requests (Paulo Alcantara) [RHEL-36222]
- cifs: ask for more credit on async read/write code paths (Paulo Alcantara) [RHEL-36222]
- cifs: use discard iterator to discard unneeded network data more efficiently (Paulo Alcantara) [RHEL-36222]
- cifs: Fix in error types returned for out-of-credit situations. (Paulo Alcantara) [RHEL-36222]
- smb3: fix crediting for compounding when only one request in flight (Paulo Alcantara) [RHEL-36222]
- cifs: New optype for session operations. (Paulo Alcantara) [RHEL-36222]
- mm/gup: do not return 0 from pin_user_pages_fast() for bad args (Paulo Alcantara) [RHEL-36222]
- wifi: brcmfmac: pcie: handle randbuf allocation failure (Jose Ignacio Tornos Martinez) [RHEL-44124] {CVE-2024-38575}
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Guillaume Nault) [RHEL-39835] {CVE-2024-36904}
- wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Jose Ignacio Tornos Martinez) [RHEL-38159] {CVE-2023-52832}
- wifi: ath11k: fix gtk offload status event locking (Jose Ignacio Tornos Martinez) [RHEL-38155] {CVE-2023-52777}
- net: ieee802154: fix null deref in parse dev addr (Steve Best) [RHEL-38012] {CVE-2021-47257}
- mm/hugetlb: fix missing hugetlb_lock for resv uncharge (Rafael Aquini) [RHEL-37465] {CVE-2024-36000}
- x86/xen: Add some null pointer checking to smp.c (Vitaly Kuznetsov) [RHEL-33258] {CVE-2024-26908}
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (Vitaly Kuznetsov) [RHEL-33258] {CVE-2024-26908}
- wifi: cfg80211: check A-MSDU format more carefully (Jose Ignacio Tornos Martinez) [RHEL-37343] {CVE-2024-35937}
- wifi: rtw89: fix null pointer access when abort scan (Jose Ignacio Tornos Martinez) [RHEL-37355] {CVE-2024-35946}
- atl1c: Work around the DMA RX overflow issue (Ken Cox) [RHEL-38287] {CVE-2023-52834}
- wifi: ath11k: decrease MHI channel buffer length to 8KB (Jose Ignacio Tornos Martinez) [RHEL-37339] {CVE-2024-35938}
- wifi: iwlwifi: mvm: rfi: fix potential response leaks (Jose Ignacio Tornos Martinez) [RHEL-37163] {CVE-2024-35912}
- USB: core: Fix access violation during port device removal (Desnes Nunes) [RHEL-39853] {CVE-2024-36896}
- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (Ewan D. Milne) [RHEL-37123] {CVE-2024-35930}
- netfilter: nf_tables: honor table dormant flag from netdev release event path (Phil Sutter) [RHEL-37450] {CVE-2024-36005}
- wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (Jose Ignacio Tornos Martinez) [RHEL-36898] {CVE-2024-27434}
- wifi: iwlwifi: mvm: Fix key flags for IGTK on AP interface (Jose Ignacio Tornos Martinez) [RHEL-36898] {CVE-2024-27434}
- misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume (Steve Best) [RHEL-36932] {CVE-2024-35824}

[4.18.0-553.9.1.el8_10]
- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (Steve Best) [RHEL-37262] {CVE-2024-35876}
- net/sched: flower: Fix chain template offload (Xin Long) [RHEL-31313] {CVE-2024-26669}
- SUNRPC: fix a memleak in gss_import_v2_context (Scott Mayhew) [RHEL-35195] {CVE-2023-52653}
- efivarfs: force RO when remounting if SetVariable is not supported (Pavel Reichl) [RHEL-26564] {CVE-2023-52463}
- dmaengine: idxd: add a write() method for applications to submit work (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823}
- dmaengine: idxd: add a new security check to deal with a hardware erratum (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823}
- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823}
- quota: Fix potential NULL pointer dereference (Pavel Reichl) [RHEL-33219] {CVE-2024-26878}
- locking/lockdep: Fix overflow in presentation of average lock-time (Čestmír Kalina) [RHEL-17678]
- blk-cgroup: Properly propagate the iostat update up the hierarchy (Ming Lei) [RHEL-40939]
- proc: Use new_inode not new_inode_pseudo (Ian Kent) [RHEL-40167]
- stmmac: Clear variable when destroying workqueue (Izabela Bakollari) [RHEL-31822] {CVE-2024-26802}
- powerpc/pseries/memhp: Fix access beyond end of drmem array (Mamatha Inamdar) [RHEL-26495] {CVE-2023-52451}
- platform/x86: wmi: Fix opening of char device (David Arcari) [RHEL-38258] {CVE-2023-52864}
- Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (Kamal Heib) [RHEL-36908] {CVE-2023-52658}
- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Cathy Avery) [RHEL-39074]
- hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Cathy Avery) [RHEL-39074]
- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (Cathy Avery) [RHEL-39074]
- hv_netvsc: remove duplicated including of slab.h (Cathy Avery) [RHEL-39074]
- hv_netvsc: rndis_filter needs to select NLS (Cathy Avery) [RHEL-39074]
- hv_netvsc: Mark VF as slave before exposing it to user-mode (Cathy Avery) [RHEL-39074]
- hv_netvsc: Fix race of register_netdevice_notifier and VF register (Cathy Avery) [RHEL-39074]
- hv_netvsc: fix race of netvsc and VF register_netdevice (Cathy Avery) [RHEL-39074]
- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (Cathy Avery) [RHEL-39074]
- hv_netvsc: Allocate rx indirection table size dynamically (Cathy Avery) [RHEL-39074]
- net: hv_netvsc: Fix a warning triggered by memcpy in rndis_filter (Cathy Avery) [RHEL-39074]
- gfs2: Fix lru_count accounting (Andreas Gruenbacher) [RHEL-32941]
- gfs2: Fix "Make glock lru list scanning safer" (Andreas Gruenbacher) [RHEL-32941]
- gfs2: Fix "ignore unlock failures after withdraw" (Andreas Gruenbacher) [RHEL-32941]
- gfs2: Don't set GLF_LOCK in gfs2_dispose_glock_lru (Andreas Gruenbacher) [RHEL-32941]
- gfs2: Don't forget to complete delayed withdraw (Andreas Gruenbacher) [RHEL-32941]
- gfs2: Delay withdraw from atomic context (Andreas Gruenbacher) [RHEL-32941]
- gfs2: trivial clean up of gfs2_ail_error (Andreas Gruenbacher) [RHEL-32941]
- ext4: fix corruption during on-line resize (Carlos Maiolino) [RHEL-36974] {CVE-2024-35807}
- ext4: correct offset of gdb backup in non meta_bg group to update_backups (Carlos Maiolino) [RHEL-36974]
- ext4: avoid online resizing failures due to oversized flex bg (Carlos Maiolino) [RHEL-30507] {CVE-2023-52622}
- ext4: use time_is_before_jiffies() instead of open coding it (Carlos Maiolino) [RHEL-30507]
- ext4: unify the type of flexbg_size to unsigned int (Carlos Maiolino) [RHEL-30507]
- ext4: remove unnecessary check from alloc_flex_gd() (Carlos Maiolino) [RHEL-30507]
- tracing: Do no increment trace_clock_global() by one (Jerome Marchand) [RHEL-27107] {CVE-2021-46939}
- tracing: Restructure trace_clock_global() to never block (Jerome Marchand) [RHEL-27107] {CVE-2021-46939}
- net/sched: act_skbmod: prevent kernel-infoleak (Xin Long) [RHEL-37220] {CVE-2024-35893}
- tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Xin Long) [RHEL-38307] {CVE-2023-52845}
- redhat: remove the merge subtrees script (Derek Barbosa)
- redhat: rhdocs: delete .get_maintainer.conf (Derek Barbosa)
- redhat: rhdocs: Remove the rhdocs directory (Derek Barbosa)
- dyndbg: fix old BUG_ON in >control parser (Waiman Long) [RHEL-37111] {CVE-2024-35947}
- dyndbg: let query-modname override actual module name (Waiman Long) [RHEL-37111]
- dyndbg: make dyndbg a known cli param (Waiman Long) [RHEL-37111]
- lan78xx: Fix exception on link speed change (Jamie Bainbridge) [RHEL-33437]
- net: usb: lan78xx: don't modify phy_device state concurrently (Jamie Bainbridge) [RHEL-33437]
- efi: runtime: Fix potential overflow of soft-reserved region size (Lenny Szubowicz) [RHEL-33096] {CVE-2024-26843}
- perf/arm-cmn: Fail DTC counter allocation correctly (Michael Petlan) [RHEL-23841]
- perf/arm-cmn: Rework DTC counters (again) (Michael Petlan) [RHEL-23841]
- perf/arm-cmn: Fix DTC domain detection (Michael Petlan) [RHEL-23841]
- perf/arm-cmn: Revamp model detection (Michael Petlan) [RHEL-23841]
- perf/arm-cmn: Fix port detection for CMN-700 (Michael Petlan) [RHEL-23841]
- perf/arm-cmn: Move overlapping wp_combine field (Michael Petlan) [RHEL-23841]
- Partially revert "perf/arm-cmn: Optimise DTC counter accesses" (Michael Petlan) [RHEL-23841]
- drivers/perf: Compile with gnu99 standard (Michael Petlan) [RHEL-23841]
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Steve Best) [RHEL-36994] {CVE-2024-35801}
- watchdog: softdog: Add options 'soft_reboot_cmd' and 'soft_active_on_boot' (Waiman Long) [RHEL-19723]
- tipc: fix UAF in error path (Xin Long) [RHEL-34278] {CVE-2024-36886}



ELSA-2024-12581 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12581

http://linux.oracle.com/errata/ELSA-2024-12581.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.334.6.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.334.6.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.334.6.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.334.6.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.334.6.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.334.6.el8uek.src.rpm

Related CVEs:

CVE-2024-33621
CVE-2024-35976
CVE-2024-36014
CVE-2024-36015
CVE-2024-36016
CVE-2024-36270
CVE-2024-36286
CVE-2024-36288
CVE-2024-36971
CVE-2024-37353
CVE-2024-37356
CVE-2024-38549
CVE-2024-38552
CVE-2024-38558
CVE-2024-38559
CVE-2024-38560
CVE-2024-38565
CVE-2024-38567
CVE-2024-38578
CVE-2024-38579
CVE-2024-38582
CVE-2024-38583
CVE-2024-38589
CVE-2024-38596
CVE-2024-38598
CVE-2024-38599
CVE-2024-38601
CVE-2024-38612
CVE-2024-38613
CVE-2024-38615
CVE-2024-38618
CVE-2024-38621
CVE-2024-38627
CVE-2024-38633
CVE-2024-38634
CVE-2024-38635
CVE-2024-38637
CVE-2024-38659
CVE-2024-38661
CVE-2024-38780
CVE-2024-39276
CVE-2024-39292
CVE-2024-39301
CVE-2024-39467
CVE-2024-39471
CVE-2024-39480
CVE-2024-39488
CVE-2024-39489
CVE-2024-39503
CVE-2024-40916
CVE-2024-41090
CVE-2024-41091

Description of changes:

[5.4.17-2136.334.6.el8uek]
- loop: Fix a race between loop detach and loop open (Gulam Mohamed) [Orabug: 36197800]
- x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs (Alexandre Chartre) [Orabug: 36672495]
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Alexandre Chartre) [Orabug: 36642472]
- wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko)
- net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879157] {CVE-2024-41090} {CVE-2024-41091}

[5.4.17-2136.334.5.el8uek]
- Fix incorrect syntax in UEK6 OL8 kernel-uek.spec (Sherry Yang) [Orabug: 36847358]
- rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36722026]

[5.4.17-2136.334.4.el8uek]
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz)
- netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik) [Orabug: 36835599] {CVE-2024-39503}
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski) [Orabug: 36836328] {CVE-2024-40916}
- vxlan: Fix regression when dropping packets due to invalid src addresses (Daniel Borkmann)

[5.4.17-2136.334.3.el8uek]
- rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529562]
- pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36762919]

[5.4.17-2136.334.2.el8uek]
- LTS tag: v5.4.278 (Alok Tiwari)
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (Daniel J Blueman)
- io_uring: fail NOP if non-zero op flags is passed in (Ming Lei)
- nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov)
- s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger) [Orabug: 36774592] {CVE-2024-38661}
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774598] {CVE-2024-39276}
- sparc: move struct termio to asm/termios.h (Mike Gilbert)
- xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet) [Orabug: 36643449] {CVE-2024-35976}
- net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36720417] {CVE-2024-36971}
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson)
- kdb: Merge identical case statements in kdb_read() (Daniel Thompson)
- kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson)
- kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) [Orabug: 36809288] {CVE-2024-39480}
- sparc64: Fix number of online CPUs (Sam Ravnborg)
- intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin)
- net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774612] {CVE-2024-39301}
- net/ipv6: Fix route deleting failure when metric equals 0 (xu xin)
- crypto: ecrdsa - Fix module auto-load on add_key (Vitaly Chikunov)
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier)
- media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil)
- media: mxl5xx: Move xpt structures off stack (Nathan Chancellor)
- media: mc: mark the media devnode as registered from the, start (Hans Verkuil)
- arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen)
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (Bitterblue Smith)
- arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski)
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (Christoffer Sandberg)
- ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov)
- drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou) [Orabug: 36774657] {CVE-2024-39471}
- media: lgdt3306a: Add a check against null-pointer-def (Zheyu Ma)
- f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu) [Orabug: 36774636] {CVE-2024-39467}
- x86/mm: Remove broken vsyscall emulation code from the page fault code (Linus Torvalds)
- nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753564] {CVE-2024-38583}
- afs: Don't cross .backup mountpoint from backup volume (Marc Dionne)
- mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz)
- binder: fix max_thread type inconsistency (Carlos Llamas)
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever) [Orabug: 36809512] {CVE-2024-36288}
- ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753729] {CVE-2024-38618}
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763551] {CVE-2024-33621}
- spi: stm32: Don't warn about spurious interrupts (Uwe Kleine-König)
- kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada)
- netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal) [Orabug: 36763563] {CVE-2024-36270}
- net:fec: Add fec_enet_deinit() (Xiaolei Wang)
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran)
- smsc95xx: use usbnet->driver_priv (Andre Edich)
- smsc95xx: remove redundant function arguments (Andre Edich)
- enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763836] {CVE-2024-38659}
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763844] {CVE-2024-38780}
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran)
- nvmet: fix ns enable/disable possible hang (Sagi Grimberg)
- spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko)
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug: 36763570] {CVE-2024-36286}
- net: fec: avoid lock evasion when reading pps_enable (Wei Fang)
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763587] {CVE-2024-37353}
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825258] {CVE-2024-39488}
- openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole)
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763591] {CVE-2024-37356}
- params: lift param_set_uint_minmax to common code (Sagi Grimberg)
- ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825262] {CVE-2024-39489}
- sunrpc: fix NFSACL RPC retry on soft mount (Dan Aloni)
- x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada)
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun)
- media: cec: cec-api: add locking in cec_release() (Hans Verkuil)
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Hans Verkuil)
- um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie)
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde)
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (Azeem Shaikh)
- media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763602] {CVE-2024-38621}
- um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768583] {CVE-2024-39292}
- um: Fix return value in ubd_init() (Duoming Zhou)
- drm/msm/dpu: Always flush the slave INTF on the CTL (Marijn Suijten)
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu)
- Input: ims-pcu - fix printf string overflow (Arnd Bergmann)
- libsubcmd: Fix parse-options memory leak (Ian Rogers)
- serial: sh-sci: protect invalidating RXDMA on shutdown (Wolfram Sang)
- f2fs: fix to release node block count in error path of f2fs_new_node_page() (Chao Yu)
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap)
- ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678064] {CVE-2024-36015}
- ppdev: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET)
- stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763763] {CVE-2024-38627}
- usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff)
- microblaze: Remove early printk call from cpuinfo-static.c (Michal Simek)
- microblaze: Remove gcc flag for non existing early_printk.c file (Michal Simek)
- iio: pressure: dps310: support negative temperature values (Thomas Haemmerle)
- greybus: arche-ctrl: move device table to its right location (Arnd Bergmann)
- serial: max3100: Fix bitwise types (Andy Shevchenko)
- serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763814] {CVE-2024-38633}
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug: 36763819] {CVE-2024-38634}
- firmware: dmi-id: add a release callback function (Arnd Bergmann)
- dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni)
- soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart) [Orabug: 36763825] {CVE-2024-38635}
- soundwire: cadence_master: improve PDI allocation (Bard Liao)
- soundwire: intel: don't filter out PDI0/1 (Pierre-Louis Bossart)
- soundwire: cadence/intel: simplify PDI/port mapping (Pierre-Louis Bossart)
- greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763832] {CVE-2024-38637}
- sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov)
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet)
- netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753581] {CVE-2024-38589}
- RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky)
- selftests/kcmp: remove unused open mode (Edward Liaw)
- selftests/kcmp: Make the test output consistent and clear (Gautam Menghani)
- SUNRPC: Fix gss_free_in_token_pages() (Chuck Lever)
- sunrpc: removed redundant procp check (Aleksandr Aprelkov)
- ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara)
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter)
- RDMA/hns: Use complete parentheses in macros (Chengchang Tang)
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (Marek Vasut)
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt)
- drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36678061] {CVE-2024-36014}
- fbdev: sh7760fb: allow modular build (Randy Dunlap)
- platform/x86: wmi: Make two functions static (YueHaibing)
- media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda)
- media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov)
- fbdev: sisfb: hide unused variables (Arnd Bergmann)
- powerpc/fsl-soc: hide unused const variable (Arnd Bergmann)
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753414] {CVE-2024-38549}
- fbdev: shmobile: fix snprintf truncation (Arnd Bergmann)
- mtd: rawnand: hynix: fixed typo (Maxim Korotkov)
- drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan Shanmugam) [Orabug: 36753424] {CVE-2024-38552}
- ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753710] {CVE-2024-38612}
- ipv6: sr: add missing seg6_local_exit (Hangbin Liu)
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753462] {CVE-2024-38558}
- net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet)
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753599] {CVE-2024-38596}
- net: ethernet: cortina: Locking fixes (Linus Walleij)
- m68k: mac: Fix reboot hang on Mac IIci (Finn Thain)
- m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753714] {CVE-2024-38613}
- net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet)
- usb: aqc111: stop lying about skb->truesize (Eric Dumazet)
- wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter)
- scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753467] {CVE-2024-38559}
- scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753472] {CVE-2024-38560}
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (Chen Ni)
- Revert "sh: Handle calling csum_partial with misaligned data" (Guenter Roeck)
- sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven)
- wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753485] {CVE-2024-38565}
- wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753508] {CVE-2024-38567}
- macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" (Finn Thain)
- tcp: avoid premature drops in tcp_add_backlog() (Eric Dumazet)
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei)
- tcp: minor optimization in tcp_add_backlog() (Eric Dumazet)
- wifi: ath10k: populate board data for WCN3990 (Dmitry Baryshkov)
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui)
- x86/purgatory: Switch to the position-independent small code model (Ard Biesheuvel)
- scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov)
- scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang)
- cpufreq: exit() callback is optional (Viresh Kumar) [Orabug: 36753721] {CVE-2024-38615}
- cpufreq: Rearrange locking in cpufreq_remove_dev() (Rafael J. Wysocki)
- cpufreq: Split cpufreq_offline() (Rafael J. Wysocki)
- cpufreq: Reorganize checks in cpufreq_offline() (Rafael J. Wysocki)
- ACPI: disable -Wstringop-truncation (Arnd Bergmann)
- irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu)
- scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney)
- scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney)
- scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV (Andrew Halaney)
- scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney)
- qed: avoid truncating work queue length (Arnd Bergmann)
- wifi: ath10k: poll service ready message before failing (Baochen Qiang)
- md: fix resync softlockup when bitmap size is less than array size (Yu Kuai) [Orabug: 36753648] {CVE-2024-38598}
- null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun)
- jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753651] {CVE-2024-38599}
- s390/cio: fix tracepoint subchannel type field (Peter Oberparleiter)
- crypto: ccp - drop platform ifdef checks (Arnd Bergmann)
- parisc: add missing export of __cmpxchg_u8() (Al Viro)
- nilfs2: fix out-of-range warning (Arnd Bergmann)
- ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753536] {CVE-2024-38578}
- firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart)
- crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753541] {CVE-2024-38579}
- openpromfs: finish conversion to the new mount API (Eric Sandeen)
- nvme: find numa distance only if controller has valid numa id (Nilay Shroff)
- drm/amdkfd: Flush the process wq before creating a kfd_process (Lancelot SIX)
- ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart)
- ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang)
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang)
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (Joshua Ashton)
- net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas)
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev)
- nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753557] {CVE-2024-38582}
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi)
- net: smc91x: Fix m68k kernel compilation for ColdFire CPU (Thorsten Blum)
- ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753661] {CVE-2024-38601}
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678068] {CVE-2024-36016}

[5.4.17-2136.334.1.el8uek]
- rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529583]
- xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36596998]
- xfs: fix sb write verify for lazysbcount (Long Li) [Orabug: 36596998]
- rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613125]



ELSA-2024-12580 Moderate: Oracle Linux 8 linux-firmware security update


Oracle Linux Security Advisory ELSA-2024-12580

http://linux.oracle.com/errata/ELSA-2024-12580.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwlax2xx-firmware-20240715-999.34.el8.noarch.rpm
iwl1000-firmware-39.31.5.1-999.34.el8.noarch.rpm
iwl100-firmware-39.31.5.1-999.34.el8.noarch.rpm
iwl105-firmware-18.168.6.1-999.34.el8.noarch.rpm
iwl135-firmware-18.168.6.1-999.34.el8.noarch.rpm
iwl2000-firmware-18.168.6.1-999.34.el8.noarch.rpm
iwl2030-firmware-18.168.6.1-999.34.el8.noarch.rpm
iwl3160-firmware-25.30.13.0-999.34.el8.noarch.rpm
iwl3945-firmware-15.32.2.9-999.34.el8.noarch.rpm
iwl4965-firmware-228.61.2.24-999.34.el8.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.34.el8.noarch.rpm
iwl5150-firmware-8.24.2.2-999.34.el8.noarch.rpm
iwl6000-firmware-9.221.4.1-999.34.el8.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.34.el8.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.34.el8.noarch.rpm
iwl6050-firmware-41.28.5.1-999.34.el8.noarch.rpm
iwl7260-firmware-25.30.13.0-999.34.el8.noarch.rpm
libertas-sd8686-firmware-20240715-999.34.git4c8fb21e.el8.noarch.rpm
libertas-sd8787-firmware-20240715-999.34.git4c8fb21e.el8.noarch.rpm
libertas-usb8388-firmware-20240715-999.34.git4c8fb21e.el8.noarch.rpm
libertas-usb8388-olpc-firmware-20240715-999.34.git4c8fb21e.el8.noarch.rpm
linux-firmware-20240715-999.34.git4c8fb21e.el8.noarch.rpm
linux-firmware-core-20240715-999.34.git4c8fb21e.el8.noarch.rpm

aarch64:
iwlax2xx-firmware-20240715-999.34.el8.noarch.rpm
iwl1000-firmware-39.31.5.1-999.34.el8.noarch.rpm
iwl100-firmware-39.31.5.1-999.34.el8.noarch.rpm
iwl105-firmware-18.168.6.1-999.34.el8.noarch.rpm
iwl135-firmware-18.168.6.1-999.34.el8.noarch.rpm
iwl2000-firmware-18.168.6.1-999.34.el8.noarch.rpm
iwl2030-firmware-18.168.6.1-999.34.el8.noarch.rpm
iwl3160-firmware-25.30.13.0-999.34.el8.noarch.rpm
iwl3945-firmware-15.32.2.9-999.34.el8.noarch.rpm
iwl4965-firmware-228.61.2.24-999.34.el8.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.34.el8.noarch.rpm
iwl5150-firmware-8.24.2.2-999.34.el8.noarch.rpm
iwl6000-firmware-9.221.4.1-999.34.el8.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.34.el8.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.34.el8.noarch.rpm
iwl6050-firmware-41.28.5.1-999.34.el8.noarch.rpm
iwl7260-firmware-25.30.13.0-999.34.el8.noarch.rpm
libertas-sd8686-firmware-20240715-999.34.git4c8fb21e.el8.noarch.rpm
libertas-sd8787-firmware-20240715-999.34.git4c8fb21e.el8.noarch.rpm
libertas-usb8388-firmware-20240715-999.34.git4c8fb21e.el8.noarch.rpm
libertas-usb8388-olpc-firmware-20240715-999.34.git4c8fb21e.el8.noarch.rpm
linux-firmware-20240715-999.34.git4c8fb21e.el8.noarch.rpm
linux-firmware-core-20240715-999.34.git4c8fb21e.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//linux-firmware-20240715-999.34.git4c8fb21e.el8.src.rpm

Related CVEs:

CVE-2023-31315

Description of changes:

[20240715-999.34.git4c8fb21e.el8]
- Rebase to latest upstream [Orabug: 36826157]



ELSA-2024-12585 Important: Oracle Linux 7 Unbreakable Enterprise kernel-container security update


Oracle Linux Security Advisory ELSA-2024-12585

http://linux.oracle.com/errata/ELSA-2024-12585.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-container-5.4.17-2136.334.6.el7.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.334.6.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-container-5.4.17-2136.334.6.el7.src.rpm

Related CVEs:

CVE-2024-41090
CVE-2024-41091
CVE-2024-39503
CVE-2024-40916
CVE-2024-38661
CVE-2024-39276
CVE-2024-35976
CVE-2024-36971
CVE-2024-39480
CVE-2024-39301
CVE-2024-39471
CVE-2024-39467
CVE-2024-38583
CVE-2024-36288
CVE-2024-38618
CVE-2024-33621
CVE-2024-36270
CVE-2024-38659
CVE-2024-38780
CVE-2024-36286
CVE-2024-37353
CVE-2024-39488
CVE-2024-37356
CVE-2024-39489
CVE-2024-38621
CVE-2024-39292
CVE-2024-36015
CVE-2024-38627
CVE-2024-38633
CVE-2024-38634
CVE-2024-38635
CVE-2024-38637
CVE-2024-38589
CVE-2024-36014
CVE-2024-38549
CVE-2024-38552
CVE-2024-38612
CVE-2024-38558
CVE-2024-38596
CVE-2024-38613
CVE-2024-38559
CVE-2024-38560
CVE-2024-38565
CVE-2024-38567
CVE-2024-38615
CVE-2024-38598
CVE-2024-38599
CVE-2024-38578
CVE-2024-38579
CVE-2024-38582
CVE-2024-38601
CVE-2024-36016

Description of changes:

[5.4.17-2136.334.6.el7]
- loop: Fix a race between loop detach and loop open (Gulam Mohamed) [Orabug: 36197800]
- x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs (Alexandre Chartre) [Orabug: 36672495]
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Alexandre Chartre) [Orabug: 36642472]
- wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko)
- net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879157] {CVE-2024-41090} {CVE-2024-41091}

[5.4.17-2136.334.5.el7]
- Fix incorrect syntax in UEK6 OL8 kernel-uek.spec (Sherry Yang) [Orabug: 36847358]
- rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36722026]

[5.4.17-2136.334.4.el7]
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz)
- netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik)
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski)

[5.4.17-2136.334.3.el7]
- rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529562]
- pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36762919]

[5.4.17-2136.334.2.el7]
- LTS tag: v5.4.278 (Alok Tiwari)
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (Daniel J Blueman)
- io_uring: fail NOP if non-zero op flags is passed in (Ming Lei)
- nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov)
- s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger)
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li)
- sparc: move struct termio to asm/termios.h (Mike Gilbert)
- xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet)
- net: fix __dst_negative_advice() race (Eric Dumazet)
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson)
- kdb: Merge identical case statements in kdb_read() (Daniel Thompson)
- kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson)
- kdb: Use format-strings rather than '\0' injection in kdb_read() (Daniel Thompson)
- kdb: Fix buffer overflow during tab-complete (Daniel Thompson)
- sparc64: Fix number of online CPUs (Sam Ravnborg)
- intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin)
- net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich)
- net/ipv6: Fix route deleting failure when metric equals 0 (xu xin)
- crypto: ecrdsa - Fix module auto-load on add_key (Vitaly Chikunov)
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier)
- media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil)
- media: mxl5xx: Move xpt structures off stack (Nathan Chancellor)
- media: mc: mark the media devnode as registered from the, start (Hans Verkuil)
- arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen)
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (Bitterblue Smith)
- arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski)
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (Christoffer Sandberg)
- ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov)
- drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou)
- media: lgdt3306a: Add a check against null-pointer-def (Zheyu Ma)
- f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu)
- x86/mm: Remove broken vsyscall emulation code from the page fault code (Linus Torvalds)
- nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi)
- afs: Don't cross .backup mountpoint from backup volume (Marc Dionne)
- mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz)
- binder: fix max_thread type inconsistency (Carlos Llamas)
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever)
- ALSA: timer: Set lower bound of start tick time (Takashi Iwai)
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing)
- spi: stm32: Don't warn about spurious interrupts (Uwe Kleine-König)
- kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada)
- netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal)
- net:fec: Add fec_enet_deinit() (Xiaolei Wang)
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran)
- smsc95xx: use usbnet->driver_priv (Andre Edich)
- smsc95xx: remove redundant function arguments (Andre Edich)
- enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats)
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa)
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran)
- nvmet: fix ns enable/disable possible hang (Sagi Grimberg)
- spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko)
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet)
- net: fec: avoid lock evasion when reading pps_enable (Wei Fang)
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko)
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao)
- openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole)
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima)
- params: lift param_set_uint_minmax to common code (Sagi Grimberg)
- ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu)
- sunrpc: fix NFSACL RPC retry on soft mount (Dan Aloni)
- x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada)
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun)
- media: cec: cec-api: add locking in cec_release() (Hans Verkuil)
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Hans Verkuil)
- um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie)
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde)
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (Azeem Shaikh)
- media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter)
- um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu)
- um: Fix return value in ubd_init() (Duoming Zhou)
- drm/msm/dpu: Always flush the slave INTF on the CTL (Marijn Suijten)
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu)
- Input: ims-pcu - fix printf string overflow (Arnd Bergmann)
- libsubcmd: Fix parse-options memory leak (Ian Rogers)
- serial: sh-sci: protect invalidating RXDMA on shutdown (Wolfram Sang)
- f2fs: fix to release node block count in error path of f2fs_new_node_page() (Chao Yu)
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap)
- ppdev: Add an error check in register_device (Huai-Yuan Liu)
- ppdev: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET)
- stm class: Fix a double free in stm_register_device() (Dan Carpenter)
- usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff)
- microblaze: Remove early printk call from cpuinfo-static.c (Michal Simek)
- microblaze: Remove gcc flag for non existing early_printk.c file (Michal Simek)
- iio: pressure: dps310: support negative temperature values (Thomas Haemmerle)
- greybus: arche-ctrl: move device table to its right location (Arnd Bergmann)
- serial: max3100: Fix bitwise types (Andy Shevchenko)
- serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko)
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko)
- firmware: dmi-id: add a release callback function (Arnd Bergmann)
- dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni)
- soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart)
- soundwire: cadence_master: improve PDI allocation (Bard Liao)
- soundwire: intel: don't filter out PDI0/1 (Pierre-Louis Bossart)
- soundwire: cadence/intel: simplify PDI/port mapping (Pierre-Louis Bossart)
- greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva)
- sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov)
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet)
- netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet)
- RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky)
- selftests/kcmp: remove unused open mode (Edward Liaw)
- selftests/kcmp: Make the test output consistent and clear (Gautam Menghani)
- SUNRPC: Fix gss_free_in_token_pages() (Chuck Lever)
- sunrpc: removed redundant procp check (Aleksandr Aprelkov)
- ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara)
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter)
- RDMA/hns: Use complete parentheses in macros (Chengchang Tang)
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (Marek Vasut)
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt)
- drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu)
- fbdev: sh7760fb: allow modular build (Randy Dunlap)
- platform/x86: wmi: Make two functions static (YueHaibing)
- media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda)
- media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov)
- fbdev: sisfb: hide unused variables (Arnd Bergmann)
- powerpc/fsl-soc: hide unused const variable (Arnd Bergmann)
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green)
- fbdev: shmobile: fix snprintf truncation (Arnd Bergmann)
- mtd: rawnand: hynix: fixed typo (Maxim Korotkov)
- drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan Shanmugam)
- ipv6: sr: fix invalid unregister error path (Hangbin Liu)
- ipv6: sr: add missing seg6_local_exit (Hangbin Liu)
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets)
- net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet)
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao)
- net: ethernet: cortina: Locking fixes (Linus Walleij)
- m68k: mac: Fix reboot hang on Mac IIci (Finn Thain)
- m68k: Fix spinlock race in kernel thread creation (Michael Schmitz)
- net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet)
- usb: aqc111: stop lying about skb->truesize (Eric Dumazet)
- wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter)
- scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh)
- scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh)
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (Chen Ni)
- Revert "sh: Handle calling csum_partial with misaligned data" (Guenter Roeck)
- sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven)
- wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich)
- wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich)
- macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" (Finn Thain)
- tcp: avoid premature drops in tcp_add_backlog() (Eric Dumazet)
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei)
- tcp: minor optimization in tcp_add_backlog() (Eric Dumazet)
- wifi: ath10k: populate board data for WCN3990 (Dmitry Baryshkov)
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui)
- x86/purgatory: Switch to the position-independent small code model (Ard Biesheuvel)
- scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov)
- scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang)
- cpufreq: exit() callback is optional (Viresh Kumar)
- cpufreq: Rearrange locking in cpufreq_remove_dev() (Rafael J. Wysocki)
- cpufreq: Split cpufreq_offline() (Rafael J. Wysocki)
- cpufreq: Reorganize checks in cpufreq_offline() (Rafael J. Wysocki)
- ACPI: disable -Wstringop-truncation (Arnd Bergmann)
- irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu)
- scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney)
- scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney)
- scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV (Andrew Halaney)
- scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney)
- qed: avoid truncating work queue length (Arnd Bergmann)
- wifi: ath10k: poll service ready message before failing (Baochen Qiang)
- md: fix resync softlockup when bitmap size is less than array size (Yu Kuai)
- null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun)
- jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev)
- s390/cio: fix tracepoint subchannel type field (Peter Oberparleiter)
- crypto: ccp - drop platform ifdef checks (Arnd Bergmann)
- parisc: add missing export of __cmpxchg_u8() (Al Viro)
- nilfs2: fix out-of-range warning (Arnd Bergmann)
- ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak)
- firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart)
- crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin)
- openpromfs: finish conversion to the new mount API (Eric Sandeen)
- nvme: find numa distance only if controller has valid numa id (Nilay Shroff)
- drm/amdkfd: Flush the process wq before creating a kfd_process (Lancelot SIX)
- ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart)
- ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang)
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang)
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (Joshua Ashton)
- net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas)
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev)
- nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi)
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi)
- net: smc91x: Fix m68k kernel compilation for ColdFire CPU (Thorsten Blum)
- ring-buffer: Fix a race between readers and resize checks (Petr Pavlu)
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke)

[5.4.17-2136.334.1.el7]
- rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529583]
- xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36596998]
- xfs: fix sb write verify for lazysbcount (Long Li) [Orabug: 36596998]
- rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613125]



ELSA-2024-12581 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12581

http://linux.oracle.com/errata/ELSA-2024-12581.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.334.6.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.334.6.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.334.6.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.334.6.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.334.6.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.334.6.el7uek.x86_64.rpm

aarch64:
kernel-uek-5.4.17-2136.334.6.el7uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.334.6.el7uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.334.6.el7uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.334.6.el7uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.334.6.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.334.6.el7uek.aarch64.rpm
kernel-uek-tools-libs-5.4.17-2136.334.6.el7uek.aarch64.rpm
perf-5.4.17-2136.334.6.el7uek.aarch64.rpm
python-perf-5.4.17-2136.334.6.el7uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.334.6.el7uek.src.rpm

Related CVEs:

CVE-2024-33621
CVE-2024-35976
CVE-2024-36014
CVE-2024-36015
CVE-2024-36016
CVE-2024-36270
CVE-2024-36286
CVE-2024-36288
CVE-2024-36971
CVE-2024-37353
CVE-2024-37356
CVE-2024-38549
CVE-2024-38552
CVE-2024-38558
CVE-2024-38559
CVE-2024-38560
CVE-2024-38565
CVE-2024-38567
CVE-2024-38578
CVE-2024-38579
CVE-2024-38582
CVE-2024-38583
CVE-2024-38589
CVE-2024-38596
CVE-2024-38598
CVE-2024-38599
CVE-2024-38601
CVE-2024-38612
CVE-2024-38613
CVE-2024-38615
CVE-2024-38618
CVE-2024-38621
CVE-2024-38627
CVE-2024-38633
CVE-2024-38634
CVE-2024-38635
CVE-2024-38637
CVE-2024-38659
CVE-2024-38661
CVE-2024-38780
CVE-2024-39276
CVE-2024-39292
CVE-2024-39301
CVE-2024-39467
CVE-2024-39471
CVE-2024-39480
CVE-2024-39488
CVE-2024-39489
CVE-2024-39503
CVE-2024-40916
CVE-2024-41090
CVE-2024-41091

Description of changes:

[5.4.17-2136.334.6.el7uek]
- loop: Fix a race between loop detach and loop open (Gulam Mohamed) [Orabug: 36197800]
- x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs (Alexandre Chartre) [Orabug: 36672495]
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Alexandre Chartre) [Orabug: 36642472]
- wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko)
- net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879157] {CVE-2024-41090} {CVE-2024-41091}

[5.4.17-2136.334.5.el7uek]
- Fix incorrect syntax in UEK6 OL8 kernel-uek.spec (Sherry Yang) [Orabug: 36847358]
- rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36722026]

[5.4.17-2136.334.4.el7uek]
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz)
- netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik) [Orabug: 36835599] {CVE-2024-39503}
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski) [Orabug: 36836328] {CVE-2024-40916}
- vxlan: Fix regression when dropping packets due to invalid src addresses (Daniel Borkmann)

[5.4.17-2136.334.3.el7uek]
- rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529562]
- pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36762919]

[5.4.17-2136.334.2.el7uek]
- LTS tag: v5.4.278 (Alok Tiwari)
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (Daniel J Blueman)
- io_uring: fail NOP if non-zero op flags is passed in (Ming Lei)
- nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov)
- s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger) [Orabug: 36774592] {CVE-2024-38661}
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774598] {CVE-2024-39276}
- sparc: move struct termio to asm/termios.h (Mike Gilbert)
- xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet) [Orabug: 36643449] {CVE-2024-35976}
- net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36720417] {CVE-2024-36971}
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson)
- kdb: Merge identical case statements in kdb_read() (Daniel Thompson)
- kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson)
- kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) [Orabug: 36809288] {CVE-2024-39480}
- sparc64: Fix number of online CPUs (Sam Ravnborg)
- intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin)
- net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774612] {CVE-2024-39301}
- net/ipv6: Fix route deleting failure when metric equals 0 (xu xin)
- crypto: ecrdsa - Fix module auto-load on add_key (Vitaly Chikunov)
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier)
- media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil)
- media: mxl5xx: Move xpt structures off stack (Nathan Chancellor)
- media: mc: mark the media devnode as registered from the, start (Hans Verkuil)
- arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen)
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (Bitterblue Smith)
- arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski)
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (Christoffer Sandberg)
- ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov)
- drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou) [Orabug: 36774657] {CVE-2024-39471}
- media: lgdt3306a: Add a check against null-pointer-def (Zheyu Ma)
- f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu) [Orabug: 36774636] {CVE-2024-39467}
- x86/mm: Remove broken vsyscall emulation code from the page fault code (Linus Torvalds)
- nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753564] {CVE-2024-38583}
- afs: Don't cross .backup mountpoint from backup volume (Marc Dionne)
- mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz)
- binder: fix max_thread type inconsistency (Carlos Llamas)
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever) [Orabug: 36809512] {CVE-2024-36288}
- ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753729] {CVE-2024-38618}
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763551] {CVE-2024-33621}
- spi: stm32: Don't warn about spurious interrupts (Uwe Kleine-König)
- kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada)
- netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal) [Orabug: 36763563] {CVE-2024-36270}
- net:fec: Add fec_enet_deinit() (Xiaolei Wang)
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran)
- smsc95xx: use usbnet->driver_priv (Andre Edich)
- smsc95xx: remove redundant function arguments (Andre Edich)
- enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763836] {CVE-2024-38659}
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763844] {CVE-2024-38780}
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran)
- nvmet: fix ns enable/disable possible hang (Sagi Grimberg)
- spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko)
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug: 36763570] {CVE-2024-36286}
- net: fec: avoid lock evasion when reading pps_enable (Wei Fang)
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763587] {CVE-2024-37353}
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825258] {CVE-2024-39488}
- openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole)
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763591] {CVE-2024-37356}
- params: lift param_set_uint_minmax to common code (Sagi Grimberg)
- ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825262] {CVE-2024-39489}
- sunrpc: fix NFSACL RPC retry on soft mount (Dan Aloni)
- x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada)
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun)
- media: cec: cec-api: add locking in cec_release() (Hans Verkuil)
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Hans Verkuil)
- um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie)
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde)
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (Azeem Shaikh)
- media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763602] {CVE-2024-38621}
- um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768583] {CVE-2024-39292}
- um: Fix return value in ubd_init() (Duoming Zhou)
- drm/msm/dpu: Always flush the slave INTF on the CTL (Marijn Suijten)
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu)
- Input: ims-pcu - fix printf string overflow (Arnd Bergmann)
- libsubcmd: Fix parse-options memory leak (Ian Rogers)
- serial: sh-sci: protect invalidating RXDMA on shutdown (Wolfram Sang)
- f2fs: fix to release node block count in error path of f2fs_new_node_page() (Chao Yu)
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap)
- ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678064] {CVE-2024-36015}
- ppdev: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET)
- stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763763] {CVE-2024-38627}
- usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff)
- microblaze: Remove early printk call from cpuinfo-static.c (Michal Simek)
- microblaze: Remove gcc flag for non existing early_printk.c file (Michal Simek)
- iio: pressure: dps310: support negative temperature values (Thomas Haemmerle)
- greybus: arche-ctrl: move device table to its right location (Arnd Bergmann)
- serial: max3100: Fix bitwise types (Andy Shevchenko)
- serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763814] {CVE-2024-38633}
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug: 36763819] {CVE-2024-38634}
- firmware: dmi-id: add a release callback function (Arnd Bergmann)
- dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni)
- soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart) [Orabug: 36763825] {CVE-2024-38635}
- soundwire: cadence_master: improve PDI allocation (Bard Liao)
- soundwire: intel: don't filter out PDI0/1 (Pierre-Louis Bossart)
- soundwire: cadence/intel: simplify PDI/port mapping (Pierre-Louis Bossart)
- greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763832] {CVE-2024-38637}
- sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov)
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet)
- netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753581] {CVE-2024-38589}
- RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky)
- selftests/kcmp: remove unused open mode (Edward Liaw)
- selftests/kcmp: Make the test output consistent and clear (Gautam Menghani)
- SUNRPC: Fix gss_free_in_token_pages() (Chuck Lever)
- sunrpc: removed redundant procp check (Aleksandr Aprelkov)
- ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara)
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter)
- RDMA/hns: Use complete parentheses in macros (Chengchang Tang)
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (Marek Vasut)
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt)
- drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36678061] {CVE-2024-36014}
- fbdev: sh7760fb: allow modular build (Randy Dunlap)
- platform/x86: wmi: Make two functions static (YueHaibing)
- media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda)
- media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov)
- fbdev: sisfb: hide unused variables (Arnd Bergmann)
- powerpc/fsl-soc: hide unused const variable (Arnd Bergmann)
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753414] {CVE-2024-38549}
- fbdev: shmobile: fix snprintf truncation (Arnd Bergmann)
- mtd: rawnand: hynix: fixed typo (Maxim Korotkov)
- drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan Shanmugam) [Orabug: 36753424] {CVE-2024-38552}
- ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753710] {CVE-2024-38612}
- ipv6: sr: add missing seg6_local_exit (Hangbin Liu)
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753462] {CVE-2024-38558}
- net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet)
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753599] {CVE-2024-38596}
- net: ethernet: cortina: Locking fixes (Linus Walleij)
- m68k: mac: Fix reboot hang on Mac IIci (Finn Thain)
- m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753714] {CVE-2024-38613}
- net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet)
- usb: aqc111: stop lying about skb->truesize (Eric Dumazet)
- wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter)
- scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753467] {CVE-2024-38559}
- scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753472] {CVE-2024-38560}
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (Chen Ni)
- Revert "sh: Handle calling csum_partial with misaligned data" (Guenter Roeck)
- sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven)
- wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753485] {CVE-2024-38565}
- wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753508] {CVE-2024-38567}
- macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" (Finn Thain)
- tcp: avoid premature drops in tcp_add_backlog() (Eric Dumazet)
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei)
- tcp: minor optimization in tcp_add_backlog() (Eric Dumazet)
- wifi: ath10k: populate board data for WCN3990 (Dmitry Baryshkov)
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui)
- x86/purgatory: Switch to the position-independent small code model (Ard Biesheuvel)
- scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov)
- scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang)
- cpufreq: exit() callback is optional (Viresh Kumar) [Orabug: 36753721] {CVE-2024-38615}
- cpufreq: Rearrange locking in cpufreq_remove_dev() (Rafael J. Wysocki)
- cpufreq: Split cpufreq_offline() (Rafael J. Wysocki)
- cpufreq: Reorganize checks in cpufreq_offline() (Rafael J. Wysocki)
- ACPI: disable -Wstringop-truncation (Arnd Bergmann)
- irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu)
- scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney)
- scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney)
- scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV (Andrew Halaney)
- scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney)
- qed: avoid truncating work queue length (Arnd Bergmann)
- wifi: ath10k: poll service ready message before failing (Baochen Qiang)
- md: fix resync softlockup when bitmap size is less than array size (Yu Kuai) [Orabug: 36753648] {CVE-2024-38598}
- null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun)
- jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753651] {CVE-2024-38599}
- s390/cio: fix tracepoint subchannel type field (Peter Oberparleiter)
- crypto: ccp - drop platform ifdef checks (Arnd Bergmann)
- parisc: add missing export of __cmpxchg_u8() (Al Viro)
- nilfs2: fix out-of-range warning (Arnd Bergmann)
- ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753536] {CVE-2024-38578}
- firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart)
- crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753541] {CVE-2024-38579}
- openpromfs: finish conversion to the new mount API (Eric Sandeen)
- nvme: find numa distance only if controller has valid numa id (Nilay Shroff)
- drm/amdkfd: Flush the process wq before creating a kfd_process (Lancelot SIX)
- ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart)
- ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang)
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang)
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (Joshua Ashton)
- net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas)
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev)
- nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753557] {CVE-2024-38582}
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi)
- net: smc91x: Fix m68k kernel compilation for ColdFire CPU (Thorsten Blum)
- ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753661] {CVE-2024-38601}
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678068] {CVE-2024-36016}

[5.4.17-2136.334.1.el7uek]
- rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529583]
- xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36596998]
- xfs: fix sb write verify for lazysbcount (Long Li) [Orabug: 36596998]
- rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613125]



ELSA-2024-12584 Important: Oracle Linux 8 Unbreakable Enterprise kernel-container security update


Oracle Linux Security Advisory ELSA-2024-12584

http://linux.oracle.com/errata/ELSA-2024-12584.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-container-5.4.17-2136.334.6.el8.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.334.6.el8.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-container-5.4.17-2136.334.6.el8.src.rpm

Related CVEs:

CVE-2024-41090
CVE-2024-41091
CVE-2024-39503
CVE-2024-40916
CVE-2024-38661
CVE-2024-39276
CVE-2024-35976
CVE-2024-36971
CVE-2024-39480
CVE-2024-39301
CVE-2024-39471
CVE-2024-39467
CVE-2024-38583
CVE-2024-36288
CVE-2024-38618
CVE-2024-33621
CVE-2024-36270
CVE-2024-38659
CVE-2024-38780
CVE-2024-36286
CVE-2024-37353
CVE-2024-39488
CVE-2024-37356
CVE-2024-39489
CVE-2024-38621
CVE-2024-39292
CVE-2024-36015
CVE-2024-38627
CVE-2024-38633
CVE-2024-38634
CVE-2024-38635
CVE-2024-38637
CVE-2024-38589
CVE-2024-36014
CVE-2024-38549
CVE-2024-38552
CVE-2024-38612
CVE-2024-38558
CVE-2024-38596
CVE-2024-38613
CVE-2024-38559
CVE-2024-38560
CVE-2024-38565
CVE-2024-38567
CVE-2024-38615
CVE-2024-38598
CVE-2024-38599
CVE-2024-38578
CVE-2024-38579
CVE-2024-38582
CVE-2024-38601
CVE-2024-36016

Description of changes:

[5.4.17-2136.334.6.el8]
- loop: Fix a race between loop detach and loop open (Gulam Mohamed) [Orabug: 36197800]
- x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs (Alexandre Chartre) [Orabug: 36672495]
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Alexandre Chartre) [Orabug: 36642472]
- wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko)
- net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879157] {CVE-2024-41090} {CVE-2024-41091}

[5.4.17-2136.334.5.el8]
- Fix incorrect syntax in UEK6 OL8 kernel-uek.spec (Sherry Yang) [Orabug: 36847358]
- rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36722026]

[5.4.17-2136.334.4.el8]
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz)
- netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik)
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski)

[5.4.17-2136.334.3.el8]
- rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529562]
- pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36762919]

[5.4.17-2136.334.2.el8]
- LTS tag: v5.4.278 (Alok Tiwari)
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (Daniel J Blueman)
- io_uring: fail NOP if non-zero op flags is passed in (Ming Lei)
- nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov)
- s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger)
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li)
- sparc: move struct termio to asm/termios.h (Mike Gilbert)
- xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet)
- net: fix __dst_negative_advice() race (Eric Dumazet)
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson)
- kdb: Merge identical case statements in kdb_read() (Daniel Thompson)
- kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson)
- kdb: Use format-strings rather than '\0' injection in kdb_read() (Daniel Thompson)
- kdb: Fix buffer overflow during tab-complete (Daniel Thompson)
- sparc64: Fix number of online CPUs (Sam Ravnborg)
- intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin)
- net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich)
- net/ipv6: Fix route deleting failure when metric equals 0 (xu xin)
- crypto: ecrdsa - Fix module auto-load on add_key (Vitaly Chikunov)
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier)
- media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil)
- media: mxl5xx: Move xpt structures off stack (Nathan Chancellor)
- media: mc: mark the media devnode as registered from the, start (Hans Verkuil)
- arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen)
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (Bitterblue Smith)
- arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski)
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (Christoffer Sandberg)
- ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov)
- drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou)
- media: lgdt3306a: Add a check against null-pointer-def (Zheyu Ma)
- f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu)
- x86/mm: Remove broken vsyscall emulation code from the page fault code (Linus Torvalds)
- nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi)
- afs: Don't cross .backup mountpoint from backup volume (Marc Dionne)
- mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz)
- binder: fix max_thread type inconsistency (Carlos Llamas)
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever)
- ALSA: timer: Set lower bound of start tick time (Takashi Iwai)
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing)
- spi: stm32: Don't warn about spurious interrupts (Uwe Kleine-König)
- kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada)
- netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal)
- net:fec: Add fec_enet_deinit() (Xiaolei Wang)
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran)
- smsc95xx: use usbnet->driver_priv (Andre Edich)
- smsc95xx: remove redundant function arguments (Andre Edich)
- enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats)
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa)
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran)
- nvmet: fix ns enable/disable possible hang (Sagi Grimberg)
- spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko)
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet)
- net: fec: avoid lock evasion when reading pps_enable (Wei Fang)
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko)
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao)
- openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole)
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima)
- params: lift param_set_uint_minmax to common code (Sagi Grimberg)
- ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu)
- sunrpc: fix NFSACL RPC retry on soft mount (Dan Aloni)
- x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada)
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun)
- media: cec: cec-api: add locking in cec_release() (Hans Verkuil)
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Hans Verkuil)
- um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie)
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde)
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (Azeem Shaikh)
- media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter)
- um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu)
- um: Fix return value in ubd_init() (Duoming Zhou)
- drm/msm/dpu: Always flush the slave INTF on the CTL (Marijn Suijten)
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu)
- Input: ims-pcu - fix printf string overflow (Arnd Bergmann)
- libsubcmd: Fix parse-options memory leak (Ian Rogers)
- serial: sh-sci: protect invalidating RXDMA on shutdown (Wolfram Sang)
- f2fs: fix to release node block count in error path of f2fs_new_node_page() (Chao Yu)
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap)
- ppdev: Add an error check in register_device (Huai-Yuan Liu)
- ppdev: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET)
- stm class: Fix a double free in stm_register_device() (Dan Carpenter)
- usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff)
- microblaze: Remove early printk call from cpuinfo-static.c (Michal Simek)
- microblaze: Remove gcc flag for non existing early_printk.c file (Michal Simek)
- iio: pressure: dps310: support negative temperature values (Thomas Haemmerle)
- greybus: arche-ctrl: move device table to its right location (Arnd Bergmann)
- serial: max3100: Fix bitwise types (Andy Shevchenko)
- serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko)
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko)
- firmware: dmi-id: add a release callback function (Arnd Bergmann)
- dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni)
- soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart)
- soundwire: cadence_master: improve PDI allocation (Bard Liao)
- soundwire: intel: don't filter out PDI0/1 (Pierre-Louis Bossart)
- soundwire: cadence/intel: simplify PDI/port mapping (Pierre-Louis Bossart)
- greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva)
- sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov)
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet)
- netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet)
- RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky)
- selftests/kcmp: remove unused open mode (Edward Liaw)
- selftests/kcmp: Make the test output consistent and clear (Gautam Menghani)
- SUNRPC: Fix gss_free_in_token_pages() (Chuck Lever)
- sunrpc: removed redundant procp check (Aleksandr Aprelkov)
- ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara)
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter)
- RDMA/hns: Use complete parentheses in macros (Chengchang Tang)
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (Marek Vasut)
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt)
- drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu)
- fbdev: sh7760fb: allow modular build (Randy Dunlap)
- platform/x86: wmi: Make two functions static (YueHaibing)
- media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda)
- media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov)
- fbdev: sisfb: hide unused variables (Arnd Bergmann)
- powerpc/fsl-soc: hide unused const variable (Arnd Bergmann)
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green)
- fbdev: shmobile: fix snprintf truncation (Arnd Bergmann)
- mtd: rawnand: hynix: fixed typo (Maxim Korotkov)
- drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan Shanmugam)
- ipv6: sr: fix invalid unregister error path (Hangbin Liu)
- ipv6: sr: add missing seg6_local_exit (Hangbin Liu)
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets)
- net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet)
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao)
- net: ethernet: cortina: Locking fixes (Linus Walleij)
- m68k: mac: Fix reboot hang on Mac IIci (Finn Thain)
- m68k: Fix spinlock race in kernel thread creation (Michael Schmitz)
- net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet)
- usb: aqc111: stop lying about skb->truesize (Eric Dumazet)
- wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter)
- scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh)
- scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh)
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (Chen Ni)
- Revert "sh: Handle calling csum_partial with misaligned data" (Guenter Roeck)
- sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven)
- wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich)
- wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich)
- macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" (Finn Thain)
- tcp: avoid premature drops in tcp_add_backlog() (Eric Dumazet)
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei)
- tcp: minor optimization in tcp_add_backlog() (Eric Dumazet)
- wifi: ath10k: populate board data for WCN3990 (Dmitry Baryshkov)
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui)
- x86/purgatory: Switch to the position-independent small code model (Ard Biesheuvel)
- scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov)
- scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang)
- cpufreq: exit() callback is optional (Viresh Kumar)
- cpufreq: Rearrange locking in cpufreq_remove_dev() (Rafael J. Wysocki)
- cpufreq: Split cpufreq_offline() (Rafael J. Wysocki)
- cpufreq: Reorganize checks in cpufreq_offline() (Rafael J. Wysocki)
- ACPI: disable -Wstringop-truncation (Arnd Bergmann)
- irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu)
- scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney)
- scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney)
- scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV (Andrew Halaney)
- scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney)
- qed: avoid truncating work queue length (Arnd Bergmann)
- wifi: ath10k: poll service ready message before failing (Baochen Qiang)
- md: fix resync softlockup when bitmap size is less than array size (Yu Kuai)
- null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun)
- jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev)
- s390/cio: fix tracepoint subchannel type field (Peter Oberparleiter)
- crypto: ccp - drop platform ifdef checks (Arnd Bergmann)
- parisc: add missing export of __cmpxchg_u8() (Al Viro)
- nilfs2: fix out-of-range warning (Arnd Bergmann)
- ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak)
- firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart)
- crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin)
- openpromfs: finish conversion to the new mount API (Eric Sandeen)
- nvme: find numa distance only if controller has valid numa id (Nilay Shroff)
- drm/amdkfd: Flush the process wq before creating a kfd_process (Lancelot SIX)
- ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart)
- ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang)
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang)
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (Joshua Ashton)
- net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas)
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev)
- nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi)
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi)
- net: smc91x: Fix m68k kernel compilation for ColdFire CPU (Thorsten Blum)
- ring-buffer: Fix a race between readers and resize checks (Petr Pavlu)
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke)

[5.4.17-2136.334.1.el8]
- rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529583]
- xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36596998]
- xfs: fix sb write verify for lazysbcount (Long Li) [Orabug: 36596998]
- rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613125]



ELSA-2024-12581 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12581

http://linux.oracle.com/errata/ELSA-2024-12581.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.334.6.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.334.6.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.334.6.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.334.6.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.334.6.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.334.6.el8uek.src.rpm

Related CVEs:

CVE-2024-33621
CVE-2024-35976
CVE-2024-36014
CVE-2024-36015
CVE-2024-36016
CVE-2024-36270
CVE-2024-36286
CVE-2024-36288
CVE-2024-36971
CVE-2024-37353
CVE-2024-37356
CVE-2024-38549
CVE-2024-38552
CVE-2024-38558
CVE-2024-38559
CVE-2024-38560
CVE-2024-38565
CVE-2024-38567
CVE-2024-38578
CVE-2024-38579
CVE-2024-38582
CVE-2024-38583
CVE-2024-38589
CVE-2024-38596
CVE-2024-38598
CVE-2024-38599
CVE-2024-38601
CVE-2024-38612
CVE-2024-38613
CVE-2024-38615
CVE-2024-38618
CVE-2024-38621
CVE-2024-38627
CVE-2024-38633
CVE-2024-38634
CVE-2024-38635
CVE-2024-38637
CVE-2024-38659
CVE-2024-38661
CVE-2024-38780
CVE-2024-39276
CVE-2024-39292
CVE-2024-39301
CVE-2024-39467
CVE-2024-39471
CVE-2024-39480
CVE-2024-39488
CVE-2024-39489
CVE-2024-39503
CVE-2024-40916
CVE-2024-41090
CVE-2024-41091

Description of changes:

[5.4.17-2136.334.6.el8uek]
- loop: Fix a race between loop detach and loop open (Gulam Mohamed) [Orabug: 36197800]
- x86/bhi: Do not enable unnecessary BHI mitigation in OCI and Exadata VMs (Alexandre Chartre) [Orabug: 36672495]
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Alexandre Chartre) [Orabug: 36642472]
- wifi: wilc1000: fix ies_len type in connect path (Jozef Hopko)
- net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879157] {CVE-2024-41090} {CVE-2024-41091}

[5.4.17-2136.334.5.el8uek]
- Fix incorrect syntax in UEK6 OL8 kernel-uek.spec (Sherry Yang) [Orabug: 36847358]
- rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36722026]

[5.4.17-2136.334.4.el8uek]
- Bluetooth: L2CAP: Fix rejecting L2CAP_CONN_PARAM_UPDATE_REQ (Luiz Augusto von Dentz)
- netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Jozsef Kadlecsik) [Orabug: 36835599] {CVE-2024-39503}
- drm/exynos: hdmi: report safe 640x480 mode as a fallback when no EDID found (Marek Szyprowski) [Orabug: 36836328] {CVE-2024-40916}
- vxlan: Fix regression when dropping packets due to invalid src addresses (Daniel Borkmann)

[5.4.17-2136.334.3.el8uek]
- rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529562]
- pci: add hotplug patch support for SOLIDIGM Aura10 AIC 0x025e:0x0b60 (Alan Adamson) [Orabug: 36762919]

[5.4.17-2136.334.2.el8uek]
- LTS tag: v5.4.278 (Alok Tiwari)
- x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (Daniel J Blueman)
- io_uring: fail NOP if non-zero op flags is passed in (Ming Lei)
- nfs: fix undefined behavior in nfs_block_bits() (Sergey Shtylyov)
- s390/ap: Fix crash in AP internal function modify_bitmap() (Harald Freudenberger) [Orabug: 36774592] {CVE-2024-38661}
- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Baokun Li) [Orabug: 36774598] {CVE-2024-39276}
- sparc: move struct termio to asm/termios.h (Mike Gilbert)
- xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (Eric Dumazet) [Orabug: 36643449] {CVE-2024-35976}
- net: fix __dst_negative_advice() race (Eric Dumazet) [Orabug: 36720417] {CVE-2024-36971}
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (Daniel Thompson)
- kdb: Merge identical case statements in kdb_read() (Daniel Thompson)
- kdb: Fix console handling when editing and tab-completing commands (Daniel Thompson)
- kdb: Use format-strings rather than '- kdb: Fix buffer overflow during tab-complete (Daniel Thompson) [Orabug: 36809288] {CVE-2024-39480}
- sparc64: Fix number of online CPUs (Sam Ravnborg)
- intel_th: pci: Add Meteor Lake-S CPU support (Alexander Shishkin)
- net/9p: fix uninit-value in p9_client_rpc() (Nikita Zhandarovich) [Orabug: 36774612] {CVE-2024-39301}
- net/ipv6: Fix route deleting failure when metric equals 0 (xu xin)
- crypto: ecrdsa - Fix module auto-load on add_key (Vitaly Chikunov)
- KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (Marc Zyngier)
- media: v4l2-core: hold videodev_lock until dev reg, finishes (Hans Verkuil)
- media: mxl5xx: Move xpt structures off stack (Nathan Chancellor)
- media: mc: mark the media devnode as registered from the, start (Hans Verkuil)
- arm64: dts: hi3798cv200: fix the size of GICR (Yang Xiwen)
- wifi: rtl8xxxu: Fix the TX power of RTL8192CU, RTL8723AU (Bitterblue Smith)
- arm64: tegra: Correct Tegra132 I2C alias (Krzysztof Kozlowski)
- ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx (Christoffer Sandberg)
- ata: pata_legacy: make legacy_exit() work again (Sergey Shtylyov)
- drm/amdgpu: add error handle to avoid out-of-bounds (Bob Zhou) [Orabug: 36774657] {CVE-2024-39471}
- media: lgdt3306a: Add a check against null-pointer-def (Zheyu Ma)
- f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() (Chao Yu) [Orabug: 36774636] {CVE-2024-39467}
- x86/mm: Remove broken vsyscall emulation code from the page fault code (Linus Torvalds)
- nilfs2: fix use-after-free of timer for log writer thread (Ryusuke Konishi) [Orabug: 36753564] {CVE-2024-38583}
- afs: Don't cross .backup mountpoint from backup volume (Marc Dionne)
- mmc: core: Do not force a retune before RPMB switch (Jorge Ramirez-Ortiz)
- binder: fix max_thread type inconsistency (Carlos Llamas)
- SUNRPC: Fix loop termination condition in gss_free_in_token_pages() (Chuck Lever) [Orabug: 36809512] {CVE-2024-36288}
- ALSA: timer: Set lower bound of start tick time (Takashi Iwai) [Orabug: 36753729] {CVE-2024-38618}
- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Yue Haibing) [Orabug: 36763551] {CVE-2024-33621}
- spi: stm32: Don't warn about spurious interrupts (Uwe Kleine-König)
- kconfig: fix comparison to constant symbols, 'm', 'n' (Masahiro Yamada)
- netfilter: tproxy: bail out if IP has been disabled on the device (Florian Westphal) [Orabug: 36763563] {CVE-2024-36270}
- net:fec: Add fec_enet_deinit() (Xiaolei Wang)
- net: usb: smsc95xx: fix changing LED_SEL bit value updated from EEPROM (Parthiban Veerasooran)
- smsc95xx: use usbnet->driver_priv (Andre Edich)
- smsc95xx: remove redundant function arguments (Andre Edich)
- enic: Validate length of nl attributes in enic_set_vf_port (Roded Zats) [Orabug: 36763836] {CVE-2024-38659}
- dma-buf/sw-sync: don't enable IRQ from sync_print_obj() (Tetsuo Handa) [Orabug: 36763844] {CVE-2024-38780}
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (Carolina Jubran)
- nvmet: fix ns enable/disable possible hang (Sagi Grimberg)
- spi: Don't mark message DMA mapped when no transfer in it is (Andy Shevchenko)
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Eric Dumazet) [Orabug: 36763570] {CVE-2024-36286}
- net: fec: avoid lock evasion when reading pps_enable (Wei Fang)
- virtio: delete vq in vp_find_vqs_msix() when request_irq() fails (Jiri Pirko) [Orabug: 36763587] {CVE-2024-37353}
- arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY (Jiangfeng Xiao) [Orabug: 36825258] {CVE-2024-39488}
- openvswitch: Set the skbuff pkt_type for proper pmtud support. (Aaron Conole)
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Kuniyuki Iwashima) [Orabug: 36763591] {CVE-2024-37356}
- params: lift param_set_uint_minmax to common code (Sagi Grimberg)
- ipv6: sr: fix memleak in seg6_hmac_init_algo (Hangbin Liu) [Orabug: 36825262] {CVE-2024-39489}
- sunrpc: fix NFSACL RPC retry on soft mount (Dan Aloni)
- x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (Masahiro Yamada)
- null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() (Zhu Yanjun)
- media: cec: cec-api: add locking in cec_release() (Hans Verkuil)
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Hans Verkuil)
- um: Fix the -Wmissing-prototypes warning for __switch_mm (Tiwei Bie)
- powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (Shrikanth Hegde)
- scsi: qla2xxx: Replace all non-returning strlcpy() with strscpy() (Azeem Shaikh)
- media: stk1160: fix bounds checking in stk1160_copy_video() (Dan Carpenter) [Orabug: 36763602] {CVE-2024-38621}
- um: Add winch to winch_handlers before registering winch IRQ (Roberto Sassu) [Orabug: 36768583] {CVE-2024-39292}
- um: Fix return value in ubd_init() (Duoming Zhou)
- drm/msm/dpu: Always flush the slave INTF on the CTL (Marijn Suijten)
- Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (Fenglin Wu)
- Input: ims-pcu - fix printf string overflow (Arnd Bergmann)
- libsubcmd: Fix parse-options memory leak (Ian Rogers)
- serial: sh-sci: protect invalidating RXDMA on shutdown (Wolfram Sang)
- f2fs: fix to release node block count in error path of f2fs_new_node_page() (Chao Yu)
- extcon: max8997: select IRQ_DOMAIN instead of depending on it (Randy Dunlap)
- ppdev: Add an error check in register_device (Huai-Yuan Liu) [Orabug: 36678064] {CVE-2024-36015}
- ppdev: Remove usage of the deprecated ida_simple_xx() API (Christophe JAILLET)
- stm class: Fix a double free in stm_register_device() (Dan Carpenter) [Orabug: 36763763] {CVE-2024-38627}
- usb: gadget: u_audio: Clear uac pointer when freed. (Chris Wulff)
- microblaze: Remove early printk call from cpuinfo-static.c (Michal Simek)
- microblaze: Remove gcc flag for non existing early_printk.c file (Michal Simek)
- iio: pressure: dps310: support negative temperature values (Thomas Haemmerle)
- greybus: arche-ctrl: move device table to its right location (Arnd Bergmann)
- serial: max3100: Fix bitwise types (Andy Shevchenko)
- serial: max3100: Update uart_driver_registered on driver removal (Andy Shevchenko) [Orabug: 36763814] {CVE-2024-38633}
- serial: max3100: Lock port->lock when calling uart_handle_cts_change() (Andy Shevchenko) [Orabug: 36763819] {CVE-2024-38634}
- firmware: dmi-id: add a release callback function (Arnd Bergmann)
- dmaengine: idma64: Add check for dma_set_max_seg_size (Chen Ni)
- soundwire: cadence: fix invalid PDI offset (Pierre-Louis Bossart) [Orabug: 36763825] {CVE-2024-38635}
- soundwire: cadence_master: improve PDI allocation (Bard Liao)
- soundwire: intel: don't filter out PDI0/1 (Pierre-Louis Bossart)
- soundwire: cadence/intel: simplify PDI/port mapping (Pierre-Louis Bossart)
- greybus: lights: check return of get_channel_from_mode (Rui Miguel Silva) [Orabug: 36763832] {CVE-2024-38637}
- sched/fair: Allow disabling sched_balance_newidle with sched_relax_domain_level (Vitalii Bursov)
- af_packet: do not call packet_read_pending() from tpacket_destruct_skb() (Eric Dumazet)
- netrom: fix possible dead-lock in nr_rt_ioctl() (Eric Dumazet) [Orabug: 36753581] {CVE-2024-38589}
- RDMA/IPoIB: Fix format truncation compilation errors (Leon Romanovsky)
- selftests/kcmp: remove unused open mode (Edward Liaw)
- selftests/kcmp: Make the test output consistent and clear (Gautam Menghani)
- SUNRPC: Fix gss_free_in_token_pages() (Chuck Lever)
- sunrpc: removed redundant procp check (Aleksandr Aprelkov)
- ext4: avoid excessive credit estimate in ext4_tmpfile() (Jan Kara)
- x86/insn: Fix PUSH instruction in x86 instruction decoder opcode map (Adrian Hunter)
- RDMA/hns: Use complete parentheses in macros (Chengchang Tang)
- drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (Marek Vasut)
- ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (Steven Rostedt)
- drm/arm/malidp: fix a possible null pointer dereference (Huai-Yuan Liu) [Orabug: 36678061] {CVE-2024-36014}
- fbdev: sh7760fb: allow modular build (Randy Dunlap)
- platform/x86: wmi: Make two functions static (YueHaibing)
- media: radio-shark2: Avoid led_names truncations (Ricardo Ribalda)
- media: ngene: Add dvb_ca_en50221_init return value check (Aleksandr Burakov)
- fbdev: sisfb: hide unused variables (Arnd Bergmann)
- powerpc/fsl-soc: hide unused const variable (Arnd Bergmann)
- drm/mediatek: Add 0 size check to mtk_drm_gem_obj (Justin Green) [Orabug: 36753414] {CVE-2024-38549}
- fbdev: shmobile: fix snprintf truncation (Arnd Bergmann)
- mtd: rawnand: hynix: fixed typo (Maxim Korotkov)
- drm/amd/display: Fix potential index out of bounds in color transformation function (Srinivasan Shanmugam) [Orabug: 36753424] {CVE-2024-38552}
- ipv6: sr: fix invalid unregister error path (Hangbin Liu) [Orabug: 36753710] {CVE-2024-38612}
- ipv6: sr: add missing seg6_local_exit (Hangbin Liu)
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (Ilya Maximets) [Orabug: 36753462] {CVE-2024-38558}
- net: usb: smsc95xx: stop lying about skb->truesize (Eric Dumazet)
- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Breno Leitao) [Orabug: 36753599] {CVE-2024-38596}
- net: ethernet: cortina: Locking fixes (Linus Walleij)
- m68k: mac: Fix reboot hang on Mac IIci (Finn Thain)
- m68k: Fix spinlock race in kernel thread creation (Michael Schmitz) [Orabug: 36753714] {CVE-2024-38613}
- net: usb: sr9700: stop lying about skb->truesize (Eric Dumazet)
- usb: aqc111: stop lying about skb->truesize (Eric Dumazet)
- wifi: mwl8k: initialize cmd->addr[] properly (Dan Carpenter)
- scsi: qedf: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753467] {CVE-2024-38559}
- scsi: bfa: Ensure the copied buf is NUL terminated (Bui Quang Minh) [Orabug: 36753472] {CVE-2024-38560}
- HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (Chen Ni)
- Revert "sh: Handle calling csum_partial with misaligned data" (Guenter Roeck)
- sh: kprobes: Merge arch_copy_kprobe() into arch_prepare_kprobe() (Geert Uytterhoeven)
- wifi: ar5523: enable proper endpoint verification (Nikita Zhandarovich) [Orabug: 36753485] {CVE-2024-38565}
- wifi: carl9170: add a proper sanity check for endpoints (Nikita Zhandarovich) [Orabug: 36753508] {CVE-2024-38567}
- macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" (Finn Thain)
- tcp: avoid premature drops in tcp_add_backlog() (Eric Dumazet)
- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Lu Wei)
- tcp: minor optimization in tcp_add_backlog() (Eric Dumazet)
- wifi: ath10k: populate board data for WCN3990 (Dmitry Baryshkov)
- wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (Su Hui)
- x86/purgatory: Switch to the position-independent small code model (Ard Biesheuvel)
- scsi: hpsa: Fix allocation size for Scsi_Host private data (Yuri Karpov)
- scsi: libsas: Fix the failure of adding phy with zero-address to port (Xingui Yang)
- cpufreq: exit() callback is optional (Viresh Kumar) [Orabug: 36753721] {CVE-2024-38615}
- cpufreq: Rearrange locking in cpufreq_remove_dev() (Rafael J. Wysocki)
- cpufreq: Split cpufreq_offline() (Rafael J. Wysocki)
- cpufreq: Reorganize checks in cpufreq_offline() (Rafael J. Wysocki)
- ACPI: disable -Wstringop-truncation (Arnd Bergmann)
- irqchip/alpine-msi: Fix off-by-one in allocation error path (Zenghui Yu)
- scsi: ufs: core: Perform read back after disabling UIC_COMMAND_COMPL (Andrew Halaney)
- scsi: ufs: core: Perform read back after disabling interrupts (Andrew Halaney)
- scsi: ufs: cdns-pltfrm: Perform read back after writing HCLKDIV (Andrew Halaney)
- scsi: ufs: qcom: Perform read back after writing reset bit (Andrew Halaney)
- qed: avoid truncating work queue length (Arnd Bergmann)
- wifi: ath10k: poll service ready message before failing (Baochen Qiang)
- md: fix resync softlockup when bitmap size is less than array size (Yu Kuai) [Orabug: 36753648] {CVE-2024-38598}
- null_blk: Fix missing mutex_destroy() at module removal (Zhu Yanjun)
- jffs2: prevent xattr node from overflowing the eraseblock (Ilya Denisyev) [Orabug: 36753651] {CVE-2024-38599}
- s390/cio: fix tracepoint subchannel type field (Peter Oberparleiter)
- crypto: ccp - drop platform ifdef checks (Arnd Bergmann)
- parisc: add missing export of __cmpxchg_u8() (Al Viro)
- nilfs2: fix out-of-range warning (Arnd Bergmann)
- ecryptfs: Fix buffer size for tag 66 packet (Brian Kubisiak) [Orabug: 36753536] {CVE-2024-38578}
- firmware: raspberrypi: Use correct device for DMA mappings (Laurent Pinchart)
- crypto: bcm - Fix pointer arithmetic (Aleksandr Mishin) [Orabug: 36753541] {CVE-2024-38579}
- openpromfs: finish conversion to the new mount API (Eric Sandeen)
- nvme: find numa distance only if controller has valid numa id (Nilay Shroff)
- drm/amdkfd: Flush the process wq before creating a kfd_process (Lancelot SIX)
- ASoC: da7219-aad: fix usage of device_get_named_child_node() (Pierre-Louis Bossart)
- ASoC: dt-bindings: rt5645: add cbj sleeve gpio property (Derek Fang)
- ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (Derek Fang)
- drm/amd/display: Set color_mgmt_changed to true on unsuspend (Joshua Ashton)
- net: usb: qmi_wwan: add Telit FN920C04 compositions (Daniele Palmas)
- wifi: cfg80211: fix the order of arguments for trace events of the tx_rx_evt class (Igor Artemiev)
- nilfs2: fix potential hang in nilfs_detach_log_writer() (Ryusuke Konishi) [Orabug: 36753557] {CVE-2024-38582}
- nilfs2: fix unexpected freezing of nilfs_segctor_sync() (Ryusuke Konishi)
- net: smc91x: Fix m68k kernel compilation for ColdFire CPU (Thorsten Blum)
- ring-buffer: Fix a race between readers and resize checks (Petr Pavlu) [Orabug: 36753661] {CVE-2024-38601}
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Daniel Starke) [Orabug: 36678068] {CVE-2024-36016}

[5.4.17-2136.334.1.el8uek]
- rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529583]
- xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36596998]
- xfs: fix sb write verify for lazysbcount (Long Li) [Orabug: 36596998]
- rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613125]



ELSA-2024-5138 Important: Oracle Linux 9 httpd security update


Oracle Linux Security Advisory ELSA-2024-5138

http://linux.oracle.com/errata/ELSA-2024-5138.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
httpd-2.4.57-11.0.1.el9_4.1.x86_64.rpm
httpd-core-2.4.57-11.0.1.el9_4.1.x86_64.rpm
httpd-devel-2.4.57-11.0.1.el9_4.1.x86_64.rpm
httpd-filesystem-2.4.57-11.0.1.el9_4.1.noarch.rpm
httpd-manual-2.4.57-11.0.1.el9_4.1.noarch.rpm
httpd-tools-2.4.57-11.0.1.el9_4.1.x86_64.rpm
mod_ldap-2.4.57-11.0.1.el9_4.1.x86_64.rpm
mod_lua-2.4.57-11.0.1.el9_4.1.x86_64.rpm
mod_proxy_html-2.4.57-11.0.1.el9_4.1.x86_64.rpm
mod_session-2.4.57-11.0.1.el9_4.1.x86_64.rpm
mod_ssl-2.4.57-11.0.1.el9_4.1.x86_64.rpm

aarch64:
httpd-2.4.57-11.0.1.el9_4.1.aarch64.rpm
httpd-core-2.4.57-11.0.1.el9_4.1.aarch64.rpm
httpd-devel-2.4.57-11.0.1.el9_4.1.aarch64.rpm
httpd-filesystem-2.4.57-11.0.1.el9_4.1.noarch.rpm
httpd-manual-2.4.57-11.0.1.el9_4.1.noarch.rpm
httpd-tools-2.4.57-11.0.1.el9_4.1.aarch64.rpm
mod_ldap-2.4.57-11.0.1.el9_4.1.aarch64.rpm
mod_lua-2.4.57-11.0.1.el9_4.1.aarch64.rpm
mod_proxy_html-2.4.57-11.0.1.el9_4.1.aarch64.rpm
mod_session-2.4.57-11.0.1.el9_4.1.aarch64.rpm
mod_ssl-2.4.57-11.0.1.el9_4.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//httpd-2.4.57-11.0.1.el9_4.1.src.rpm

Related CVEs:

CVE-2024-38476

Description of changes:

[2.4.57-11.0.1.el9_4.1]
- Replace index.html with Oracle's index page oracle_index.html.

[2.4.57-11.1]
- Resolves: RHEL-46047 - httpd: Security issues via backend applications whose
response headers are malicious or exploitable (CVE-2024-38476)
- Resolves: RHEL-53021 - Regression introduced by CVE-2024-38474 fix



ELBA-2024-4770 Oracle Linux 9 ktls-utils bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-4770

http://linux.oracle.com/errata/ELBA-2024-4770.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ktls-utils-0.11-1.el9_4.x86_64.rpm

aarch64:
ktls-utils-0.11-1.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//ktls-utils-0.11-1.el9_4.src.rpm

Description of changes:

[0.11-1]
- Updated to the latest upstream release 0.11 (RHEL-47101)



ELSA-2024-5192 Moderate: Oracle Linux 9 389-ds-base security update


Oracle Linux Security Advisory ELSA-2024-5192

http://linux.oracle.com/errata/ELSA-2024-5192.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
389-ds-base-2.4.5-9.el9_4.x86_64.rpm
389-ds-base-libs-2.4.5-9.el9_4.x86_64.rpm
python3-lib389-2.4.5-9.el9_4.noarch.rpm
389-ds-base-devel-2.4.5-9.el9_4.x86_64.rpm

aarch64:
389-ds-base-2.4.5-9.el9_4.aarch64.rpm
389-ds-base-libs-2.4.5-9.el9_4.aarch64.rpm
python3-lib389-2.4.5-9.el9_4.noarch.rpm
389-ds-base-devel-2.4.5-9.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//389-ds-base-2.4.5-9.el9_4.src.rpm

Related CVEs:

CVE-2024-5953
CVE-2024-6237

Description of changes:

[2.4.5-9]
- Bump version to 2.4.5-9
- Resolves: RHEL-44323 - unauthenticated user can trigger a DoS by sending a specific extended search request
- Resolves: RHEL-40945 - Malformed userPassword hash may cause Denial of Service
- Resolves: RHEL-49457 - perf search result investigation for many large static groups and members 
- Resolves: RHEL-49459 - subsuffix are not returned in one level scoped search



ELBA-2024-12576 Oracle Linux 9 redhat-rpm-config bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12576

http://linux.oracle.com/errata/ELBA-2024-12576.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
redhat-rpm-config-207-1.0.1.el9.noarch.rpm

aarch64:
redhat-rpm-config-207-1.0.1.el9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//redhat-rpm-config-207-1.0.1.el9.src.rpm

Description of changes:

[207-1.0.1]
- Disabled changelog trimming for kernel-uek package [Orabug: 36807719]



ELSA-2024-12578 Moderate: Oracle Linux 9 linux-firmware security update


Oracle Linux Security Advisory ELSA-2024-12578

http://linux.oracle.com/errata/ELSA-2024-12578.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwl1000-firmware-39.31.5.1-999.34.el9.noarch.rpm
iwl100-firmware-39.31.5.1-999.34.el9.noarch.rpm
iwl105-firmware-18.168.6.1-999.34.el9.noarch.rpm
iwl135-firmware-18.168.6.1-999.34.el9.noarch.rpm
iwl2000-firmware-18.168.6.1-999.34.el9.noarch.rpm
iwl2030-firmware-18.168.6.1-999.34.el9.noarch.rpm
iwl3160-firmware-25.30.13.0-999.34.el9.noarch.rpm
iwl3945-firmware-15.32.2.9-999.34.el9.noarch.rpm
iwl4965-firmware-228.61.2.24-999.34.el9.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.34.el9.noarch.rpm
iwl5150-firmware-8.24.2.2-999.34.el9.noarch.rpm
iwl6000-firmware-9.221.4.1-999.34.el9.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.34.el9.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.34.el9.noarch.rpm
iwl6050-firmware-41.28.5.1-999.34.el9.noarch.rpm
iwl7260-firmware-25.30.13.0-999.34.el9.noarch.rpm
iwlax2xx-firmware-20240715-999.34.el9.noarch.rpm
libertas-sd8686-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm
libertas-sd8787-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm
libertas-usb8388-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm
libertas-usb8388-olpc-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm
linux-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm
linux-firmware-core-20240715-999.34.git4c8fb21e.el9.noarch.rpm
linux-firmware-whence-20240715-999.34.git4c8fb21e.el9.noarch.rpm
liquidio-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm
netronome-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm

aarch64:
iwl1000-firmware-39.31.5.1-999.34.el9.noarch.rpm
iwl100-firmware-39.31.5.1-999.34.el9.noarch.rpm
iwl105-firmware-18.168.6.1-999.34.el9.noarch.rpm
iwl135-firmware-18.168.6.1-999.34.el9.noarch.rpm
iwl2000-firmware-18.168.6.1-999.34.el9.noarch.rpm
iwl2030-firmware-18.168.6.1-999.34.el9.noarch.rpm
iwl3160-firmware-25.30.13.0-999.34.el9.noarch.rpm
iwl3945-firmware-15.32.2.9-999.34.el9.noarch.rpm
iwl4965-firmware-228.61.2.24-999.34.el9.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.34.el9.noarch.rpm
iwl5150-firmware-8.24.2.2-999.34.el9.noarch.rpm
iwl6000-firmware-9.221.4.1-999.34.el9.noarch.rpm
iwl6000g2a-firmware-18.168.6.1-999.34.el9.noarch.rpm
iwl6000g2b-firmware-18.168.6.1-999.34.el9.noarch.rpm
iwl6050-firmware-41.28.5.1-999.34.el9.noarch.rpm
iwl7260-firmware-25.30.13.0-999.34.el9.noarch.rpm
iwlax2xx-firmware-20240715-999.34.el9.noarch.rpm
libertas-sd8686-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm
libertas-sd8787-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm
libertas-usb8388-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm
libertas-usb8388-olpc-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm
linux-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm
linux-firmware-core-20240715-999.34.git4c8fb21e.el9.noarch.rpm
linux-firmware-whence-20240715-999.34.git4c8fb21e.el9.noarch.rpm
liquidio-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm
netronome-firmware-20240715-999.34.git4c8fb21e.el9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//linux-firmware-20240715-999.34.git4c8fb21e.el9.src.rpm

Related CVEs:

CVE-2023-31315

Description of changes:

[20240715-999.34.git4c8fb21e.el9]
- Rebase to latest upstream [Orabug: 36826157]



ELBA-2024-12575 Oracle Linux 9 mdadm bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12575

http://linux.oracle.com/errata/ELBA-2024-12575.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
mdadm-4.2-12.0.1.el9_4.x86_64.rpm

aarch64:
mdadm-4.2-12.0.1.el9_4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//mdadm-4.2-12.0.1.el9_4.src.rpm

Description of changes:

[4.2-12.0.1]
- Fix socket connection failure when mdmon runs in foreground mode. [Orabug: 36077756]



ELBA-2024-12471 Oracle Linux 8 oVirt 4.5 aopalliance bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12471

http://linux.oracle.com/errata/ELBA-2024-12471.html

The following updated rpms for Oracle Linux 8 oVirt 4.5 have been uploaded to the Unbreakable Linux Network:

x86_64:
aopalliance-1.0-20.module+el8.6.0+20615+edd0bff8.noarch.rpm
ongres-scram-2.1-3.el8.noarch.rpm
ongres-scram-client-2.1-3.el8.noarch.rpm
ongres-scram-javadoc-2.1-3.el8.noarch.rpm
ongres-stringprep-1.1-2.el8.noarch.rpm
ongres-stringprep-javadoc-1.1-2.el8.noarch.rpm
postgresql-jdbc-42.2.27-1.el8.noarch.rpm
postgresql-jdbc-javadoc-42.2.27-1.el8.noarch.rpm
python3.11-jmespath-0.9.0-11.5.el8.noarch.rpm
python3-jmespath-0.9.0-11.5.el8.noarch.rpm
python3.11-jmespath-1.0.1-1.el8.noarch.rpm
python3.11-netaddr-0.8.0-2.el8.noarch.rpm
python3.11-passlib-1.7.4-13.el8.noarch.rpm
python3.11-pycurl-7.45.2-2.2.el8.x86_64.rpm
python3-pycurl-7.45.2-2.2.el8.x86_64.rpm
python-pycurl-debugsource-7.45.2-2.2.el8.x86_64.rpm
python38-passlib-1.7.0-5.1.el8.noarch.rpm
python3-passlib-1.7.0-5.1.el8.noarch.rpm
python3-bcrypt-3.1.7-3.el8.x86_64.rpm
python-bcrypt-debugsource-3.1.7-3.el8.x86_64.rpm
python3-importlib-resources-4.1.1-1.el8.noarch.rpm
python3-pynacl-1.4.0-1.el8.x86_64.rpm
python-pynacl-debugsource-1.4.0-1.el8.x86_64.rpm
python3-websockify-0.9.0-1.el8.noarch.rpm
python-websockify-doc-0.9.0-1.el8.noarch.rpm
slf4j-jdk14-1.7.32-4.module+el8.7.0+20821+05ddc2c8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//aopalliance-1.0-20.module+el8.6.0+20615+edd0bff8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//ongres-scram-2.1-3.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//ongres-stringprep-1.1-2.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//postgresql-jdbc-42.2.27-1.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python-jmespath-0.9.0-11.5.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python3.11-jmespath-epel-1.0.1-1.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python3.11-netaddr-epel-0.8.0-2.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python3.11-passlib-epel-1.7.4-13.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python-pycurl-7.45.2-2.2.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python-passlib-1.7.0-5.1.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python-bcrypt-3.1.7-3.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python-importlib-resources-4.1.1-1.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python-pynacl-1.4.0-1.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//python-websockify-0.9.0-1.el8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//slf4j-1.7.32-4.module+el8.7.0+20821+05ddc2c8.src.rpm

Description of changes:

python-jmespath
[0.9.0-11.5]
- Fix incorrect Python 3.11 requirements for python3-jmespath package on EL8
- Simplify spec file

[0.9.0-11.4]
- Add Python 3.11 subpackage to be usable in ansible-core-2.14 for cs8

[0.9.0-11.3]
- Add Python 3.11 subpackage to be usable in ansible-core-2.14

python3.11-netaddr-epel
[0.8.0-2]
- Remove importlib dep

[0.8.0-1]
- Build for EPEL9

python3.11-passlib-epel
[1.7.4-1]
- Build for EPEL with Python 3.11

python-passlib
[1.7.0-5.1]
- Add Python 3.8 subpackage to be usable in ansible-core-2.12

[1.7.0-5]
- RHEL8 packaging

[1.7.0-4]
- Fix eggs-info generation

[1.7.0-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild

python-bcrypt
[3.1.7-3]
- Subpackage python2-bcrypt has been removed
See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal

[3.1.7-2]
- Rebuilt for Python 3.8.0rc1 (#1748018)

[3.1.7-1]
- Update to 3.1.7



ELSA-2024-12583 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2024-12583

http://linux.oracle.com/errata/ELSA-2024-12583.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-2047.539.5.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2047.539.5.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2047.539.5.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2047.539.5.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2047.539.5.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2047.539.5.el7uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.539.5.el7uek.src.rpm

Related CVEs:

CVE-2024-41090
CVE-2024-41091

Description of changes:

[4.14.35-2047.539.5.el7uek]
- Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (Jan Kara)
- net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879158] {CVE-2024-41090} {CVE-2024-41091}

[4.14.35-2047.539.4.el7uek]
- Fix parsing error in UEK5 kernel-uek-spec (Yifei Liu) [Orabug: 36847179]

[4.14.35-2047.539.3.el7uek]
- nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (Ryosuke Yasuoka)
- nfc: nci: Fix uninit-value in nci_rx_work (Ryosuke Yasuoka)
- nfc: nci: Fix kcov check in nci_rx_work() (Tetsuo Handa)
- vxlan: Fix regression when dropping packets due to invalid src addresses (Daniel Borkmann)
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (Dan Carpenter)
- rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36760267]
- rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529474]

[4.14.35-2047.539.2.el7uek]
- rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613108]

[4.14.35-2047.539.1.el7uek]
- xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36759719]
- xfs: fix sb write verify for lazysbcount (Wengang Wang) [Orabug: 36759719]
- rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529577]



ELSA-2024-12583 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-12583

http://linux.oracle.com/errata/ELSA-2024-12583.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-4.14.35-2047.539.5.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-2047.539.5.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-2047.539.5.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-2047.539.5.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-2047.539.5.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-2047.539.5.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-2047.539.5.el7uek.aarch64.rpm
perf-4.14.35-2047.539.5.el7uek.aarch64.rpm
python-perf-4.14.35-2047.539.5.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-2047.539.5.el7uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-4.14.35-2047.539.5.el7uek.src.rpm

Related CVEs:

CVE-2024-41090
CVE-2024-41091

Description of changes:

[4.14.35-2047.539.5.el7uek]
- Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (Jan Kara)
- net/mlx5e: drop shorter ethernet frames (Manjunath Patil) [Orabug: 36879158] {CVE-2024-41090} {CVE-2024-41091}

[4.14.35-2047.539.4.el7uek]
- Fix parsing error in UEK5 kernel-uek-spec (Yifei Liu) [Orabug: 36847179]

[4.14.35-2047.539.3.el7uek]
- nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (Ryosuke Yasuoka)
- nfc: nci: Fix uninit-value in nci_rx_work (Ryosuke Yasuoka)
- nfc: nci: Fix kcov check in nci_rx_work() (Tetsuo Handa)
- vxlan: Fix regression when dropping packets due to invalid src addresses (Daniel Borkmann)
- speakup: Fix sizeof() vs ARRAY_SIZE() bug (Dan Carpenter)
- rds/ib: decrement ib_rx_total_incs after releasing associated cache (Arumugam Kolappan) [Orabug: 36760267]
- rds/rdma: Send info to userspace, even if connnection is down. (Juan Garcia) [Orabug: 36529474]

[4.14.35-2047.539.2.el7uek]
- rds/rdma: Clear rds_info_socket before use (Juan Garcia) [Orabug: 36613108]

[4.14.35-2047.539.1.el7uek]
- xfs: make sure sb_fdblocks is non-negative (Wengang Wang) [Orabug: 36759719]
- xfs: fix sb write verify for lazysbcount (Wengang Wang) [Orabug: 36759719]
- rds/rdma: Track rds_message in send, retrans and recv queue (Juan Garcia) [Orabug: 36529577]



ELBA-2024-12577 Oracle Linux 7 scap-security-guide bug fix update (aarch64)


Oracle Linux Bug Fix Advisory ELBA-2024-12577

http://linux.oracle.com/errata/ELBA-2024-12577.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
scap-security-guide-0.1.73-1.0.3.el7_9.noarch.rpm
scap-security-guide-doc-0.1.73-1.0.3.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//scap-security-guide-0.1.73-1.0.3.el7_9.src.rpm

Description of changes:

[0.1.73-1.0.3]
- Update stig profile version to v2r1 for ol8 [Orabug: 36922647]
- Add ansible remediation to the rules
accounts_user_dot_no_world_writable_programs
no_tmux_in_shells
account_password_selinux_faillock_dir
configure_usbguard_auditbackend [Orabug: 36922647]
- Fix bash bug in account_disable_inactivity rules [Orabug: 36922647]



ELSA-2024-12579 Moderate: Oracle Linux 7 linux-firmware security update (aarch64)


Oracle Linux Security Advisory ELSA-2024-12579

http://linux.oracle.com/errata/ELSA-2024-12579.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

aarch64:
iwlax2xx-firmware-20240715-999.34.el7.noarch.rpm
iwl1000-firmware-39.31.5.1-999.34.el7.noarch.rpm
iwl100-firmware-39.31.5.1-999.34.el7.noarch.rpm
iwl105-firmware-18.168.6.1-999.34.el7.noarch.rpm
iwl135-firmware-18.168.6.1-999.34.el7.noarch.rpm
iwl2000-firmware-18.168.6.1-999.34.el7.noarch.rpm
iwl2030-firmware-18.168.6.1-999.34.el7.noarch.rpm
iwl3160-firmware-22.0.7.0-999.34.el7.noarch.rpm
iwl3945-firmware-15.32.2.9-999.34.el7.noarch.rpm
iwl4965-firmware-228.61.2.24-999.34.el7.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.34.el7.noarch.rpm
iwl5150-firmware-8.24.2.2-999.34.el7.noarch.rpm
iwl6000-firmware-9.221.4.1-999.34.el7.noarch.rpm
iwl6000g2a-firmware-17.168.5.3-999.34.el7.noarch.rpm
iwl6000g2b-firmware-17.168.5.2-999.34.el7.noarch.rpm
iwl6050-firmware-41.28.5.1-999.34.el7.noarch.rpm
iwl7260-firmware-22.0.7.0-999.34.el7.noarch.rpm
linux-firmware-20240715-999.34.git4c8fb21e.el7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//linux-firmware-20240715-999.34.git4c8fb21e.el7.src.rpm

Related CVEs:

CVE-2023-31315

Description of changes:

[20240715-999.34.git4c8fb21e.el7]
- Rebase to latest upstream [Orabug: 36826157]



ELBA-2024-12577 Oracle Linux 7 scap-security-guide bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12577

http://linux.oracle.com/errata/ELBA-2024-12577.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
scap-security-guide-0.1.73-1.0.3.el7_9.noarch.rpm
scap-security-guide-doc-0.1.73-1.0.3.el7_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//scap-security-guide-0.1.73-1.0.3.el7_9.src.rpm

Description of changes:

[0.1.73-1.0.3]
- Update stig profile version to v2r1 for ol8 [Orabug: 36922647]
- Add ansible remediation to the rules
accounts_user_dot_no_world_writable_programs
no_tmux_in_shells
account_password_selinux_faillock_dir
configure_usbguard_auditbackend [Orabug: 36922647]
- Fix bash bug in account_disable_inactivity rules [Orabug: 36922647]



ELSA-2024-12579 Moderate: Oracle Linux 7 linux-firmware security update


Oracle Linux Security Advisory ELSA-2024-12579

http://linux.oracle.com/errata/ELSA-2024-12579.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
iwlax2xx-firmware-20240715-999.34.el7.noarch.rpm
iwl1000-firmware-39.31.5.1-999.34.el7.noarch.rpm
iwl100-firmware-39.31.5.1-999.34.el7.noarch.rpm
iwl105-firmware-18.168.6.1-999.34.el7.noarch.rpm
iwl135-firmware-18.168.6.1-999.34.el7.noarch.rpm
iwl2000-firmware-18.168.6.1-999.34.el7.noarch.rpm
iwl2030-firmware-18.168.6.1-999.34.el7.noarch.rpm
iwl3160-firmware-22.0.7.0-999.34.el7.noarch.rpm
iwl3945-firmware-15.32.2.9-999.34.el7.noarch.rpm
iwl4965-firmware-228.61.2.24-999.34.el7.noarch.rpm
iwl5000-firmware-8.83.5.1_1-999.34.el7.noarch.rpm
iwl5150-firmware-8.24.2.2-999.34.el7.noarch.rpm
iwl6000-firmware-9.221.4.1-999.34.el7.noarch.rpm
iwl6000g2a-firmware-17.168.5.3-999.34.el7.noarch.rpm
iwl6000g2b-firmware-17.168.5.2-999.34.el7.noarch.rpm
iwl6050-firmware-41.28.5.1-999.34.el7.noarch.rpm
iwl7260-firmware-22.0.7.0-999.34.el7.noarch.rpm
linux-firmware-20240715-999.34.git4c8fb21e.el7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//linux-firmware-20240715-999.34.git4c8fb21e.el7.src.rpm

Related CVEs:

CVE-2023-31315

Description of changes:

[20240715-999.34.git4c8fb21e.el7]
- Rebase to latest upstream [Orabug: 36826157]