Oracle Linux Security Advisory ELSA-2024-12830

http://linux.oracle.com/errata/ELSA-2024-12830.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:


aarch64:
bpftool-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-300.163.18.7.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-300.163.18.7.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-300.163.18.7.el9uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-300.163.18.7.el9uek.src.rpm

Related CVEs:

CVE-2024-26734
CVE-2024-27397
CVE-2024-35801
CVE-2024-42269
CVE-2024-42270
CVE-2024-42292
CVE-2024-47674




Description of changes:

[5.15.0-300.163.18.7.el9uek]
- Revert "net/mlx5: disable the 'fast unload' feature on Exadata systems" (Qing Huang)  [Orabug: 37285705]
- Revert "net/mlx5: pretend 'fast unload' succeeded on Exadata systems" (Qing Huang)  [Orabug: 37285705]

[5.15.0-300.163.18.6.el9uek]
- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Adamos Ttofari)  [Orabug: 37281022]  {CVE-2024-35801}
- devlink: fix possible use-after-free and memory leaks in devlink_init() (Vasiliy Kovalev)  [Orabug: 37281015]  {CVE-2024-26734}
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood)  [Orabug: 31688618] [Orabug: 37279424]
- block: fix inflight io counter leaking when io sumit failure for dm device (Junxiao Bi)  [Orabug: 37279421]

[5.15.0-300.163.18.5.el9uek]
- net/mlx5: pretend 'fast unload' succeeded on Exadata systems (Gerd Rausch)  [Orabug: 37264565]
- rds: Do not invoke the transport's recv_path() while in atomic context (HÃ¥kon Bugge)  [Orabug: 37264563]

[5.15.0-300.163.18.4.el9uek]
- nvme: fix deadlock between reset and scan (Bitao Hu)  [Orabug: 37260320]
- rds: ib: Avoid reuse of IB MRs when cleaning is in progress (HÃ¥kon Bugge)  [Orabug: 37260304]
- Revert "rds: ib: Make sure receives are posted before connection is up" (Gerd Rausch)  [Orabug: 37260292]

[5.15.0-300.163.18.3.el9uek]
- kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu)  [Orabug: 37203371]  {CVE-2024-42292}
- net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang)  [Orabug: 37203368]

[5.15.0-300.163.18.2.el9uek]
- netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). (Kuniyuki Iwashima)  [Orabug: 37184791]  {CVE-2024-42269}
- netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso)  [Orabug: 37184793]  {CVE-2024-27397}
- IB/mlx5: Fix mlx5_ib_get_vector_irqn() after dynamic IRQ allocation change (Gerd Rausch)  [Orabug: 37189054]
- x86/bugs: Adjust SRSO mitigation to new features (Boris Ostrovsky)  [Orabug: 37184802]
- KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (Kim Phillips)  [Orabug: 37184800]
- x86/cpu, kvm: Add the SMM_CTL MSR not present feature (Kim Phillips)  [Orabug: 37184800]
- x86/cpu, kvm: Add the Null Selector Clears Base feature (Kim Phillips)  [Orabug: 37184800]
- x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (Kim Phillips)  [Orabug: 37184800]
- x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (Kim Phillips)  [Orabug: 37184800]
- KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (Kim Phillips)  [Orabug: 37184800]
- KVM: x86: Advertise that the SMM_CTL MSR is not supported (Jim Mattson)  [Orabug: 37184800]
- KVM: x86: synthesize CPUID leaf 0x80000021h if useful (Paolo Bonzini)  [Orabug: 37184800]
- KVM: x86: skip host CPUID call for hypervisor leaves (Paolo Bonzini)  [Orabug: 37184800]
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini)  [Orabug: 37184800]
- amd_hsmp: Update PwrEfficiencyModeSelection message (Suma Hegde)  [Orabug: 37185578]
- amd_hsmp: Add support for new error codes returned from firmware (Suma Hegde)  [Orabug: 37185578]
- amd_hsmp: Add new HSMP messages of protocol version 7 (Suma Hegde)  [Orabug: 37185578]
- netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). (Kuniyuki Iwashima)  [Orabug: 37184779]  {CVE-2024-42270}
- mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds)  [Orabug: 37184794]  {CVE-2024-47674}
- net/mlx5: Fix IPsec RoCE MPV trace call (Patrisious Haddad)  [Orabug: 37184799]
- fwctl: Allow up to 4k devices (Saeed Mahameed)  [Orabug: 37184797]
- mm/memory-failure: send SIGBUS in the event of thp split fail (Jane Chu)  [Orabug: 37184796]
- mm/memory-failure: move hwpoison_filter() higher up (Jane Chu)  [Orabug: 37184796]
- mm/memory-failure: improve memory failure action_result messages (Jane Chu)  [Orabug: 37184796]
- mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED (Naoya Horiguchi)  [Orabug: 37184796]
- mm/madvise: add MF_ACTION_REQUIRED to madvise(MADV_HWPOISON) (Jane Chu)  [Orabug: 37184796]
- mm/memory-failure: try to send SIGBUS even if unmap failed (Jane Chu)  [Orabug: 37184796]
- mm: memory-failure: cleanup try_to_split_thp_page() (Kefeng Wang)  [Orabug: 37184796]

[5.15.0-300.163.18.1.el9uek]
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang)  [Orabug: 37132350]

[5.15.0-300.163.18.el9uek]
- crypto: qat - specify firmware files for 402xx (Giovanni Cabiddu)  [Orabug: 37044631]

_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle9: ELSA-2024-12830: kernel Important Security Advisory Updates

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

[5.15.0-300.163.18.7.el9uek] - Revert "net/mlx5: disable the 'fast unload' feature on Exadata systems" (Qing Huang) [Orabug: 37285705] - Revert "net/mlx5: pretend 'fast unload' succeeded on Exadata systems" (Qing Huang) [Orabug: 37285705] [5.15.0-300.163.18.6.el9uek] - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Adamos Ttofari) [Orabug: 37281022] {CVE-2024-35801} - devlink: fix possible use-after-free and memory leaks in devlink_init() (Vasiliy Kovalev) [Orabug: 37281015] {CVE-2024-26734} - RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688618] [Orabug: 37279424] - block: fix inflight io counter leaking when io sumit failure for dm device (Junxiao Bi) [Orabug: 37279421] [5.15.0-300.163.18.5.el9uek] - net/mlx5: pretend 'fast unload' succeeded on Exadata systems (Gerd Rausch) [Orabug: 37264565] - rds: Do not invoke the transport's recv_path() while in atomic context (HÃ¥kon Bugge) [Orabug: 37264563] [5.15.0-300.163.18.4.el9uek] ...

Read the Full Advisory

SRPMs

http://oss.oracle.com/ol9/SRPMS-updates//kernel-uek-5.15.0-300.163.18.7.el9uek.src.rpm

x86_64

aarch64

bpftool-5.15.0-300.163.18.7.el9uek.aarch64.rpm kernel-uek-5.15.0-300.163.18.7.el9uek.aarch64.rpm kernel-uek-container-5.15.0-300.163.18.7.el9uek.aarch64.rpm kernel-uek-container-debug-5.15.0-300.163.18.7.el9uek.aarch64.rpm kernel-uek-core-5.15.0-300.163.18.7.el9uek.aarch64.rpm kernel-uek-debug-5.15.0-300.163.18.7.el9uek.aarch64.rpm kernel-uek-debug-core-5.15.0-300.163.18.7.el9uek.aarch64.rpm kernel-uek-debug-devel-5.15.0-300.163.18.7.el9uek.aarch64.rpm kernel-uek-debug-modules-5.15.0-300.163.18.7.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-5.15.0-300.163.18.7.el9uek.aarch64.rpm kernel-uek-devel-5.15.0-300.163.18.7.el9uek.aarch64.rpm kernel-uek-doc-5.15.0-300.163.18.7.el9uek.noarch.rpm kernel-uek-modules-5.15.0-300.163.18.7.el9uek.aarch64.rpm kernel-uek-modules-extra-5.15.0-300.163.18.7.el9uek.aarch64.rpm

i386

Severity
Related CVEs: CVE-2024-26734 CVE-2024-27397 CVE-2024-35801 CVE-2024-42269 CVE-2024-42270 CVE-2024-42292 CVE-2024-47674

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved