Oracle Linux Security Advisory ELSA-2022-9870

https://linux.oracle.com/errata/ELSA-2022-9870.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-2047.518.4.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2047.518.4.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2047.518.4.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2047.518.4.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2047.518.4.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2047.518.4.el7uek.noarch.rpm


SRPMS:
https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-uek-4.14.35-2047.518.4.el7uek.src.rpm

Related CVEs:

CVE-2022-21499
CVE-2022-3028




Description of changes:

[4.14.35-2047.518.4.el7uek]
- xfs: avoid race between writeback and data/cow fork changes (Wengang Wang)  [Orabug: 34508036]

[4.14.35-2047.518.3.el7uek]
- KVM: SVM: Clear the CR4 register on reset (Babu Moger)  [Orabug: 34617675]

[4.14.35-2047.518.2.el7uek]
- af_key: Do not call xfrm_probe_algs in parallel (Herbert Xu)  [Orabug: 34566753]  {CVE-2022-3028}
- l2tp: fix tunnel lookup use-after-free race (James Chapman)  [Orabug: 32504113]

[4.14.35-2047.518.1.el7uek]
- xfs: fix out of bound access (Junxiao Bi)  [Orabug: 33089469] [Orabug: 34535011]
- KVM: x86: use raw clock values consistently (Paolo Bonzini)  [Orabug: 34362737]
- KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini)  [Orabug: 34362737]
- KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti)  [Orabug: 34362737]
- netfilter: ebtables: reject blobs that don't provide all entry points (Florian Westphal)  [Orabug: 32176166]
- sysfs: turn WARN() into pr_warn() (Greg Kroah-Hartman)  [Orabug: 32176118]

[4.14.35-2047.518.0.el7uek]
- lockdown: also lock down previous kgdb use (Daniel Thompson)  [Orabug: 34543517]  {CVE-2022-21499}
- Revert "debug: Lock down kgdb" (Alok Tiwari)  [Orabug: 34543517]
- vmcoreinfo: add kallsyms_num_syms symbol (Stephen Brennan)  [Orabug: 34475880]
- vmcoreinfo: include kallsyms symbols (Stephen Brennan)  [Orabug: 34475880]
- kallsyms: move declarations to internal header (Stephen Brennan)  [Orabug: 34475880]
- mpt3sas: avoid SOFT_RESET on shutdown (John Donnelly)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Update driver version to 39.100.00.00 (Suganath Prabu S)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Use firmware recommended queue depth (Suganath Prabu S)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Transition IOC to Ready state during shutdown (Sreekanth Reddy)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix fall-through warnings for Clang (Gustavo A. R. Silva)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Handle firmware faults during first half of IOC init (Suganath Prabu S)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix deadlock while cancelling the running firmware event (Suganath Prabu S)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Documentation cleanup (Randy Dunlap)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (Sreekanth Reddy)  [Orabug: 34408138]
- scsi: mpt3sas: Fix two kernel-doc headers (Bart Van Assche)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix out-of-bounds warnings in _ctl_addnl_diag_query (Gustavo A. R. Silva)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix endianness for ActiveCablePowerRequirement (Sreekanth Reddy)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (Sreekanth Reddy)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix a typo (Bhaskar Chowdhury)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix a few kernel-doc issues (Lee Jones)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force reply post buffer allocations to be within same 4 GB region (Suganath Prabu S)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force reply buffer allocations to be within same 4 GB region (Suganath Prabu S)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force sense buffer allocations to be within same 4 GB region (Suganath Prabu S)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force chain buffer allocations to be within same 4 GB region (Suganath Prabu S)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region (Suganath Prabu S)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one (Gustavo A. R. Silva)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (Christophe JAILLET)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix some kernel-doc misnaming issues (Lee Jones)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix a couple of misdocumented functions/params (Lee Jones)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix a bunch of potential naming doc-rot (Lee Jones)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Move a little data from the stack onto the heap (Lee Jones)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix misspelling of _base_put_smid_default_atomic() (Lee Jones)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Additional diagnostic buffer query interface (Suganath Prabu S)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix ReplyPostFree pool allocation (Sreekanth Reddy)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Simplify bool comparison (YANG LI)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Fix spelling mistake in Kconfig "compatiblity" -> "compatibility" (Suganath Prabu S)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Signedness bug in _base_get_diag_triggers() (Dan Carpenter)  [Orabug: 33666018] [Orabug: 34408138]
- scsi: mpt3sas: Block PCI config access from userspace during reset (Sreekanth Reddy)  [Orabug: 34408138]
- Linux 4.14.290 (Greg Kroah-Hartman) 
- PCI: hv: Fix interrupt mapping for multi-MSI (Jeffrey Hugo) 
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Jeffrey Hugo) 
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Jeffrey Hugo) 
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (Jeffrey Hugo) 
- net: usb: ax88179_178a needs FLAG_SEND_ZLP (Jose Alonso) 
- tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() (Jiri Slaby) 
- tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() (Jiri Slaby) 
- tty: drop tty_schedule_flip() (Jiri Slaby) 
- tty: the rest, stop using tty_schedule_flip() (Jiri Slaby) 
- tty: drivers/tty/, stop using tty_schedule_flip() (Jiri Slaby) 
- Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks (Luiz Augusto von Dentz) 
- Bluetooth: SCO: Fix sco_send_frame returning skb->len (Luiz Augusto von Dentz) 
- Bluetooth: Fix passing NULL to PTR_ERR (Luiz Augusto von Dentz) 
- Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg (Luiz Augusto von Dentz) 
- Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg (Luiz Augusto von Dentz) 
- Bluetooth: Add bt_skb_sendmmsg helper (Luiz Augusto von Dentz) 
- Bluetooth: Add bt_skb_sendmsg helper (Luiz Augusto von Dentz) 
- ALSA: memalloc: Align buffer allocations in page size (Takashi Iwai) 
- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) 
- drm/tilcdc: Remove obsolete crtc_mode_valid() hack (Jyri Sarha) 
- bpf: Make sure mac_header was set before using it (Eric Dumazet) 
- mm/mempolicy: fix uninit-value in mpol_rebind_policy() (Wang Cheng) 
- Revert "Revert "char/random: silence a lockdep splat with printk()"" (Jason A. Donenfeld) 
- be2net: Fix buffer overflow in be_get_module_eeprom (Hristo Venev) 
- tcp: Fix a data-race around sysctl_tcp_notsent_lowat. (Kuniyuki Iwashima) 
- igmp: Fix a data-race around sysctl_igmp_max_memberships. (Kuniyuki Iwashima) 
- igmp: Fix data-races around sysctl_igmp_llm_reports. (Kuniyuki Iwashima) 
- net: stmmac: fix dma queue left shift overflow issue (Junxiao Chang) 
- i2c: cadence: Change large transfer count reset logic to be unconditional (Robert Hancock) 
- tcp: Fix a data-race around sysctl_tcp_probe_interval. (Kuniyuki Iwashima) 
- tcp: Fix a data-race around sysctl_tcp_probe_threshold. (Kuniyuki Iwashima) 
- tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept. (Kuniyuki Iwashima) 
- ip: Fix a data-race around sysctl_fwmark_reflect. (Kuniyuki Iwashima) 
- perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() (Peter Zijlstra) 
- power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe (Miaoqian Lin) 
- xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() (Hangyu Hua) 
- xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE (Demi Marie Obenour) 
- Linux 4.14.289 (Greg Kroah-Hartman) 
- can: m_can: m_can_tx_handler(): fix use after free of skb (Marc Kleine-Budde) 
- mm: invalidate hwpoison page cache page in fault path (Rik van Riel) 
- serial: 8250: fix return error code in serial8250_request_std_resource() (Yi Yang) 
- tty: serial: samsung_tty: set dma burst_size to 1 (Chanho Park) 
- usb: dwc3: gadget: Fix event pending check (Thinh Nguyen) 
- USB: serial: ftdi_sio: add Belimo device ids (Lucien Buchmann) 
- signal handling: don't use BUG_ON() for debugging (Linus Torvalds) 
- x86: Clear .brk area at early boot (Juergen Gross) 
- irqchip: or1k-pic: Undefine mask_ack for level triggered hardware (Stafford Horne) 
- ASoC: wm5110: Fix DRE control (Charles Keepax) 
- ASoC: ops: Fix off by one in range control validation (Mark Brown) 
- net: sfp: fix memory leak in sfp_probe() (Jianglei Nie) 
- NFC: nxp-nci: don't print header length mismatch on i2c error (Michael Walle) 
- net: tipc: fix possible refcount leak in tipc_sk_create() (Hangyu Hua) 
- platform/x86: hp-wmi: Ignore Sanitization Mode event (Kai-Heng Feng) 
- cpufreq: pmac32-cpufreq: Fix refcount leak bug (Liang He) 
- netfilter: br_netfilter: do not skip all hooks with 0 priority (Florian Westphal) 
- virtio_mmio: Restore guest page size on resume (Stephan Gerhold) 
- virtio_mmio: Add missing PM calls to freeze/restore (Stephan Gerhold) 
- sfc: fix kernel panic when creating VF (igo Huguet) 
- seg6: fix skb checksum in SRv6 End.B6 and End.B6.Encaps behaviors (Andrea Mayer) 
- seg6: fix skb checksum evaluation in SRH encapsulation/insertion (Andrea Mayer) 
- sfc: fix use after free when disabling sriov (igo Huguet) 
- ipv4: Fix data-races around sysctl_ip_dynaddr. (Kuniyuki Iwashima) 
- icmp: Fix a data-race around sysctl_icmp_ratemask. (Kuniyuki Iwashima) 
- icmp: Fix a data-race around sysctl_icmp_ratelimit. (Kuniyuki Iwashima) 
- ARM: dts: sunxi: Fix SPI NOR campatible on Orange Pi Zero (Michal Suchanek) 
- icmp: Fix data-races around sysctl. (Kuniyuki Iwashima) 
- cipso: Fix data-races around sysctl. (Kuniyuki Iwashima) 
- net: Fix data-races around sysctl_mem. (Kuniyuki Iwashima) 
- inetpeer: Fix data-races around sysctl. (Kuniyuki Iwashima) 
- ARM: 9209/1: Spectre-BHB: avoid pr_info() every time a CPU comes out of idle (Ard Biesheuvel) 
- xhci: make xhci_handshake timeout for xhci_reset() adjustable (Mathias Nyman) 
- xhci: bail out early if driver can't accress host in resume (Mathias Nyman) 
- net: dsa: bcm_sf2: force pause link settings (Doug Berger) 
- nilfs2: fix incorrect masking of permission flags for symlinks (Ryusuke Konishi) 
- cgroup: Use separate src/dst nodes when preloading css_sets for migration (Tejun Heo) 
- ARM: 9214/1: alignment: advance IT state after emulating Thumb instruction (Ard Biesheuvel) 
- ARM: 9213/1: Print message about disabled Spectre workarounds only once (Dmitry Osipenko) 
- net: sock: tracing: Fix sock_exceed_buf_limit not to dereference stale pointer (Steven Rostedt (Google)) 
- xen/netback: avoid entering xenvif_rx_next_skb() with an empty rx queue (Juergen Gross) 
- ALSA: hda/conexant: Apply quirk for another HP ProDesk 600 G3 model (Meng Tang) 
- ALSA: hda - Add fixup for Dell Latitidue E5430 (Meng Tang)


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata