Oracle Linux Security Advisory ELSA-2023-0832

https://linux.oracle.com/errata/ELSA-2023-0832.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-abi-stablelists-4.18.0-425.13.1.el8_7.noarch.rpm
kernel-core-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-cross-headers-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-debug-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-debug-core-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-debug-devel-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-debug-modules-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-debug-modules-extra-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-devel-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-doc-4.18.0-425.13.1.el8_7.noarch.rpm
kernel-headers-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-modules-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-modules-extra-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-tools-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-tools-libs-4.18.0-425.13.1.el8_7.x86_64.rpm
perf-4.18.0-425.13.1.el8_7.x86_64.rpm
python3-perf-4.18.0-425.13.1.el8_7.x86_64.rpm
kernel-tools-libs-devel-4.18.0-425.13.1.el8_7.x86_64.rpm

aarch64:
bpftool-4.18.0-425.13.1.el8_7.aarch64.rpm
kernel-cross-headers-4.18.0-425.13.1.el8_7.aarch64.rpm
kernel-headers-4.18.0-425.13.1.el8_7.aarch64.rpm
kernel-tools-4.18.0-425.13.1.el8_7.aarch64.rpm
kernel-tools-libs-4.18.0-425.13.1.el8_7.aarch64.rpm
perf-4.18.0-425.13.1.el8_7.aarch64.rpm
python3-perf-4.18.0-425.13.1.el8_7.aarch64.rpm
kernel-tools-libs-devel-4.18.0-425.13.1.el8_7.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol8/SRPMS-updates//kernel-4.18.0-425.13.1.el8_7.src.rpm

Related CVEs:

CVE-2022-2873
CVE-2022-41222
CVE-2022-43945




Description of changes:

[4.18.0-425.13.1.el8_7.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]

[4.18.0-425.13.1.el8_7]
- mm/cgroup/reclaim: fix dirty pages throttling on cgroup v1 (Waiman Long) [2160221]
- mm: vmscan: remove deadlock due to throttling failing to make progress (Waiman Long) [2160221]
- mm: vmscan: reduce throttling due to a failure to make progress -fix (Waiman Long) [2160221]
- mm: vmscan: Reduce throttling due to a failure to make progress (Waiman Long) [2160221]
- mm/vmscan: delay waking of tasks throttled on NOPROGRESS (Waiman Long) [2160221]
- mm/vmscan: increase the timeout if page reclaim is not making progress (Waiman Long) [2160221]
- mm/vmscan: centralise timeout values for reclaim_throttle (Waiman Long) [2160221]
- mm/page_alloc: remove the throttling logic from the page allocator (Waiman Long) [2160221]
- mm/writeback: throttle based on page writeback instead of congestion (Waiman Long) [2160221]
- mm/vmscan: throttle reclaim when no progress is being made (Waiman Long) [2160221]
- mm/vmscan: throttle reclaim and compaction when too may pages are isolated (Waiman Long) [2160221]
- mm/vmscan: throttle reclaim until some writeback completes if congested (Waiman Long) [2160221]
- mm/vmscan.c: delete or fix duplicated words (Waiman Long) [2160221]
- mm,page_alloc: PF_WQ_WORKER threads must sleep at should_reclaim_retry() (Nico Pache) [2160221]
- ceph: avoid putting the realm twice when decoding snaps fails (Xiubo Li) [2155797 2139881]
- mm/mremap: hold the rmap lock in write mode when moving page table entries. (Waiman Long) [2140944] {CVE-2022-41222}
- mm/mremap: use pmd/pud_poplulate to update page table entries (Waiman Long) [2140944] {CVE-2022-41222}
- mm/mremap: don't enable optimized PUD move if page table levels is 2 (Waiman Long) [2140944] {CVE-2022-41222}
- mm/mremap: convert huge PUD move to separate helper (Waiman Long) [2140944] {CVE-2022-41222}
- mm/mremap: fix BUILD_BUG_ON() error in get_extent (Waiman Long) [2140944] {CVE-2022-41222}
- mm/mremap.c: fix extent calculation (Waiman Long) [2140944] {CVE-2022-41222}
- x86: mremap speedup - Enable HAVE_MOVE_PUD (Waiman Long) [2140944] {CVE-2022-41222}
- mm: speedup mremap on 1GB or larger regions (Waiman Long) [2140944] {CVE-2022-41222}
- mm/mremap: start addresses are properly aligned (Waiman Long) [2140944] {CVE-2022-41222}
- mm/mremap: calculate extent in one place (Waiman Long) [2140944] {CVE-2022-41222}
- mm/mremap: it is sure to have enough space when extent meets requirement (Waiman Long) [2140944] {CVE-2022-41222}
- s390/boot: add secure boot trailer (Tobias Huschle) [2151530 2141967]
- i40e: Fix VF hang when reset is triggered on another VF (Ivan Vecera) [2160460 2103801]
- i2c: ismt: Fix an out-of-bounds bug in ismt_access() (Prarit Bhargava) [2154388 2119066] {CVE-2022-2873}
- iavf: schedule watchdog immediately when changing primary MAC (Michal Schmidt) [2163257 2152493]
- iavf: Move netdev_update_features() into watchdog task (Michal Schmidt) [2163257 2152493]
- iavf: fix temporary deadlock and failure to set MAC address (Michal Schmidt) [2163257 2152493]
- iavf: Fix error handling in iavf_init_module() (Michal Schmidt) [2163257 2152493]
- iommu/vt-d: Clean up si_domain in the init_dmars() error path (Jerry Snitselaar) [2149474 2118428]
- x86/pci/xen: Use msi_msg shadow structs (Jerry Snitselaar) [2149474 2118428]
- iommu/intel: Use msi_msg shadow structs (Jerry Snitselaar) [2149474 2118428]
- PCI: MSI: Fix Kconfig dependencies for PCI_MSI_ARCH_FALLBACKS (Jerry Snitselaar) [2149474 2118428]
- x86/apic/msi: Unbreak DMAR and HPET MSI (Jerry Snitselaar) [2149474 2118428]
- iommu/amd: Remove domain search for PCI/MSI (Jerry Snitselaar) [2149474 2118428]
- iommu/vt-d: Remove domain search for PCI/MSI[X] (Jerry Snitselaar) [2149474 2118428]
- x86/irq: Make most MSI ops XEN private (Jerry Snitselaar) [2149474 2118428]
- x86/irq: Cleanup the arch_*_msi_irqs() leftovers (Jerry Snitselaar) [2149474 2118428]
- PCI/MSI: Make arch_.*_msi_irq[s] fallbacks selectable (Jerry Snitselaar) [2149474 2118428]
- x86/xen: Wrap XEN MSI management into irqdomain (Jerry Snitselaar) [2149474 2118428]
- x86/xen: Consolidate XEN-MSI init (Jerry Snitselaar) [2149474 2118428]
- x86/xen: Rework MSI teardown (Jerry Snitselaar) [2149474 2118428]
- x86/xen: Make xen_msi_init() static and rename it to xen_hvm_msi_init() (Jerry Snitselaar) [2149474 2118428]
- x86/irq: Move apic_post_init() invocation to one place (Jerry Snitselaar) [2149474 2118428]
- x86/msi: Use generic MSI domain ops (Jerry Snitselaar) [2149474 2118428]
- x86/msi: Remove pointless vcpu_affinity callback (Jerry Snitselaar) [2149474 2118428]
- iommu/vt-d: Fix compile error with CONFIG_PCI_ATS not set (Myron Stowe) [2149474 2118428]
- iommu/vt-d: Cure VF irqdomain hickup (Myron Stowe) [2149474 2118428]
- x86/pci: Set default irq domain in pcibios_add_device() (Myron Stowe) [2149474 2118428]
- iommm/amd: Store irq domain in struct device (Myron Stowe) [2149474 2118428]
- iommm/vt-d: Store irq domain in struct device (Myron Stowe) [2149474 2118428]
- PCI/MSI: Provide pci_dev_has_special_msi_domain() helper (Myron Stowe) [2149474 2118428]
- x86/msi: Consolidate MSI allocation (Myron Stowe) [2149474 2118428]
- PCI/MSI: Rework pci_msi_domain_calc_hwirq() (Myron Stowe) [2149474 2118428]
- x86/irq: Consolidate UV domain allocation (Myron Stowe) [2149474 2118428]
- x86/irq: Consolidate DMAR irq allocation (Myron Stowe) [2149474 2118428]
- x86_ioapic_Consolidate_IOAPIC_allocation (Myron Stowe) [2149474 2118428]
- x86/msi: Consolidate HPET allocation (Myron Stowe) [2149474 2118428]
- iommu/irq_remapping: Consolidate irq domain lookup (Myron Stowe) [2149474 2118428]
- iommu/amd: Consolidate irq domain getter (Myron Stowe) [2149474 2118428]
- iommu/vt-d: Consolidate irq domain getter (Myron Stowe) [2149474 2118428]
- x86/irq: Add allocation type for parent domain retrieval (Myron Stowe) [2149474 2118428]
- irqdomain: Export irq_domain_update_bus_token (Myron Stowe) [2149474 2118428]
- gitlab-ci: use CI templates from production branch (Michael Hofmann)
- iavf: remove INITIAL_MAC_SET to allow gARP to work properly (Stefan Assmann) [2149745 1938635]
- Revert "scsi: iscsi: ql4xxx: Use per-session workqueue for unbinding" (Chris Leech) [2152734 2122624]
- Revert "scsi: iscsi: Use the session workqueue for recovery" (Chris Leech) [2152734 2122624]
- arm64/bpf: Remove 128MB limit for BPF JIT programs (Yauheni Kaliuta) [2152138 2140163]
- bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT (Yauheni Kaliuta) [2152138 2140163]
- arm64: extable: add type and data fields (Yauheni Kaliuta) [2152138 2140163]
- arm64: extable: use ex for exception_table_entry (Yauheni Kaliuta) [2152138 2140163]
- arm64: extable: make fixup_exception() return bool (Yauheni Kaliuta) [2152138 2140163]
- arm64: extable: consolidate definitions (Yauheni Kaliuta) [2152138 2140163]
- arm64: kvm: use kvm_exception_table_entry (Yauheni Kaliuta) [2152138 2140163]
- be2net: Fix buffer overflow in be_get_module_eeprom (Josef Oskera) [2160182 2126917]

[4.18.0-425.12.1.el8_7]
- x86/fpu: Prevent FPU state corruption (Oleksandr Natalenko) [2134586 2130890]
- x86/fpu: Drop fpregs lock before inheriting FPU permissions (Eder Zulian) [2154460 2153549]
- kernel-doc: fix undefined args variable (Jan Stancek) [2157905 2134954]
- mm: memcontrol: fix potential oom_lock recursion deadlock (Waiman Long) [2157922 2138886]
- memcg: prohibit unconditional exceeding the limit of dying tasks (Waiman Long) [2157922 2138886]
- mm, oom: do not trigger out_of_memory from the #PF (Waiman Long) [2157922 2138886]
- mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks (Waiman Long) [2157922 2138886]
- mm: memcontrol: don't count limit-setting reclaim as memory pressure (Waiman Long) [2157922 2138886]
- KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (Thomas Huth) [2158813 2151854]
- net: mana: Fix race on per-CQ variable napi work_done (Emanuele Giuseppe Esposito) [2155437 2151722]
- mei: me: add adler lake point S DID (Prarit Bhargava) [2141783 2141602]
- PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (Emanuele Giuseppe Esposito) [2155289 2100275]
- PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (Emanuele Giuseppe Esposito) [2155289 2100275]
- PCI: hv: Fix interrupt mapping for multi-MSI (Emanuele Giuseppe Esposito) [2155289 2100275]
- PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Emanuele Giuseppe Esposito) [2155289 2100275]
- PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Emanuele Giuseppe Esposito) [2155289 2100275]
- PCI: hv: Fix multi-MSI to allow more than one MSI vector (Emanuele Giuseppe Esposito) [2155289 2100275]
- drm/ast: Support multiple outputs (Jarod Wilson) [2149287 2147553]

[4.18.0-425.11.1.el8_7]
- NFSD: Protect against send buffer overflow in NFSv3 READ (Scott Mayhew) [2143172 2141774] {CVE-2022-43945}
- NFSD: Protect against send buffer overflow in NFSv2 READ (Scott Mayhew) [2143172 2141774] {CVE-2022-43945}
- NFSD: Protect against send buffer overflow in NFSv3 READDIR (Scott Mayhew) [2143172 2141774] {CVE-2022-43945}
- NFSD: Protect against send buffer overflow in NFSv2 READDIR (Scott Mayhew) [2143172 2141774] {CVE-2022-43945}
- SUNRPC: Fix svcxdr_init_encode's buflen calculation (Scott Mayhew) [2143172 2141774] {CVE-2022-43945}
- SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation (Scott Mayhew) [2143172 2141774] {CVE-2022-43945}
- panic, kexec: make __crash_kexec() NMI safe (Valentin Schneider) [2139580 2134126]
- kexec: turn all kexec_mutex acquisitions into trylocks (Valentin Schneider) [2139580 2134126]
- kexec: move locking into do_kexec_load (Valentin Schneider) [2139580 2134126]
- vdpa/mlx5: re-create forwarding rules after mac modified (Laurent Vivier) [2152912 2145136]
- timers/nohz: Last resort update jiffies on nohz_full IRQ entry (Waiman Long) [2153653 2108387]
- irq: Call tick_irq_enter() inside HARDIRQ_OFFSET (Waiman Long) [2153653 2108387]
- irqtime: Move irqtime entry accounting after irq offset incrementation (Waiman Long) [2153653 2108387]
- sched/vtime: Consolidate IRQ time accounting (Waiman Long) [2153653 2108387]
- s390/vtime: Use the generic IRQ entry accounting (Waiman Long) [2153653 2108387]
- sched/cputime: Remove symbol exports from IRQ time accounting (Waiman Long) [2153653 2108387]
- genirq/irqdomain: Don't try to free an interrupt that has no mapping (Waiman Long) [2153653 2108387]
- genirq: Provide __irq_enter/exit_raw() (Waiman Long) [2153653 2108387]
- powerpc/time: Only set CONFIG_ARCH_HAS_SCALED_CPUTIME on PPC64 (Waiman Long) [2153653 2108387]
- powerpc/time: isolate scaled cputime accounting in dedicated functions. (Waiman Long) [2153653 2108387]
- PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (Mohammed Gamal) [2155280 2144708]
- PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (Mohammed Gamal) [2155280 2144708]
- PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (Mohammed Gamal) [2155280 2144708]
- net/mlx5e: TC, Reject forwarding from internal port to internal port (Mohammad Kabat) [2141959 2131345]
- hv_netvsc: Fix race between VF offering and VF association message from host (Mohammed Gamal) [2155272 2149279]
- x86/mce: Reduce number of machine checks taken during recovery (Prarit Bhargava) [2137592 2104388]
- cgroup/cpuset: Reduce cpuset_rwsem writer latency (Waiman Long) [2153108 2149031]
- rcu/exp: Mark current CPU as exp-QS in IPI loop second pass (Waiman Long) [2153108 2149031]
- rcu: Always inline rcu_dynticks_task*_{enter,exit}() (Waiman Long) [2153108 2149031]
- rcu: Fix existing exp request check in sync_sched_exp_online_cleanup() (Waiman Long) [2153108 2149031]
- rcu: Fix macro name CONFIG_TASKS_RCU_TRACE (Waiman Long) [2153108 2149031]
- rcu: Fix stall-warning deadlock due to non-release of rcu_node ->lock (Waiman Long) [2153108 2149031]
- rcu: Fix to include first blocked task in stall warning (Waiman Long) [2153108 2149031]
- cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (Waiman Long) [2153108 2149031]
- cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (Waiman Long) [2153108 2149031]
cpus_read_lock() deadlock (Waiman Long) [2153108 2149031]
- cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree (Waiman Long) [2153108 2149031]
- cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (Waiman Long) [2153108 2149031]
- cgroup: reduce dependency on cgroup_mutex (Waiman Long) [2153108 2149031]
- sunrpc: Set sk_allocation to GFP_NOFS to avoid using current->task_frag. (Guillaume Nault) [2153230 2089660]


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle8: ELSA-2023-0832: kernel Important Security Update

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

Summary

[4.18.0-425.13.1.el8_7.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3 - Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652] [4.18.0-425.13.1.el8_7] - mm/cgroup/reclaim: fix dirty pages throttling on cgroup v1 (Waiman Long) [2160221] - mm: vmscan: remove deadlock due to throttling failing to make progress (Waiman Long) [2160221] - mm: vmscan: reduce throttling due to a failure to make progress -fix (Waiman Long) [2160221] - mm: vmscan: Reduce throttling due to a failure to make progress (Waiman Long) [2160221] - mm/vmscan: delay waking of tasks throttled on NOPROGRESS (Waiman Long) [2160221] - mm/vmscan: increase the timeout if page reclaim is not making progress (Waiman Long) [2160221] - mm/vmscan: centralise timeout values for reclaim_throttle (Waiman Long) [2160221] - mm/page_alloc: remove the throttling logic from the page allocator (Waiman Long) [2160221] - mm/writeback: throttle based on page writeback instead of congestion (Waiman Long) [2160221] - mm/vmscan: throttle reclaim when no progress is being made (Waiman Long) [2160221] - mm/vmscan: throttle reclaim and compaction when too may pages are isolated (Waiman Long) [2160221] - mm/vmscan: throttle reclaim until some writeback completes if congested (Waiman Long) [2160221] - mm/vmscan.c: delete or fix duplicated words (Waiman Long) [2160221] - mm,page_alloc: PF_WQ_WORKER threads must sleep at should_reclaim_retry() (Nico Pache) [2160221] - ceph: avoid putting the realm twice when decoding snaps fails (Xiubo Li) [2155797 2139881] - mm/mremap: hold the rmap lock in write mode when moving page table entries. (Waiman Long) [2140944] {CVE-2022-41222} - mm/mremap: use pmd/pud_poplulate to update page table entries (Waiman Long) [2140944] {CVE-2022-41222} - mm/mremap: don't enable optimized PUD move if page table levels is 2 (Waiman Long) [2140944] {CVE-2022-41222} - mm/mremap: convert huge PUD move to separate helper (Waiman Long) [2140944] {CVE-2022-41222} - mm/mremap: fix BUILD_BUG_ON() error in get_extent (Waiman Long) [2140944] {CVE-2022-41222} - mm/mremap.c: fix extent calculation (Waiman Long) [2140944] {CVE-2022-41222} - x86: mremap speedup - Enable HAVE_MOVE_PUD (Waiman Long) [2140944] {CVE-2022-41222} - mm: speedup mremap on 1GB or larger regions (Waiman Long) [2140944] {CVE-2022-41222} - mm/mremap: start addresses are properly aligned (Waiman Long) [2140944] {CVE-2022-41222} - mm/mremap: calculate extent in one place (Waiman Long) [2140944] {CVE-2022-41222} - mm/mremap: it is sure to have enough space when extent meets requirement (Waiman Long) [2140944] {CVE-2022-41222} - s390/boot: add secure boot trailer (Tobias Huschle) [2151530 2141967] - i40e: Fix VF hang when reset is triggered on another VF (Ivan Vecera) [2160460 2103801] - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (Prarit Bhargava) [2154388 2119066] {CVE-2022-2873} - iavf: schedule watchdog immediately when changing primary MAC (Michal Schmidt) [2163257 2152493] - iavf: Move netdev_update_features() into watchdog task (Michal Schmidt) [2163257 2152493] - iavf: fix temporary deadlock and failure to set MAC address (Michal Schmidt) [2163257 2152493] - iavf: Fix error handling in iavf_init_module() (Michal Schmidt) [2163257 2152493] - iommu/vt-d: Clean up si_domain in the init_dmars() error path (Jerry Snitselaar) [2149474 2118428] - x86/pci/xen: Use msi_msg shadow structs (Jerry Snitselaar) [2149474 2118428] - iommu/intel: Use msi_msg shadow structs (Jerry Snitselaar) [2149474 2118428] - PCI: MSI: Fix Kconfig dependencies for PCI_MSI_ARCH_FALLBACKS (Jerry Snitselaar) [2149474 2118428] - x86/apic/msi: Unbreak DMAR and HPET MSI (Jerry Snitselaar) [2149474 2118428] - iommu/amd: Remove domain search for PCI/MSI (Jerry Snitselaar) [2149474 2118428] - iommu/vt-d: Remove domain search for PCI/MSI[X] (Jerry Snitselaar) [2149474 2118428] - x86/irq: Make most MSI ops XEN private (Jerry Snitselaar) [2149474 2118428] - x86/irq: Cleanup the arch_*_msi_irqs() leftovers (Jerry Snitselaar) [2149474 2118428] - PCI/MSI: Make arch_.*_msi_irq[s] fallbacks selectable (Jerry Snitselaar) [2149474 2118428] - x86/xen: Wrap XEN MSI management into irqdomain (Jerry Snitselaar) [2149474 2118428] - x86/xen: Consolidate XEN-MSI init (Jerry Snitselaar) [2149474 2118428] - x86/xen: Rework MSI teardown (Jerry Snitselaar) [2149474 2118428] - x86/xen: Make xen_msi_init() static and rename it to xen_hvm_msi_init() (Jerry Snitselaar) [2149474 2118428] - x86/irq: Move apic_post_init() invocation to one place (Jerry Snitselaar) [2149474 2118428] - x86/msi: Use generic MSI domain ops (Jerry Snitselaar) [2149474 2118428] - x86/msi: Remove pointless vcpu_affinity callback (Jerry Snitselaar) [2149474 2118428] - iommu/vt-d: Fix compile error with CONFIG_PCI_ATS not set (Myron Stowe) [2149474 2118428] - iommu/vt-d: Cure VF irqdomain hickup (Myron Stowe) [2149474 2118428] - x86/pci: Set default irq domain in pcibios_add_device() (Myron Stowe) [2149474 2118428] - iommm/amd: Store irq domain in struct device (Myron Stowe) [2149474 2118428] - iommm/vt-d: Store irq domain in struct device (Myron Stowe) [2149474 2118428] - PCI/MSI: Provide pci_dev_has_special_msi_domain() helper (Myron Stowe) [2149474 2118428] - x86/msi: Consolidate MSI allocation (Myron Stowe) [2149474 2118428] - PCI/MSI: Rework pci_msi_domain_calc_hwirq() (Myron Stowe) [2149474 2118428] - x86/irq: Consolidate UV domain allocation (Myron Stowe) [2149474 2118428] - x86/irq: Consolidate DMAR irq allocation (Myron Stowe) [2149474 2118428] - x86_ioapic_Consolidate_IOAPIC_allocation (Myron Stowe) [2149474 2118428] - x86/msi: Consolidate HPET allocation (Myron Stowe) [2149474 2118428] - iommu/irq_remapping: Consolidate irq domain lookup (Myron Stowe) [2149474 2118428] - iommu/amd: Consolidate irq domain getter (Myron Stowe) [2149474 2118428] - iommu/vt-d: Consolidate irq domain getter (Myron Stowe) [2149474 2118428] - x86/irq: Add allocation type for parent domain retrieval (Myron Stowe) [2149474 2118428] - irqdomain: Export irq_domain_update_bus_token (Myron Stowe) [2149474 2118428] - gitlab-ci: use CI templates from production branch (Michael Hofmann) - iavf: remove INITIAL_MAC_SET to allow gARP to work properly (Stefan Assmann) [2149745 1938635] - Revert "scsi: iscsi: ql4xxx: Use per-session workqueue for unbinding" (Chris Leech) [2152734 2122624] - Revert "scsi: iscsi: Use the session workqueue for recovery" (Chris Leech) [2152734 2122624] - arm64/bpf: Remove 128MB limit for BPF JIT programs (Yauheni Kaliuta) [2152138 2140163] - bpf: Define bpf_jit_alloc_exec_limit for arm64 JIT (Yauheni Kaliuta) [2152138 2140163] - arm64: extable: add type and data fields (Yauheni Kaliuta) [2152138 2140163] - arm64: extable: use ex for exception_table_entry (Yauheni Kaliuta) [2152138 2140163] - arm64: extable: make fixup_exception() return bool (Yauheni Kaliuta) [2152138 2140163] - arm64: extable: consolidate definitions (Yauheni Kaliuta) [2152138 2140163] - arm64: kvm: use kvm_exception_table_entry (Yauheni Kaliuta) [2152138 2140163] - be2net: Fix buffer overflow in be_get_module_eeprom (Josef Oskera) [2160182 2126917] [4.18.0-425.12.1.el8_7] - x86/fpu: Prevent FPU state corruption (Oleksandr Natalenko) [2134586 2130890] - x86/fpu: Drop fpregs lock before inheriting FPU permissions (Eder Zulian) [2154460 2153549] - kernel-doc: fix undefined args variable (Jan Stancek) [2157905 2134954] - mm: memcontrol: fix potential oom_lock recursion deadlock (Waiman Long) [2157922 2138886] - memcg: prohibit unconditional exceeding the limit of dying tasks (Waiman Long) [2157922 2138886] - mm, oom: do not trigger out_of_memory from the #PF (Waiman Long) [2157922 2138886] - mm, oom: pagefault_out_of_memory: don't force global OOM for dying tasks (Waiman Long) [2157922 2138886] - mm: memcontrol: don't count limit-setting reclaim as memory pressure (Waiman Long) [2157922 2138886] - KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field (Thomas Huth) [2158813 2151854] - net: mana: Fix race on per-CQ variable napi work_done (Emanuele Giuseppe Esposito) [2155437 2151722] - mei: me: add adler lake point S DID (Prarit Bhargava) [2141783 2141602] - PCI: hv: Only reuse existing IRTE allocation for Multi-MSI (Emanuele Giuseppe Esposito) [2155289 2100275] - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (Emanuele Giuseppe Esposito) [2155289 2100275] - PCI: hv: Fix interrupt mapping for multi-MSI (Emanuele Giuseppe Esposito) [2155289 2100275] - PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() (Emanuele Giuseppe Esposito) [2155289 2100275] - PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI (Emanuele Giuseppe Esposito) [2155289 2100275] - PCI: hv: Fix multi-MSI to allow more than one MSI vector (Emanuele Giuseppe Esposito) [2155289 2100275] - drm/ast: Support multiple outputs (Jarod Wilson) [2149287 2147553] [4.18.0-425.11.1.el8_7] - NFSD: Protect against send buffer overflow in NFSv3 READ (Scott Mayhew) [2143172 2141774] {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv2 READ (Scott Mayhew) [2143172 2141774] {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv3 READDIR (Scott Mayhew) [2143172 2141774] {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv2 READDIR (Scott Mayhew) [2143172 2141774] {CVE-2022-43945} - SUNRPC: Fix svcxdr_init_encode's buflen calculation (Scott Mayhew) [2143172 2141774] {CVE-2022-43945} - SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation (Scott Mayhew) [2143172 2141774] {CVE-2022-43945} - panic, kexec: make __crash_kexec() NMI safe (Valentin Schneider) [2139580 2134126] - kexec: turn all kexec_mutex acquisitions into trylocks (Valentin Schneider) [2139580 2134126] - kexec: move locking into do_kexec_load (Valentin Schneider) [2139580 2134126] - vdpa/mlx5: re-create forwarding rules after mac modified (Laurent Vivier) [2152912 2145136] - timers/nohz: Last resort update jiffies on nohz_full IRQ entry (Waiman Long) [2153653 2108387] - irq: Call tick_irq_enter() inside HARDIRQ_OFFSET (Waiman Long) [2153653 2108387] - irqtime: Move irqtime entry accounting after irq offset incrementation (Waiman Long) [2153653 2108387] - sched/vtime: Consolidate IRQ time accounting (Waiman Long) [2153653 2108387] - s390/vtime: Use the generic IRQ entry accounting (Waiman Long) [2153653 2108387] - sched/cputime: Remove symbol exports from IRQ time accounting (Waiman Long) [2153653 2108387] - genirq/irqdomain: Don't try to free an interrupt that has no mapping (Waiman Long) [2153653 2108387] - genirq: Provide __irq_enter/exit_raw() (Waiman Long) [2153653 2108387] - powerpc/time: Only set CONFIG_ARCH_HAS_SCALED_CPUTIME on PPC64 (Waiman Long) [2153653 2108387] - powerpc/time: isolate scaled cputime accounting in dedicated functions. (Waiman Long) [2153653 2108387] - PCI: hv: Fix synchronization between channel callback and hv_pci_bus_exit() (Mohammed Gamal) [2155280 2144708] - PCI: hv: Fix synchronization between channel callback and hv_compose_msi_msg() (Mohammed Gamal) [2155280 2144708] - PCI: hv: Use vmbus_requestor to generate transaction IDs for VMbus hardening (Mohammed Gamal) [2155280 2144708] - net/mlx5e: TC, Reject forwarding from internal port to internal port (Mohammad Kabat) [2141959 2131345] - hv_netvsc: Fix race between VF offering and VF association message from host (Mohammed Gamal) [2155272 2149279] - x86/mce: Reduce number of machine checks taken during recovery (Prarit Bhargava) [2137592 2104388] - cgroup/cpuset: Reduce cpuset_rwsem writer latency (Waiman Long) [2153108 2149031] - rcu/exp: Mark current CPU as exp-QS in IPI loop second pass (Waiman Long) [2153108 2149031] - rcu: Always inline rcu_dynticks_task*_{enter,exit}() (Waiman Long) [2153108 2149031] - rcu: Fix existing exp request check in sync_sched_exp_online_cleanup() (Waiman Long) [2153108 2149031] - rcu: Fix macro name CONFIG_TASKS_RCU_TRACE (Waiman Long) [2153108 2149031] - rcu: Fix stall-warning deadlock due to non-release of rcu_node ->lock (Waiman Long) [2153108 2149031] - rcu: Fix to include first blocked task in stall warning (Waiman Long) [2153108 2149031] - cgroup: Use cgroup_attach_{lock,unlock}() from cgroup_attach_task_all() (Waiman Long) [2153108 2149031] - cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() (Waiman Long) [2153108 2149031] cpus_read_lock() deadlock (Waiman Long) [2153108 2149031] - cgroup: Elide write-locking threadgroup_rwsem when updating csses on an empty subtree (Waiman Long) [2153108 2149031] - cgroup/cpuset: Fix a race between cpuset_attach() and cpu hotplug (Waiman Long) [2153108 2149031] - cgroup: reduce dependency on cgroup_mutex (Waiman Long) [2153108 2149031] - sunrpc: Set sk_allocation to GFP_NOFS to avoid using current->task_frag. (Guillaume Nault) [2153230 2089660]

SRPMs

https://oss.oracle.com:443/ol8/SRPMS-updates//kernel-4.18.0-425.13.1.el8_7.src.rpm

x86_64

bpftool-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-abi-stablelists-4.18.0-425.13.1.el8_7.noarch.rpm kernel-core-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-cross-headers-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-debug-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-debug-core-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-debug-devel-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-debug-modules-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-debug-modules-extra-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-devel-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-doc-4.18.0-425.13.1.el8_7.noarch.rpm kernel-headers-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-modules-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-modules-extra-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-tools-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-tools-libs-4.18.0-425.13.1.el8_7.x86_64.rpm perf-4.18.0-425.13.1.el8_7.x86_64.rpm python3-perf-4.18.0-425.13.1.el8_7.x86_64.rpm kernel-tools-libs-devel-4.18.0-425.13.1.el8_7.x86_64.rpm

aarch64

bpftool-4.18.0-425.13.1.el8_7.aarch64.rpm kernel-cross-headers-4.18.0-425.13.1.el8_7.aarch64.rpm kernel-headers-4.18.0-425.13.1.el8_7.aarch64.rpm kernel-tools-4.18.0-425.13.1.el8_7.aarch64.rpm kernel-tools-libs-4.18.0-425.13.1.el8_7.aarch64.rpm perf-4.18.0-425.13.1.el8_7.aarch64.rpm python3-perf-4.18.0-425.13.1.el8_7.aarch64.rpm kernel-tools-libs-devel-4.18.0-425.13.1.el8_7.aarch64.rpm

i386

Severity
Related CVEs: CVE-2022-2873 CVE-2022-41222 CVE-2022-43945

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved