Stay Secure with the Latest Linux Advisories

security advisorykernel updateDoS

Oracle Linux 7 ELSA-2022-9365 Important: Kernel Update Critical Issue

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network . Oracle Linux Security Advisory ELSA-2022-9365 https://linux.oracle.com/errata/ELSA-2022-9365.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2136.307.3.1.el7uek.x86_64.rpm kernel-uek-debug-5.4.17-2136.307.3.1.el7uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2136.307.3.1.el7uek.x86_64.rpm kernel-uek-devel-5.4.17-2136.307.3.1.el7uek.x86_64.rpm kernel-uek-doc-5.4.17-2136.307.3.1.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.307.3.1.el7uek.x86_64.rpm aarch64: kernel-uek-5.4.17-2136.307.3.1.el7uek.aarch64.rpm kernel-uek-debug-5.4.17-2136.307.3.1.el7uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2136.307.3.1.el7uek.aarch64.rpm kernel-uek-devel-5.4.17-2136.307.3.1.el7uek.aarch64.rpm kernel-uek-doc-5.4.17-2136.307.3.1.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2136.307.3.1.el7uek.aarch64.rpm kernel-uek-tools-libs-5.4.17-2136.307.3.1.el7uek.aarch64.rpm perf-5.4.17-2136.307.3.1.el7uek.aarch64.rpm python-perf-5.4.17-2136.307.3.1.el7uek.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol7/SRPMS-updates/kernel-uek-5.4.17-2136.307.3.1.el7uek.src.rpm Related CVEs: CVE-2020-24502 CVE-2020-245024 CVE-2020-24503 CVE-2021-45095 CVE-2022-1016 CVE-2022-1055 CVE-2022-1158 CVE-2022-27666 Description of changes: [5.4.17-2136.307.3.1.el7uek] - Revert "rds/ib: recover rds connection from stuck tx path" (Nagappan Ramasamy Palaniappan) [Orabug: 34124233] - Revert "rds/ib: reap tx completions during connection shutdown" (Nagappan Ramasamy Palaniappan) [Orabug: 34124233] - Revert "rds/ib: handle posted ACK during connection shutdown" (Nagappan Ramasamy Palaniappan) [Orabug: 34124233] [5.4.17-2136.307.3.el7uek] - kvm: debugfs: fix memory leak in kvm_create_vm_debugfs (Pavel Skripkin) [Orabug: 33099019] - KVM: debugfs: Reuse binary stats descriptors (Jing Zhang) [Orabug: 33099019] - KVM:selftests: Add selftest for KVM statistics data binary interface (Jing Zhang) [Orabug: 33099019] - KVM: stats: Add documentation for binary statistics interface (Jing Zhang) [Orabug: 33099019] - KVM: stats: Support binary stats retrieval for a VCPU (Jing Zhang) [Orabug: 33099019] - KVM: stats: Support binary stats retrieval for a VM (Jing Zhang) [Orabug: 33099019] - KVM: stats: Add fd-based API to read binary stats data (Jing Zhang) [Orabug: 33099019] - KVM: stats: Separate generic stats from architecture specific ones (Jing Zhang) [Orabug: 33099019] - KVM: switch per-VM stats to u64 (Paolo Bonzini) [Orabug: 33099019] - kvm_host: unify VM_STAT and VCPU_STAT definitions in a single place (Emanuele Giuseppe Esposito) [Orabug: 33099019] - kvm: Refactor handling of VM debugfs files (Milan Pandurov) [Orabug: 33099019] - mpt3sas: avoid SOFT_RESET on shutdown (John Donnelly) [Orabug: 33666018] - scsi: mpt3sas: Clean up some inconsistent indenting (Colin Ian King) [Orabug: 33666018] - scsi: mpt3sas: Fix incorrectly assigned error return and check (Colin Ian King) [Orabug: 33666018] - scsi: mpt3sas: Introduce sas_ncq_prio_supported sysfs sttribute (Damien Le Moal) [Orabug: 33666018] - scsi: mpt3sas: Update driver version to 39.100.00.00 (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Use firmware recommended queue depth (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Bump driver version to 38.100.00.00 (Sreekanth Reddy) [Orabug: 33666018] - scsi: mpt3sas: Transition IOC to Ready state during shutdown (Sreekanth Reddy) [Orabug: 33666018] - scsi: mpt3sas: Fix Coverity reported issue (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Fix fall-through warnings for Clang (Gustavo A. R. Silva) [Orabug: 33666018] - scsi: mpt3sas: Handle firmware faults during second (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Handle firmware faults during first half of IOC init (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Fix deadlock while cancelling the runningfirmware event (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Documentation cleanup (Randy Dunlap) [Orabug: 33666018] - scsi: mpt3sas: Fix two kernel-doc headers (Bart Van Assche) [Orabug: 33666018] - scsi: mpt3sas: Fix out-of-bounds warnings in _ctl_addnl_diag_query (Gustavo A. R. Silva) [Orabug: 33666018] - scsi: mpt3sas: Fix endianness for ActiveCablePowerRequirement (Sreekanth Reddy) [Orabug: 33666018] - scsi: mpt3sas: Only one vSES is present even when IOC has multi vSES (Sreekanth Reddy) [Orabug: 33666018] - scsi: mpt3sas: Fix a typo (Bhaskar Chowdhury) [Orabug: 33666018] - scsi: mpt3sas: Fix a few kernel-doc issues (Lee Jones) [Orabug: 33666018] - scsi: mpt3sas: Update driver version to 37.101.00.00 (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Force reply post array allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Force reply post buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Force reply buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Force sense buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Force chain buffer allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Force PCIe scatterlist allocations to be within same 4 GB region (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Replace unnecessary dynamic allocation with a static one (Gustavo A. R. Silva) [Orabug: 33666018] - scsi: mpt3sas: Do not use GFP_KERNEL in atomic context (Christophe JAILLET) [Orabug: 33666018] - scsi: mpt3sas: Fix some kernel-doc misnaming issues (Lee Jones) [Orabug: 33666018] - scsi: mpt3sas: Fix a couple of misdocumented functions/params (Lee Jones) [Orabug: 33666018] - scsi: mpt3sas: Fix a bunch of potential naming doc-rot (Lee Jones) [Orabug: 33666018] - scsi: mpt3sas: Move a little data from the stack ontothe heap (Lee Jones) [Orabug: 33666018] - scsi: mpt3sas: Fix misspelling of _base_put_smid_default_atomic() (Lee Jones) [Orabug: 33666018] - scsi: mpt3sas: Update driver version to 37.100.00.00 (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Additional diagnostic buffer query interface (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Fix ReplyPostFree pool allocation (Sreekanth Reddy) [Orabug: 33666018] - scsi: mpt3sas: Simplify bool comparison (YANG LI) [Orabug: 33666018] - scsi: mpt3sas: Fix spelling mistake in Kconfig "compatiblity" -> "compatibility" (Suganath Prabu S) [Orabug: 33666018] - scsi: mpt3sas: Signedness bug in _base_get_diag_triggers() (Dan Carpenter) [Orabug: 33666018] - mei: me: disable driver on the ign firmware (Alexander Usyskin) [Orabug: 34018919] - mei: add device kind to sysfs (Alexander Usyskin) [Orabug: 34018919] - mei: me: add MEI device for SPT with ITPS capability (Tomas Winkler) [Orabug: 34018919] - mei: me: make mei_me_fw_sku_sps_4() less cryptic (Tomas Winkler) [Orabug: 34018919] - mei: me: constify the device parameter to the probe quirk (Tomas Winkler) [Orabug: 34018919] - mei: me: disable mei interface on Mehlow server platforms (Tomas Winkler) [Orabug: 34018919] - mei: fix CNL itouch device number to match the spec. (Alexander Usyskin) [Orabug: 34018919] - mei: me: disable mei interface on LBG servers. (Tomas Winkler) [Orabug: 34018919] - mei: me: mei_me_dev_init() use struct device instead of struct pci_dev. (Tomas Winkler) [Orabug: 34018919] - x86/speculation: Restore speculation related MSRs during S3 resume (Pawan Gupta) [Orabug: 34053700] - net: bpf: Make bpf_ktime_get_ns() available to non GPL programs (Maciej Żenczykowski) [Orabug: 34079481] [5.4.17-2136.307.2.el7uek] - net: sched: fix use-after-free in tc_new_tfilter() (Eric Dumazet) [Orabug: 34027161] {CVE-2022-1055} - rds: ib: Initialize SG table properly (Håkon Bugge) [Orabug: 34031913] - Revert "rds/ib: recover rds connection from stuck rx path" (RohitNair) [Orabug: 34039270] - mm: memcontrol: slab: fix obtain a reference to a freeing memcg (Muchun Song) [Orabug: 34045826] - mm: memcg/slab: fix use after free in obj_cgroup_charge (Muchun Song) [Orabug: 34045826] - mm/page-writeback: Fix performance when BDI's share of ratio is 0. (Chi Wu) [Orabug: 34050049] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34034594] {CVE-2022-1158} [5.4.17-2136.307.1.el7uek] - oracleasm: Fix block layer error conversion (Martin K. Petersen) [Orabug: 33413872] - oracleasm: Fix memory leak inadvertently caused by block layer changes (Martin K. Petersen) [Orabug: 33413872] - rds: Fix incorrect initialization order (Håkon Bugge) [Orabug: 33519061] - Fix switchdev transition after configuring 256 SFs (Mikhael Goikhman) [Orabug: 33913142] - net/mlx5: Remove all auxiliary devices at the unregister event (Leon Romanovsky) [Orabug: 33913153] - net/mlx5: E-Switch, handle devcom events only for ports on the same device (Roi Dayan) [Orabug: 33913153] - net/mlx5e: Don't create devices during unload flow (Dmytro Linkin) [Orabug: 33913153] - net/mlx5: Delete auxiliary bus driver eth-rep first (Maor Dickman) [Orabug: 33913153] - Fix deadlock with SFs created and devlink reload of parent PF (Mikhael Goikhman) [Orabug: 33913153] - phonet: refcount leak in pep_sock_accep (Hangyu Hua) [Orabug: 33962760] {CVE-2021-45095} - bpf: Lift hashtab key_size limit (Florian Lehner) [Orabug: 33968668] - net/rds: Fix math on error code (Freddy Carrillo) [Orabug: 33974713] - rds: ib: Fix racy credit tracepoints (Håkon Bugge) [Orabug: 33980855] - mm: fix MADV_DONTEXEC to clear VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 33987399] - ice: create scheduler aggregator node config and move VSIs (Kiran Patil) [Orabug: 33993157] {CVE-2020-24502} {CVE-2020-24503} {CVE-2020-245024} - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33993775] - sched/topology: Don't set SD_BALANCE_WAKE on cpuset domainrelax (Valentin Schneider) [Orabug: 33994395] - esp: Fix possible buffer overflow in ESP transformation (Steffen Klassert) [Orabug: 33997299] {CVE-2022-27666} - exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34003080] - netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34012924] {CVE-2022-1016} . Oracle Linux Security Bulletin ELSA-2022-9366 outlines crucial enhancements and remedies for system vulnerabilities within the kernel.. Oracle Linux Update, Security Advisory, Kernel Security Update, Important Linux Patch. . Severity: Important. LinuxSecurity.com Team

May 10, 2022 •Important Oracle