Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-10274

Опубликовано: 26 нояб. 2024
Источник: oracle-oval
Платформа: Oracle Linux 9

Описание

ELSA-2024-10274: kernel security update (MODERATE)

  • [5.14.0-503.15.1_5.OL9]
  • Disable UKI signing [Orabug: 36571828]
  • Update Oracle Linux certificates (Kevin Lyons)
  • Disable signing for aarch64 (Ilya Okomin)
  • Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  • Update x509.genkey [Orabug: 24817676]
  • Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
  • Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
  • Add Oracle Linux IMA certificates

[5.14.0-503.15.1_5]

  • USB: serial: mos7840: fix crash on resume (Desnes Nunes) [RHEL-65484 RHEL-59050] {CVE-2024-42244}
  • attr: block mode changes of symlinks (CKI Backport Bot) [RHEL-61231 RHEL-60822]
  • ice: Adjust PTP init for 2x50G E825C devices (Petr Oros) [RHEL-64017 RHEL-29210]
  • ice: Add NAC Topology device capability parser (Petr Oros) [RHEL-64017 RHEL-29210]
  • ice: Add support for E825-C TS PLL handling (Petr Oros) [RHEL-64017 RHEL-29210]
  • ice: Change CGU regs struct to anonymous (Petr Oros) [RHEL-64017 RHEL-29210]
  • ice: Introduce ETH56G PHY model for E825C products (Petr Oros) [RHEL-64017 RHEL-29210]
  • ice: Introduce ice_get_base_incval() helper (Petr Oros) [RHEL-64017 RHEL-29210]
  • ice: Move CGU block (Petr Oros) [RHEL-64017 RHEL-29210]
  • ice: Add PHY OFFSET_READY register clearing (Petr Oros) [RHEL-64017 RHEL-29210]
  • ice: Implement Tx interrupt enablement functions (Petr Oros) [RHEL-64017 RHEL-29210]
  • ice: Introduce helper to get tmr_cmd_reg values (Petr Oros) [RHEL-64017 RHEL-29210]
  • ice: Introduce ice_ptp_hw struct (Petr Oros) [RHEL-64017 RHEL-29210]
  • wifi: rtw89: limit the PPDU length for VHT rate to 0x40000 (Narpat Mali) [RHEL-61753 RHEL-35542]
  • wifi: rtw89: 885xbx: apply common settings to 8851B, 8852B and 8852BT (Narpat Mali) [RHEL-61753 RHEL-35542]
  • wifi: rtw89: 8852b: fix definition of KIP register number (Narpat Mali) [RHEL-61753 RHEL-35542]
  • wifi: rtw89: 8852b: set AMSDU limit to 5000 (Narpat Mali) [RHEL-61753 RHEL-35542]
  • bpf: Fix overrunning reservations in ringbuf (CKI Backport Bot) [RHEL-62940] {CVE-2024-41009}
  • net: tcp: accept old ack during closing (Jamie Bainbridge) [RHEL-61424 RHEL-60572]
  • cxl/port: Fix use-after-free, permit out-of-order decoder shutdown (CKI Backport Bot) [RHEL-66837] {CVE-2024-50226}
  • ethtool: check device is present when getting link settings (Michal Schmidt) [RHEL-60581 RHEL-57750]
  • iommu/amd: Fix argument order in amd_iommu_dev_flush_pasid_all() (CKI Backport Bot) [RHEL-59982 RHEL-59981]

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

kernel-cross-headers

5.14.0-503.15.1.el9_5

kernel-tools-libs-devel

5.14.0-503.15.1.el9_5

bpftool

7.4.0-503.15.1.el9_5

kernel-tools

5.14.0-503.15.1.el9_5

kernel-tools-libs

5.14.0-503.15.1.el9_5

python3-perf

5.14.0-503.15.1.el9_5

kernel-headers

5.14.0-503.15.1.el9_5

perf

5.14.0-503.15.1.el9_5

rtla

5.14.0-503.15.1.el9_5

rv

5.14.0-503.15.1.el9_5

Oracle Linux x86_64

bpftool

7.4.0-503.15.1.el9_5

kernel

5.14.0-503.15.1.el9_5

kernel-abi-stablelists

5.14.0-503.15.1.el9_5

kernel-core

5.14.0-503.15.1.el9_5

kernel-debug

5.14.0-503.15.1.el9_5

kernel-debug-core

5.14.0-503.15.1.el9_5

kernel-debug-modules

5.14.0-503.15.1.el9_5

kernel-debug-modules-core

5.14.0-503.15.1.el9_5

kernel-debug-modules-extra

5.14.0-503.15.1.el9_5

kernel-debug-uki-virt

5.14.0-503.15.1.el9_5

kernel-modules

5.14.0-503.15.1.el9_5

kernel-modules-core

5.14.0-503.15.1.el9_5

kernel-modules-extra

5.14.0-503.15.1.el9_5

kernel-tools

5.14.0-503.15.1.el9_5

kernel-tools-libs

5.14.0-503.15.1.el9_5

kernel-uki-virt

5.14.0-503.15.1.el9_5

kernel-uki-virt-addons

5.14.0-503.15.1.el9_5

python3-perf

5.14.0-503.15.1.el9_5

kernel-debug-devel

5.14.0-503.15.1.el9_5

kernel-debug-devel-matched

5.14.0-503.15.1.el9_5

kernel-devel

5.14.0-503.15.1.el9_5

kernel-devel-matched

5.14.0-503.15.1.el9_5

kernel-doc

5.14.0-503.15.1.el9_5

kernel-headers

5.14.0-503.15.1.el9_5

perf

5.14.0-503.15.1.el9_5

rtla

5.14.0-503.15.1.el9_5

rv

5.14.0-503.15.1.el9_5

kernel-cross-headers

5.14.0-503.15.1.el9_5

kernel-tools-libs-devel

5.14.0-503.15.1.el9_5

libperf

5.14.0-503.15.1.el9_5

Связанные CVE

CVE-2024-42244
CVE-2024-50226
CVE-2024-41009

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2024-42244

CVSS3: 5.5
ubuntu
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011. Specifically, both port read URBs are now submitted on resume for open ports, but the context pointer of the second URB is left set to the core rather than mos7840 port structure. Fix this by implementing dedicated suspend and resume functions for mos7840. Tested with Delock 87414 USB 2.0 to 4x serial adapter. [ johan: analyse crash and rewrite commit message; set busy flag on resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]

redhat логотип

CVE-2024-42244

CVSS3: 4.4
redhat
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011. Specifically, both port read URBs are now submitted on resume for open ports, but the context pointer of the second URB is left set to the core rather than mos7840 port structure. Fix this by implementing dedicated suspend and resume functions for mos7840. Tested with Delock 87414 USB 2.0 to 4x serial adapter. [ johan: analyse crash and rewrite commit message; set busy flag on resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]

nvd логотип

CVE-2024-42244

CVSS3: 5.5
nvd
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: USB: serial: mos7840: fix crash on resume Since commit c49cfa917025 ("USB: serial: use generic method if no alternative is provided in usb serial layer"), USB serial core calls the generic resume implementation when the driver has not provided one. This can trigger a crash on resume with mos7840 since support for multiple read URBs was added back in 2011. Specifically, both port read URBs are now submitted on resume for open ports, but the context pointer of the second URB is left set to the core rather than mos7840 port structure. Fix this by implementing dedicated suspend and resume functions for mos7840. Tested with Delock 87414 USB 2.0 to 4x serial adapter. [ johan: analyse crash and rewrite commit message; set busy flag on resume; drop bulk-in check; drop unnecessary usb_kill_urb() ]

msrc логотип

CVE-2024-42244

CVSS3: 5.5
msrc
10 месяцев назад

Описание отсутствует

debian логотип

CVE-2024-42244

CVSS3: 5.5
debian
11 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: U ...

Уязвимость ELSA-2024-10274