Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2024-12830

Опубликовано: 20 нояб. 2024
Источник: oracle-oval
Платформа: Oracle Linux 8
Платформа: Oracle Linux 9

Описание

ELSA-2024-12830: Unbreakable Enterprise kernel security update (IMPORTANT)

[5.15.0-300.163.18.7]

  • Revert 'net/mlx5: disable the 'fast unload' feature on Exadata systems' (Qing Huang) [Orabug: 37285705]
  • Revert 'net/mlx5: pretend 'fast unload' succeeded on Exadata systems' (Qing Huang) [Orabug: 37285705]

[5.15.0-300.163.18.6]

  • x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Adamos Ttofari) [Orabug: 37281022] {CVE-2024-35801}
  • devlink: fix possible use-after-free and memory leaks in devlink_init() (Vasiliy Kovalev) [Orabug: 37281015] {CVE-2024-26734}
  • RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688618] [Orabug: 37279424]
  • block: fix inflight io counter leaking when io sumit failure for dm device (Junxiao Bi) [Orabug: 37279421]

[5.15.0-300.163.18.5]

  • net/mlx5: pretend 'fast unload' succeeded on Exadata systems (Gerd Rausch) [Orabug: 37264565]
  • rds: Do not invoke the transport's recv_path() while in atomic context (Hakon Bugge) [Orabug: 37264563]

[5.15.0-300.163.18.4]

  • nvme: fix deadlock between reset and scan (Bitao Hu) [Orabug: 37260320]
  • rds: ib: Avoid reuse of IB MRs when cleaning is in progress (Hakon Bugge) [Orabug: 37260304]
  • Revert 'rds: ib: Make sure receives are posted before connection is up' (Gerd Rausch) [Orabug: 37260292]

[5.15.0-300.163.18.3]

  • kobject_uevent: Fix OOB access within zap_modalias_env() (Zijun Hu) [Orabug: 37203371] {CVE-2024-42292}
  • net/mlx5: disable the 'fast unload' feature on Exadata systems (Qing Huang) [Orabug: 37203368]

[5.15.0-300.163.18.2]

  • netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init(). (Kuniyuki Iwashima) [Orabug: 37184791] {CVE-2024-42269}
  • netfilter: nf_tables: use timestamp to check for set element timeout (Pablo Neira Ayuso) [Orabug: 37184793] {CVE-2024-27397}
  • IB/mlx5: Fix mlx5_ib_get_vector_irqn() after dynamic IRQ allocation change (Gerd Rausch) [Orabug: 37189054]
  • x86/bugs: Adjust SRSO mitigation to new features (Boris Ostrovsky) [Orabug: 37184802]
  • KVM: x86: Propagate the AMD Automatic IBRS feature to the guest (Kim Phillips) [Orabug: 37184800]
  • x86/cpu, kvm: Add the SMM_CTL MSR not present feature (Kim Phillips) [Orabug: 37184800]
  • x86/cpu, kvm: Add the Null Selector Clears Base feature (Kim Phillips) [Orabug: 37184800]
  • x86/cpu, kvm: Move X86_FEATURE_LFENCE_RDTSC to its native leaf (Kim Phillips) [Orabug: 37184800]
  • x86/cpu, kvm: Add the NO_NESTED_DATA_BP feature (Kim Phillips) [Orabug: 37184800]
  • KVM: x86: Move open-coded CPUID leaf 0x80000021 EAX bit propagation code (Kim Phillips) [Orabug: 37184800]
  • KVM: x86: Advertise that the SMM_CTL MSR is not supported (Jim Mattson) [Orabug: 37184800]
  • KVM: x86: synthesize CPUID leaf 0x80000021h if useful (Paolo Bonzini) [Orabug: 37184800]
  • KVM: x86: skip host CPUID call for hypervisor leaves (Paolo Bonzini) [Orabug: 37184800]
  • KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 37184800]
  • amd_hsmp: Update PwrEfficiencyModeSelection message (Suma Hegde) [Orabug: 37185578]
  • amd_hsmp: Add support for new error codes returned from firmware (Suma Hegde) [Orabug: 37185578]
  • amd_hsmp: Add new HSMP messages of protocol version 7 (Suma Hegde) [Orabug: 37185578]
  • netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init(). (Kuniyuki Iwashima) [Orabug: 37184779] {CVE-2024-42270}
  • mm: avoid leaving partial pfn mappings around in error case (Linus Torvalds) [Orabug: 37184794] {CVE-2024-47674}
  • net/mlx5: Fix IPsec RoCE MPV trace call (Patrisious Haddad) [Orabug: 37184799]
  • fwctl: Allow up to 4k devices (Saeed Mahameed) [Orabug: 37184797]
  • mm/memory-failure: send SIGBUS in the event of thp split fail (Jane Chu) [Orabug: 37184796]
  • mm/memory-failure: move hwpoison_filter() higher up (Jane Chu) [Orabug: 37184796]
  • mm/memory-failure: improve memory failure action_result messages (Jane Chu) [Orabug: 37184796]
  • mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED (Naoya Horiguchi) [Orabug: 37184796]
  • mm/madvise: add MF_ACTION_REQUIRED to madvise(MADV_HWPOISON) (Jane Chu) [Orabug: 37184796]
  • mm/memory-failure: try to send SIGBUS even if unmap failed (Jane Chu) [Orabug: 37184796]
  • mm: memory-failure: cleanup try_to_split_thp_page() (Kefeng Wang) [Orabug: 37184796]

[5.15.0-300.163.18.1]

  • vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (Haoran Zhang) [Orabug: 37132350]

[5.15.0-300.163.18]

  • crypto: qat - specify firmware files for 402xx (Giovanni Cabiddu) [Orabug: 37044631]

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

bpftool

5.15.0-300.163.18.7.el8uek

kernel-uek

5.15.0-300.163.18.7.el8uek

kernel-uek-container

5.15.0-300.163.18.7.el8uek

kernel-uek-container-debug

5.15.0-300.163.18.7.el8uek

kernel-uek-core

5.15.0-300.163.18.7.el8uek

kernel-uek-debug

5.15.0-300.163.18.7.el8uek

kernel-uek-debug-core

5.15.0-300.163.18.7.el8uek

kernel-uek-debug-devel

5.15.0-300.163.18.7.el8uek

kernel-uek-debug-modules

5.15.0-300.163.18.7.el8uek

kernel-uek-debug-modules-extra

5.15.0-300.163.18.7.el8uek

kernel-uek-devel

5.15.0-300.163.18.7.el8uek

kernel-uek-doc

5.15.0-300.163.18.7.el8uek

kernel-uek-modules

5.15.0-300.163.18.7.el8uek

kernel-uek-modules-extra

5.15.0-300.163.18.7.el8uek

Oracle Linux x86_64

bpftool

5.15.0-300.163.18.7.el8uek

kernel-uek

5.15.0-300.163.18.7.el8uek

kernel-uek-container

5.15.0-300.163.18.7.el8uek

kernel-uek-container-debug

5.15.0-300.163.18.7.el8uek

kernel-uek-core

5.15.0-300.163.18.7.el8uek

kernel-uek-debug

5.15.0-300.163.18.7.el8uek

kernel-uek-debug-core

5.15.0-300.163.18.7.el8uek

kernel-uek-debug-devel

5.15.0-300.163.18.7.el8uek

kernel-uek-debug-modules

5.15.0-300.163.18.7.el8uek

kernel-uek-debug-modules-extra

5.15.0-300.163.18.7.el8uek

kernel-uek-devel

5.15.0-300.163.18.7.el8uek

kernel-uek-doc

5.15.0-300.163.18.7.el8uek

kernel-uek-modules

5.15.0-300.163.18.7.el8uek

kernel-uek-modules-extra

5.15.0-300.163.18.7.el8uek

Oracle Linux 9

Oracle Linux aarch64

bpftool

5.15.0-300.163.18.7.el9uek

kernel-uek

5.15.0-300.163.18.7.el9uek

kernel-uek-container

5.15.0-300.163.18.7.el9uek

kernel-uek-container-debug

5.15.0-300.163.18.7.el9uek

kernel-uek-core

5.15.0-300.163.18.7.el9uek

kernel-uek-debug

5.15.0-300.163.18.7.el9uek

kernel-uek-debug-core

5.15.0-300.163.18.7.el9uek

kernel-uek-debug-devel

5.15.0-300.163.18.7.el9uek

kernel-uek-debug-modules

5.15.0-300.163.18.7.el9uek

kernel-uek-debug-modules-extra

5.15.0-300.163.18.7.el9uek

kernel-uek-devel

5.15.0-300.163.18.7.el9uek

kernel-uek-doc

5.15.0-300.163.18.7.el9uek

kernel-uek-modules

5.15.0-300.163.18.7.el9uek

kernel-uek-modules-extra

5.15.0-300.163.18.7.el9uek

Oracle Linux x86_64

bpftool

5.15.0-300.163.18.7.el9uek

kernel-uek

5.15.0-300.163.18.7.el9uek

kernel-uek-container

5.15.0-300.163.18.7.el9uek

kernel-uek-container-debug

5.15.0-300.163.18.7.el9uek

kernel-uek-core

5.15.0-300.163.18.7.el9uek

kernel-uek-debug

5.15.0-300.163.18.7.el9uek

kernel-uek-debug-core

5.15.0-300.163.18.7.el9uek

kernel-uek-debug-devel

5.15.0-300.163.18.7.el9uek

kernel-uek-debug-modules

5.15.0-300.163.18.7.el9uek

kernel-uek-debug-modules-extra

5.15.0-300.163.18.7.el9uek

kernel-uek-devel

5.15.0-300.163.18.7.el9uek

kernel-uek-doc

5.15.0-300.163.18.7.el9uek

kernel-uek-modules

5.15.0-300.163.18.7.el9uek

kernel-uek-modules-extra

5.15.0-300.163.18.7.el9uek

Связанные CVE

CVE-2024-26734
CVE-2024-27397
CVE-2024-35801
CVE-2024-42292
CVE-2024-47674
CVE-2024-42269
CVE-2024-42270

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2024-12796

oracle-oval
8 месяцев назад

ELSA-2024-12796: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2024-12845

oracle-oval
7 месяцев назад

ELSA-2024-12845: Unbreakable Enterprise kernel security update (IMPORTANT)

ubuntu логотип

CVE-2024-26734

CVSS3: 7.8
ubuntu
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: devlink: fix possible use-after-free and memory leaks in devlink_init() The pernet operations structure for the subsystem must be registered before registering the generic netlink family. Make an unregister in case of unsuccessful registration.

redhat логотип

CVE-2024-26734

CVSS3: 5.5
redhat
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: devlink: fix possible use-after-free and memory leaks in devlink_init() The pernet operations structure for the subsystem must be registered before registering the generic netlink family. Make an unregister in case of unsuccessful registration.

nvd логотип

CVE-2024-26734

CVSS3: 7.8
nvd
около 1 года назад

In the Linux kernel, the following vulnerability has been resolved: devlink: fix possible use-after-free and memory leaks in devlink_init() The pernet operations structure for the subsystem must be registered before registering the generic netlink family. Make an unregister in case of unsuccessful registration.

Уязвимость ELSA-2024-12830