ELSA-2025-0578

Опубликовано: 22 янв. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Описание

ELSA-2025-0578: kernel security update (MODERATE)

[5.14.0-503.22.1_5.OL9]
Disable UKI signing [Orabug: 36571828]
Update Oracle Linux certificates (Kevin Lyons)
Disable signing for aarch64 (Ilya Okomin)
Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
Update x509.genkey [Orabug: 24817676]
Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
Add Oracle Linux IMA certificates

[5.14.0-503.22.1_5]

[s390] zcore: WRITE is 'data source', not destination... (CKI Backport Bot) [RHEL-63078]
arm64/sve: Discard stale CPU state when handling SVE traps (Mark Salter) [RHEL-72218] {CVE-2024-50275}
bpf: Use raw_spinlock_t in ringbuf (Luis Claudio R. Goncalves) [RHEL-68992 RHEL-20608]
rh_messages.h: un-unmaintain hfi1 (CKI Backport Bot) [RHEL-71322]
scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-66055 RHEL-53595]
scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-66055 RHEL-53595]
ASoC: SOF: ipc4-topology: Preserve the DMA Link ID for ChainDMA on unprepare (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc4-topology: Use single token list for the copiers (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc4-topology: Use correct queue_id for requesting input pin format (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc4-topology: Adjust the params based on DAI formats (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc4-topology: Improve readability of sof_ipc4_prepare_dai_copier() (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc4-topology/pcm: Rename sof_ipc4_copier_is_single_format() (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc4-topology: Print out the channel count in sof_ipc4_dbg_audio_format (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc4-topology: support tdm slot number query (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc3-topology: support tdm slot number query (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: sof-audio: add sof_dai_get_tdm_slots function (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: sof-audio: rename dai clock setting query function (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc4-topology: Add support for NHLT with 16-bit only DMIC blob (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc4-topology: Correct DAI copier config and NHLT blob request (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc4-topology: Allow selective update in sof_ipc4_update_hw_params (Jaroslav Kysela) [RHEL-62030]
ASoC: SOF: ipc4-topology: remove shadowed variable (Jaroslav Kysela) [RHEL-62030]
Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (Ivan Vecera) [RHEL-65624]
KVM: SVM: Propagate error from snp_guest_req_init() to userspace (Bandan Das) [RHEL-68361 RHEL-65840]
KVM: SEV: Provide support for SNP_EXTENDED_GUEST_REQUEST NAE event (Bandan Das) [RHEL-68361 RHEL-65840]
x86/sev: Move sev_guest.h into common SEV header (Bandan Das) [RHEL-68361 RHEL-65840]
KVM: SEV: Provide support for SNP_GUEST_REQUEST NAE event (Bandan Das) [RHEL-68361 RHEL-65840]
i40e: fix race condition by adding filter's intermediate sync state (CKI Backport Bot) [RHEL-69809] {CVE-2024-53088}
ice: fix truesize operations for PAGE_SIZE >= 8192 (CKI Backport Bot) [RHEL-70660 RHEL-37905]
ice: fix ICE_LAST_OFFSET formula (CKI Backport Bot) [RHEL-70660 RHEL-37905]
ice: fix page reuse when PAGE_SIZE is over 8k (CKI Backport Bot) [RHEL-70660 RHEL-37905]
nvme-fabrics: handle zero MAXCMD without closing the connection (Maurizio Lombardi) [RHEL-72970]
selftests: netfilter: add test case for recent mismatch bug (Florian Westphal) [RHEL-71357 RHEL-60554]
netfilter: nf_tables: unconditionally flush pending work before notifier (Florian Westphal) [RHEL-71357 RHEL-60554]
netfilter: nft_set_pipapo_avx2: disable softinterrupts (Florian Westphal) [RHEL-71357 RHEL-60554]
netfilter: nf_set_pipapo: fix initial map fill (Florian Westphal) [RHEL-71357 RHEL-60554]
netfilter: nf_tables: store new sets in dedicated list (Florian Westphal) [RHEL-71357 RHEL-60554]
netfilter: nft_socket: Fix a NULL vs IS_ERR() bug in nft_socket_cgroup_subtree_level() (Florian Westphal) [RHEL-71357 RHEL-60554]
netfilter: nft_socket: make cgroupsv2 matching work with namespaces (Florian Westphal) [RHEL-71357 RHEL-60554]
netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [RHEL-71357 RHEL-60554]
tcp: Fix use-after-free of nreq in reqsk_timer_handler(). (Guillaume Nault) [RHEL-70541 RHEL-70449]
tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Guillaume Nault) [RHEL-66329 RHEL-66328] {CVE-2024-50154}
rcu: Use system_unbound_wq to avoid disturbing isolated CPUs (Waiman Long) [RHEL-61329 RHEL-50220]
scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (Cathy Avery) [RHEL-71393 RHEL-9848]
scsi: storvsc: Handle additional SRB status values (Cathy Avery) [RHEL-71393 RHEL-9848]

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

kernel-cross-headers

5.14.0-503.22.1.el9_5

kernel-tools-libs-devel

5.14.0-503.22.1.el9_5

bpftool

7.4.0-503.22.1.el9_5

kernel-tools

5.14.0-503.22.1.el9_5

kernel-tools-libs

5.14.0-503.22.1.el9_5

python3-perf

5.14.0-503.22.1.el9_5

kernel-headers

5.14.0-503.22.1.el9_5

perf

5.14.0-503.22.1.el9_5

rtla

5.14.0-503.22.1.el9_5

Oracle Linux x86_64

bpftool

7.4.0-503.22.1.el9_5

kernel

5.14.0-503.22.1.el9_5

kernel-abi-stablelists

5.14.0-503.22.1.el9_5

kernel-core

5.14.0-503.22.1.el9_5

kernel-debug

5.14.0-503.22.1.el9_5

kernel-debug-core

5.14.0-503.22.1.el9_5

kernel-debug-modules

5.14.0-503.22.1.el9_5

kernel-debug-modules-core

5.14.0-503.22.1.el9_5

kernel-debug-modules-extra

5.14.0-503.22.1.el9_5

kernel-debug-uki-virt

5.14.0-503.22.1.el9_5

kernel-modules

5.14.0-503.22.1.el9_5

kernel-modules-core

5.14.0-503.22.1.el9_5

kernel-modules-extra

5.14.0-503.22.1.el9_5

kernel-tools

5.14.0-503.22.1.el9_5

kernel-tools-libs

5.14.0-503.22.1.el9_5

kernel-uki-virt

5.14.0-503.22.1.el9_5

kernel-uki-virt-addons

5.14.0-503.22.1.el9_5

python3-perf

5.14.0-503.22.1.el9_5

kernel-debug-devel

5.14.0-503.22.1.el9_5

kernel-debug-devel-matched

5.14.0-503.22.1.el9_5

kernel-devel

5.14.0-503.22.1.el9_5

kernel-devel-matched

5.14.0-503.22.1.el9_5

kernel-doc

5.14.0-503.22.1.el9_5

kernel-headers

5.14.0-503.22.1.el9_5

perf

5.14.0-503.22.1.el9_5

rtla

5.14.0-503.22.1.el9_5

kernel-cross-headers

5.14.0-503.22.1.el9_5

kernel-tools-libs-devel

5.14.0-503.22.1.el9_5

libperf

5.14.0-503.22.1.el9_5

Связанные CVE

CVE-2024-50154

CVE-2024-50275

CVE-2024-53088

Ссылки на источники

Связанные уязвимости

CVE-2024-50154

CVSS3: 7

ubuntu

7 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler(). """ We are seeing a use-after-free from a bpf prog attached to trace_tcp_retransmit_synack. The program passes the req->sk to the bpf_sk_storage_get_tracing kernel helper which does check for null before using it. """ The commit 83fccfc3940c ("inet: fix potential deadlock in reqsk_queue_unlink()") added timer_pending() in reqsk_queue_unlink() not to call del_timer_sync() from reqsk_timer_handler(), but it introduced a small race window. Before the timer is called, expire_timers() calls detach_timer(timer, true) to clear timer->entry.pprev and marks it as not pending. If reqsk_queue_unlink() checks timer_pending() just after expire_timers() calls detach_timer(), TCP will miss del_timer_sync(); the reqsk timer will continue running and send multiple SYN+ACKs until it expires. The r...