ELSA-2025-20270

Опубликовано: 11 апр. 2025

Источник: oracle-oval

Платформа: Oracle Linux 9

Платформа: Oracle Linux 8

Описание

ELSA-2025-20270: Unbreakable Enterprise kernel security update (IMPORTANT)

[5.15.0-307.178.5]

net/mlx5: DR, prevent potential error pointer dereference (Dan Carpenter) [Orabug: 37434242] {CVE-2024-56660}
uek-rpm: Set CONFIG_IP6_NF_IPTABLES for ol9/ol8 container kernels (Jonah Palmer) [Orabug: 37703179]
net: hsr: fix fill_frame_info() regression vs VLAN packets (Eric Dumazet)
f2fs: Introduce linear search for dentries (Daniel Lee)
tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind (Marco Leogrande)
net: loopback: Avoid sending IP packets without an Ethernet header (Ido Schimmel)
x86/static-call: Remove early_boot_irqs_disabled check to fix Xen PVH dom0 (Andrew Cooper)
sched: sch_cake: add bounds checks to host bulk flow fairness counts (Toke Hoiland-Jorgensen)
usb: atm: cxacru: fix a flaw in existing endpoint checks (Nikita Zhandarovich)
x86/xen: fix xen_hypercall_hvm() to not clobber %rbx (Juergen Gross)
x86/xen: add FRAME_END to xen_hypercall_hvm() (Juergen Gross)
ocfs2: fix incorrect CPU endianness conversion causing mount failure (Heming Zhao)
usb: dwc3: Set SUSPENDENABLE soon after phy init (Thinh Nguyen)
Revert 'btrfs: avoid monopolizing a core when activating a swap file' (Koichiro Den)
Revert 'media: uvcvideo: Require entities to have a non-zero unique ID' (Thadeu Lima de Souza Cascardo)
netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (Cong Wang)

[5.15.0-307.178.4]

LTS version: v5.15.178 (Vijayendra Suman)
Input: xpad - add support for wooting two he (arm) (Jack Greiner)
Input: xpad - add unofficial Xbox 360 wireless receiver clone (Nilton Perim Neto)
Input: atkbd - map F23 key to support default copilot shortcut (Mark Pearson)
ALSA: usb-audio: Add delay quirk for USB Audio Device (Lianqin Hu)
USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (Qasim Ijaz)
wifi: iwlwifi: add a few rate index validity checks (Anjaneyulu)
scsi: storvsc: Ratelimit warning logs to prevent VM denial of service (Easwar Hariharan)
ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() (Ido Schimmel)
platform/chrome: cros_ec_typec: Check for EC driver (Akihiko Odaki)
fs/ntfs3: Additional check in ntfs_file_release (Konstantin Komarov)
Bluetooth: RFCOMM: Fix not validating setsockopt user input (Luiz Augusto von Dentz)
Bluetooth: SCO: Fix not validating setsockopt user input (Luiz Augusto von Dentz)
vfio/platform: check the bounds of read/write syscalls (Alex Williamson)
net: sched: fix ets qdisc OOB Indexing (Jamal Hadi Salim)
gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher)
mptcp: don't always assume copied data in mptcp_cleanup_rbuf() (Paolo Abeni)
regmap: detach regmap from dev on regmap_exit (Cosmin Tanislav)
ASoC: samsung: Add missing depends on I2C (Charles Keepax)
irqchip/sunxi-nmi: Add missing SKIP_WAKE flag (Philippe Simons)
scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (Xiang Zhang)
seccomp: Stub for !CONFIG_SECCOMP (Linus Walleij)
ASoC: samsung: Add missing selects for MFD_WM8994 (Charles Keepax)
ASoC: wm8994: Add depends on MFD core (Charles Keepax)

[5.15.0-307.177.3]

jbd2: increase maximum transaction size (Jan Kara) [Orabug: 37688920]
net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled (Carolina Jubran) [Orabug: 37534698]
net/mlx5e: Always start IPsec sequence number from 1 (Leon Romanovsky) [Orabug: 37534698]
platform/mellanox: mlxbf-pmc: Add support for clock_measure performance block (Shravan Kumar Ramani) [Orabug: 37534698]
platform/mellanox: mlxbf-pmc: Add support for monitoring cycle count (Shravan Kumar Ramani) [Orabug: 37534698]
platform/mellanox: mlxbf-pmc: incorrect type in assignment (Pei Xiao) [Orabug: 37534698]
net/mlx5e: Disable loopback self-test on multi-PF netdev (Carolina Jubran) [Orabug: 37534698]
net/mlx5: Unregister notifier on eswitch init failure (Cosmin Ratiu) [Orabug: 37534698]
mmc: sdhci-of-dwcmshc: Prevent stale command interrupt handling (Michal Wilczynski) [Orabug: 37534698]
net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (Jianbo Liu) [Orabug: 37534698]
platform/mellanox: mlxbf-pmc: fix lockdep warning (Luiz Capitulino) [Orabug: 37534698]
net/mlx5: Fix bridge mode operations when there are no VFs (Benjamin Poirier) [Orabug: 37534698]
mmc: sdhci-of-dwcmshc: Add hw_reset() support for BlueField-3 SoC (Liming Sun) [Orabug: 37534698]
mmc: sdhci-of-dwcmshc: add dwcmshc_pltfm_data (Chen Wang) [Orabug: 37534698]
mmc: sdhci-of-dwcmshc: factor out code into dwcmshc_rk35xx_init (Chen Wang) [Orabug: 37534698]
mmc: sdhci-of-dwcmshc: factor out code for th1520_init() (Chen Wang) [Orabug: 37534698]
mmc: sdhci-of-dwcmshc: move two rk35xx functions (Chen Wang) [Orabug: 37534698]
mmc: sdhci-of-dwcmshc: add common bulk optional clocks support (Chen Wang) [Orabug: 37534698]
net/mlx5e: Take state lock during tx timeout reporter (Dragos Tatulea) [Orabug: 37534698]
net/mlx5: SD, Do not query MPIR register if no sd_group (Tariq Toukan) [Orabug: 37534698]
net/mlx5: Always drain health in shutdown callback (Shay Drory) [Orabug: 37534698]
mmc: dw_mmc-bluefield: Add support for eMMC HW reset (Liming Sun) [Orabug: 37534698]
mmc: dw_mmc: Add support for platform specific eMMC HW reset (Liming Sun) [Orabug: 37534698]
net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (Dragos Tatulea) [Orabug: 37534698]
net/mlx5e: SHAMPO, Fix incorrect page release (Dragos Tatulea) [Orabug: 37534698]
net/mlx5: Do not query MPIR on embedded CPU function (Tariq Toukan) [Orabug: 37534698]
net/mlx5: Reload only IB representors upon lag disable/enable (Maher Sanalla) [Orabug: 37534698]
mmc: sdhci-of-dwcmshc: Add tuning support for Sophgo CV1800B and SG200X (Jisheng Zhang) [Orabug: 37534698]
macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst (Rahul Rameshbabu) [Orabug: 37534698]
macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads (Rahul Rameshbabu) [Orabug: 37534698]
net/mlx5e: Prevent deadlock while disabling aRFS (Carolina Jubran) [Orabug: 37534698]
net/mlx5e: Use channel mdev reference instead of global mdev instance for coalescing (Rahul Rameshbabu) [Orabug: 37534698]
net/mlx5: SD, Handle possible devcom ERR_PTR (Tariq Toukan) [Orabug: 37534698]
net/mlx5: Disallow SRIOV switchdev mode when in multi-PF netdev (Tariq Toukan) [Orabug: 37534698]
mmc: sdhci-of-dwcmshc: Implement SDHCI CQE support (Sergey Khimich) [Orabug: 37534698]
mmc: cqhci: Add cqhci set_tran_desc() callback (Sergey Khimich) [Orabug: 37534698]
platform/mellanox: mlxbf-pmc: fix signedness bugs (Dan Carpenter) [Orabug: 37534698]
net/mlx5e: Create EN core HW resources for all secondary devices (Tariq Toukan) [Orabug: 37534698]
net/mlx5e: Create single netdev per SD group (Tariq Toukan) [Orabug: 37534698]
net/mlx5: SD, Add debugfs (Tariq Toukan) [Orabug: 37534698]
net/mlx5: SD, Add informative prints in kernel log (Tariq Toukan) [Orabug: 37534698]
net/mlx5: SD, Implement steering for primary and secondaries (Tariq Toukan) [Orabug: 37534698]
net/mlx5: SD, Implement devcom communication and primary election (Tariq Toukan) [Orabug: 37534698]
net/mlx5: SD, Implement basic query and instantiation (Tariq Toukan) [Orabug: 37534698]
net/mlx5: SD, Introduce SD lib (Tariq Toukan) [Orabug: 37534698]
net/mlx5: Add MPIR bit in mcam_access_reg (Tariq Toukan) [Orabug: 37534698]
lib: memcpy_kunit: Fix an invalid format specifier in an assertion msg (David Gow) [Orabug: 37534698]
platform/mellanox: mlxbf-pmc: Ignore unsupported performance blocks (Luiz Capitulino) [Orabug: 37534698]
platform/mellanox: mlxbf-pmc: mlxbf_pmc_event_list(): make size ptr optional (Luiz Capitulino) [Orabug: 37534698]
mmc: sdhci-of-dwcmshc: Add support for Sophgo CV1800B and SG2002 (Jisheng Zhang) [Orabug: 37534698]
platform/mellanox: mlxbf-pmc: Cleanup signed/unsigned mix-up (Shravan Kumar Ramani) [Orabug: 37534698]
platform/mellanox: mlxbf-pmc: Replace uintN_t with kernel-style types (Shravan Kumar Ramani) [Orabug: 37534698]
net: macsec: revert the MAC address if mdo_upd_secy fails (Radu Pirea (NXP OSS)) [Orabug: 37534698]
net: macsec: documentation for macsec_context and macsec_ops (Radu Pirea (NXP OSS)) [Orabug: 37534698]
fortify: Do not cast to 'unsigned char' (Kees Cook) [Orabug: 37534698]
fortify: Use SIZE_MAX instead of (size_t)-1 (Kees Cook) [Orabug: 37534698]
fortify: Fix __compiletime_strlen() under UBSAN_BOUNDS_LOCAL (Kees Cook) [Orabug: 37534698]
mmc: dw_mmc: Add driver callbacks for data read timeout (Marten Lindahl) [Orabug: 37534698]
mmc: dw_mmc-exynos: Add support for ARTPEC-8 (Marten Lindahl) [Orabug: 37534698]
mmc: dw_mmc: clean up a debug message (Dan Carpenter) [Orabug: 37534698]
mmc: dw_mmc: exynos: use common_caps (John Keeping) [Orabug: 37534698]
mmc: dw_mmc: add common capabilities to replace caps (John Keeping) [Orabug: 37534698]
mmc: dw_mmc: Allow lower TMOUT value than maximum (Marten Lindahl) [Orabug: 37534698]
rds: Make sure transmit path and connection tear-down does not run concurrently (Hakon Bugge) [Orabug: 36441944]
ice: always add legacy 32byte RXDID in supported_rxdids (Michal Schmidt) [Orabug: 36252756]
ice: virtchnl rss hena support (Md Fahad Iqbal Polash) [Orabug: 36252756]
ice: Add support Flex RXD (Michal Jaron) [Orabug: 36252756]

[5.15.0-307.177.2]

uek-rpm: Enable CONFIG_MICROSOFT_MANA as module in aarch64 (Vijayendra Suman) [Orabug: 37647393]
rtc: add new RTC_FEATURE_ALARM_WAKEUP_ONLY feature (Alexandre Belloni) [Orabug: 37631796]
thermal: core: Drop excessive lockdep_assert_held() calls (Rafael J. Wysocki) [Orabug: 37631796]
thermal: core: Introduce thermal_cooling_device_update() (Rafael J. Wysocki) [Orabug: 37631796]
thermal: core: Introduce thermal_cooling_device_present() (Rafael J. Wysocki) [Orabug: 37631796]
thermal: sysfs: Reuse cdev->max_state (Viresh Kumar) [Orabug: 37631796]
rtc: efi: Enable SET/GET WAKEUP services as optional (Shanker Donthineni) [Orabug: 37631796]
rtc: efi: Add wakeup support (Riwen Lu) [Orabug: 37631796]
rtc: efi: switch to RTC_FEATURE_UPDATE_INTERRUPT (Alexandre Belloni) [Orabug: 37631796]
rtc: add BSM parameter (Alexandre Belloni) [Orabug: 37631796]
rtc: add correction parameter (Alexandre Belloni) [Orabug: 37631796]
rtc: add parameter ioctl (Alexandre Belloni) [Orabug: 37631796]
rtc: expose correction feature (Alexandre Belloni) [Orabug: 37631796]
rtc: add alarm related features (Alexandre Belloni) [Orabug: 37631796]
rtc: efi: switch to devm_rtc_allocate_device (Alexandre Belloni) [Orabug: 37631796]
cgroup: Make operations on the cgroup root_list RCU safe (Yafang Shao) [Orabug: 37621589]
rds: ib: Avoid sleeping function inside RCU region by using sampled values instead (Hakon Bugge) [Orabug: 37586089]
bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips (Michael Chan) [Orabug: 37434220] {CVE-2024-56656}
bnxt_en: Fix receive ring space parameters when XDP is active (Shravya KN) [Orabug: 37433562] {CVE-2024-53209}
bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() (Aleksandr Mishin) [Orabug: 37070333] {CVE-2024-40919}
bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() (Vikas Gupta) [Orabug: 37070270] {CVE-2024-35972}
bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (Somnath Kotur) [Orabug: 37070266] {CVE-2024-44984}

[5.15.0-307.177.1]

nvmet: always initialize cqe.result (Daniel Wagner) [Orabug: 36897348] {CVE-2024-41079}
nvmet-auth: complete a request only after freeing the dhchap pointers (Maurizio Lombardi) [Orabug: 36897348] {CVE-2024-41079}
scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Justin Tee) [Orabug: 37116505] {CVE-2024-46842}
netdevsim: use cond_resched() in nsim_dev_trap_report_work() (Eric Dumazet) [Orabug: 37264120] {CVE-2024-50155}
nvmet-auth: assign dh_key to NULL after kfree_sensitive (Vitaliy Shevtsov) [Orabug: 37268555] {CVE-2024-50215}
net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (Oleksij Rempel) [Orabug: 37433573] {CVE-2024-53213}
PCI/MSI: Handle lack of irqdomain gracefully (Thomas Gleixner) [Orabug: 37452651] {CVE-2024-56760}
selftests: rtnetlink: update netdevsim ipsec output format (Hangbin Liu) [Orabug: 37547931]
netdevsim: print human readable IP address (Hangbin Liu) [Orabug: 37547931]
uek: kabi: Fix build error for HIDE_INCLUDE macro (Saeed Mirzamohammadi) [Orabug: 37619141]
Add __init annotation to pensando_efi_mem_reserve (Joseph Dobosenski) [Orabug: 37619785]

Обновленные пакеты

Oracle Linux 9

Oracle Linux aarch64

kernel-uek64k

5.15.0-307.178.5.el9uek

kernel-uek64k-core

5.15.0-307.178.5.el9uek

kernel-uek64k-modules

5.15.0-307.178.5.el9uek

kernel-uek64k-modules-extra

5.15.0-307.178.5.el9uek

bpftool

5.15.0-307.178.5.el9uek

kernel-uek

5.15.0-307.178.5.el9uek

kernel-uek-container

5.15.0-307.178.5.el9uek

kernel-uek-container-debug

5.15.0-307.178.5.el9uek

kernel-uek-core

5.15.0-307.178.5.el9uek

kernel-uek-debug

5.15.0-307.178.5.el9uek

kernel-uek-debug-core

5.15.0-307.178.5.el9uek

kernel-uek-debug-devel

5.15.0-307.178.5.el9uek

kernel-uek-debug-modules

5.15.0-307.178.5.el9uek

kernel-uek-debug-modules-extra

5.15.0-307.178.5.el9uek

kernel-uek-devel

5.15.0-307.178.5.el9uek

kernel-uek-doc

5.15.0-307.178.5.el9uek

kernel-uek-modules

5.15.0-307.178.5.el9uek

kernel-uek-modules-extra

5.15.0-307.178.5.el9uek

Oracle Linux x86_64

bpftool

5.15.0-307.178.5.el9uek

kernel-uek

5.15.0-307.178.5.el9uek

kernel-uek-container

5.15.0-307.178.5.el9uek

kernel-uek-container-debug

5.15.0-307.178.5.el9uek

kernel-uek-core

5.15.0-307.178.5.el9uek

kernel-uek-debug

5.15.0-307.178.5.el9uek

kernel-uek-debug-core

5.15.0-307.178.5.el9uek

kernel-uek-debug-devel

5.15.0-307.178.5.el9uek

kernel-uek-debug-modules

5.15.0-307.178.5.el9uek

kernel-uek-debug-modules-extra

5.15.0-307.178.5.el9uek

kernel-uek-devel

5.15.0-307.178.5.el9uek

kernel-uek-doc

5.15.0-307.178.5.el9uek

kernel-uek-modules

5.15.0-307.178.5.el9uek

kernel-uek-modules-extra

5.15.0-307.178.5.el9uek

Oracle Linux 8

Oracle Linux aarch64

kernel-uek

5.15.0-307.178.5.el8uek

kernel-uek-container

5.15.0-307.178.5.el8uek

kernel-uek-core

5.15.0-307.178.5.el8uek

kernel-uek-debug

5.15.0-307.178.5.el8uek

kernel-uek-debug-modules

5.15.0-307.178.5.el8uek

kernel-uek-devel

5.15.0-307.178.5.el8uek

kernel-uek-doc

5.15.0-307.178.5.el8uek

kernel-uek-modules

5.15.0-307.178.5.el8uek

bpftool

5.15.0-307.178.5.el8uek

kernel-uek-container-debug

5.15.0-307.178.5.el8uek

kernel-uek-debug-core

5.15.0-307.178.5.el8uek

kernel-uek-debug-devel

5.15.0-307.178.5.el8uek

kernel-uek-debug-modules-extra

5.15.0-307.178.5.el8uek

kernel-uek-modules-extra

5.15.0-307.178.5.el8uek

Oracle Linux x86_64

bpftool

5.15.0-307.178.5.el8uek

kernel-uek

5.15.0-307.178.5.el8uek

kernel-uek-container

5.15.0-307.178.5.el8uek

kernel-uek-container-debug

5.15.0-307.178.5.el8uek

kernel-uek-core

5.15.0-307.178.5.el8uek

kernel-uek-debug

5.15.0-307.178.5.el8uek

kernel-uek-debug-core

5.15.0-307.178.5.el8uek

kernel-uek-debug-devel

5.15.0-307.178.5.el8uek

kernel-uek-debug-modules

5.15.0-307.178.5.el8uek

kernel-uek-debug-modules-extra

5.15.0-307.178.5.el8uek

kernel-uek-devel

5.15.0-307.178.5.el8uek

kernel-uek-doc

5.15.0-307.178.5.el8uek

kernel-uek-modules

5.15.0-307.178.5.el8uek

kernel-uek-modules-extra

5.15.0-307.178.5.el8uek

Связанные CVE

Ссылки на источники

Связанные уязвимости

CVE-2024-46842

CVSS3: 5.5

ubuntu

9 месяцев назад

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info The MBX_TIMEOUT return code is not handled in lpfc_get_sfp_info and the routine unconditionally frees submitted mailbox commands regardless of return status. The issue is that for MBX_TIMEOUT cases, when firmware returns SFP information at a later time, that same mailbox memory region references previously freed memory in its cmpl routine. Fix by adding checks for the MBX_TIMEOUT return code. During mailbox resource cleanup, check the mbox flag to make sure that the wait did not timeout. If the MBOX_WAKE flag is not set, then do not free the resources because it will be freed when firmware completes the mailbox at a later time in its cmpl routine. Also, increase the timeout from 30 to 60 seconds to accommodate boot scripts requiring longer timeouts.