Описание
ELSA-2025-3937: kernel security update (MODERATE)
- [5.14.0-503.38.1_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Add Oracle Linux IMA certificates
[5.14.0-503.38.1_5]
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (CKI Backport Bot) [RHEL-86726] {CVE-2024-53150}
[5.14.0-503.37.1_5]
- scsi: core: Fix command pass through retry regression (Ewan D. Milne) [RHEL-77123]
[5.14.0-503.36.1_5]
- cpufreq: intel_pstate: Support Emerald Rapids OOB mode (Steve Best) [RHEL-67636]
- cxgb4: use port number to set mac addr (Michal Schmidt) [RHEL-79672]
- ice: stop storing XDP verdict within ice_rx_buf (Petr Oros) [RHEL-76141]
- ice: gather page_count()'s of each frag right before XDP prog call (Petr Oros) [RHEL-76141]
- ice: put Rx buffers after being done with current frame (Petr Oros) [RHEL-76141]
- gve: trigger RX NAPI instead of TX NAPI in gve_xsk_wakeup (Joshua Washington) [RHEL-74413]
- gve: process XSK TX descriptors as part of RX NAPI (Joshua Washington) [RHEL-74413]
- gve: guard XSK operations on the existence of queues (Joshua Washington) [RHEL-74413] {CVE-2024-57933}
- gve: guard XDP xmit NDO on existence of xdp queues (Joshua Washington) [RHEL-74413] {CVE-2024-57932}
- gve: Fix an edge case for TSO skb validity check (Joshua Washington) [RHEL-74413]
- gve: Fix XDP TX completion handling when counters overflow (Joshua Washington) [RHEL-74413]
- gve: Clear napi->skb before dev_kfree_skb_any() (Joshua Washington) [RHEL-74413] {CVE-2024-40937}
- gve: ignore nonrelevant GSO type bits when processing TSO headers (Joshua Washington) [RHEL-74413]
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
kernel-cross-headers
5.14.0-503.38.1.el9_5
kernel-tools-libs-devel
5.14.0-503.38.1.el9_5
bpftool
7.4.0-503.38.1.el9_5
kernel-tools
5.14.0-503.38.1.el9_5
kernel-tools-libs
5.14.0-503.38.1.el9_5
python3-perf
5.14.0-503.38.1.el9_5
kernel-headers
5.14.0-503.38.1.el9_5
perf
5.14.0-503.38.1.el9_5
rtla
5.14.0-503.38.1.el9_5
rv
5.14.0-503.38.1.el9_5
Oracle Linux x86_64
bpftool
7.4.0-503.38.1.el9_5
kernel
5.14.0-503.38.1.el9_5
kernel-core
5.14.0-503.38.1.el9_5
kernel-debug
5.14.0-503.38.1.el9_5
kernel-debug-modules-core
5.14.0-503.38.1.el9_5
kernel-debug-uki-virt
5.14.0-503.38.1.el9_5
kernel-modules-extra
5.14.0-503.38.1.el9_5
kernel-uki-virt-addons
5.14.0-503.38.1.el9_5
kernel-abi-stablelists
5.14.0-503.38.1.el9_5
kernel-debug-core
5.14.0-503.38.1.el9_5
kernel-debug-modules
5.14.0-503.38.1.el9_5
kernel-debug-modules-extra
5.14.0-503.38.1.el9_5
kernel-modules
5.14.0-503.38.1.el9_5
kernel-modules-core
5.14.0-503.38.1.el9_5
kernel-tools
5.14.0-503.38.1.el9_5
kernel-tools-libs
5.14.0-503.38.1.el9_5
kernel-uki-virt
5.14.0-503.38.1.el9_5
python3-perf
5.14.0-503.38.1.el9_5
kernel-debug-devel
5.14.0-503.38.1.el9_5
kernel-debug-devel-matched
5.14.0-503.38.1.el9_5
kernel-devel
5.14.0-503.38.1.el9_5
kernel-devel-matched
5.14.0-503.38.1.el9_5
kernel-doc
5.14.0-503.38.1.el9_5
kernel-headers
5.14.0-503.38.1.el9_5
perf
5.14.0-503.38.1.el9_5
rtla
5.14.0-503.38.1.el9_5
rv
5.14.0-503.38.1.el9_5
kernel-cross-headers
5.14.0-503.38.1.el9_5
kernel-tools-libs-devel
5.14.0-503.38.1.el9_5
libperf
5.14.0-503.38.1.el9_5
Связанные CVE
Связанные уязвимости
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check.
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check.
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check.
In the Linux kernel, the following vulnerability has been resolved: A ...