Oracle Linux Security Advisory ELSA-2022-6003

https://linux.oracle.com/errata/ELSA-2022-6003.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-abi-stablelists-5.14.0-70.22.1.0.1.el9_0.noarch.rpm
kernel-core-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-debug-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-debug-core-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-debug-devel-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-debug-devel-matched-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-debug-modules-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-debug-modules-extra-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-devel-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-devel-matched-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-doc-5.14.0-70.22.1.0.1.el9_0.noarch.rpm
kernel-headers-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-modules-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-modules-extra-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-tools-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-tools-libs-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
perf-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
python3-perf-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-cross-headers-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm
kernel-tools-libs-devel-5.14.0-70.22.1.0.1.el9_0.x86_64.rpm

aarch64:
bpftool-5.14.0-70.22.1.0.1.el9_0.aarch64.rpm
kernel-headers-5.14.0-70.22.1.0.1.el9_0.aarch64.rpm
kernel-tools-5.14.0-70.22.1.0.1.el9_0.aarch64.rpm
kernel-tools-libs-5.14.0-70.22.1.0.1.el9_0.aarch64.rpm
perf-5.14.0-70.22.1.0.1.el9_0.aarch64.rpm
python3-perf-5.14.0-70.22.1.0.1.el9_0.aarch64.rpm
kernel-cross-headers-5.14.0-70.22.1.0.1.el9_0.aarch64.rpm
kernel-tools-libs-devel-5.14.0-70.22.1.0.1.el9_0.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol9/SRPMS-updates/kernel-5.14.0-70.22.1.0.1.el9_0.src.rpm

Related CVEs:

CVE-2022-0494
CVE-2022-1055




Description of changes:

[5.14.0-70.22.1.0.1.el9_0.OL9]
[lockdown: also lock down previous kgdb use (Daniel Thompson) [Orabug: 34290418] {CVE-2022-21499}

[5.14.0-70.22.1.el9_0.OL9]
[Update Oracle Linux certificates (Kevin Lyons)
[Disable signing for aarch64 (Ilya Okomin)
[Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
[Update x509.genkey [Orabug: 24817676]
[Conflict with shim-ia32 and shim-x64 < 15.3-1.0.4]
[Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]

[5.14.0-70.22.1.el9_0]
[PCI: vmd: Revert 2565e5b69c44 ("PCI: vmd: Do not disable MSI-X remapping if interrupt remapping is enabled by IOMMU.") (Myron Stowe) [2109974 2084146]
[PCI: vmd: Assign VMD IRQ domain before enumeration (Myron Stowe) [2109974 2084146]
[rhel config: Set DMAR_UNITS_SUPPORTED (Jerry Snitselaar) [2105326 2094984]
[iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (Jerry Snitselaar) [2105326 2094984]

[5.14.0-70.21.1.el9_0]
[ibmvnic: fix race between xmit and reset (Gustavo Walbon) [2103085 2061556]
[scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Chris Leech) [2098251 2095440]
[scsi: core: sysfs: Fix hang when device state is set via sysfs (Chris Leech) [2098251 2095440]

[5.14.0-70.20.1.el9_0]
[block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Ming Lei) [2106024 2066297] {CVE-2022-0494}
[ahci: Add a generic 'controller2' RAID id (Tomas Henzl) [2099740 2078880]
[ahci: remove duplicated PCI device IDs (Tomas Henzl) [2099740 2042790]
[gfs2: Stop using glock holder auto-demotion for now (Andreas Gruenbacher) [2097306 2082193]
[gfs2: buffered write prefaulting (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Align read and write chunks to the page cache (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Pull return value test out of should_fault_in_pages (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Clean up use of fault_in_iov_iter_{read,write}able (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Variable rename (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) [2097306 2082193]
[iomap: iomap_write_end cleanup (Andreas Gruenbacher) [2097306 2082193]
[iomap: iomap_write_failed fix (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Don't re-check for write past EOF unnecessarily (Andreas Gruenbacher) [2097306 2082193]
[gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) [2097306 2082193]
[fs/iomap: Fix buffered write page prefaulting (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Remove dead code in gfs2_file_read_iter (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Minor retry logic cleanup (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Fix should_fault_in_pages() logic (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Initialize gh_error in gfs2_glock_nq (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Make use of list_is_first (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Switch lock order of inode and iopen glock (Andreas Gruenbacher) [2097306 2082193]
[gfs2: cancel timed-out glock requests (Andreas Gruenbacher) [2097306 2082193]
[gfs2: Expect -EBUSY after canceling dlm locking requests (Andreas Gruenbacher) [2097306 2082193]
[gfs2: gfs2_setattr_size error path fix (Andreas Gruenbacher) [2097306 2082193]
[gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) [2097306 2082193]

[5.14.0-70.19.1.el9_0]
[KVM: x86/mmu: make apf token non-zero to fix bug (Vitaly Kuznetsov) [2100903 2074832]
[powerpc/64: Move paca allocation later in boot (Desnes A. Nunes do Rosario) [2092248 2055566]
[powerpc: Set crashkernel offset to mid of RMA region (Desnes A. Nunes do Rosario) [2092248 2055566]
[powerpc/64s/hash: Make hash faults work in NMI context (Desnes A. Nunes do Rosario) [2092253 2062762]

[5.14.0-70.18.1.el9_0]
[NFSv4: Fix free of uninitialized nfs4_label on referral lookup. (Benjamin Coddington) [2101858 2086367]
[NFSv4 only print the label when its queried (Benjamin Coddington) [2101854 2057327]
[crypto: fips - make proc files report fips module name and version (Simo Sorce) [2093384 2080499]
[net: sched: fix use-after-free in tc_new_tfilter() (Ivan Vecera) [2071707 2090410] {CVE-2022-1055}


_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata