A kernel security and bug fix update has been released for Oracle Linux 9.

ELSA-2023-3723 Important: Oracle Linux 9 kernel security and bug fix update

Oracle Linux Security Advisory ELSA-2023-3723

http://linux.oracle.com/errata/ELSA-2023-3723.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-7.0.0-284.18.1.el9_2.x86_64.rpm
kernel-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-abi-stablelists-5.14.0-284.18.1.el9_2.noarch.rpm
kernel-core-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-debug-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-debug-core-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-debug-devel-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-debug-devel-matched-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-debug-modules-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-debug-modules-core-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-debug-modules-extra-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-debug-uki-virt-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-devel-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-devel-matched-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-doc-5.14.0-284.18.1.el9_2.noarch.rpm
kernel-headers-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-modules-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-modules-core-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-modules-extra-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-tools-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-tools-libs-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-uki-virt-5.14.0-284.18.1.el9_2.x86_64.rpm
perf-5.14.0-284.18.1.el9_2.x86_64.rpm
python3-perf-5.14.0-284.18.1.el9_2.x86_64.rpm
rtla-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-cross-headers-5.14.0-284.18.1.el9_2.x86_64.rpm
kernel-tools-libs-devel-5.14.0-284.18.1.el9_2.x86_64.rpm

aarch64:
bpftool-7.0.0-284.18.1.el9_2.aarch64.rpm
kernel-headers-5.14.0-284.18.1.el9_2.aarch64.rpm
kernel-tools-5.14.0-284.18.1.el9_2.aarch64.rpm
kernel-tools-libs-5.14.0-284.18.1.el9_2.aarch64.rpm
perf-5.14.0-284.18.1.el9_2.aarch64.rpm
python3-perf-5.14.0-284.18.1.el9_2.aarch64.rpm
kernel-cross-headers-5.14.0-284.18.1.el9_2.aarch64.rpm
kernel-tools-libs-devel-5.14.0-284.18.1.el9_2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-284.18.1.el9_2.src.rpm

Related CVEs:

CVE-2023-2002
CVE-2023-2124
CVE-2023-2194
CVE-2023-2235
CVE-2023-28466
CVE-2023-32233

Description of changes:

[5.14.0-284.18.1.el9_2.OL9]
- cifs: fix wrong unlock before return from cifs_tree_connect()
- docs: Remove the unnecessary unicode character
- perf vendor events intel: Refresh ivytown metrics and events
- perf vendor events: Update Intel ivytown
- perf vendor events intel: Refresh jaketown metrics and events
- perf vendor events: Update Intel jaketown
- NFSD: RHEL-only bug introduced in fix for COMMIT and NFS4ERR_DELAY loop
- NFSD: Fix problem of COMMIT and NFS4ERR_DELAY in infinite loop
- workqueue: Fix isolated CPUs interference problem
- sched/core: Fix arch_scale_freq_tick() on tickless systems
- ice: no busy waiting in GNSS thread and for SQ commands
- wdat_wdt: avoid watchdog timeout during reboot
- hugetlbfs: don't delete error page from pagecache
- mm/filemap: fix page end in filemap_get_read_batch
- isched/deadline: Add more reschedule cases to prio_changed_dl()
- sched/rt: Fix bad task migration for rt tasks
- blk-mq: directly poll requests
- KVM: VMX: Fix crash due to uninitialized current_vmcs
- wifi: iwlwifi: mvm: protect TXQ list manipulation
- crypto: jitter - permanent and intermittent health errors
- cpufreq: intel_pstate: hybrid: Use known scaling factor for P-cores
- cpufreq: intel_pstate: Read all MSRs on the target CPU
- cpufreq: intel_pstate: Enable HWP IO boost for all servers
- crypto: qat: Update QAT drivers upto v6.2
- info/owners.yaml: Adjust intel_qat subsystem entry
- net: tls: fix possible race condition between do_tls_getsockopt_conf and do_tls_setsockopt_conf() {CVE-2023-28466}
- i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() {CVE-2023-2194}
- xfs: verify buffer contents when we skip log replay {CVE-2023-2124}
- bluetooth: Perform careful capability checks in hci_sock_ioctl() {CVE-2023-2002}
- netfilter: nf_tables: deactivate anonymous set from preparation phase {CVE-2023-32233}
- perf: Fix check before add_event_to_groups() in perf_group_detach() {CVE-2023-2235}

[5.14.0-284.11.1.el9_2.OL9]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64