Lucene search

K
oraclelinuxOracleLinuxELSA-2023-13039
HistoryDec 11, 2023 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2023-12-1100:00:00
linux.oracle.com
15
lts version
bluetooth fix
usb update
pci fix
acpi fix
hid fix
arm fix
kvm fix
netfilter fix
nfc fix
x86 fix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0

Percentile

5.1%

[4.14.35-2047.532.3]

  • Revert ‘mmc: core: Capture correct oemid-bits for eMMC cards’ (Dominique Martinet)
  • media: dvb-usb-v2: af9035: fix missing unlock (Hans Verkuil)
  • perf/core: Fix potential NULL deref (Peter Zijlstra)
    [4.14.35-2047.532.2]
  • x86: change default to spec_store_bypass_disable=prctl spectre_v2_user=prctl (Andrea Arcangeli) [Orabug: 35905888]
  • LTS version: 4.14.328 (Saeed Mirzamohammadi)
  • Bluetooth: hci_event: Fix using memcmp when comparing keys (Luiz Augusto von Dentz)
  • Bluetooth: hci_sock: Correctly bounds check and pad HCI_MON_NEW_INDEX name (Kees Cook)
  • Bluetooth: hci_sock: fix slab oob read in create_monitor_event (Edward AD)
  • gpio: vf610: set value before the direction to avoid a glitch (Haibo Chen)
  • s390/pci: fix iommu bitmap allocation (Niklas Schnelle)
  • perf: Disallow mis-matched inherited group reads (Saeed Mirzamohammadi)
  • USB: serial: option: add Fibocom to DELL custom modem FM101R-GL (Puliang Lu)
  • USB: serial: option: add entry for Sierra EM9191 with new firmware (Benoit Monin)
  • USB: serial: option: add Telit LE910C4-WWX 0x1035 composition (Fabio Porcedda)
  • ACPI: irq: Fix incorrect return value in acpi_register_gsi() (Sunil V L)
  • Revert ‘pinctrl: avoid unsafe code pattern in find_pinctrl()’ (Andy Shevchenko)
  • mmc: core: Capture correct oemid-bits for eMMC cards (Avri Altman)
  • sky2: Make sure there is at least one frag_addr available (Kees Cook)
  • wifi: cfg80211: avoid leaking stack data into trace (Benjamin Berg)
  • wifi: mac80211: allow transmitting EAPOL frames with tainted key (Wen Gong)
  • Bluetooth: hci_core: Fix build warnings (Luiz Augusto von Dentz)
  • Bluetooth: Avoid redundant authentication (Ying Hsu)
  • HID: holtek: fix slab-out-of-bounds Write in holtek_kbd_input_event (Ma Ke)
  • tracing: relax trace_event_eval_update() execution with cond_resched() (Clement Leger)
  • ata: libata-eh: Fix compilation warning in ata_eh_link_report() (Damien Le Moal)
  • gpio: timberdale: Fix potential deadlock on &tgpio->lock (Chengfeng Ye)
  • overlayfs: set ctime when setting mtime and atime (Jeff Layton)
  • i2c: mux: Avoid potential false error message in i2c_mux_add_adapter (Heiner Kallweit)
  • btrfs: initialize start_slot in btrfs_log_prealloc_extents (Josef Bacik)
  • ARM: dts: ti: omap: Fix noisy serial with overrun-throttle-ms for mapphone (Tony Lindgren)
  • i40e: prevent crash on probe if hw registers have invalid values (Michal Schmidt)
  • net: usb: smsc95xx: Fix an error code in smsc95xx_reset() (Dan Carpenter)
  • net: rfkill: gpio: prevent value glitch during probe (Josua Mayer)
  • net: ipv6: fix return value check in esp_remove_trailer (Ma Ke)
  • net: ipv4: fix return value check in esp_remove_trailer (Ma Ke)
  • xfrm: fix a data-race in xfrm_gen_index() (Saeed Mirzamohammadi)
  • netfilter: nft_payload: fix wrong mac header matching (Florian Westphal)
  • KVM: x86: Mask LVTPC when handling a PMI (Jim Mattson)
  • regmap: fix NULL deref on lookup (Johan Hovold)
  • nfc: nci: fix possible NULL pointer dereference in send_acknowledge() (Krzysztof Kozlowski)
  • Bluetooth: avoid memcmp() out of bounds warning (Arnd Bergmann)
  • Bluetooth: hci_event: Fix coding style (Luiz Augusto von Dentz)
  • Bluetooth: vhci: Fix race when opening vhci device (Arkadiusz Bokowy)
  • Bluetooth: Fix a refcnt underflow problem for hci_conn (Ziyang Xuan)
  • Bluetooth: Reject connection with the device which has same BD_ADDR (Lee, Chun-Yi)
  • Bluetooth: hci_event: Ignore NULL link key (Lee, Chun-Yi)
  • usb: hub: Guard against accesses to uninitialized BOS descriptors (Ricardo Canuelo)
  • x86/cpu: Fix AMD erratum #1485 on Zen4-based CPUs (Borislav Petkov (AMD))
  • usb: gadget: ncm: Handle decoding of multiple NTB’s in unwrap call (Krishna Kurapati)
  • usb: gadget: udc-xilinx: replace memcpy with memcpy_toio (Piyush Mehta)
  • pinctrl: avoid unsafe code pattern in find_pinctrl() (Dmitry Torokhov)
  • cgroup: Remove duplicates in cgroup v1 tasks file (Michal Koutny)
  • Input: xpad - add PXN V900 support (Matthias Berndt)
  • Input: powermate - fix use-after-free in powermate_config_complete (Javier Carrasco)
  • ceph: fix incorrect revoked caps assert in ceph_fill_file_size() (Xiubo Li)
  • mcb: remove is_added flag from mcb_device struct (Jorge Sanjuan Garcia)
  • iio: pressure: ms5611: ms5611_prom_is_valid false negative bug (Alexander Zangerl)
  • iio: pressure: bmp280: Fix NULL pointer exception (Phil Elwell)
  • usb: musb: Modify the ‘HWVers’ register address (Xingxing Luo)
  • usb: musb: Get the musb_qh poniter after musb_giveback (Xingxing Luo)
  • net: usb: dm9601: fix uninitialized variable use in dm9601_mdio_read (Javier Carrasco)
  • usb: xhci: xhci-ring: Use sysdev for mapping bounce buffer (Wesley Cheng)
  • workqueue: Override implicit ordered attribute in workqueue_apply_unbound_cpumask() (Waiman Long)
  • nfc: nci: assert requested protocol is valid (Jeremy Cline)
  • ixgbe: fix crash with empty VF macvlan list (Dan Carpenter)
  • drm/vmwgfx: fix typo of sizeof argument (Konstantin Meskhidze)
  • ieee802154: ca8210: Fix a potential UAF in ca8210_probe (Dinghao Liu)
  • drm: etvnaviv: fix bad backport leading to warning (Martin Fuzzey)
  • HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (Hans de Goede)
  • RDMA/cxgb4: Check skb value for failure to allocate (Artem Chernyshev)
  • LTS version: 4.14.327 (Saeed Mirzamohammadi)
  • parisc: Restore __ldcw_align for PA-RISC 2.0 processors (John David Anglin)
  • RDMA/mlx5: Fix NULL string error (Shay Drory)
  • RDMA/cma: Fix truncation compilation warning in make_cma_ports (Leon Romanovsky)
  • gpio: aspeed: fix the GPIO number passed to pinctrl_gpio_set_config() (Bartosz Golaszewski)
  • IB/mlx4: Fix the size of a buffer in add_port_entries() (Christophe JAILLET)
  • cpupower: add Makefile dependencies for install targets (Ivan Babrou)
  • sctp: update hb timer immediately after users change hb_interval (Xin Long)
  • sctp: update transport state when processing a dupcook packet (Xin Long)
  • tcp: fix delayed ACKs for MSS boundary condition (Neal Cardwell)
  • net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg (Shigeru Yoshida)
  • ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() (David Howells)
  • modpost: add missing else to the ‘of’ check (Mauricio Faria de Oliveira)
  • scsi: target: core: Fix deadlock due to recursive locking (Junxiao Bi)
  • regmap: rbtree: Fix wrong register marked as in-cache when creating new node (Richard Fitzgerald)
  • drivers/net: process the result of hdlc_open() and add call of hdlc_close() in uhdlc_close() (Alexandra Diupina)
  • ubi: Refuse attaching if mtd’s erasesize is 0 (Zhihao Cheng)
  • wifi: mwifiex: Fix tlv_buf_left calculation (Gustavo A. R. Silva)
  • scsi: zfcp: Fix a double put in zfcp_port_enqueue() (Dinghao Liu)
  • media: dvb: symbol fixup for dvb_attach() - again (Greg Kroah-Hartman)
  • ata: libata: disallow dev-initiated LPM transitions to unsupported states (Niklas Cassel)
  • net/sched: sch_hfsc: Ensure inner classes have fsc curve (Budimir Markovic) [Orabug: 35810543] {CVE-2023-4623}
  • ext4: fix rec_len verify error (Shida Zhang)
  • vc_screen: reload load of struct vc_data pointer in vcs_write() to avoid UAF (George Kennedy)
  • fs: binfmt_elf_efpic: fix personality for ELF-FDPIC (Greg Ungerer)
  • ata: libata-sata: increase PMP SRST timeout to 10s (Matthias Schiffer)
  • ata: libata-core: Fix port and device removal (Damien Le Moal)
  • ata: libata-core: Fix ata_port_request_pm() locking (Damien Le Moal)
  • btrfs: properly report 0 avail for very full file systems (Josef Bacik)
  • i2c: i801: unregister tco_pdev in i801_probe() error path (Heiner Kallweit)
  • ata: libata-scsi: ignore reserved bits for REPORT SUPPORTED OPERATION CODES (Niklas Cassel)
  • nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() (Pan Bian)
  • serial: 8250_port: Check IRQ data before use (Andy Shevchenko)
  • watchdog: iTCO_wdt: Set NO_REBOOT if the watchdog is not already running (Mika Westerberg)
  • watchdog: iTCO_wdt: No need to stop the timer in probe (Mika Westerberg)
  • ata: libahci: clear pending interrupt status (Szuying Chen)
  • ata: ahci: Drop pointless VPRINTK() calls and convert the remaining ones (Hannes Reinecke)
  • fbdev/sh7760fb: Depend on FB=y (Thomas Zimmermann)
  • ata: libata-eh: do not clear ATA_PFLAG_EH_PENDING in ata_eh_reset() (Niklas Cassel)
  • ring-buffer: Avoid softlockup in ring_buffer_resize() (Zheng Yejian)
  • selftests/ftrace: Correctly enable event in instance-event.tc (Zheng Yejian)
  • parisc: irq: Make irq_stack_union static to avoid sparse warning (Helge Deller)
  • parisc: iosapic.c: Fix sparse warnings (Helge Deller)
  • parisc: sba: Fix compile warning wrt list of SBA devices (Helge Deller)
  • xtensa: boot/lib: fix function prototypes (Max Filippov)
  • xtensa: boot: don’t add include-dirs (Randy Dunlap)
  • clk: tegra: fix error return case for recalc_rate (Timo Alho)
  • i2c: mux: demux-pinctrl: check the return value of devm_kstrdup() (Xiaoke Wang)
  • gpio: tb10x: Fix an error handling path in tb10x_gpio_probe() (Christophe JAILLET)
  • team: fix null-ptr-deref when team device type is changed (Ziyang Xuan)
  • powerpc/perf/hv-24x7: Update domain value check (Kajol Jain)
  • ipv4: fix null-deref in ipv4_link_failure (Kyle Zeng)
  • NFS/pNFS: Report EINVAL errors from connect() to the server (Trond Myklebust)
    [4.14.35-2047.532.1]
  • rds/ib: Preserve dest qp num in the connect request (Arumugam Kolappan) [Orabug: 35649849]
  • rds: Provision to allow all trace points at module load time (Arumugam Kolappan) [Orabug: 35355776]

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.2

Confidence

High

EPSS

0

Percentile

5.1%