Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
oraclelinuxOracleLinuxELSA-2024-1248
HistoryMar 15, 2024 - 12:00 a.m.

kernel security update

2024-03-1500:00:00
linux.oracle.com
15
kernel update
oracle linux certificates
aarch64 signing
rdma vulnerability
drm vulnerability

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

51.3%

JSON
  • [5.14.0-362.24.1_3.OL9]
  • Update Oracle Linux certificates (Kevin Lyons)
  • Disable signing for aarch64 (Ilya Okomin)
  • Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  • Update x509.genkey [Orabug: 24817676]
  • Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5
  • Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]
  • Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
  • Disable unified kernel image package build
  • Add Oracle Linux IMA certificates
    [5.14.0-362.24.1_3]
  • RDMA/mlx5: Fix assigning access flags to cache mkeys (Mohammad Kabat) [RHEL-25242 RHEL-882]
  • drm/amdgpu: Fix potential fence use-after-free v2 (Jan Stancek) [RHEL-24501 RHEL-24504 RHEL-22506 RHEL-22507] {CVE-2023-51042}
  • ceph: defer stopping mdsc delayed_work (Xiubo Li) [RHEL-22256 RHEL-16415]
  • ceph: never send metrics if disable_send_metrics is set (Xiubo Li) [RHEL-22256 RHEL-16415]
  • ceph: don’t let check_caps skip sending responses for revoke msgs (Xiubo Li) [RHEL-22256 RHEL-16415]
  • ceph: issue a cap release immediately if no cap exists (Xiubo Li) [RHEL-22256 RHEL-16415]
  • ceph: trigger to flush the buffer when making snapshot (Xiubo Li) [RHEL-22256 RHEL-16415]
  • ceph: fix blindly expanding the readahead windows (Xiubo Li) [RHEL-22256 RHEL-16415]
  • ceph: add a dedicated private data for netfs rreq (Xiubo Li) [RHEL-22256 RHEL-16415]
  • ceph: voluntarily drop Xx caps for requests those touch parent mtime (Xiubo Li) [RHEL-22256 RHEL-16415]
  • ceph: try to dump the msgs when decoding fails (Xiubo Li) [RHEL-22256 RHEL-16415]
  • ceph: only send metrics when the MDS rank is ready (Xiubo Li) [RHEL-22256 RHEL-16415]
  • x86/boot: Ignore NMIs during very early boot (Derek Barbosa) [RHEL-24449 RHEL-9380]
  • Documentation, mm/unaccepted: document accept_memory kernel parameter (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • proc/kcore: do not try to access unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi/unaccepted: do not let /proc/vmcore try to access unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/traps: Fix load_unaligned_zeropad() handling for shared TDX memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi/unaccepted: Fix off-by-one when checking for overlapping ranges (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/tdx: Zero out the missing RSI in TDX_HYPERCALL macro (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/kvm: Do not try to disable kvmclock if it was not enabled (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/tdx: Mark TSC reliable (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • RHEL: kABI fixup for struct zone (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • RHEL: introduce NR_VM_ZONE_STAT_ITEMS_ACTUAL for kABI-preserving zone stats (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • RHEL: 9.3 kABI fixup for struct efi (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/mm: Fix enc_status_change_finish_noop() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/tdx: Fix race between set_memory_encrypted() and load_unaligned_zeropad() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/mm: Allow guest.enc_status_change_prepare() to fail (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/coco: Mark cc_platform_has() and descendants noinstr (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • virt: sevguest: Add CONFIG_CRYPTO dependency (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • mm/page_alloc: make deferred page init free pages in MAX_ORDER blocks (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • mm/page_alloc: fix obsolete comment in deferred_pfn_valid() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/sev: Change npages to unsigned long in snp_accept_memory() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi/unaccepted: Fix soft lockups caused by parallel memory acceptance (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi/unaccepted: Make sure unaccepted table is mapped (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/efi: Safely enable unaccepted memory in UEFI (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/sev: Add SNP-specific unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/sev: Use large PSC requests if applicable (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/sev: Allow for use of the early boot GHCB for PSC requests (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/sev: Put PSC struct on the stack in prep for unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/sev: Fix calculation of end address based on number of pages (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/tdx: Wrap exit reason with hcall_func() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/tdx: Add unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/tdx: Refactor try_accept_one() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi/unaccepted: Avoid load_unaligned_zeropad() stepping into unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi: Add unaccepted memory support (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/boot/compressed: Handle unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi/unaccepted: Use ACPI reclaim memory for unaccepted memory table (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi/libstub: Implement support for unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi/x86: Get full memory map in allocate_e820() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • memblock tests: Fix compilation errors. (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • mm: Add support for unaccepted memory (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/boot: Centralize __pa()/__va() definitions (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/boot: Add an efi.h header for the decompressor (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/tdx: Make _tdx_hypercall() and __tdx_module_call() available in boot stub (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/tdx: Drop flags from __tdx_hypercall() (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/tdx: Disable NOTIFY_ENABLES (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/tdx: Relax SEPT_VE_DISABLE check for debug TD (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/tdx: Use ReportFatalError to report missing SEPT_VE_DISABLE (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • cpuidle, tdx: Make TDX code noinstr clean (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • x86/tdx: Remove TDX_HCALL_ISSUE_STI (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • mm: add pageblock_aligned() macro (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi: memmap: Disregard bogus entries instead of returning them (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi: memmap: Move manipulation routines into x86 arch tree (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi: memmap: Move EFI fake memmap support into x86 arch tree (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi: libstub: install boot-time memory map as config table (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi: libstub: remove DT dependency from generic stub (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi: libstub: unify initrd loading between architectures (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi: libstub: remove pointless goto kludge (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi: libstub: simplify efi_get_memory_map() and struct efi_boot_memmap (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi: libstub: avoid efi_get_memory_map() for allocating the virt map (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi: libstub: drop pointless get_memory_map() call (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi/libstub: move efi_system_table global var into separate object (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi/x86: libstub: remove unused variable (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • efi: Correct comment on efi_memmap_alloc (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • drivers: fix typo in firmware/efi/memmap.c (Paolo Bonzini) [RHEL-20808 RHEL-10059]
  • netfilter: nf_tables: skip set commit for deleted/destroyed sets (Phil Sutter) [RHEL-20683 RHEL-20686 RHEL-20214 RHEL-20217] {CVE-2024-0193}
  • redhat: add missing -rt JIRAs (Jan Stancek)
    [5.14.0-362.23.1_3]
  • iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range (Jerry Snitselaar) [RHEL-19382 RHEL-11590]
  • arm64/smmu: use TLBI ASID when invalidating entire range (Jerry Snitselaar) [RHEL-19382 RHEL-11590]
  • netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20701 RHEL-20709 RHEL-19722 RHEL-19961] {CVE-2023-6817}
  • netfilter: nf_tables: split async and sync catchall in two functions (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: remove catchall element in GC sync path (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: expose opaque set element as struct nft_elem_priv (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: set backend .flush always succeeds (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nft_set_pipapo: no need to call pipapo_deactivate() from flush (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: work around newrule after chain binding (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: fix memleak when more than 255 elements expired (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: disable toggling dormant table state more than once (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: disallow element removal on anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nft_set_pipapo: stop GC iteration if GC transaction allocation fails (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nft_set_pipapo: call nft_trans_gc_queue_sync() in catchall GC (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: disallow rule removal from chain binding (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: defer gc run if previous batch is still pending (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: fix out of memory error handling (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: use correct lock to protect gc_list (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: GC transaction race with abort path (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: flush pending destroy work before netlink notifier (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nft_dynset: disallow object maps (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: GC transaction race with netns dismantle (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: don’t fail inserts if duplicate has expired (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: deactivate catchall elements in next generation (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: fix kdoc warnings after gc rework (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: fix false-positive lockdep splat (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: remove busy mark and gc batch API (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nft_set_hash: mark set element as dead when deleting from packet path (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244}
  • netfilter: nf_tables: adapt set backend to use GC transaction API (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244}
  • netfilter: nft_set_rbtree: fix overlap expiration walk (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: GC transaction API to avoid race with control plane (Florian Westphal) [RHEL-22131 RHEL-22134 RHEL-1720 RHEL-1721] {CVE-2023-4244}
  • netfilter: nf_tables: don’t skip expired elements during walk (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: skip bound chain in netns release path (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: fix spurious set element insertion failure (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: report use refcount overflow (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: fix underflow in chain reference counter (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: disallow timeout for anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: disallow updates of anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: reject unbound chain set before commit phase (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: reject unbound anonymous set before commit phase (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: disallow element updates of bound anonymous sets (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: fix underflow in object reference counter (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: drop map element references from preparation phase (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: validate variable length element extension (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nft_set_pipapo: .walk does not deal with generations (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: relax set/map validation checks (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: integrate pipapo into commit protocol (Florian Westphal) [RHEL-22131 RHEL-1720]
  • netfilter: nf_tables: upfront validation of data via nft_data_init() (Florian Westphal) [RHEL-22131 RHEL-1720]
  • rbd: don’t move requests to the running list on errors (Ilya Dryomov) [RHEL-23863 RHEL-21939]
  • ASoC: SOF: intel: hda: Clean up link DMA for IPC3 during stop (Jaroslav Kysela) [RHEL-24033 RHEL-13724]
  • platform/x86/intel-uncore-freq: Return error on write frequency (David Arcari) [RHEL-15751 2177013]
  • platform/x86: intel-uncore-freq: Add client processors (David Arcari) [RHEL-15751 2177013]
  • platform/x86: intel-uncore-freq: add Emerald Rapids support (David Arcari) [RHEL-15751 2177013]
  • platform/x86: intel-uncore-freq: Use sysfs_emit() to instead of scnprintf() (David Arcari) [RHEL-15751 2177013]
  • platform/x86: intel-uncore-freq: Prevent driver loading in guests (David Arcari) [RHEL-15751 2177013]
  • platform/x86: intel-uncore-freq: fix uncore_freq_common_init() error codes (David Arcari) [RHEL-15751 2177013]
  • Documentation: admin-guide: pm: Document uncore frequency scaling (David Arcari) [RHEL-15751 2177013]
  • platform/x86/intel-uncore-freq: Split common and enumeration part (David Arcari) [RHEL-15751 2177013]
  • platform/x86/intel/uncore-freq: Display uncore current frequency (David Arcari) [RHEL-15751 2177013]
  • platform/x86/intel/uncore-freq: Use sysfs API to create attributes (David Arcari) [RHEL-15751 2177013]
  • platform/x86/intel/uncore-freq: Move to uncore-frequency folder (David Arcari) [RHEL-15751 2177013]
  • platform/x86: intel-uncore-frequency: use default_groups in kobj_type (David Arcari) [RHEL-15751 2177013]
  • platform/x86: intel-uncore-frequency: Move to intel sub-directory (David Arcari) [RHEL-15751 2177013]
  • Revert ‘platform/x86: intel-uncore-freq: add Emerald Rapids support’ (David Arcari) [RHEL-15751 2177013]
  • iommu/iova: Manage the depot list size (Jay Shin) [RHEL-21517 RHEL-11148]
  • iommu/iova: Make the rcache depot scale better (Jay Shin) [RHEL-21517 RHEL-11148]
  • drm/amd/pm: Fix error of MACO flag setting code (Michel Danzer) [RHEL-16741 RHEL-16742 RHEL-14571 RHEL-15927]
  • drm/amd: Fix detection of _PR3 on the PCIe root port (Michel Danzer) [RHEL-16741 RHEL-16742 RHEL-14571 RHEL-15927]
    [5.14.0-362.22.1_3]
  • usb: typec: ucsi: Use GET_CAPABILITY attributes data to set power supply scope (Desnes Nunes) [RHEL-21838 RHEL-14573]
  • KVM: SVM: Do not use user return MSR support for virtualized TSC_AUX (Paolo Bonzini) [RHEL-20415 RHEL-16384]
  • KVM: SVM: Fix TSC_AUX virtualization setup (Paolo Bonzini) [RHEL-20415 RHEL-16384]
  • KVM: SVM: INTERCEPT_RDTSCP is never intercepted anyway (Paolo Bonzini) [RHEL-20415 RHEL-16384]
  • net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22094 RHEL-22097 RHEL-19066 RHEL-19067] {CVE-2024-0646}
  • smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21664 RHEL-21669 RHEL-18992 RHEL-18993] {CVE-2023-6606}
  • NFSv4.1: fixup use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Jeffrey Layton) [RHEL-22284 RHEL-7936]
  • NFSv4.1: fix zero value filehandle in post open getattr (Jeffrey Layton) [RHEL-22284 RHEL-7936]
  • NFSv4.1: fix pnfs MDS=DS session trunking (Jeffrey Layton) [RHEL-22284 RHEL-7936]
  • NFSv4.1: use EXCHGID4_FLAG_USE_PNFS_DS for DS server (Jeffrey Layton) [RHEL-22284 RHEL-7936]
  • nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
  • nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
  • nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
  • nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22290 RHEL-22292 RHEL-22627 RHEL-22629 RHEL-22632 RHEL-22636 RHEL-19150 RHEL-19153 RHEL-19156 RHEL-19159 RHEL-19162 RHEL-19165] {CVE-2023-6356 CVE-2023-6535 CVE-2023-6536}
  • ice: dpll: fix phase offset value (Petr Oros) [RHEL-17652 RHEL-15789]
  • dpll: netlink/core: change pin frequency set behavior (Petr Oros) [RHEL-17652 RHEL-15789]
  • ice: dpll: implement phase related callbacks (Petr Oros) [RHEL-17652 RHEL-15789]
  • dpll: netlink/core: add support for pin-dpll signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789]
  • dpll: spec: add support for pin-dpll signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789]
  • dpll: docs: add support for pin signal phase offset/adjust (Petr Oros) [RHEL-17652 RHEL-15789]
  • netlink: specs: remove redundant type keys from attributes in subsets (Petr Oros) [RHEL-17652 RHEL-15789]
  • md/raid6: use valid sector values to determine if an I/O should wait on the reshape (Nigel Croxon) [RHEL-20933 RHEL-17276]
    [5.14.0-362.21.1_3]
  • x86/microcode: do not cache microcode if it will not be used (Paolo Bonzini) [RHEL-21567 RHEL-16225]
  • x86/hyperv: Move the code in ivm.c around to avoid unnecessary ifdef’s (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Remove hv_isolation_type_en_snp (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Use TDX GHCI to access some MSRs in a TDX VM with the paravisor (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • Drivers: hv: vmbus: Bring the post_msg_page back for TDX VMs with the paravisor (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Introduce a global variable hyperv_paravisor_present (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Add missing ‘inline’ to hv_snp_boot_ap() stub (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Mark hv_ghcb_terminate() as noreturn (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • Drivers: hv: vmbus: Support >64 VPs for a fully enlightened TDX/SNP VM (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Fix serial console interrupts for fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • Drivers: hv: vmbus: Support fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Support hypercalls for fully enlightened TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Add hv_isolation_type_tdx() to detect TDX guests (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Fix undefined reference to isolation_type_en_snp without CONFIG_HYPERV (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Add hyperv-specific handling for VMMCALL under SEV-ES (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Add smp support for SEV-SNP guest (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Add VTL specific structs and hypercalls (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • clocksource: hyper-v: Mark hyperv tsc page unencrypted in sev-snp enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Use vmmcall to implement Hyper-V hypercall in sev-snp enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • drivers: hv: Mark percpu hvcall input arg page unencrypted in SEV-SNP enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • Drivers: hv: vmbus: Remove the per-CPU post_msg_page (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Mark Hyper-V vp assist page unencrypted in SEV-SNP enlightened guest (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Set Virtual Trust Level in VMBus init message (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/hyperv: Add sev-snp enlightened guest static key (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/tdx: Do not corrupt frame-pointer in __tdx_hypercall() (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/tdx: Expand __tdx_hypercall() to handle more arguments (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/tdx: Refactor __tdx_hypercall() to allow pass down more arguments (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/tdx: Add more registers to struct tdx_hypercall_args (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • x86/tdx: Fix typo in comment in __tdx_hypercall() (Vitaly Kuznetsov) [RHEL-21441 2176350]
  • blk-mq: don’t count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19105 RHEL-18054]
  • NFS: Use parent’s objective cred in nfs_access_login_time() (Jay Shin) [RHEL-22147 RHEL-16024]
  • s390/qeth: Don’t call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17887 RHEL-2412]
  • smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-19146 RHEL-21679 RHEL-19147 RHEL-21677] {CVE-2023-6610}
  • smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-19146 RHEL-21679 RHEL-19147 RHEL-21677] {CVE-2023-6610}
  • x86/sev: Do not handle #VC for DR7 read/write (Paolo Bonzini) [RHEL-21885 RHEL-15069]
  • x86/sev: Use the GHCB protocol when available for SNP CPUID requests (Paolo Bonzini) [RHEL-21885 RHEL-15069]
    [5.14.0-362.20.1_3]
  • s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-11980 RHEL-2833]
  • x86/microcode/AMD: Rip out static buffers (David Arcari) [RHEL-14590 RHEL-10030]
  • x86/microcode/AMD: Load late on both threads too (David Arcari) [RHEL-14590 RHEL-10030]
  • x86/microcode/amd: Remove unneeded pointer arithmetic (David Arcari) [RHEL-14590 RHEL-10030]
  • x86/microcode/AMD: Get rid of __find_equiv_id() (David Arcari) [RHEL-14590 RHEL-10030]
  • docs: move x86 documentation into Documentation/arch/ (David Arcari) [RHEL-14590 RHEL-10030]
  • x86/microcode/AMD: Handle multiple glued containers properly (David Arcari) [RHEL-14590 RHEL-10030]
  • mm: Fix copy_from_user_nofault(). (Waiman Long) [RHEL-18946 RHEL-18440]
  • redhat: rewrite genlog and support Y- tags (Jan Stancek)
    [5.14.0-362.19.1_3]
  • redhat: fix kernel changelog entry for RHEL-16560 (Jan Stancek)
  • perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-18087 RHEL-18088 RHEL-14984 RHEL-14985] {CVE-2023-5717}
  • perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-18087 RHEL-18088 RHEL-14984 RHEL-14985] {CVE-2023-5717}
OSVersionArchitecturePackageVersionFilename
oracle linux9srckernel< 5.14.0-362.24.1.el9_3kernel-5.14.0-362.24.1.el9_3.src.rpm
oracle linux9srckernel< 5.14.0-362.24.1.el9_3kernel-5.14.0-362.24.1.el9_3.src.rpm
oracle linux9srckernel< 5.14.0-362.24.1.el9_3kernel-5.14.0-362.24.1.el9_3.src.rpm
oracle linux9aarch64bpftool< 7.2.0-362.24.1.el9_3bpftool-7.2.0-362.24.1.el9_3.aarch64.rpm
oracle linux9aarch64kernel-cross-headers< 5.14.0-362.24.1.el9_3kernel-cross-headers-5.14.0-362.24.1.el9_3.aarch64.rpm
oracle linux9aarch64kernel-headers< 5.14.0-362.24.1.el9_3kernel-headers-5.14.0-362.24.1.el9_3.aarch64.rpm
oracle linux9aarch64kernel-tools< 5.14.0-362.24.1.el9_3kernel-tools-5.14.0-362.24.1.el9_3.aarch64.rpm
oracle linux9aarch64kernel-tools-libs< 5.14.0-362.24.1.el9_3kernel-tools-libs-5.14.0-362.24.1.el9_3.aarch64.rpm
oracle linux9aarch64kernel-tools-libs-devel< 5.14.0-362.24.1.el9_3kernel-tools-libs-devel-5.14.0-362.24.1.el9_3.aarch64.rpm
oracle linux9aarch64perf< 5.14.0-362.24.1.el9_3perf-5.14.0-362.24.1.el9_3.aarch64.rpm
Rows per page:
1-10 of 411

Related

nessus 54
rocky 1
redhat 20
osv 11
ubuntucve 14
openvas 17
fedora 2
ibm 1
oraclelinux 2
almalinux 1
ubuntu 10
cbl_mariner 6
redhatcve 14
cve 13
prion 13
cnvd 3
debiancve 11
amazon 3
mageia 2
photon 1
nessus
nessus
RHEL 9 : kernel (RHSA-2024:1248)
2024-04-29 00:00:00
Oracle Linux 9 : kernel (ELSA-2024-1248)
2024-03-18 00:00:00
RHEL 9 : kernel (RHSA-2024:0723)
2024-02-07 00:00:00
rocky
rocky
kernel security update
2024-03-27 04:37:19
redhat
redhat
(RHSA-2024:1248) Important: kernel security update
2024-03-12 00:03:02
(RHSA-2024:1537) Moderate: OpenShift Container Platform 4.13.38 low-latency extras security update
2024-03-27 15:01:39
(RHSA-2024:2094) Moderate: security update Logging for Red Hat OpenShift - 5.8.6
2024-05-01 14:53:24
osv
osv
Important: kernel security update
2024-03-27 04:37:19
linux-nvidia-6.2 vulnerabilities
2024-02-14 08:01:31
linux, linux-aws, linux-aws-6.2, linux-azure, linux-azure-6.2, linux-azure-fde-6.2, linux-gcp, linux-hwe-6.5, linux-laptop, linux-lowlatency, linux-lowlatency-hwe-6.5, linux-oem-6.5, linux-oracle, linux-raspi, linux-starfive vulnerabilities
2024-01-25 23:50:17
ubuntucve
ubuntucve
CVE-2023-6535
2024-02-07 00:00:00
CVE-2023-6356
2024-02-07 00:00:00
CVE-2023-6536
2024-02-07 00:00:00
openvas
openvas
Fedora: Security Advisory for kernel (FEDORA-2024-50ab089b1d)
2024-02-02 00:00:00
Fedora: Security Advisory for kernel (FEDORA-2024-0f89e13079)
2024-02-04 00:00:00
Ubuntu: Security Advisory (USN-6606-1)
2024-01-26 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: kernel-6.6.14-100.fc38
2024-02-02 02:23:23
[SECURITY] Fedora 39 Update: kernel-6.6.14-200.fc39
2024-02-02 01:15:59
ibm
ibm
Security Bulletin: Vulnerabilities in OpenSSH, Linux Kernel might affect IBM Storage Copy Data Management
2024-04-30 21:44:44
oraclelinux
oraclelinux
kernel security update
2024-02-22 00:00:00
kernel security update
2024-03-06 00:00:00
almalinux
almalinux
Important: kernel security update
2024-02-20 00:00:00
ubuntu
ubuntu
Kernel Live Patch Security Notice
2024-03-12 00:00:00
Linux kernel (OEM) vulnerabilities
2024-01-25 00:00:00
Linux kernel (NVIDIA) vulnerabilities
2024-02-14 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-51042 affecting package kernel for versions less than 5.15.148.1-1
2024-02-25 03:00:06
CVE-2024-0646 affecting package kernel for versions less than 5.15.153.1-1
2024-04-09 20:48:36
CVE-2023-6817 affecting package kernel for versions less than 5.15.145.2-1
2024-01-19 03:54:24
redhatcve
redhatcve
CVE-2023-51042
2024-01-24 16:33:06
CVE-2023-6356
2023-12-11 18:29:45
CVE-2024-0646
2024-01-17 15:18:24
cve
cve
CVE-2023-51042
2024-01-23 11:15:08
CVE-2024-0193
2024-01-02 18:15:08
CVE-2023-6610
2023-12-08 17:15:07
prion
prion
Design/Logic Flaw
2024-01-02 18:15:00
Design/Logic Flaw
2024-01-23 11:15:00
Null pointer dereference
2024-02-07 21:15:00
cnvd
cnvd
Unspecified vulnerability in Linux kernel (CNVD-2024-06433)
2024-01-29 00:00:00
Linux kernel memory misreference vulnerability (CNVD-2023-9933644)
2023-12-20 00:00:00
Linux kernel elevation of privilege vulnerability (CNVD-2023-70083)
2023-09-11 00:00:00
debiancve
debiancve
CVE-2023-51042
2024-01-23 11:15:08
CVE-2024-0193
2024-01-02 18:15:08
CVE-2024-0646
2024-01-17 16:15:47
amazon
amazon
Important: kernel
2024-01-19 01:19:00
Important: kernel
2024-01-19 01:51:00
Important: kernel
2023-11-09 19:19:00
mageia
mageia
Updated kernel packages fix security vulnerabilities and other bugs
2024-02-09 05:45:39
Updated kernel-linus fixes security vulnerabilities and many bugs
2024-02-09 04:34:03
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0490
2023-10-14 00:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

51.3%

JSON
Related for ELSA-2024-1248
nessus54rocky1redhat20osv11ubuntucve14openvas17fedora2ibm1oraclelinux2almalinux1ubuntu10cbl_mariner6redhatcve14cve13prion13cnvd3debiancve11amazon3mageia2photon1