[ol7_UEKR4] kernel-uek-4.1.12-124.80.1.el7uek.x86_64

Name:	kernel-uek
Version:	4.1.12
Release:	124.80.1.el7uek
Architecture:	x86_64
Group:	System Environment/Kernel
Size:	167473971
License:	GPLv2
RPM:	kernel-uek-4.1.12-124.80.1.el7uek.x86_64.rpm
Source RPM:	kernel-uek-4.1.12-124.80.1.el7uek.src.rpm
Build Date:	Mon Oct 09 2023
Build Host:	build-ol7-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.kernel.org/
Summary:	The Linux kernel
Description:	The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.

Changelog (Show File list) (Show related packages)

Mon Oct 09 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.80.1.el7uek]

- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Sungwoo Kim)  [Orabug: 35814478]  {CVE-2023-40283} 
- net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (valis)  [Orabug: 35814297]  {CVE-2023-4208} 
- RDMA/core: net: fix kernel NULL error (Zhu Yanjun)  [Orabug: 35723252]

Wed Sep 20 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.79.2.el7uek]

- net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis)  [Orabug: 35814273]  {CVE-2023-4206} 
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Pedro Tammela)  [Orabug: 35636291]  {CVE-2023-3611} 
- rds: Fix lack of reentrancy for connection reset with dst addr zero (Håkon Bugge)  [Orabug: 35741584] [Orabug: 35818110]  {CVE-2023-22024}

Tue Sep 12 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.79.1.el7uek]

- xfrm: add NULL check in xfrm_update_ae_params (Lin Ma)  [Orabug: 35754509]  {CVE-2023-3772} 
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu)  [Orabug: 35732892]  {CVE-2023-4459} 
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu)  [Orabug: 35732764]  {CVE-2023-4387} 
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free (M A Ramdhan)  [Orabug: 35636313]  {CVE-2023-3776} 
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Thadeu Lima de Souza Cascardo)  [Orabug: 35609787]  {CVE-2023-35001} 
- ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li)  [Orabug: 35382025]  {CVE-2023-2513} 
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li)  [Orabug: 35382025]  {CVE-2023-2513} 
- netfilter: nf_tables: stricter validation of element data (Pablo Neira Ayuso)  [Orabug: 34362008]  {CVE-2022-34918}

Thu Sep 07 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.78.4.el7uek]

- netfilter: nf_tables: verify registers coming from userspace (Harshvardhan Jha)  [Orabug: 35776867]

Fri Sep 01 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.78.3.el7uek]

- vc_screen: Fix a backport in vcs_read() (Harshit Mogalapalli)  [Orabug: 35768682]

Tue Aug 22 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.78.2.el7uek]

- xfrm: fix crash in XFRM_MSG_GETSA netlink handler (Vegard Nossum)  [Orabug: 35598955]  {CVE-2023-3106} 
- netfilter: nf_tables: validate registers coming from userspace (Harshvardhan Jha)  [Orabug: 34012909]  {CVE-2022-1015}

Wed Aug 16 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.78.1.el7uek]

- vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (George Kennedy)  [Orabug: 35649493]  {CVE-2023-3567}

Wed Jul 12 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.77.2.el7uek]

- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (Zheng Wang)  [Orabug: 35514108]  {CVE-2023-35824} 
- media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() (Takashi Iwai)  [Orabug: 35477742]  {CVE-2023-31084} 
- media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (Mauro Carvalho Chehab)  [Orabug: 35477742]  {CVE-2023-31084} 
- media: dvb-core: Fix UAF due to refcount races at releasing (Takashi Iwai)  [Orabug: 34820632]  {CVE-2022-41218} 
- media: dvb: dmx: fixed coding style issues of spacing (devendra sharma)  [Orabug: 34820632]

Wed Jul 05 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.77.1.el7uek]

- ipvlan:Fix out-of-bounds caused by unclear skb->cb (t.feng)  [Orabug: 35550146]  {CVE-2023-3090} 
- memstick: r592: Fix UAF bug in r592_remove due to race condition (Zheng Wang)  [Orabug: 35514146]  {CVE-2023-3141} 
- fbcon: Check font dimension limits (Samuel Thibault)  [Orabug: 35493679]  {CVE-2023-3161} 
- wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (Jisoo Jang)  [Orabug: 35250538]  {CVE-2023-1380}

Wed Jun 21 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.76.2.el7uek]

- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye)  [Orabug: 35493606]  {CVE-2023-3159} 
- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Pavel Skripkin)  [Orabug: 35448003]  {CVE-2022-1679} 
- dm ioctl: fix nested locking in table_clear() to remove deadlock concern (Mike Snitzer)  [Orabug: 35354880]  {CVE-2023-2269} 
- media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (Duoming Zhou)  [Orabug: 35181652]  {CVE-2023-1118} 
- misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (Zheng Wang)  [Orabug: 35180779]  {CVE-2022-3424}