Detections
Analytics

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2023-12226)

high Nessus Plugin ID 173830

Language:

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2023-12226 advisory.

 [5.15.0-100.96.32]
 - crypto: Report fips module name and version for aarch64 (Saeed Mirzamohammadi) [Orabug: 35225251]
 - uek-rpm: Enable RFC7919 config for aarch64 (Saeed Mirzamohammadi) [Orabug: 35225251]

 [5.15.0-100.96.31]
 - uek-rpm: Update linux-firmware dependency (Somasundaram Krishnasamy) [Orabug: 35213423]
 - block: bio-integrity: Copy flags when bio_integrity_payload is cloned (Martin K. Petersen) [Orabug:
 35209013]
 - scsi: qla2xxx: Synchronize the IOCB count to be in order (Quinn Tran) [Orabug: 35209013]
 - scsi: qla2xxx: Perform lockless command completion in abort path (Nilesh Javali) [Orabug: 35209013]

 [5.15.0-100.96.30]
 - perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table (Kan Liang) [Orabug: 35151818]
 - perf/x86/uncore: Add a quirk for UPI on SPR (Kan Liang) [Orabug: 35151818]
 - perf/x86/uncore: Ignore broken units in discovery table (Kan Liang) [Orabug: 35151818]
 - perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name (Kan Liang) [Orabug: 35151818]
 - perf/x86/uncore: Factor out uncore_device_to_die() (Kan Liang) [Orabug: 35151818]
 - Revert 'perf/x86/uncore: Factor out uncore_device_to_die()' (Thomas Tai) [Orabug: 35151818]
 - Revert 'perf/x86/uncore: Fix potential NULL pointer in uncore_get_alias_name' (Thomas Tai) [Orabug:
 35151818]
 - Revert 'perf/x86/uncore: Ignore broken units in discovery table' (Thomas Tai) [Orabug: 35151818]
 - Revert 'perf/x86/uncore: Add a quirk for UPI on SPR' (Thomas Tai) [Orabug: 35151818]
 - Revert 'perf/x86/uncore: Don't WARN_ON_ONCE() for a broken discovery table' (Thomas Tai) [Orabug:
 35151818]
 - ionic: remove unnecessary void casts (Shannon Nelson) [Orabug: 35166570]
 - ionic: remove unnecessary indirection (Shannon Nelson) [Orabug: 35166570]
 - ionic: missed doorbell workaround (Allen Hubbe) [Orabug: 35166570]
 - ionic: refactor use of ionic_rx_fill() (Neel Patel) [Orabug: 35166570]
 - ionic: enable tunnel offloads (Neel Patel) [Orabug: 35166570]
 - ionic: new ionic device identity level and VF start control (Shannon Nelson) [Orabug: 35166570]
 - ionic: only save the user set VF attributes (Shannon Nelson) [Orabug: 35166570]
 - ionic: replay VF attributes after fw crash recovery (Shannon Nelson) [Orabug: 35166570]
 - ionic: change order of devlink port register and netdev register (Jiri Pirko) [Orabug: 35166570]
 - ionic: no transition while stopping (Shannon Nelson) [Orabug: 35166570]
 - ionic: use vmalloc include (Shannon Nelson) [Orabug: 35166570]
 - ionic: clean up comments and whitespace (Shannon Nelson) [Orabug: 35166570]
 - ionic: prefer strscpy over strlcpy (Shannon Nelson) [Orabug: 35166570]
 - ionic: Use vzalloc for large per-queue related buffers (Brett Creeley) [Orabug: 35166570]
 - ionic: catch transition back to RUNNING with fw_generation 0 (Shannon Nelson) [Orabug: 35166570]
 - ionic: replace set_vf data with union (Shannon Nelson) [Orabug: 35166570]
 - ionic: stretch heartbeat detection (Shannon Nelson) [Orabug: 35166570]
 - ionic: remove the dbid_inuse bitmap (Shannon Nelson) [Orabug: 35166570]
 - ionic: disable napi when ionic_lif_init() fails (Brett Creeley) [Orabug: 35166570]
 - ionic: Cleanups in the Tx hotpath code (Brett Creeley) [Orabug: 35166570]
 - ionic: Prevent filter add/del err msgs when the device is not available (Brett Creeley) [Orabug:
 35166570]
 - ionic: Query FW when getting VF info via ndo_get_vf_config (Brett Creeley) [Orabug: 35166570]
 - ionic: Allow flexibility for error reporting on dev commands (Brett Creeley) [Orabug: 35166570]
 - ionic: Correctly print AQ errors if completions aren't received (Brett Creeley) [Orabug: 35166570]
 - ionic: fix up printing of timeout error (Shannon Nelson) [Orabug: 35166570]
 - ionic: better handling of RESET event (Shannon Nelson) [Orabug: 35166570]
 - ionic: add FW_STOPPING state (Shannon Nelson) [Orabug: 35166570]
 - ionic: separate function for watchdog init (Shannon Nelson) [Orabug: 35166570]
 - ionic: no devlink_unregister if not registered (Shannon Nelson) [Orabug: 35166570]
 - ionic: tame the filter no space message (Shannon Nelson) [Orabug: 35166570]
 - ionic: allow adminq requests to override default error message (Shannon Nelson) [Orabug: 35166570]
 - ionic: handle vlan id overflow (Shannon Nelson) [Orabug: 35166570]
 - ionic: generic filter delete (Shannon Nelson) [Orabug: 35166570]
 - ionic: generic filter add (Shannon Nelson) [Orabug: 35166570]
 - ionic: add generic filter search (Shannon Nelson) [Orabug: 35166570]
 - ionic: remove mac overflow flags (Shannon Nelson) [Orabug: 35166570]
 - ionic: move lif mac address functions (Shannon Nelson) [Orabug: 35166570]
 - ionic: add filterlist to debugfs (Shannon Nelson) [Orabug: 35166570]
 - ionic: add lif param to ionic_qcq_disable (Shannon Nelson) [Orabug: 35166570]
 - ionic: have ionic_qcq_disable decide on sending to hardware (Shannon Nelson) [Orabug: 35166570]
 - ionic: add polling to adminq wait (Shannon Nelson) [Orabug: 35166570]
 - ionic: move lif mutex setup and delete (Shannon Nelson) [Orabug: 35166570]
 - ionic: check for binary values in FW ver string (Shannon Nelson) [Orabug: 35166570]
 - ionic: remove debug stats (Shannon Nelson) [Orabug: 35166570]
 - ionic: Move devlink registration to be last devlink command (Leon Romanovsky) [Orabug: 35166570]
 - crypto: jitter - update max health test failure in FIPS mode (Saeed Mirzamohammadi) [Orabug: 35160891]
 - mm: use padata for copying page ranges in vma_dup() (Anthony Yznaga) [Orabug: 35054621]
 - mm: parallelize unmap_page_range() for some large VMAs (Anthony Yznaga) [Orabug: 35054621]
 - mm: fix VMA_BUG_ON_MM due to mmap_lock not held (Anthony Yznaga) [Orabug: 35054621]
 - mm: avoid early cow when copying ptes for MADV_DOEXEC (Anthony Yznaga) [Orabug: 35054621]
 - net/rds: serialize up+down-work to relax strict ordering (Gerd Rausch) [Orabug: 35094721]
 - nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM1733a (Saeed Mirzamohammadi) [Orabug: 35145945]
 - nvme-pci: add NVME_QUIRK_BOGUS_NID for Samsung PM173X (Saeed Mirzamohammadi) [Orabug: 35146608]
 - rds: ib: Fix non-parenthetical mutex/semaphore use (Hakon Bugge) [Orabug: 35155112]
 - Revert 'btrfs: free device in btrfs_close_devices for a single device filesystem' (Vijayendra Suman) [Orabug: 35161535]

 [5.15.0-100.96.29]
 - NFSD: register/unregister of nfsd-client shrinker at nfsd startup/shutdown time (Dai Ngo) [Orabug:
 35059907]
 - NFSD: refactoring courtesy_client_reaper to a generic low memory shrinker (Dai Ngo) [Orabug: 35059907]
 - NFSD: unregister shrinker when nfsd_init_net() fails (Tetsuo Handa) [Orabug: 35059907]
 - NFSD: add shrinker to reap courtesy clients on low memory condition (Dai Ngo) [Orabug: 35059907]
 - NFSD: keep track of the number of courtesy clients in the system (Dai Ngo) [Orabug: 35059907]
 - crypto: drbg - oversampling of Jitter RNG (Saeed Mirzamohammadi) [Orabug: 35141114]
 - crypto: tcrypt - KAT for ffdhe* algorithms (Saeed Mirzamohammadi) [Orabug: 35141114]
 - crypto: jitter - panic on health test failure (Saeed Mirzamohammadi) [Orabug: 35141114]
 - scsi: qla2xxx: Update version to 10.02.08.100-k (Nilesh Javali) [Orabug: 35007285]
 - scsi: qla2xxx: Fix IOCB resource check warning (Nilesh Javali) [Orabug: 35007285]
 - scsi: qla2xxx: Remove increment of interface err cnt (Saurav Kashyap) [Orabug: 35007285]
 - scsi: qla2xxx: Fix erroneous link down (Quinn Tran) [Orabug: 35007285]
 - scsi: qla2xxx: Remove unintended flag clearing (Quinn Tran) [Orabug: 35007285]
 - scsi: qla2xxx: Fix stalled login (Quinn Tran) [Orabug: 35007285]
 - scsi: qla2xxx: Fix exchange oversubscription for management commands (Quinn Tran) [Orabug: 35007285]
 - scsi: qla2xxx: Fix exchange oversubscription (Quinn Tran) [Orabug: 35007285]
 - scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests (Arun Easi) [Orabug: 35007285]
 - scsi: qla2xxx: Fix link failure in NPIV environment (Quinn Tran) [Orabug: 35007285]
 - scsi: qla2xxx: Check if port is online before sending ELS (Shreyas Deodhar) [Orabug: 35007285]
 - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (Gleb Chesnokov) [Orabug:
 35007285]
 - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (Gleb Chesnokov) [Orabug: 35007285]
 - scsi: qla2xxx: Remove unused variable 'found_devs' (Colin Ian King) [Orabug: 35007285]
 - scsi: qla2xxx: Fix serialization of DCBX TLV data request (Rafael Mendonca) [Orabug: 35007285]
 - scsi: qla2xxx: Remove unused declarations for qla2xxx (Gaosheng Cui) [Orabug: 35007285]
 - scsi: qla2xxx: Fix spelling mistake 'definiton' -> 'definition' (Colin Ian King) [Orabug: 35007285]
 - scsi: qla2xxx: Drop DID_TARGET_FAILURE use (Mike Christie) [Orabug: 35007285]
 - ACPI: processor: idle: Disable ACPI C-state probing for xen hvm guest (Joe Jin) [Orabug: 35043629]
 - uek-rpm: x86_64 enable CONFIG_SLS (Maciej S. Szmigiero) [Orabug: 35073535]
 - net: qede: Remove unnecessary synchronize_irq() before free_irq() (Minghao Chi) [Orabug: 34901373]
 - uek-rpm: Disable CONFIG_USB_NET_RNDIS_WLAN (Rhythm Mahajan) [Orabug: 35037701]
 - certs: Add FIPS selftests (David Howells) [Orabug: 35080500]
 - certs: Move load_certificate_list() to be with the asymmetric keys code (David Howells) [Orabug:
 35080500]
 - uek-rpm: Enable RFC7919 config (Saeed Mirzamohammadi) [Orabug: 35080500]
 - Revert 'KVM: x86/xen: Maintain valid mapping of Xen shared_info page' (Vijayendra Suman) [Orabug:
 34929435]
 - Revert 'KVM: x86: Fix wall clock writes in Xen shared_info not to mark page dirty' (Vijayendra Suman) [Orabug: 34929435]
 - Revert 'crypto: rsa - flag instantiations as FIPS compliant' (Saeed Mirzamohammadi) [Orabug: 35054646]
 - uek-rpm/config-aarch64: Enable CONFIG_CLK_RASPBERRYPI (Vijay Kumar) [Orabug: 35018498]
 - vfio/mlx5: Allow loading of larger images than 512 MB (Yishai Hadas) [Orabug: 35027279]
 - vfio/mlx5: Fix UBSAN note (Yishai Hadas) [Orabug: 35027279]
 - vfio/mlx5: error pointer dereference in error handling (Dan Carpenter) [Orabug: 35027279]
 - vfio/mlx5: fix error code in mlx5vf_precopy_ioctl() (Dan Carpenter) [Orabug: 35027279]
 - vfio/mlx5: Enable MIGRATION_PRE_COPY flag (Shay Drory) [Orabug: 35027279]
 - vfio/mlx5: Fallback to STOP_COPY upon specific PRE_COPY error (Shay Drory) [Orabug: 35027279]
 - vfio/mlx5: Introduce multiple loads (Yishai Hadas) [Orabug: 35027279]
 - vfio/mlx5: Consider temporary end of stream as part of PRE_COPY (Yishai Hadas) [Orabug: 35027279]
 - vfio/mlx5: Introduce vfio precopy ioctl implementation (Yishai Hadas) [Orabug: 35027279]
 - vfio/mlx5: Introduce SW headers for migration states (Yishai Hadas) [Orabug: 35027279]
 - vfio/mlx5: Introduce device transitions of PRE_COPY (Yishai Hadas) [Orabug: 35027279]
 - vfio/mlx5: Refactor to use queue based data chunks (Yishai Hadas) [Orabug: 35027279]
 - vfio/mlx5: Refactor migration file state (Yishai Hadas) [Orabug: 35027279]
 - vfio/mlx5: Refactor MKEY usage (Yishai Hadas) [Orabug: 35027279]
 - vfio/mlx5: Refactor PD usage (Yishai Hadas) [Orabug: 35027279]
 - vfio/mlx5: Enforce a single SAVE command at a time (Yishai Hadas) [Orabug: 35027279]
 - vfio: Extend the device migration protocol with PRE_COPY (Jason Gunthorpe) [Orabug: 35027279]
 - net/mlx5: Introduce ifc bits for pre_copy (Shay Drory) [Orabug: 35027279]
 - net/mlx5: Add the log_min_mkey_entity_size capability (Maxim Mikityanskiy) [Orabug: 35027279]
 - vfio/iova_bitmap: refactor iova_bitmap_set() to better handle page boundaries (Joao Martins) [Orabug:
 35027279]
 - vfio/mlx5: Fix a typo in mlx5vf_cmd_load_vhca_state() (Yishai Hadas) [Orabug: 35027279]
 - vfio: Add an option to get migration data size (Yishai Hadas) [Orabug: 35027279]
 - vfio/mlx5: Switch to use module_pci_driver() macro (Shang XiaoJing) [Orabug: 35027279]
 - uek-rpm: core: Move few modules which are recently enabled to core. (Harshit Mogalapalli) [Orabug:
 34774213]
 - tools arch x86: Sync the msr-index.h copy with the kernel sources (Arnaldo Carvalho de Melo) [Orabug:
 34977257]
 - crypto: panic on PCT failure for dh and ecdh (Saeed Mirzamohammadi) [Orabug: 34971139]
 - uek-rpm: mod-extra: Move modules which are recently enabled to extras (Harshit Mogalapalli) [Orabug:
 34774213]
 - Allow the ima keyring to trust all keys in the machine keyring (Eric Snowberg) [Orabug: 34873856]
 - Revert 'X.509: Parse Basic Constraints for CA' (Eric Snowberg) [Orabug: 34873856]
 - Revert 'KEYS: CA link restriction' (Eric Snowberg) [Orabug: 34873856]
 - Revert 'integrity: restrict INTEGRITY_KEYRING_MACHINE to restrict_link_by_ca' (Eric Snowberg) [Orabug:
 34873856]
 - Revert 'integrity: change ima link restriction to trust the machine keyring' (Eric Snowberg) [Orabug:
 34873856]
 - net/mlx5: Drain fw_reset when removing device (Shay Drory) [Orabug: 34816080]
 - net/mlx5e: CT: Fix setting flow_source for smfs ct tuples (Paul Blakey) [Orabug: 34816080]
 - net/mlx5e: CT: Fix support for GRE tuples (Paul Blakey) [Orabug: 34816080]
 - net/mlx5e: Remove HW-GRO from reported features (Gal Pressman) [Orabug: 34816080]
 - net/mlx5e: Properly block HW GRO when XDP is enabled (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Block rx-gro-hw feature in switchdev mode (Aya Levin) [Orabug: 34816080]
 - net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5: DR, Ignore modify TTL on RX if device doesn't support it (Yevgeny Kliteynik) [Orabug:
 34816080]
 - net/mlx5: Initialize flow steering during driver probe (Shay Drory) [Orabug: 34816080]
 - mlxsw: Avoid warning during ip6gre device removal (Amit Cohen) [Orabug: 34816080]
 - net/mlx5: Fix matching on inner TTC (Mark Bloch) [Orabug: 34816080]
 - net/mlx5e: Avoid checking offload capability in post_parse action (Ariel Levkovich) [Orabug: 34816080]
 - net/mlx5e: TC, fix decap fallback to uplink when int port not supported (Ariel Levkovich) [Orabug:
 34816080]
 - net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Ariel Levkovich) [Orabug: 34816080]
 - net/mlx5e: Fix wrong source vport matching on tunnel rule (Ariel Levkovich) [Orabug: 34816080]
 - net: Handle l3mdev in ip_tunnel_init_flow (David Ahern) [Orabug: 34816080]
 - net/mlx5e: Fix build warning, detected write beyond size of field (Saeed Mahameed) [Orabug: 34816080]
 - net/mlx5e: HTB, remove unused function declaration (Saeed Mahameed) [Orabug: 34816080]
 - net/mlx5e: Statify function mlx5_cmd_trigger_completions (Tariq Toukan) [Orabug: 34816080]
 - net/mlx5e: Remove MLX5E_XDP_TX_DS_COUNT (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Permit XDP with non-linear legacy RQ (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Support multi buffer XDP_TX (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Unindent the else-block in mlx5e_xmit_xdp_buff (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Implement sending multi buffer XDP frames (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Don't prefill WQEs in XDP SQ in the multi buffer mode (Maxim Mikityanskiy) [Orabug:
 34816080]
 - net/mlx5e: Remove assignment of inline_hdr.sz on XDP TX (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Move mlx5e_xdpi_fifo_push out of xmit_xdp_frame (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Store DMA address inside struct page (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Add XDP multi buffer support to the non-linear legacy RQ (Maxim Mikityanskiy) [Orabug:
 34816080]
 - net/mlx5e: Use page-sized fragments with XDP multi buffer (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Use fragments of the same size in non-linear legacy RQ with XDP (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Prepare non-linear legacy RQ for XDP multi buffer support (Maxim Mikityanskiy) [Orabug:
 34816080]
 - net/mlx5: Remove unused fill page array API function (Tariq Toukan) [Orabug: 34816080]
 - net/mlx5: Remove unused exported contiguous coherent buffer allocation API (Tariq Toukan) [Orabug:
 34816080]
 - net/mlx5: CT: Remove extra rhashtable remove on tuple entries (Paul Blakey) [Orabug: 34816080]
 - net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory (Rongwei Liu) [Orabug: 34816080]
 - net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce memory (Rongwei Liu) [Orabug: 34816080]
 - net/mlx5: DR, Remove num_of_entries byte_size from struct mlx5_dr_icm_chunk (Rongwei Liu) [Orabug:
 34816080]
 - net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce memory (Rongwei Liu) [Orabug: 34816080]
 - net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk (Rongwei Liu) [Orabug: 34816080]
 - net/mlx5: DR, Adjust structure member to reduce memory hole (Rongwei Liu) [Orabug: 34816080]
 - net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: RX, Test the XDP program existence out of the handler (Tariq Toukan) [Orabug: 34816080]
 - net/mlx5e: Build SKB in place over the first fragment in non-linear legacy RQ (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Add headroom only to the first fragment in legacy RQ (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: Validate MTU when building non-linear legacy RQ fragments info (Maxim Mikityanskiy) [Orabug:
 34816080]
 - net/mlx5e: MPLSoUDP encap, support action vlan pop_eth explicitly (Maor Dickman) [Orabug: 34816080]
 - net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit (Maor Dickman) [Orabug: 34816080]
 - net/sched: add vlan push_eth and pop_eth action to the hardware IR (Maor Dickman) [Orabug: 34816080]
 - net: Add l3mdev index to flow struct and avoid oif reset for port devices (David Ahern) [Orabug:
 34816080]
 - net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats (Saeed Mahameed) [Orabug: 34816080]
 - net/mlx4_en: use kzalloc (Julia Lawall) [Orabug: 34816080]
 - net/mlx5: Parse module mapping using mlx5_ifc (Gal Pressman) [Orabug: 34816080]
 - net/mlx5: Query the maximum MCIA register read size from firmware (Gal Pressman) [Orabug: 34816080]
 - net/mlx5: CT: Create smfs dr matchers dynamically (Paul Blakey) [Orabug: 34816080]
 - net/mlx5: CT: Add software steering ct flow steering provider (Paul Blakey) [Orabug: 34816080]
 - net/mlx5: Add smfs lib to export direct steering API to CT (Paul Blakey) [Orabug: 34816080]
 - net/mlx5: DR, Add helper to get backing dr table from a mlx5 flow table (Paul Blakey) [Orabug:
 34816080]
 - net/mlx5: CT: Introduce a platform for multiple flow steering providers (Paul Blakey) [Orabug:
 34816080]
 - net/mlx5: Node-aware allocation for the doorbell pgdir (Tariq Toukan) [Orabug: 34816080]
 - net/mlx5: Node-aware allocation for UAR (Tariq Toukan) [Orabug: 34816080]
 - net/mlx5: Node-aware allocation for the EQs (Tariq Toukan) [Orabug: 34816080]
 - net/mlx5: Node-aware allocation for the EQ table (Tariq Toukan) [Orabug: 34816080]
 - net/mlx5: Node-aware allocation for the IRQ table (Tariq Toukan) [Orabug: 34816080]
 - net/mlx5: Delete useless module.h include (Leon Romanovsky) [Orabug: 34816080]
 - net/mlx4: Delete useless moduleparam include (Leon Romanovsky) [Orabug: 34816080]
 - net/mlx5: DR, Add support for ConnectX-7 steering (Yevgeny Kliteynik) [Orabug: 34816080]
 - net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 (Yevgeny Kliteynik) [Orabug: 34816080]
 - net/mlx5: DR, Rename action modify fields to reflect naming in HW spec (Yevgeny Kliteynik) [Orabug:
 34816080]
 - net/mlx5: DR, Fix handling of different actions on the same STE in STEv1 (Yevgeny Kliteynik) [Orabug:
 34816080]
 - net/mlx5: DR, Remove unneeded comments (Yevgeny Kliteynik) [Orabug: 34816080]
 - net/mlx5: DR, Add support for matching on Internet Header Length (IHL) (Yevgeny Kliteynik) [Orabug:
 34816080]
 - net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior (Shun Hao) [Orabug: 34816080]
 - net/mlx5: Add debugfs counters for page commands failures (Moshe Shemesh) [Orabug: 34816080]
 - net/mlx5: Add pages debugfs (Moshe Shemesh) [Orabug: 34816080]
 - net/mlx5: Move debugfs entries to separate struct (Moshe Shemesh) [Orabug: 34816080]
 - net/mlx5: Change release_all_pages cap bit location (Moshe Shemesh) [Orabug: 34816080]
 - net/mlx5: Remove redundant error on reclaim pages (Moshe Shemesh) [Orabug: 34816080]
 - net/mlx5: Remove redundant error on give pages (Moshe Shemesh) [Orabug: 34816080]
 - net/mlx5: Remove redundant notify fail on give pages (Moshe Shemesh) [Orabug: 34816080]
 - net/mlx5: Add command failures data to debugfs (Moshe Shemesh) [Orabug: 34816080]
 - net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act() (Dan Carpenter) [Orabug:
 34816080]
 - net/mlx5: Support GRE conntrack offload (Toshiaki Makita) [Orabug: 34816080]
 - mlxsw: Add support for IFLA_OFFLOAD_XSTATS_L3_STATS (Petr Machata) [Orabug: 34816080]
 - mlxsw: Extract classification of router-related events to a helper (Petr Machata) [Orabug: 34816080]
 - mlxsw: spectrum_router: Drop mlxsw_sp arg from counter alloc/free functions (Petr Machata) [Orabug:
 34816080]
 - mlxsw: reg: Fix packing of router interface counters (Petr Machata) [Orabug: 34816080]
 - net: rtnetlink: Add UAPI toggle for IFLA_OFFLOAD_XSTATS_L3_STATS (Petr Machata) [Orabug: 34816080]
 - net: rtnetlink: Add RTM_SETSTATS (Petr Machata) [Orabug: 34816080]
 - net: rtnetlink: Add UAPI for obtaining L3 offload xstats (Petr Machata) [Orabug: 34816080]
 - net: dev: Add hardware stats support (Petr Machata) [Orabug: 34816080]
 - net: rtnetlink: Propagate extack to rtnl_offload_xstats_fill() (Petr Machata) [Orabug: 34816080]
 - net: rtnetlink: RTM_GETSTATS: Allow filtering inside nests (Petr Machata) [Orabug: 34816080]
 - net: rtnetlink: Stop assuming that IFLA_OFFLOAD_XSTATS_* are dev-backed (Petr Machata) [Orabug:
 34816080]
 - net: rtnetlink: Namespace functions related to IFLA_OFFLOAD_XSTATS_* (Petr Machata) [Orabug: 34816080]
 - mlx5: add support for page_pool_get_stats (Joe Damato) [Orabug: 34816080]
 - flow_offload: reject offload for all drivers with invalid police parameters (Jianbo Liu) [Orabug:
 34816080]
 - net: flow_offload: add tc police action parameters (Jianbo Liu) [Orabug: 34816080]
 - net/mlx5: Add clarification on sync reset failure (Moshe Shemesh) [Orabug: 34816080]
 - net/mlx5: Add reset_state field to MFRL register (Moshe Shemesh) [Orabug: 34816080]
 - net/mlx5: cmdif, Refactor error handling and reporting of async commands (Saeed Mahameed) [Orabug:
 34816080]
 - net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} (Saeed Mahameed) [Orabug: 34816080]
 - net/mlx5: cmdif, Add new api for command execution (Saeed Mahameed) [Orabug: 34816080]
 - net/mlx5: cmdif, cmd_check refactoring (Saeed Mahameed) [Orabug: 34816080]
 - net/mlx5: cmdif, Return value improvements (Saeed Mahameed) [Orabug: 34816080]
 - net/mlx5: Lag, offload active-backup drops to hardware (Mark Bloch) [Orabug: 34816080]
 - net/mlx5: Lag, record inactive state of bond device (Mark Bloch) [Orabug: 34816080]
 - net/mlx5: Lag, don't use magic numbers for ports (Mark Bloch) [Orabug: 34816080]
 - net/mlx5: Lag, use local variable already defined to access E-Switch (Mark Bloch) [Orabug: 34816080]
 - net/mlx5: E-switch, add drop rule support to ingress ACL (Mark Bloch) [Orabug: 34816080]
 - net/mlx5: E-switch, remove special uplink ingress ACL handling (Mark Bloch) [Orabug: 34816080]
 - net/mlx5: E-Switch, reserve and use same uplink metadata across ports (Sunil Rani) [Orabug: 34816080]
 - net/mlx5: Add ability to insert to specific flow group (Mark Bloch) [Orabug: 34816080]
 - mlx5: remove unused static inlines (Jakub Kicinski) [Orabug: 34816080]
 - mlxsw: core: Add support for OSFP transceiver modules (Danielle Ratson) [Orabug: 34816080]
 - mlxsw: Remove resource query check (Ido Schimmel) [Orabug: 34816080]
 - mlxsw: core: Unify method of trap support validation (Vadim Pasternak) [Orabug: 34816080]
 - mlxsw: spectrum: Remove SP{1,2,3} defines for FW minor and subminor (Jiri Pirko) [Orabug: 34816080]
 - mlxsw: core: Remove unnecessary asserts (Vadim Pasternak) [Orabug: 34816080]
 - mlxsw: reg: Add 'mgpir_' prefix to MGPIR fields comments (Vadim Pasternak) [Orabug: 34816080]
 - mlxsw: core_thermal: Remove obsolete API for query resource (Vadim Pasternak) [Orabug: 34816080]
 - mlxsw: core_thermal: Rename labels according to naming convention (Vadim Pasternak) [Orabug: 34816080]
 - mlxsw: core_hwmon: Fix variable names for hwmon attributes (Vadim Pasternak) [Orabug: 34816080]
 - mlxsw: core_thermal: Avoid creation of virtual hwmon objects by thermal module (Vadim Pasternak) [Orabug: 34816080]
 - mlxsw: spectrum_span: Ignore VLAN entries not used by the bridge in mirroring (Ido Schimmel) [Orabug:
 34816080]
 - mlxsw: core: Prevent trap group setting if driver does not support EMAD (Vadim Pasternak) [Orabug:
 34816080]
 - mlxsw: spectrum: remove guards against !BRIDGE_VLAN_INFO_BRENTRY (Vladimir Oltean) [Orabug: 34816080]
 - net/mlx5e: TC, Allow sample action with CT (Roi Dayan) [Orabug: 34816080]
 - net/mlx5e: TC, Make post_act parse CT and sample actions (Roi Dayan) [Orabug: 34816080]
 - net/mlx5e: TC, Clean redundant counter flag from tc action parsers (Roi Dayan) [Orabug: 34816080]
 - net/mlx5e: Use multi table support for CT and sample actions (Roi Dayan) [Orabug: 34816080]
 - net/mlx5e: Create new flow attr for multi table actions (Roi Dayan) [Orabug: 34816080]
 - net/mlx5e: Add post act offload/unoffload API (Roi Dayan) [Orabug: 34816080]
 - net/mlx5e: Pass actions param to actions_match_supported() (Roi Dayan) [Orabug: 34816080]
 - net/mlx5e: TC, Move flow hashtable to be per rep (Paul Blakey) [Orabug: 34816080]
 - net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev mode (Aya Levin) [Orabug: 34816080]
 - net/mlx5e: E-Switch, Add PTP counters for uplink representor (Aya Levin) [Orabug: 34816080]
 - net/mlx5e: RX, Restrict bulk size for small Striding RQs (Tariq Toukan) [Orabug: 34816080]
 - net/mlx5e: Default to Striding RQ when not conflicting with CQE compression (Tariq Toukan) [Orabug:
 34816080]
 - net/mlx5e: Generalize packet merge error message (Tariq Toukan) [Orabug: 34816080]
 - net/mlx5e: Add support for using xdp->data_meta (Alex Liu) [Orabug: 34816080]
 - net/mlx5e: Fix spelling mistake 'supoported' -> 'supported' (Colin Ian King) [Orabug: 34816080]
 - net: rtnetlink: rtnl_stats_get(): Emit an extack for unset filter_mask (Petr Machata) [Orabug:
 34816080]
 - net/mlx5e: Optimize the common case condition in mlx5e_select_queue (Maxim Mikityanskiy) [Orabug:
 34816080]
 - net/mlx5e: Optimize modulo in mlx5e_select_queue (Maxim Mikityanskiy) [Orabug: 34816080]
 - net/mlx5e: O ...

 Please note that the description has been truncated due to length. Please refer to vendor advisory for the full description.

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2023-12226.html

Plugin Details

Severity: High

ID: 173830

File Name: oraclelinux_ELSA-2023-12226.nasl

Version: 1.5

Type: local

Agent: unix

Published: 4/4/2023

Updated: 2/9/2026

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.3

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2022-2196

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:kernel-uek-modules, cpe:/o:oracle:linux:9, p-cpe:/a:oracle:linux:kernel-uek-container, p-cpe:/a:oracle:linux:bpftool, p-cpe:/a:oracle:linux:kernel-uek-debug-devel, p-cpe:/a:oracle:linux:kernel-uek-debug, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:kernel-uek-devel, p-cpe:/a:oracle:linux:kernel-uek-debug-core, p-cpe:/a:oracle:linux:kernel-uek-doc, p-cpe:/a:oracle:linux:kernel-uek-container-debug, p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-modules-extra, p-cpe:/a:oracle:linux:kernel-uek-core, p-cpe:/a:oracle:linux:kernel-uek, p-cpe:/a:oracle:linux:kernel-uek-debug-modules

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Ease: No known exploits are available

Patch Publication Date: 4/4/2023

Vulnerability Publication Date: 1/9/2023

Reference Information

CVE: CVE-2022-2196