Oracle Linux: (CVE-2022-1729) (Multiple Advisories): kernel security, bug fix, and enhancement update

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2022-5564:

[4.18.0-372.16.1.0.1_6.OL8] - Update Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-11.0.5 - debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499} [4.18.0-372.16.1_6] - x86/platform/uv: Log gap hole end size (Frank Ramsay) [2084645 2074098] - x86/platform/uv: Update TSC sync state for UV5 (Frank Ramsay) [2084645 2074098] - x86/platform/uv: Update NMI Handler for UV5 (Frank Ramsay) [2084645 2074098] - x86/platform/uv: Remove unused variable in UV5 NMI handler (Frank Ramsay) [2084645 2074098] - blk-mq: fix blk_mq_flush_plug_list (Ming Lei) [2096931 2088397] - sched/pelt: Fix attach_entity_load_avg() corner case (Phil Auld) [2096305 2056383] [4.18.0-372.15.1_6] - perf: Fix sys_perf_event_open() race against self (Michael Petlan) [2087948 2087949] {CVE-2022-1729} - vmxnet3: fix minimum vectors alloc issue (Kamal Heib) [2094473 2093242] - gfs2: Stop using glock holder auto-demotion for now (Andreas Gruenbacher) [2092073 2054855] - gfs2: buffered write prefaulting (Andreas Gruenbacher) [2092073 2054855] - gfs2: Align read and write chunks to the page cache (Andreas Gruenbacher) [2092073 2054855] - gfs2: Pull return value test out of should_fault_in_pages (Andreas Gruenbacher) [2092073 2054855] - gfs2: Clean up use of fault_in_iov_iter_{read,write}able (Andreas Gruenbacher) [2092073 2054855] - gfs2: Variable rename (Andreas Gruenbacher) [2092073 2054855] - gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) [2092073 2054855] - iomap: iomap_write_end cleanup (Andreas Gruenbacher) [2092073 2054855] - iomap: iomap_write_failed fix (Andreas Gruenbacher) [2092073 2054855] - gfs2: Don't re-check for write past EOF unnecessarily (Andreas Gruenbacher) [2092073 2054855] - gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) [2092073 2054855] - fs/iomap: Fix buffered write page prefaulting (Andreas Gruenbacher) [2092073 2054855] - generic_perform_write()/iomap_write_actor(): saner logics for short copy (Andreas Gruenbacher) [2092073 2054855] - iomap: Convert iomap_write_end types (Andreas Gruenbacher) [2092073 2054855] - gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) [2092073 2054855] - gfs2: Remove dead code in gfs2_file_read_iter (Andreas Gruenbacher) [2092073 2054855] - gfs2: Fix gfs2_file_buffered_write endless loop workaround (Andreas Gruenbacher) [2092073 2054855] - gfs2: Minor retry logic cleanup (Andreas Gruenbacher) [2092073 2054855] - gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) [2092073 2054855] - gfs2: Fix should_fault_in_pages() logic (Andreas Gruenbacher) [2092073 2054855] - mm: gup: make fault_in_safe_writeable() use fixup_user_fault() (Andreas Gruenbacher) [2092073 2054855] - gfs2: Initialize gh_error in gfs2_glock_nq (Andreas Gruenbacher) [2092073 2054855] - gfs2: Switch lock order of inode and iopen glock (Andreas Gruenbacher) [2092073 2054855] - gfs2: cancel timed-out glock requests (Andreas Gruenbacher) [2092073 2054855] - gfs2: Expect -EBUSY after canceling dlm locking requests (Andreas Gruenbacher) [2092073 2054855] - gfs2: gfs2_setattr_size error path fix (Andreas Gruenbacher) [2092073 2054855] - gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) [2092073 2054855] - net: openvswitch: don't send internal clone attribute to the userspace. (Antoine Tenart) [2097796 2085509] [4.18.0-372.14.1_6] - scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (Chris Leech) [2091078 2086970] - scsi: core: sysfs: Fix hang when device state is set via sysfs (Chris Leech) [2091078 2086970] - net/sched: act_ct: fix ref leak when switching zones (Marcelo Ricardo Leitner) [2066356 2014027] - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (Marcelo Ricardo Leitner) [2066356 2014027] - drm/i915: Stop force enabling pipe bottom color gammma/csc (Foggy Liu) [2083384 2054487] - gfs2: Fix gfs2_release for non-writers regression (Bob Peterson) [2092074 1955591] - gfs2: gfs2_create_inode rework (Andreas Gruenbacher) [2092074 1955591] - gfs2: gfs2_inode_lookup rework (Andreas Gruenbacher) [2092074 1955591] - gfs2: gfs2_inode_lookup cleanup (Andreas Gruenbacher) [2092074 1955591] - gfs2: Fix remote demote of weak glock holders (Andreas Gruenbacher) [2092074 1955591] - gfs2: Fix glock_hash_walk bugs (Andreas Gruenbacher) [2092074 1955591] - gfs2: Cancel remote delete work asynchronously (Bob Peterson) [2092074 1955591] - gfs2: set glock object after nq (Bob Peterson) [2092074 1955591] - gfs2: remove RDF_UPTODATE flag (Bob Peterson) [2092074 1955591] - gfs2: Eliminate GIF_INVALID flag (Bob Peterson) [2092074 1955591] - gfs2: Fix atomic bug in gfs2_instantiate (Andreas Gruenbacher) [2092074 1955591] - gfs2: fix GL_SKIP node_scope problems (Bob Peterson) [2092074 1955591] - gfs2: Add some flags missing from glock output (Bob Peterson) [2092074 1955591] - gfs2: split glock instantiation off from do_promote (Bob Peterson) [2092074 1955591] - gfs2: further simplify do_promote (Bob Peterson) [2092074 1955591] - gfs2: re-factor function do_promote (Bob Peterson) [2092074 1955591] - gfs2: Remove 'first' trace_gfs2_promote argument (Andreas Gruenbacher) [2092074 1955591] - gfs2: change go_lock to go_instantiate (Bob Peterson) [2092074 1955591] - gfs2: Switch some BUG_ON to GLOCK_BUG_ON for debug (Bob Peterson) [2092074 1955591] - gfs2: move GL_SKIP check from glops to do_promote (Bob Peterson) [2092074 1955591] - gfs2: Add GL_SKIP holder flag to dump_holder (Bob Peterson) [2092074 1955591] - gfs2: remove redundant check in gfs2_rgrp_go_lock (Bob Peterson) [2092074 1955591] - gfs2: Fix mmap + page fault deadlocks for direct I/O (Andreas Gruenbacher) [2092074 1955591] - iov_iter: Introduce ITER_IOVEC_FLAG_NOFAULT flag to disable page faults (Andreas Gruenbacher) [2092074 1955591] - gup: Introduce FOLL_NOFAULT flag to disable page faults (Andreas Gruenbacher) [2092074 1955591] - iomap: Add done_before argument to iomap_dio_rw (Andreas Gruenbacher) [2092074 1955591] - iomap: Support partial direct I/O on user copy failures (Andreas Gruenbacher) [2092074 1955591] - iomap: Fix iomap_dio_rw return value for user copies (Andreas Gruenbacher) [2092074 1955591] - iomap: support reading inline data from non-zero pos (Andreas Gruenbacher) [2092074 1955591] - gfs2: Only dereference i->iov when iter_is_iovec(i) (Andreas Gruenbacher) [2092074 1955591] - gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) [2092074 1955591] - gfs2: Fix mmap + page fault deadlocks for buffered I/O (Andreas Gruenbacher) [2092074 1955591] - gfs2: Eliminate ip->i_gh (Andreas Gruenbacher) [2092074 1955591] - gfs2: Move the inode glock locking to gfs2_file_buffered_write (Andreas Gruenbacher) [2092074 1955591] - gfs2: Fix 'Introduce flag for glock holder auto-demotion' (Andreas Gruenbacher) [2092074 1955591] - gfs2: Introduce flag for glock holder auto-demotion (Bob Peterson) [2092074 1955591] - gfs2: fix scheduling while atomic bug in glocks (Bob Peterson) [2092074 1955591] - gfs2: Clean up function may_grant (Andreas Gruenbacher) [2092074 1955591] - gfs2: Add wrapper for iomap_file_buffered_write (Andreas Gruenbacher) [2092074 1955591] - iov_iter: Introduce fault_in_iov_iter_writeable (Andreas Gruenbacher) [2092074 1955591] - iov_iter: Turn iov_iter_fault_in_readable into fault_in_iov_iter_readable (Andreas Gruenbacher) [2092074 1955591] - gup: Turn fault_in_pages_{readable,writeable} into fault_in_{readable,writeable} (Andreas Gruenbacher) [2092074 1955591] - powerpc/signal64: Don't opencode page prefaulting (Andreas Gruenbacher) [2092074 1955591] - sanitize iov_iter_fault_in_readable() (Andreas Gruenbacher) [2092074 1955591] - [xarray] iov_iter_fault_in_readable() should do nothing in xarray case (Andreas Gruenbacher) [2092074 1955591] - powerpc/kvm: Fix kvm_use_magic_page (Andreas Gruenbacher) [2092074 1955591] - iov_iter: Fix iov_iter_get_pages{,_alloc} page fault return value (Andreas Gruenbacher) [2092074 1955591] - gfs2: Fix length of holes reported at end-of-file (Andreas Gruenbacher) [2092074 1955591] - gfs2: Remove redundant check from gfs2_glock_dq (Bob Peterson) [2092074 1955591] - gfs2: release iopen glock early in evict (Bob Peterson) [2092074 1955591] - mm: change fault_in_pages_* to have an unsigned size parameter (Andreas Gruenbacher) [2092074 1955591] - gfs2: Eliminate vestigial HIF_FIRST (Bob Peterson) [2092074 1955591] - iomap: remove the iomap arguments to ->page_{prepare,done} (Andreas Gruenbacher) [2092074 1955591] - md: Set MD_BROKEN for RAID1 and RAID10 (Nigel Croxon) [2075075 2048954] - raid5: introduce MD_BROKEN (Nigel Croxon) [2075075 2048954] - drm/i915/ehl: Remove require_force_probe protection (Michel Danzer) [2075567 2048674] - genirq: Use rcu in kstat_irqs_usr() (Waiman Long) [2083308 2068445] - dm integrity: fix memory corruption when tag_size is less than digest size (Benjamin Marzinski) [2082184 2081775]