ELSA-2020-5755

ELSA-2020-5755 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2020-07-10

Description


[4.14.35-1902.304.6]
- bpf: fix sanitation rewrite in case of non-pointers (Daniel Borkmann) [Orabug: 31552243]

[4.14.35-1902.304.5]
- acpi: disallow loading configfs acpi tables when locked down (Jason A. Donenfeld) [Orabug: 31493187]
- selftests/bpf: do not run test_kmod.sh for UEK5 (Alan Maguire) [Orabug: 31540213]
- bpf: do not allow root to mangle valid pointers (Alexei Starovoitov) [Orabug: 31540213]
- x86/mitigations: reset default value for srbds_mitigation (Mihai Carabas) [Orabug: 31515075]
- x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai Carabas) [Orabug: 31515075]
- x86/mitigations: update MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug: 31515075]
- p54usb: Fix race between disconnect and firmware loading (Alan Stern) [Orabug: 31351863] {CVE-2019-15220}
- media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351671] {CVE-2019-19054}
- mm: Fix mremap not considering huge pmd devmap (Fan Yang) [Orabug: 31452398] {CVE-2020-10757} {CVE-2020-10757}
- tcp: implement coalescing on backlog queue (Eric Dumazet) [Orabug: 31517079]
- tcp: drop dst in tcp_add_backlog() (Eric Dumazet) [Orabug: 31517079]
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (Daniel Borkmann) [Orabug: 31517079]

[4.14.35-1902.304.4]
- rds: Fix potential use after free in rds_ib_inc_free (Hans Westgaard Ry) [Orabug: 31504054]
- cpu/hotplug: Fix 'SMT disabled by BIOS' detection for KVM (Josh Poimboeuf) [Orabug: 31421904]
- RDMA/cm: Spurious WARNING triggered in cm_destroy_id() (Ka-Cheong Poon) [Orabug: 31483289]
- RDMA/cm: Make sure the cm_id is in the IB_CM_IDLE state in destroy (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Allow ib_send_cm_sidr_rep() to be done under lock (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Allow ib_send_cm_rej() to be done under lock (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Allow ib_send_cm_drep() to be done under lock (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Allow ib_send_cm_dreq() to be done under lock (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Add some lockdep assertions for cm_id_priv->lock (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Make the destroy_id flow more robust (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Remove a race freeing timewait_info (Jason Gunthorpe) [Orabug: 31483289]
- RDMA/cm: Use refcount_t type for refcount variable (Danit Goldberg) [Orabug: 31483289]
- net/rds: NULL pointer de-reference in rds_ib_add_one() (Ka-Cheong Poon) [Orabug: 31501438]
- scsi: mpt3sas: Introduce module parameter to override queue depth (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Fix memset() in non-RDPQ mode (Suganath Prabu S) [Orabug: 31486216]
- scsi: mpt3sas: Fix reply queue count in non RDPQ mode (Suganath Prabu S) [Orabug: 31486216]
(Samuel Zou) [Orabug: 31486216]
- scsi: mpt3sas: Fix double free warnings (Suganath Prabu S) [Orabug: 31486216]
- scsi: mpt3sas: Disable DIF when prot_mask set to zero (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Capture IOC data for debugging purposes (Suganath Prabu) [Orabug: 31486216]
- scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (Jason Yan) [Orabug: 31486216]
- scsi: mpt3sas: Remove NULL check before freeing function (Jason Yan) [Orabug: 31486216]
- scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (Suganath Prabu) [Orabug: 31486216]
- scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (Suganath Prabu) [Orabug: 31486216]
- scsi: mpt3sas: Separate out RDPQ allocation to new function (Suganath Prabu) [Orabug: 31486216]
- scsi: mpt3sas: Rename function name is_MSB_are_same (Suganath Prabu) [Orabug: 31486216]
- scsi: mpt3sas: Don't change the DMA coherent mask after allocations (Christoph Hellwig) [Orabug: 31486216]
- scsi: mpt3sas: use true,false for bool variables (Jason Yan) [Orabug: 31486216]
- scsi: mpt3sas: Update drive version to 33.100.00.00 (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Remove usage of device_busy counter (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Print function name in which cmd timed out (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Optimize mpt3sas driver logging (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: print in which path firmware fault occurred (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Handle CoreDump state from watchdog thread (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Add support IOCs new state named COREDUMP (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: renamed _base_after_reset_handler function (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Add support for NVMe shutdown (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Update MPI Headers to v02.00.57 (Sreekanth Reddy) [Orabug: 31486216]
- scsi: mpt3sas: Fix double free in attach error handling (Dan Carpenter) [Orabug: 31486216]
- scsi: mpt3sas: change allocation option (Tomas Henzl) [Orabug: 31486216]
- KVM: VMX: check descriptor table exits on instruction emulation (Oliver Upton) [Orabug: 31397358]

[4.14.35-1902.304.3]
- rebuild bumping release

[4.14.35-1902.304.2]
- bpf: fix sanitation of alu op with pointer / scalar type from different paths (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308}
- bpf: prevent out of bounds speculation on pointer arithmetic (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308}
- bpf: restrict unknown scalars of mixed signed bounds for unprivileged (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308}
- bpf: move {prev_,}insn_idx into verifier env (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308}
- bpf: reduce verifier memory consumption (Alexei Starovoitov) [Orabug: 31350800] {CVE-2019-7308}
- bpf: Prevent memory disambiguation attack (Alexei Starovoitov) [Orabug: 31350800] {CVE-2019-7308}
- Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31476562]
- Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31476562]
- Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31476551]
- scsi: megaraid_sas: Update driver version to 07.714.04.00-rc1 (Chandrakanth Patil) [Orabug: 31481643]
- scsi: megaraid_sas: TM command refire leads to controller firmware crash (Sumit Saxena) [Orabug: 31481643]
- scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (Shivasharan S) [Orabug: 31481643]
- scsi: megaraid_sas: Remove IO buffer hole detection logic (Sumit Saxena) [Orabug: 31481643]
- scsi: megaraid_sas: Limit device queue depth to controller queue depth (Kashyap Desai) [Orabug: 31481643]
- scsi: megaraid: make two symbols static in megaraid_sas_base.c (Jason Yan) [Orabug: 31481643]
- scsi: megaraid: make some symbols static in megaraid_sas_fusion.c (Jason Yan) [Orabug: 31481643]
- scsi: megaraid_sas: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31481643]
- scsi: megaraid_sas: silence a warning (Tomas Henzl) [Orabug: 31481643]
- scsi: megaraid_sas: fix indentation issue (Colin Ian King) [Orabug: 31481643]
- scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Hannes Reinecke) [Orabug: 31481643]
- scsi: megaraid_sas: Update driver version to 07.713.01.00-rc1 (Anand Lodnoor) [Orabug: 31481643]
- scsi: megaraid_sas: Limit the number of retries for the IOCTLs causing firmware fault (Anand Lodnoor) [Orabug: 31481643]
- scsi: megaraid_sas: Re-Define enum DCMD_RETURN_STATUS (Anand Lodnoor) [Orabug: 31481643]
- scsi: megaraid_sas: Do not set HBA Operational if FW is not in operational state (Anand Lodnoor) [Orabug: 31481643]
- scsi: megaraid_sas: Do not kill HBA if JBOD Seqence map or RAID map is disabled (Anand Lodnoor) [Orabug: 31481643]
- scsi: megaraid_sas: Do not kill host bus adapter, if adapter is already dead (Anand Lodnoor) [Orabug: 31481643]
- scsi: megaraid_sas: Update optimal queue depth for SAS and NVMe devices (Anand Lodnoor) [Orabug: 31481643]
- scsi: megaraid_sas: Set no_write_same only for Virtual Disk (Anand Lodnoor) [Orabug: 31481643]
- scsi: megaraid_sas: Reset adapter if FW is not in READY state after device resume (Anand Lodnoor) [Orabug: 31481643]
- scsi: megaraid_sas: Make poll_aen_lock static (YueHaibing) [Orabug: 31481643]
- scsi: megaraid_sas: remove unused variables 'debugBlk','fusion' (zhengbin) [Orabug: 31481643]
- scsi: megaraid_sas: Unique names for MSI-X vectors (Chandrakanth Patil) [Orabug: 31481643]
- scsi: megaraid_sas: Make some functions static (YueHaibing) [Orabug: 31481643]
- scsi: megaraid_sas: fix spelling mistake 'megarid_sas' -> 'megaraid_sas' (Colin Ian King) [Orabug: 31481643]
- media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351117] {CVE-2019-19533}
- ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351890] {CVE-2019-15214}
- ALSA: info: Fix racy addition/deletion of nodes (Takashi Iwai) [Orabug: 31351890] {CVE-2019-15214}
- rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31441472]
- uek-rpm: disable CONFIG_IP_PNP (Anjali Kulkarni) [Orabug: 31454846]
- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352781] {CVE-2020-0543}
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352781] {CVE-2020-0543}
- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31352781] {CVE-2020-0543}
- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31352781] {CVE-2020-0543}
- netdev, octeon3-ethernet: move timecounter init to network driver probe() (Dave Aldridge) [Orabug: 31439190]
- rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]
- can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351139] {CVE-2019-19534}
- uek-rpm: use expand macro with kernel_reqprovconf (Dave Kleikamp) [Orabug: 31454052]
- can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351248] {CVE-2019-19536}
- net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31410596]
- xfs: fix freeze hung (Junxiao Bi) [Orabug: 31245660]
- netlabel: cope with NULL catmap (Paolo Abeni) [Orabug: 31350492] {CVE-2020-10711}
- mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Qing Xu) [Orabug: 31350516] {CVE-2020-12654}
- scsi: sg: add sg_remove_request in sg_write (Wu Bo) [Orabug: 31350698] {CVE-2020-12770}
- block, bfq: fix use-after-free in bfq_idle_slice_timer_body (Zhiqiang Liu) [Orabug: 31350912] {CVE-2020-12657}
- mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350931] {CVE-2020-12653}
- USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan Stern) [Orabug: 31350965] {CVE-2020-12464}

[4.14.35-1902.304.1]
- xfs: add agf freeblocks verify in xfs_agf_verify (Zheng Bin) [Orabug: 31350922] {CVE-2020-12655}
- rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31396425]
- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31396425]
- mwifiex: Abort at too short BSS descriptor element (Takashi Iwai) [Orabug: 31351915] {CVE-2019-3846}
- mwifiex: Fix possible buffer overflows at parsing bss descriptor (Takashi Iwai) [Orabug: 31351915] {CVE-2019-3846} {CVE-2019-3846}
- bnxt_en: Fix accumulation of bp->net_stats_prev. (Vijayendra Suman) [Orabug: 31390689]
- nfs: initiate returning delegation when reclaiming one that's been recalled (Jeff Layton) [Orabug: 31378792]
- NFS: More excessive attribute revalidation in nfs_execute_ok() (Trond Myklebust) [Orabug: 31378792]
- uek-rpm: Add support for building a kdump kernel on MIPS64 (Dave Kleikamp) [Orabug: 31373682]
- uek-rpm: Add config-mips64-embedded-kdump (Henry Willard) [Orabug: 31373682]
- uek-rpm: Don't build kernel-uek-tools or perf packages for mips64 (Dave Kleikamp) [Orabug: 31373682]
- scsi: mptfusion: Fix double fetch bug in ioctl (Dan Carpenter) [Orabug: 31350940] {CVE-2020-12652}
- ptp: fix the race between the release of ptp_clock and cdev (Vladis Dronov) [Orabug: 31350706] {CVE-2020-10690}
- net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31359419]

[4.14.35-1902.304.0]
- mips64/octeon: Initialize netdevice in octeon_pow struct (Vijay Kumar) [Orabug: 31388199]
- uek-rpm/ol7/config-mips64: Disable IRQSOFF_TRACER (Henry Willard) [Orabug: 31386710]
- xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31249146]


Related CVEs


CVE-2019-3846
CVE-2020-10711
CVE-2019-19534
CVE-2020-12654
CVE-2020-0543
CVE-2020-12464
CVE-2020-12653
CVE-2020-12657
CVE-2019-15214
CVE-2019-19533
CVE-2019-15220
CVE-2019-19054
CVE-2019-7308
CVE-2020-10690
CVE-2020-10757
CVE-2020-12652
CVE-2020-12655
CVE-2020-12770
CVE-2019-19536

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) kernel-uek-4.14.35-1902.304.6.el7uek.src.rpmb364366ce8cccb2ef7d804df0ba20b4bELSA-2021-9220
kernel-uek-4.14.35-1902.304.6.el7uek.aarch64.rpm54b798b11e830906f1267a053bf2dbbcELSA-2021-9220
kernel-uek-debug-4.14.35-1902.304.6.el7uek.aarch64.rpmb0508c22a39b97cb2407ab51fe3befefELSA-2021-9220
kernel-uek-debug-devel-4.14.35-1902.304.6.el7uek.aarch64.rpmb7bedf96db7cd1147a9bd1bde81e23f0ELSA-2021-9220
kernel-uek-devel-4.14.35-1902.304.6.el7uek.aarch64.rpm2a0c46915389bd20999bc6f0bef584e0ELSA-2021-9220
kernel-uek-headers-4.14.35-1902.304.6.el7uek.aarch64.rpm7e61aae4aae3d8a2395eea838fa04aedELSA-2021-9222
kernel-uek-tools-4.14.35-1902.304.6.el7uek.aarch64.rpma24732746a56c9c34472624ffedd325bELSA-2021-9220
kernel-uek-tools-libs-4.14.35-1902.304.6.el7uek.aarch64.rpm427989d38539b4408b99335571231ad2ELSA-2021-9220
kernel-uek-tools-libs-devel-4.14.35-1902.304.6.el7uek.aarch64.rpmc559a8083daa38cd706ab990c43ead6aELSA-2021-9222
perf-4.14.35-1902.304.6.el7uek.aarch64.rpmbc18b477633137a7d91b34574482b149ELSA-2021-9220
python-perf-4.14.35-1902.304.6.el7uek.aarch64.rpm940015f62c851bfada584d626facfd0dELSA-2021-9220
Oracle Linux 7 (x86_64) kernel-uek-4.14.35-1902.304.6.el7uek.src.rpmb364366ce8cccb2ef7d804df0ba20b4bELSA-2021-9220
kernel-uek-4.14.35-1902.304.6.el7uek.x86_64.rpme3971fd277b7a01d387937f73d4c9bdbELSA-2021-9220
kernel-uek-debug-4.14.35-1902.304.6.el7uek.x86_64.rpmbc7dec44cb1be2b241a92a6aef4937f8ELSA-2021-9220
kernel-uek-debug-devel-4.14.35-1902.304.6.el7uek.x86_64.rpm1bad1fb0133a802af5579cc331d2fabeELSA-2021-9220
kernel-uek-devel-4.14.35-1902.304.6.el7uek.x86_64.rpm973c1c5a55d8eb3c41788f58d6d66e71ELSA-2021-9220
kernel-uek-doc-4.14.35-1902.304.6.el7uek.noarch.rpmabf8f49ab7d60a08f30032977fcdc52dELSA-2021-9220
kernel-uek-tools-4.14.35-1902.304.6.el7uek.x86_64.rpmb6c2308788fb5d6bba6f794a75831e5aELSA-2021-9220



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete