ELSA-2020-5923

ULN >
Oracle Linux Errata repository >
ELSA-2020-5923

ELSA-2020-5923 - Unbreakable Enterprise kernel-container security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2020-11-12

Description

[4.14.35-2025.402.2.1.el7]
- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug:
32040805] {CVE-2020-8694} {CVE-2020-8695}

[4.14.35-2025.402.2.el7]
- ocfs2: fix remounting needed after setfacl command (Gang He)
- Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770]
- drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349]
- i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050]
- bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757]
- SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763]
- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520]
- qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276]

[4.14.35-2025.402.1.el7]
- configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427]
- IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798]
- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643}
- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303]
- SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341]
- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645}
- nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898]
- xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343]
- nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357]
- nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357]
- uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273]
- arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273]
- ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790]
- rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320]
- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003]
- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118]
- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118]
- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118]
- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541}
- Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205]
- btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377}
- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448}
- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385}
- net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603]
- mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603]
- mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603]
- mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603]
- ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830]
- ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830]
- blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284]
- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336]

[4.14.35-2025.402.0.el7]
- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089}
- efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380}
- RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865]
- rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865]
- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372]
- EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136]
- EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136]
- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346]
- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765]
- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765]
- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765]
- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765]
- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356}
- bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453]
- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211}
- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}
- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}
- KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096]
- Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628]
- uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869]
- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641}
- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628]

Related CVEs

CVE-2020-8694

CVE-2020-8695

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 7 (x86_64)	kernel-uek-container-4.14.35-2025.402.2.1.el7.src.rpm	588d6b419a11461414cbc3b60748ee30	ELSA-2021-9221
	kernel-uek-container-4.14.35-2025.402.2.1.el7.x86_64.rpm	91ea54deb30b375b29fe1e51ff72cf01	ELSA-2021-9221

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691