ELSA-2021-9085

ELSA-2021-9085 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2021-03-11

Description


[5.4.17-2036.104.4.el8uek]
- KVM: arm64: guest context in x18 instead of x29 (Mihai Carabas) [Orabug: 32545182]

[5.4.17-2036.104.3.el8uek]
- config: enable CONFIG_MLX5_MPFS (Brian Maly) [Orabug: 32249042]
- net: Fix bridge enslavement failure (Ido Schimmel) [Orabug: 32503298]
- inet: do not call sublist_rcv on empty list (Florian Westphal) [Orabug: 32512814]
- KVM: arm64: pmu: Dont mark a counter as chained if the odd one is disabled (Eric Auger) [Orabug: 32499188]
- random: wire /dev/random with a DRBG instance (Saeed Mirzamohammadi) [Orabug: 32522087]
- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) [Orabug: 32522087]
- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) [Orabug: 32522087]
- crypto: jitter - SP800-90B compliance (Stephan Muller) [Orabug: 32522087]
- crypto: jitter - add header to fix buildwarnings (Ben Dooks) [Orabug: 32522087]
- crypto: jitter - fix comments (Alexander E. Patrakov) [Orabug: 32522087]
- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492109] {CVE-2021-26930}
- xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}
- xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}
- xen-blkback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}
- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}

[5.4.17-2036.104.2.el8uek]
- tcp: fix to update snd_wl1 in bulk receiver fast path (Neal Cardwell) [Orabug: 32498822]
- selinux: allow reading labels before policy is loaded (Jonathan Lebon) [Orabug: 32492277]
- selinux: allow labeling before policy is loaded (Jonathan Lebon) [Orabug: 32492277]
- KVM: SVM: Initialize prev_ga_tag before use (Suravee Suthikulpanit) [Orabug: 32478549]
- tools/power turbostat: Support additional CPU model numbers (Len Brown) [Orabug: 32422451]
- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) [Orabug: 32422451]
- x86/cpu: Add Sapphire Rapids CPU model number (Tony Luck) [Orabug: 32422451]
- tools/power turbostat: Support Tiger Lake (Chen Yu) [Orabug: 32422451]
- uek-rpm: config-aarch64: enable MEMORY HOTREMOVE (Mihai Carabas) [Orabug: 32353851]
- arm64/mm/hotplug: Ensure early memory sections are all online (Anshuman Khandual) [Orabug: 32353851]
- arm64/mm/hotplug: Enable MEM_OFFLINE event handling (Anshuman Khandual) [Orabug: 32353851]
- arm64/mm/hotplug: Register boot memory hot remove notifier earlier (Anshuman Khandual) [Orabug: 32353851]
- arm64/mm: Enable memory hot remove (Anshuman Khandual) [Orabug: 32353851]
- arm64/mm: Hold memory hotplug lock while walking for kernel page table dump (Anshuman Khandual) [Orabug: 32353851]
- KVM: arm64: Save/restore sp_el0 as part of __guest_enter (Marc Zyngier) [Orabug: 32171445]
- net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32492969]
- net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32492969]

[5.4.17-2036.104.1.el8uek]
- vhost scsi: alloc vhost_scsi with kvzalloc() to avoid delay (Dongli Zhang) [Orabug: 32471677]
- HID: hid-input: fix stylus battery reporting (Dmitry Torokhov) [Orabug: 32464784] {CVE-2020-0431}
- nbd: freeze the queue while were adding connections (Josef Bacik) [Orabug: 32447285] {CVE-2021-3348}
- futex: Handle faults correctly for PI futexes (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Simplify fixup_pi_state_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Dont enable IRQs unconditionally in put_pi_state() (Dan Carpenter) [Orabug: 32447187] {CVE-2021-3347}
- futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- uek-rpm: Enable Oracle Pilot BMC module (Eric Snowberg) [Orabug: 32422662]
- hwmon: Add a new Oracle Pilot BMC driver (Eric Snowberg) [Orabug: 32422662]
- arm64: Reserve only 256M on RPi for crashkernel=auto (Vijay Kumar) [Orabug: 32301026]

[5.4.17-2036.104.0.el8uek]
- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426610]
- thermal: intel_pch_thermal: Add PCI ids for Lewisburg PCH. (Andres Freund) [Orabug: 32424705]
- thermal: intel: intel_pch_thermal: Add Cannon Lake Low Power PCH support (Sumeet Pawnikar) [Orabug: 32424705]
- thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (Gayatri Kammela) [Orabug: 32424705]
- nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug: 32350989]
- ovl: check permission to open real file (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}
- ovl: verify permissions in ovl_path_open() (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}
- ovl: switch to mounter creds in readdir (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}
- ovl: pass correct flags for opening real directory (Miklos Szeredi) [Orabug: 32046372]
- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381883]


Related CVEs


CVE-2021-26932
CVE-2020-0431
CVE-2020-16120
CVE-2021-3347
CVE-2021-3348
CVE-2021-26930
CVE-2021-26931

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64)kernel-uek-5.4.17-2036.104.4.el7uek.aarch64.rpm4a92ec6a4fe16edd2817f15c31a067e8ELSA-2021-9220
kernel-uek-debug-5.4.17-2036.104.4.el7uek.aarch64.rpm506190a9f70c452fc426924900ac2e27ELSA-2021-9220
kernel-uek-debug-devel-5.4.17-2036.104.4.el7uek.aarch64.rpm6f0a9e901e266415027e960762d458f7ELSA-2021-9220
kernel-uek-devel-5.4.17-2036.104.4.el7uek.aarch64.rpm0cf40f9865b7555372f2e3f21b077458ELSA-2021-9220
kernel-uek-doc-5.4.17-2036.104.4.el7uek.noarch.rpm4d41318b38769cca333e3e924b94c965ELSA-2021-9220
kernel-uek-tools-5.4.17-2036.104.4.el7uek.aarch64.rpmf47a58af148657275a28f16ac1c0a64bELSA-2021-9220
kernel-uek-tools-libs-5.4.17-2036.104.4.el7uek.aarch64.rpmeb9834977d71e703a284ca817222c27bELSA-2021-9220
perf-5.4.17-2036.104.4.el7uek.aarch64.rpme4ac381fc0af903593e0d7064dfb0015ELSA-2021-9220
python-perf-5.4.17-2036.104.4.el7uek.aarch64.rpm97032f4f9854e3888ba5b043d7bfaa86ELSA-2021-9220
Oracle Linux 7 (x86_64)kernel-uek-5.4.17-2036.104.4.el7uek.x86_64.rpmd7549ca53badbf603e26d223cbcbc588ELSA-2021-9220
kernel-uek-debug-5.4.17-2036.104.4.el7uek.x86_64.rpmf4f48f244551b8163514879f2818a732ELSA-2021-9220
kernel-uek-debug-devel-5.4.17-2036.104.4.el7uek.x86_64.rpm5fa963505abea34c0d778db07200d269ELSA-2021-9220
kernel-uek-devel-5.4.17-2036.104.4.el7uek.x86_64.rpmff77716a9b47e5ee775940510908a4d1ELSA-2021-9220
kernel-uek-doc-5.4.17-2036.104.4.el7uek.noarch.rpm4d41318b38769cca333e3e924b94c965ELSA-2021-9220
kernel-uek-tools-5.4.17-2036.104.4.el7uek.x86_64.rpm360933a0c1392ade02613afae3a267d3ELSA-2021-9220
Oracle Linux 8 (aarch64) kernel-uek-5.4.17-2036.104.4.el8uek.src.rpm66a192ba30c9d048ec421ffbde22092d-
kernel-uek-5.4.17-2036.104.4.el8uek.aarch64.rpmfe669575eaab41d5b01da76e8e4dab44-
kernel-uek-debug-5.4.17-2036.104.4.el8uek.aarch64.rpm7ae29df32df355f9e2ab5a9ee86b6355-
kernel-uek-debug-devel-5.4.17-2036.104.4.el8uek.aarch64.rpm59746ac5973ac6a679169dec758382fb-
kernel-uek-devel-5.4.17-2036.104.4.el8uek.aarch64.rpmc40dbffdca4d4e7fdd0e0f5ad5d042f0-
kernel-uek-doc-5.4.17-2036.104.4.el8uek.noarch.rpm0a3f3e498b8b13aed33f5a5ca2636de3-
Oracle Linux 8 (x86_64) kernel-uek-5.4.17-2036.104.4.el8uek.src.rpm66a192ba30c9d048ec421ffbde22092d-
kernel-uek-5.4.17-2036.104.4.el8uek.x86_64.rpmdf358710701109e71d90c0c7330d8490-
kernel-uek-debug-5.4.17-2036.104.4.el8uek.x86_64.rpmd745d3a635344084fbd14b9db9f903b3-
kernel-uek-debug-devel-5.4.17-2036.104.4.el8uek.x86_64.rpmfb1772b9add5dc87df5778e31b824a20-
kernel-uek-devel-5.4.17-2036.104.4.el8uek.x86_64.rpmf9cae174f456b01f0ef0ab8aa3cf92b0-
kernel-uek-doc-5.4.17-2036.104.4.el8uek.noarch.rpm0a3f3e498b8b13aed33f5a5ca2636de3-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete