ELSA-2021-9220
- ULN >
- Oracle Linux Errata repository >
- ELSA-2021-9220
ELSA-2021-9220 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2021-05-10 |
Description
[5.4.17-2102.201.3uek]
- locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (Ali Saidi) [Orabug: 32805544]
[5.4.17-2102.201.2uek]
- md/bitmap: wait for external bitmap writes to complete during tear down (Sudhakar Panneerselvam) [Orabug: 32764237]
- ocfs2: fix deadlock between setattr and dio_end_io_write (Wengang Wang) [Orabug: 32763849]
- tcp: do not mess with cloned skbs in tcp_add_backlog() (Eric Dumazet) [Orabug: 32760314]
- Revert 'x86/vmlinux: Use INT3 instead of NOP for linker fill bytes' (John Donnelly) [Orabug: 32576398] {CVE-2021-3411}
- iommu/vt-d: Fix agaw for a supported 48 bit guest address width (Saeed Mirzamohammadi) [Orabug: 32734148]
- LTS tag: v5.4.85 (Jack Vogel)
- x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (Xiaochen Shen)
- x86/resctrl: Remove unused struct mbm_state::chunks_bw (James Morse)
- membarrier: Explicitly sync remote cores when SYNC_CORE is requested (Andy Lutomirski)
- Revert 'selftests/ftrace: check for do_sys_openat2 in user-memory test' (Kamal Mostafa)
- KVM: mmu: Fix SPTE encoding of MMIO generation upper half (Maciej S. Szmigiero)
- serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (Alexander Sverdlin)
- ALSA: pcm: oss: Fix potential out-of-bounds shift (Takashi Iwai)
- USB: sisusbvga: Make console support depend on BROKEN (Thomas Gleixner)
- USB: UAS: introduce a quirk to set no_write_same (Oliver Neukum)
- xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (Hans de Goede)
- xhci: Give USB2 ports time to enter U3 in bus suspend (Li Jun)
- ALSA: usb-audio: Fix control 'access overflow' errors from chmap (Takashi Iwai)
- ALSA: usb-audio: Fix potential out-of-bounds shift (Takashi Iwai)
- USB: add RESET_RESUME quirk for Snapscan 1212 (Oliver Neukum)
- USB: dummy-hcd: Fix uninitialized array use in init() (Bui Quang Minh)
- ktest.pl: If size of log is too big to email, email error message (Steven Rostedt (VMware))
- net: stmmac: delete the eee_ctrl_timer after napi disabled (Fugang Duan)
- net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux (Martin Blumenstingl)
- net: ll_temac: Fix potential NULL dereference in temac_probe() (Zhang Changzhong)
- lan743x: fix for potential NULL pointer dereference with bare card (Sergej Bauer)
- tcp: fix cwnd-limited bug for TSO deferral where we send nothing (Neal Cardwell)
- tcp: select sane initial rcvq_space.space for big MSS (Eric Dumazet)
- net: stmmac: free tx skb buffer in stmmac_resume() (Fugang Duan)
- bridge: Fix a deadlock when enabling multicast snooping (Joseph Huang)
- enetc: Fix reporting of h/w packet counters (Claudiu Manoil)
- udp: fix the proto value passed to ip_protocol_deliver_rcu for the segments (Xin Long)
- net: hns3: remove a misused pragma packed (Huazhong Tan)
- vrf: packets with lladdr src needs dst at input with orig_iif when needs strict (Stephen Suryaputra)
- net: bridge: vlan: fix error return code in __vlan_add() (Zhang Changzhong)
- mac80211: mesh: fix mesh_pathtbl_init() error path (Eric Dumazet)
- ipv4: fix error return code in rtm_to_fib_config() (Zhang Changzhong)
- ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info() (Peilin Ye)
- LTS tag: v5.4.84 (Jack Vogel)
- compiler.h: fix barrier_data() on clang (Arvind Sankar)
- mm/zsmalloc.c: drop ZSMALLOC_PGTABLE_MAPPING (Minchan Kim)
- x86/apic/vector: Fix ordering in vector assignment (Thomas Gleixner)
- x86/membarrier: Get rid of a dubious optimization (Andy Lutomirski)
- x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (Arvind Sankar)
- scsi: be2iscsi: Revert 'Fix a theoretical leak in beiscsi_create_eqs()' (Dan Carpenter)
- proc: use untagged_addr() for pagemap_read addresses (Miles Chen)
- kbuild: avoid static_assert for genksyms (Arnd Bergmann)
- drm/i915/display/dp: Compute the correct slice count for VDSC on DP (Manasi Navare)
- mmc: block: Fixup condition for CMD13 polling for RPMB requests (Bean Huo)
- pinctrl: amd: remove debounce filter setting in IRQ type setting (Coiby Xu)
- Input: i8042 - add Acer laptops to the i8042 reset list (Chris Chiu)
- Input: cm109 - do not stomp on control URB (Dmitry Torokhov)
- ktest.pl: Fix incorrect reboot for grub2bls (Libo Chen)
- can: m_can: m_can_dev_setup(): add support for bosch mcan version 3.3.0 (Pankaj Sharma)
- platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (Hans de Goede)
- platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (Max Verevkin)
- platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (Timo Witte)
- platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (Hans de Goede)
- platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (Hans de Goede)
- arm64: tegra: Disable the ACONNECT for Jetson TX2 (Jon Hunter)
- soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (Hao Si)
- spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (Ran Wang)
- irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend (Xu Qiang)
- ibmvnic: skip tx timeout reset while in resetting (Lijun Pan)
- interconnect: qcom: qcs404: Remove GPU and display RPM IDs (Georgi Djakov)
- scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (Can Guo)
- ARC: stack unwinding: don't assume non-current task is sleeping (Vineet Gupta)
- arm64: dts: broadcom: clear the warnings caused by empty dma-ranges (Zhen Lei)
- powerpc: Drop -me200 addition to build flags (Michael Ellerman)
- iwlwifi: mvm: fix kernel panic in case of assert during CSA (Sara Sharon)
- iwlwifi: pcie: set LTR to avoid completion timeout (Johannes Berg)
- arm64: dts: rockchip: Assign a fixed index to mmc devices on rk3399 boards. (Markus Reichl)
- iwlwifi: pcie: limit memory read spin time (Johannes Berg)
- x86/lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S (Fangrui Song)
- Kbuild: do not emit debug info for assembly with LLVM_IAS=1 (Nick Desaulniers)
[5.4.17-2102.201.1uek]
- IB/mlx5: Reduce max order of memory allocated for xlt update (Praveen Kumar Kannoju) [Orabug: 32751624]
- netfilter: x_tables: Use correct memory barriers. (Mark Tomlinson) [Orabug: 32709120] {CVE-2021-29650}
- perf/x86/intel: Fix a crash caused by zero PEBS status (Kan Liang) [Orabug: 32669468] {CVE-2021-28971}
- btrfs: fix race when cloning extent buffer during rewind of an old root (Filipe Manana) [Orabug: 32669450] {CVE-2021-28964}
[5.4.17-2102.201.0uek]
- uek-rpm: Update SecureBoot Digicert 2021 certificates (Jack Vogel) [Orabug: 32532663]
- RDMA/rxe: ipc_bench fails on SoftRoCE with shpd (Rao Shoaib) [Orabug: 32716155]
- vhost-vdpa: set v->config_ctx to NULL if eventfd_ctx_fdget() fails (Stefano Garzarella) [Orabug: 32696005] {CVE-2021-29266}
- vhost-vdpa: fix use-after-free of v->config_ctx (Stefano Garzarella) [Orabug: 32696005] {CVE-2021-29266}
- fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 32669269] {CVE-2021-28950}
- fuse: fix bad inode (Miklos Szeredi) [Orabug: 32669269] {CVE-2021-28950}
- RDMA/core: Fix corrupted SL on passive side (Hakon Bugge) [Orabug: 32662965]
- Xen/gnttab: handle p2m update errors on a per-slot basis (Jan Beulich) [Orabug: 32651473] {CVE-2021-28038}
- RDMA/rxe: Compute the maximum sges and inline size based on the WQE size (Rao Shoaib) [Orabug: 32648060]
- KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (Wanpeng Li) [Orabug: 32641672]
- xen/netback: avoid race in xenvif_rx_ring_slots_available() (Juergen Gross) [Orabug: 32640116]
- uek-rpm: ol7: aarch64: add CONFIG_ACPI_HOTPLUG_MEMORY (Mihai Carabas) [Orabug: 32638660]
- KVM: SVM: Disable AVIC before setting V_IRQ (Suravee Suthikulpanit) [Orabug: 32603569]
- KVM: Introduce kvm_make_all_cpus_request_except() (Suravee Suthikulpanit) [Orabug: 32603569]
- KVM: X86: correct meaningless kvm_apicv_activated() check (Paolo Bonzini) [Orabug: 32603569]
- KVM: Disable preemption in kvm_get_running_vcpu() (Marc Zyngier) [Orabug: 32603569]
- KVM: Move running VCPU from ARM to common code (Paolo Bonzini) [Orabug: 32603569]
- xen-blkback: don't leak persistent grants from xen_blkbk_map() (Jan Beulich) [Orabug: 32697850] {CVE-2021-28688}
- video: hyperv_fb: Fix the mmap() regression for v5.4.y and older (Dexuan Cui) [Orabug: 32651461]
Related CVEs
| CVE-2021-28038 |
| CVE-2021-28688 |
| CVE-2021-28964 |
| CVE-2021-29650 |
| CVE-2021-28950 |
| CVE-2021-3411 |
| CVE-2021-28971 |
| CVE-2021-29266 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (aarch64) | kernel-uek-5.4.17-2102.201.3.el7uek.src.rpm | 58f0d93abb6502b0f35ccb5294e399d5 | - |
| kernel-uek-5.4.17-2102.201.3.el7uek.aarch64.rpm | 11399c384abf43819b77b84b0a7bbe8c | - | |
| kernel-uek-debug-5.4.17-2102.201.3.el7uek.aarch64.rpm | 41a20c0fc14323e714df870017cf70a0 | - | |
| kernel-uek-debug-devel-5.4.17-2102.201.3.el7uek.aarch64.rpm | a9f507110a43d36a2d9f23c19cd3c1ed | - | |
| kernel-uek-devel-5.4.17-2102.201.3.el7uek.aarch64.rpm | 9ab050ff9144beb3790e035851849a5c | - | |
| kernel-uek-doc-5.4.17-2102.201.3.el7uek.noarch.rpm | 1900f8916f425b7081debace43f68102 | - | |
| kernel-uek-tools-5.4.17-2102.201.3.el7uek.aarch64.rpm | daa67ad8a18b595e685fabfd81e2e40b | - | |
| kernel-uek-tools-libs-5.4.17-2102.201.3.el7uek.aarch64.rpm | 89b7a23d0dc13ada2746fe1d6a53c3c3 | - | |
| perf-5.4.17-2102.201.3.el7uek.aarch64.rpm | a0873435a88f9bccd4d13737f32ba123 | - | |
| python-perf-5.4.17-2102.201.3.el7uek.aarch64.rpm | d816ce2a7a787abacf0991b1003be3dd | - | |
| Oracle Linux 7 (x86_64) | kernel-uek-5.4.17-2102.201.3.el7uek.src.rpm | 58f0d93abb6502b0f35ccb5294e399d5 | - |
| kernel-uek-5.4.17-2102.201.3.el7uek.x86_64.rpm | 3bd38145ab8f5157aab99c90bc8cd002 | - | |
| kernel-uek-debug-5.4.17-2102.201.3.el7uek.x86_64.rpm | f3439283426999b9c486f3d7a9a4a7b0 | - | |
| kernel-uek-debug-devel-5.4.17-2102.201.3.el7uek.x86_64.rpm | 083e8c5b1f0acc8fba1204129a4d39ba | - | |
| kernel-uek-devel-5.4.17-2102.201.3.el7uek.x86_64.rpm | 4e81f540179525ed3459be88567fc906 | - | |
| kernel-uek-doc-5.4.17-2102.201.3.el7uek.noarch.rpm | 1900f8916f425b7081debace43f68102 | - | |
| kernel-uek-tools-5.4.17-2102.201.3.el7uek.x86_64.rpm | f8fa8abfad847c71e8603ea1d1d8f42c | - | |
| Oracle Linux 8 (aarch64) | kernel-uek-5.4.17-2102.201.3.el8uek.src.rpm | bf4fba379ab760ff9091c279e1be1844 | - |
| kernel-uek-5.4.17-2102.201.3.el8uek.aarch64.rpm | 7b96bcf0dbcb241f5f6adf29ccc31ed7 | - | |
| kernel-uek-debug-5.4.17-2102.201.3.el8uek.aarch64.rpm | c2fa10ca2b6da75e1be90a5a2293771e | - | |
| kernel-uek-debug-devel-5.4.17-2102.201.3.el8uek.aarch64.rpm | db4e79f0071d3a4ddead78b03e967943 | - | |
| kernel-uek-devel-5.4.17-2102.201.3.el8uek.aarch64.rpm | c97d4ddb23ac18f4840e6f0b5e21a343 | - | |
| kernel-uek-doc-5.4.17-2102.201.3.el8uek.noarch.rpm | c2584cbc668dd3f0505e15a1fc822a80 | - | |
| Oracle Linux 8 (x86_64) | kernel-uek-5.4.17-2102.201.3.el8uek.src.rpm | bf4fba379ab760ff9091c279e1be1844 | - |
| kernel-uek-5.4.17-2102.201.3.el8uek.x86_64.rpm | a6c7e5e9ee9350858cddf19d0c2bdb9e | - | |
| kernel-uek-debug-5.4.17-2102.201.3.el8uek.x86_64.rpm | 70fdad9a49f5f34cb78a91d94ea1aef5 | - | |
| kernel-uek-debug-devel-5.4.17-2102.201.3.el8uek.x86_64.rpm | 8ad8f4ec7485740d6f7b89b7ecc340e3 | - | |
| kernel-uek-devel-5.4.17-2102.201.3.el8uek.x86_64.rpm | be65c1c0293572e4f29e9d779b778931 | - | |
| kernel-uek-doc-5.4.17-2102.201.3.el8uek.noarch.rpm | c2584cbc668dd3f0505e15a1fc822a80 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
