ELBA-2020-5846

ELBA-2020-5846 - Unbreakable Enterprise kernel-container bug fix update

Type:	BUG
Severity:	NA
Release Date:	2020-09-14

Description

[4.14.35-1902.306.2.el7]
- rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783150]
- sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices (Dave Chiluk) [Orabug: 31350999] {CVE-2019-19922}
- sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [Orabug: 31350999] {CVE-2019-19922}
- sched/fair: Fix bandwidth timer clock drift condition (Xunlei Pang) [Orabug: 31350999] {CVE-2019-19922}
- btrfs: tree-checker: Verify block_group_item (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-check: reduce stack consumption in check_dir_item (David Sterba) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: use %zu format string for size_t (Arnd Bergmann) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: Add checker for dir item (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: Fix false panic for sanity test (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: Enhance btrfs_check_node output (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Move leaf and node validation checker to tree-checker.c (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Add checker for EXTENT_CSUM (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Add sanity check for EXTENT_DATA when reading out leaf (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Check if item pointer overlaps with the item itself (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Refactor check_leaf function for later expansion (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784659]
- nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31779888] {CVE-2020-24394}
- Reverts 'rds: avoid unnecessary cong_update in loop transport' (Iraimani Pavadai) [Orabug: 31741325]
- sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351959] {CVE-2019-3874}
- vhost_net: fix possible infinite loop (Jason Wang) [Orabug: 31351949] {CVE-2019-3900}
- vhost: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351949] {CVE-2019-3900}
- vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351949] {CVE-2019-3900}
- vhost_net: use packet weight for rx handler, too (Paolo Abeni) [Orabug: 31351949] {CVE-2019-3900}
- vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang()) [Orabug: 31351949] {CVE-2019-3900}
- repair kABI breakage from 'fs: prevent page refcount overflow in pipe_buf_get' (Dan Duval) [Orabug: 31351940] {CVE-2019-11487}
- mm: add 'try_get_page()' helper function (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487}
- mm: prevent get_user_pages() from overflowing page refcount (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487}
- mm: make page ref count overflow check tighter and more explicit (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487}
- tracing: Fix buffer_ref pipe ops (Jann Horn) [Orabug: 31351940] {CVE-2019-11487}
- RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784892]
- net/rds: rds_ib_remove_one() needs to wait (Ka-Cheong Poon) [Orabug: 31794612]
- uek-rpm: Disable secureboot signing for OL7 aarch64 (Somasundaram Krishnasamy) [Orabug: 31793663]

[4.14.35-1902.306.1.el7]
- net/mlx5e: Poll event queue upon TX timeout before performing full channels recovery (Eran Ben Elisha) [Orabug: 31753102]
- crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535528] {CVE-2020-10769}
- mac80211: Do not send Layer 2 Update frame before authorization (Jouni Malinen) [Orabug: 31473651] {CVE-2019-5108}
- cfg80211/mac80211: make ieee80211_send_layer2_update a public function (Dedy Lansky) [Orabug: 31473651] {CVE-2019-5108}
- sunrpc: use-after-free in svc_process_common() (Vasily Averin) [Orabug: 31351994] {CVE-2018-16884}
- sunrpc: use SVC_NET() in svcauth_gss_* functions (Vasily Averin) [Orabug: 31351994] {CVE-2018-16884}
- RDMA/cxgb4: Do not dma memory off of the stack (Greg KH) [Orabug: 31351782] {CVE-2019-17075}
- btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31351745] {CVE-2019-18885}
- fs/namespace.c: fix mountpoint reference counter race (Piotr Krysiuk) [Orabug: 31350975] {CVE-2020-12114}
- kernel/sysctl.c: fix out-of-bounds access when setting file-max (Will Deacon) [Orabug: 31350719] {CVE-2019-14898}
- sysctl: handle overflow for file-max (Christian Brauner) [Orabug: 31350719] {CVE-2019-14898}
- nl80211: validate beacon head (Johannes Berg) [Orabug: 30785180] {CVE-2019-16746}
- cfg80211: Use const more consistently in for_each_element macros (Jouni Malinen) [Orabug: 30785180] {CVE-2019-16746}
- cfg80211: add and use strongly typed element iteration macros (Johannes Berg) [Orabug: 30785180] {CVE-2019-16746}
- net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31755755]
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688622]
- can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351220] {CVE-2019-19535}
- rds: Test parameter in rds_ib_recv_cache_put (Hans Westgaard Ry) [Orabug: 31737044]
- vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705120] {CVE-2020-14331}
- md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31602420]
- md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31602420]
- random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698084] {CVE-2020-16166}
- x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (Anthony Steinhauser) [Orabug: 31557804] {CVE-2020-10767}
- Revert 'zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()' (Wade Mealing) [Orabug: 31510724] {CVE-2020-10781}
- genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723449]
- bonding: Force slave speed check after link state recovery for 802.3ad (Thomas Falcon) [Orabug: 31730609]
- bonding/802.3ad: fix slave link initialization transition states (Jarod Wilson) [Orabug: 31730609]
- bonding/802.3ad: fix link_failure_count tracking (Jarod Wilson) [Orabug: 31730609]
- bonding: speed/duplex update at NETDEV_UP event (Mahesh Bandewar) [Orabug: 31730609]
- net/rds: Incorrect WARN_ON() (Ka-Cheong Poon) [Orabug: 31718164]
- net/rds: rds_ib_remove_one() should not call rds_ib_dev_free_dev() (Ka-Cheong Poon) [Orabug: 31718164]
- KVM: nVMX: include conditional controls in /dev/kvm KVM_GET_MSRS (Paolo Bonzini) [Orabug: 31699256]
- KVM: x86: introduce is_pae_paging (Paolo Bonzini) [Orabug: 31699256]
- selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore) [Orabug: 31439368] {CVE-2020-10751}
- af_packet: set defaule value for tmo (Mao Wenan) [Orabug: 31439106] {CVE-2019-20812}
- hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380494]
- fix kABI breakage from 'netns: provide pure entropy for net_hash_mix()' (Dan Duval) [Orabug: 31351903] {CVE-2019-10638} {CVE-2019-10639}
- media: usb: siano: Fix general protection fault in smsusb (Alan Stern) [Orabug: 31351873] {CVE-2019-15218}
- cfg80211: wext: avoid copying malformed SSIDs (Will Deacon) [Orabug: 31351799] {CVE-2019-17133}
- can: gs_usb: gs_can_open(): prevent memory leak (Navid Emamdoost) [Orabug: 31351681] {CVE-2019-19052}
- rtlwifi: prevent memory leak in rtl_usb_probe (Navid Emamdoost) [Orabug: 31351625] {CVE-2019-19063}
- scsi: bfa: release allocated memory in case of error (Navid Emamdoost) [Orabug: 31351613] {CVE-2019-19066}
- ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351571] {CVE-2019-19073}
- ath9k: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351558] {CVE-2019-19074}
- ath10k: fix memory leak (Navid Emamdoost) [Orabug: 31351531] {CVE-2019-19078}
- bcache: fix potential deadlock problem in btree_gc_coalesce (Zhiqiang Liu) [Orabug: 31350645] {CVE-2020-12771}
- rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31513037]
- rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31513037]

[4.14.35-1902.305.4.el7]
- ptp: free ptp device pin descriptors properly (Vladis Dronov) [Orabug:
31710994]

[4.14.35-1902.305.3.el7]
- fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350638] {CVE-2020-10732}
- PCI: vmd: Filter resource type bits from shadow register (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Add device id for VMD device 8086:9A0B (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Fix shadow offsets to reflect spec changes (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Fix config addressing when using bus offsets (Jon Derrick) [Orabug: 31674879]
- PCI/VMD: Configure MPS settings before adding devices (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Add an additional VMD device id to driver device id table (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Add offset to bus numbers if necessary (Jon Derrick) [Orabug: 31674879]
- PCI: vmd: Assign membar addresses from shadow registers (Jon Derrick) [Orabug: 31674879]
- PCI: Add Intel VMD devices to pci ids (Jon Derrick) [Orabug: 31674879]
- misc: pvpanic: add crash loaded event (zhenwei pi) [Orabug: 31677099]
- kvm: Increase KVM_USER_MEM_SLOTS for dense memory hotplug (Eric DeVolder) [Orabug: 31694369]

[4.14.35-1902.305.2.el7]
- net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31445419] {CVE-2019-20811}
- vfio-pci: protect remap_pfn_range() from simultaneous calls (Ankur Arora) [Orabug: 31663632] {CVE-2020-12888}
- crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351639] {CVE-2019-19062}
- iwlwifi: pcie: fix rb_allocator workqueue allocation (Johannes Berg) [Orabug: 31351807] {CVE-2019-16234}
- RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666974]
- Revert 'uek-rpm: Move grub boot menu update to posttrans stage.' (Somasundaram Krishnasamy) [Orabug: 31358100]
- net: dsa: Do not leave DSA master with NULL netdev_ops (Allen Pais) [Orabug: 31038233]
- rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry) [Orabug: 30358057]
- certs: Remove Oracle cert compiled into the kernel (Eric Snowberg) [Orabug: 31555628]
- CIFS: dump IPC tcon in debug proc file (Aurelien Aptel) [Orabug: 31500374]
- CIFS: use tcon_ipc instead of use_ipc parameter of SMB2_ioctl (Aurelien Aptel) [Orabug: 31500374]
- CIFS: make IPC a regular tcon (Aurelien Aptel) [Orabug: 31500374]
- CIFS: dont log STATUS_NOT_FOUND errors for DFS (Aurelien Aptel) [Orabug: 31500374]
- efi: Restrict efivar_ssdt_load when the kernel is locked down (Matthew Garrett) [Orabug: 31643409] {CVE-2019-20908}
- uek-rpm: drivers: enable VMD PCIe controller (Todd Vierling) [Orabug: 30646928]
- ext4: fix ext4_empty_dir() for directories with holes (Jan Kara) [Orabug: 31265319] {CVE-2019-19037}
- IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31631531]
- ocfs2: change slot number type s16 to u16 (Junxiao Bi) [Orabug: 31480605]
- ocfs2: fix value of OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31480605]
- ocfs2: fix panic on nfs server over ocfs2 (Junxiao Bi) [Orabug: 31480605]
- ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug: 31480605]
- ocfs2: avoid inode removal while nfsd is accessing it (Junxiao Bi) [Orabug: 31480605]

[4.14.35-1902.305.1.el7]
- x86/{mce,mm}: Unmap the entire page if the whole page is affected and poisoned (Tony Luck) [Orabug: 31601132]
- libertas: fix a potential NULL pointer dereference (Allen Pais) [Orabug: 31351822] {CVE-2019-16232}
- ext4: work around deleting a file with i_nlink == 0 safely (Theodore Tso) [Orabug: 31351013] {CVE-2019-19447}

[4.14.35-1902.305.0.el7]
- thermal: support for Marvell Octeon TX SoC temperature sensors (Eric Saint-Etienne) [Orabug: 31564706]
- thermal: support for Marvell Octeon TX2 SoC temperature sensors (Eric Saint-Etienne) [Orabug: 31564706]
- x86/speculation: Prevent rogue cross-process SSBD shutdown (Anthony Steinhauser) [Orabug: 31557902] {CVE-2020-10768}
- psi: Fix double free (Tom Hromatka) [Orabug: 31535640]
- vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio/pci: Mask buggy SR-IOV VF INTx support (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Jiang Yi) [Orabug: 31439670] {CVE-2020-12888}
- vfio/pci: Pull BAR mapping setup from read-write path (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio_pci: Enable memory accesses before calling pci_map_rom (Eric Auger) [Orabug: 31439670] {CVE-2020-12888}
- vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug: 31439670] {CVE-2020-12888}
- vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Sean Christopherson) [Orabug: 31439670] {CVE-2020-12888}
- of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351701] {CVE-2019-19049}

Updated Packages

Release/Architecture

Filename

MD5sum

Superseded By Advisory

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team