ELSA-2020-0834

ELSA-2020-0834 - kernel security, bug fix, and enhancement update

Type:SECURITY
Severity:IMPORTANT
Release Date:2020-03-18

Description


[3.10.0-1062.18.1.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]

[3.10.0-1062.18.1]
- [x86] x86/boot/64: Round memory hole size up to next PMD page (Frank Ramsay) [1798163 1773762]
- [x86] x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (Frank Ramsay) [1798163 1773762]
- [fs] gfs2: Use d_materialise_unique instead of d_splice_alias (2) (Andreas Grunbacher) [1796431 1784550]
- [fs] gfs2: gfs2_create_inode(): don't bother with d_splice_alias() (Andreas Grunbacher) [1796431 1784550]
- [fs] gfs2: bugger off early if O_CREAT open finds a directory (Andreas Grunbacher) [1796431 1784550]
- [scsi] scsi: hpsa: remove printing internal cdb on tag collision (Joseph Szczypek) [1793579 1741355]
- [scsi] scsi: hpsa: correct scsi command status issue after reset (Joseph Szczypek) [1793579 1741355]
- [infiniband] IB/mlx5: Fix MR registration flow to use UMR properly (Alaa Hleihel) [1792371 1741343]
- [scsi] qedf: Initialize rport while creation of vport (Nilesh Javali) [1791825 1760746]
- [scsi] scsi: hpsa: add missing hunks in reset-patch (Joseph Szczypek) [1791782 1761978]
- [block] block: don't change REQ_NR_BITS (Ming Lei) [1791781 1779712]
- [scsi] scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (Himanshu Madhani) [1791595 1729270]
- [drm] drm/radeon: fix si_enable_smc_cac() failed issue (Dave Airlie) [1789744 1780026]
- [scsi] scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Nilesh Javali) [1784824 1772966]
- [md] md/raid10: prevent access of uninitialized resync_pages offset (Nigel Croxon) [1781584 1767935]
- [fs] fix inode leaks on d_splice_alias() failure exits (Miklos Szeredi) [1781159 1749390]
- [fs] cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (David Howells) [1780149 1765975]
- [mm] mm: swap: clean up swap readahead (Rafael Aquini) [1780035 1725396]
- [mm] mm: do_swap_page: clean up parameter list passing a pointer to struct vm_fault (Rafael Aquini) [1780035 1725396]
- [mm] mm: __handle_mm_fault: introduce explicit barrier after orig_pte dereference (Rafael Aquini) [1780035 1725396]
- [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [1779766 1779768]
- [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm: x86: Mark expected switch fall-throughs (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [s390] scsi: zfcp: fix reaction on bit error threshold notification (Philipp Rudo) [1778691 1765123]
- [net] ipv6: Rewind hlist offset on interrupted /proc/net/if_inet6 read (Stefano Brivio) [1778084 1753480]
- [net] revert '[net] ipv6: Display all addresses in output of /proc/net/if_inet6' (Stefano Brivio) [1778084 1753480]
- [wireless] rtlwifi: Fix potential overflow on P2P code (Josef Oskera) [1775235 1775236] {CVE-2019-17666}
- [md] md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (Xiao Ni) [1773482 1752061]
- [fs] fscache: Don't use a constructor function on the slab allocator (David Howells) [1793086 1739996]
- [mm] mm: fix insert_pfn regression (Jeff Moyer) [1793088 1739889]
- [mm] mm/page_idle.c: fix oops because end_pfn is larger than max_pfn (Rafael Aquini) [1768386 1730471]
- [mm] mm/mlock.c: mlockall error for flag MCL_ONFAULT (Rafael Aquini) [1768386 1730471]
- [mm] hugetlb: use same fault hash key for shared and private mappings (Rafael Aquini) [1768386 1730471]
- [mm] hugetlbfs: on restore reserve error path retain subpool reservation (Rafael Aquini) [1768386 1730471]
- [mm] mm/memory.c: fix modifying of page protection by insert_pfn() (Rafael Aquini) [1768386 1730471]
- [mm] mm, swap: bounds check swap_info array accesses to avoid NULL derefs (Rafael Aquini) [1768386 1730471]
- [mm] mm/slub.c: remove an unused addr argument (Rafael Aquini) [1768386 1730471]
- [mm] hugetlbfs: fix races and page leaks during migration (Rafael Aquini) [1768386 1730471]
- [mm] mm, oom: fix use-after-free in oom_kill_process (Rafael Aquini) [1768386 1730471]
- [mm] percpu: convert spin_lock_irq to spin_lock_irqsave (Rafael Aquini) [1768386 1730471]
- [mm] mm/swapfile.c: use kvzalloc for swap_info_struct allocation (Rafael Aquini) [1768386 1730471]
- [mm] hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (Rafael Aquini) [1768386 1730471]
- [mm] mm: Fix warning in insert_pfn() (Rafael Aquini) [1768386 1730471]
- [mm] hugetlbfs: dirty pages as they are added to pagecache (Rafael Aquini) [1768386 1730471]
- [mm] mm/swapfile.c: fix swap_count comment about nonexistent SWAP_HAS_CONT (Rafael Aquini) [1768386 1730471]
- [mm] slab: __GFP_ZERO is incompatible with a constructor (Rafael Aquini) [1768386 1730471]
- [mm] mm: fix the NULL mapping case in __isolate_lru_page() (Rafael Aquini) [1768386 1730471]
- [mm] mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (Rafael Aquini) [1768386 1730471]
- [fs] block_invalidatepage(): only release page if the full page was invalidated (Rafael Aquini) [1768386 1730471]
- [mm] mm/mempolicy.c: avoid use uninitialized preferred_node (Rafael Aquini) [1768386 1730471]
- [mm] mm: pin address_space before dereferencing it while isolating an LRU page (Rafael Aquini) [1768386 1730471]
- [fs] fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (Rafael Aquini) [1768386 1730471]
- [mm] mm: do not rely on preempt_count in print_vma_addr (Rafael Aquini) [1768386 1730471]
- [mm] mm, swap: fix race between swap count continuation operations (Rafael Aquini) [1768386 1730471]
- [mm] mm: meminit: mark init_reserved_page as __meminit (Rafael Aquini) [1768386 1730471]
- [mm] mm/vmstat.c: fix wrong comment (Rafael Aquini) [1768386 1730471]
- [mm] mm, hugetlb: do not allocate non-migrateable gigantic pages from movable zones (Rafael Aquini) [1768386 1730471]
- [mm] mm: always flush VMA ranges affected by zap_page_range (Rafael Aquini) [1768386 1730471]
- [mm] mm/mremap: fail map duplication attempts for private mappings (Rafael Aquini) [1768386 1730471]
- [mm] mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (Rafael Aquini) [1768386 1730471]
- [mm] mm: numa: avoid waiting on freed migrated pages (Rafael Aquini) [1768386 1730471]
- [mm] mm/memory-failure.c: use compound_head() flags for huge pages (Rafael Aquini) [1768386 1730471]
- [fs] fs/block_dev: always invalidate cleancache in invalidate_bdev() (Rafael Aquini) [1768386 1730471]
- [mm] percpu: remove unused chunk_alloc parameter from pcpu_get_pages() (Rafael Aquini) [1768386 1730471]
- [mm] percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages (Rafael Aquini) [1768386 1730471]
- [mm] mm: do not access page->mapping directly on page_endio (Rafael Aquini) [1768386 1730471]
- [mm] mm/page_alloc: fix nodes for reclaim in fast path (Rafael Aquini) [1768386 1730471]
- [mm] mm: alloc_contig_range: allow to specify GFP mask (Rafael Aquini) [1768386 1730471]
- [mm] mm: vmscan: scan dirty pages even in laptop mode (Rafael Aquini) [1768386 1730471]
- [mm] mm/mempolicy.c: do not put mempolicy before using its nodemask (Rafael Aquini) [1768386 1730471]
- [mm] mm: fix set pageblock migratetype in deferred struct page init (Rafael Aquini) [1768386 1730471]
- [mm] mm: delete unnecessary and unsafe init_tlb_ubc() (Rafael Aquini) [1768386 1730471]
- [kernel] mm, mempolicy: task->mempolicy must be NULL before dropping final reference (Rafael Aquini) [1768386 1730471]
- [mm] mm: use phys_addr_t for reserve_bootmem_region() arguments (Rafael Aquini) [1768386 1730471]
- [mm] mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (Rafael Aquini) [1768386 1730471]
- [mm] mm: soft-offline: check return value in second __get_any_page() call (Rafael Aquini) [1768386 1730471]
- [include] include/linux/memblock.h: fix ordering of 'flags' argument in comments (Rafael Aquini) [1768386 1730471]
- [mm] rmap: fix theoretical race between do_wp_page and shrink_active_list (Rafael Aquini) [1768386 1730471]
- [mm] mm/mremap.c: clean up goto just return ERR_PTR (Rafael Aquini) [1768386 1730471]
- [mm] mremap should return -ENOMEM when __vm_enough_memory fail (Rafael Aquini) [1768386 1730471]
- [mm] writeback: fix possible underflow in write bandwidth calculation (Rafael Aquini) [1768386 1730471]
- [mm] writeback: add missing INITIAL_JIFFIES init in global_update_bandwidth() (Rafael Aquini) [1768386 1730471]
- [mm] mm/memory.c: actually remap enough memory (Rafael Aquini) [1768386 1730471]
- [mm] mm/compaction: fix wrong order check in compact_finished() (Rafael Aquini) [1768386 1730471]
- [mm] mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed (Rafael Aquini) [1768386 1730471]
- [mm] mm: fix anon_vma_clone() error treatment (Rafael Aquini) [1768386 1730471]
- [mm] mm, thp: fix collapsing of hugepages on madvise (Rafael Aquini) [1768386 1730471]
- [mm] cgroup/kmemleak: add kmemleak_free() for cgroup deallocations (Rafael Aquini) [1768386 1730471]
- [mm] OOM, PM: OOM killed task shouldn't escape PM suspend (Rafael Aquini) [1768386 1730471]
- [mm] mm, compaction: pass gfp mask to compact_control (Rafael Aquini) [1768386 1730471]
- [mm] mm: page_alloc: abort fair zone allocation policy when remotes nodes are encountered (Rafael Aquini) [1768386 1730471]
- [mm] mm: vmscan: only update per-cpu thresholds for online CPU (Rafael Aquini) [1768386 1730471]
- [mm] mm, thp: replace smp_mb after atomic_add by smp_mb__after_atomic (Rafael Aquini) [1768386 1730471]
- [mm] mm, thp: move invariant bug check out of loop in __split_huge_page_map (Rafael Aquini) [1768386 1730471]
- [mm] thp: consolidate assert checks in __split_huge_page() (Rafael Aquini) [1768386 1730471]
- [mm] mm: fix sleeping function warning from __put_anon_vma (Rafael Aquini) [1768386 1730471]
- [mm] mm: cleanup add_to_page_cache_locked() (Rafael Aquini) [1768386 1730471]
- [mm] mm: mempolicy: turn vma_set_policy() into vma_dup_policy() (Rafael Aquini) [1768386 1730471]
- [powerpc] powerpc/pseries: correctly track irq state in default idle (Steve Best) [1767620 1751970]
- [mm] mm: prevent get_user_pages() from overflowing page refcount (Aristeu Rozanski) [1705004 1705005] {CVE-2019-11487}
- [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors (Aristeu Rozanski) [1705004 1705005] {CVE-2019-11487}

[3.10.0-1062.17.1]
- [kvm] kvm: x86: always expose VIRT_SSBD to guests (Eduardo Habkost) [1797511 1744281]
- [kvm] kvm: x86: fix reporting of AMD speculation bug CPUID leaf (Eduardo Habkost) [1797511 1744281]

[3.10.0-1062.16.1]
- [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1796798 1794812]
- [kernel] sched: Fix schedule_tail() to disable preemption (Phil Auld) [1796261 1771094]

[3.10.0-1062.15.1]
- [tools] perf top: Fix global-buffer-overflow issue (Michael Petlan) [1793581 1757325]
- [tools] perf top: Always sample time to satisfy needs of use of ordered queuing (Michael Petlan) [1793581 1757325]

[3.10.0-1062.14.1]
- [s390] jump_label: replace stop_machine with smp_call_function (Hendrik Brueckner) [1787559 1720387]
- [s390] kernel: avoid cpu yield in SMT environment (Philipp Rudo) [1787558 1777876]
- [x86] mm: serialize against gup_fast in pmdp_splitting_flush() (Vitaly Kuznetsov) [1783177 1674266]

[3.10.0-1062.13.1]
- [scsi] libiscsi: fall back to sendmsg for slab pages (Oleksandr Natalenko) [1784826 1720506]


Related CVEs


CVE-2019-17666
CVE-2019-19338
CVE-2019-11487

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) kernel-3.10.0-1062.18.1.el7.src.rpm475e12e9d0eed492ff6676c5e3ed12b7-
bpftool-3.10.0-1062.18.1.el7.x86_64.rpm14d6f8b116f005b5643d880d76ab1b7d-
kernel-3.10.0-1062.18.1.el7.x86_64.rpm0ca0d60108ecc243f87210e56610bacc-
kernel-abi-whitelists-3.10.0-1062.18.1.el7.noarch.rpmd01cd80550261a16fbcc7fe57e86bacf-
kernel-debug-3.10.0-1062.18.1.el7.x86_64.rpmd0134d85795fd3f1f0bb905b99f256fa-
kernel-debug-devel-3.10.0-1062.18.1.el7.x86_64.rpm6228a4aa839d3abdc730aea45419ad6d-
kernel-devel-3.10.0-1062.18.1.el7.x86_64.rpm9000af2933f8247887a9db825d838870-
kernel-doc-3.10.0-1062.18.1.el7.noarch.rpm55b0b99ec5f40acb424ee18fb600b09b-
kernel-headers-3.10.0-1062.18.1.el7.x86_64.rpmee56bfc10aeffbfb5cf7faa8f5602fa9-
kernel-tools-3.10.0-1062.18.1.el7.x86_64.rpm7d720cd6602de3c8bc4d7d6a329dde26-
kernel-tools-libs-3.10.0-1062.18.1.el7.x86_64.rpm4d2e2ce87cfdb3678e1b1c8f625d927b-
kernel-tools-libs-devel-3.10.0-1062.18.1.el7.x86_64.rpmd454e205a5c2e3c26aae991bdebef773-
perf-3.10.0-1062.18.1.el7.x86_64.rpmceabb89e545980b4a60b72cc37efb868-
python-perf-3.10.0-1062.18.1.el7.x86_64.rpm77fd14c44d3c69fcaf4cdc838d591dd4-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete