ELSA-2020-2664

ELSA-2020-2664 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2020-06-23

Description


[3.10.0-1127.13.1.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]

[3.10.0-1127.13.1]
- [x86] x86/speculation: Support old struct x86_cpu_id & x86_match_cpu() kABI (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [cpufreq] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827187 1827188] {CVE-2020-0543}
header (Waiman Long) [1827187 1827188] {CVE-2020-0543}

[3.10.0-1127.12.1]
- [x86] x86/speculation: Prevent deadlock on ssb_state::lock (Waiman Long) [1841121 1836322]
- [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1837297 1820632] {CVE-2020-12888}
- [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1837297 1820632] {CVE-2020-12888}
- [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1837297 1820632] {CVE-2020-12888}
- [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1837297 1820632] {CVE-2020-12888}
- [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1837297 1820632] {CVE-2020-12888}
- [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1837297 1820632] {CVE-2020-12888}

[3.10.0-1127.11.1]
- [fs] cachefiles: Fix race between read_waiter and read_copier involving op->to_do (Dave Wysochanski) [1839757 1829662]


Related CVEs


CVE-2020-12888

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) kernel-3.10.0-1127.13.1.el7.src.rpma3b940567435ba58ed258adacd78d25e-
bpftool-3.10.0-1127.13.1.el7.x86_64.rpmd684e38f3b9ae97555d73dd85996bb66-
kernel-3.10.0-1127.13.1.el7.x86_64.rpm41e5bb610691fe301372d8864846047d-
kernel-abi-whitelists-3.10.0-1127.13.1.el7.noarch.rpm9a60eaef1b4c6f68823d7b027f5cfd85-
kernel-debug-3.10.0-1127.13.1.el7.x86_64.rpm12cee3453bf036cd1d6101c50aa3ecd9-
kernel-debug-devel-3.10.0-1127.13.1.el7.x86_64.rpm511a208dfc71ea275e9c22f263405eb2-
kernel-devel-3.10.0-1127.13.1.el7.x86_64.rpmda4ebbdfe19d6145b47609efed4cd292-
kernel-doc-3.10.0-1127.13.1.el7.noarch.rpm66fa31c6098e4a3d9dd70b9533230da7-
kernel-headers-3.10.0-1127.13.1.el7.x86_64.rpm9f1b962d6637febaf04560f108a8e02e-
kernel-tools-3.10.0-1127.13.1.el7.x86_64.rpmae784f92ca26bd3aa3f86f45da68e8b7-
kernel-tools-libs-3.10.0-1127.13.1.el7.x86_64.rpm6db1e89c7476898cceadfbcf5bec8c39-
kernel-tools-libs-devel-3.10.0-1127.13.1.el7.x86_64.rpm076518961b430a6433f989f3c8c3be2b-
perf-3.10.0-1127.13.1.el7.x86_64.rpm2447a3f2b16295eb894dae60ccbc31ee-
python-perf-3.10.0-1127.13.1.el7.x86_64.rpm6e8c089066de97195ec1deac863bcc69-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete