ELSA-2020-5649

ELSA-2020-5649 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2020-04-13

Description


[4.14.35-1902.301.1]
- vhost: Check docket sk_family instead of call getname (Eugenio Perez) [Orabug: 31085991] {CVE-2020-10942}
- uek-rpm: config-mips64-embedded misc pruning (Eric Saint-Etienne) [Orabug: 31079017]
- ubifs: Check for name being NULL while mounting (Richard Weinberger) [Orabug: 29410897]
- team: avoid complex list operations in team_nl_cmd_options_set() (Cong Wang) [Orabug: 30886420]
- Revert 'oled: give panic handler chance to run before kexec' (Wengang Wang) [Orabug: 31098796]
- Revert 'oled: Limit panic routine change x86 only' (Wengang Wang) [Orabug: 31098796]
- net/mlx5: Add pci AtomicOps request (Michael Guralnik) [Orabug: 30750027]
- PCI: Add pci_enable_atomic_ops_to_root() (Jay Cornwall) [Orabug: 30750027]
- locking/rwsem: Prevent decrement of reader count before increment (Waiman Long) [Orabug: 31087349]
- net: core: another layer of lists, around PF_MEMALLOC skb handling (Sasha Levin) [Orabug: 31087349]
- locking/rwsem: Fix (possible) missed wakeup (Xie Yongji) [Orabug: 31087349]
- swiotlb: clean up reporting (Kees Cook) [Orabug: 31085014] {CVE-2018-5953}
- nfs: optimise readdir cache page invalidation (Dai Ngo) [Orabug: 31015775]
- NFS: Directory page cache pages need to be locked when read (Trond Myklebust) [Orabug: 31015775]
- ppp: remove the PPPIOCDETACH ioctl (Eric Biggers) [Orabug: 31061772]
- batman-adv: Avoid WARN on net_device without parent in netns (Sven Eckelmann) [Orabug: 30857690]
- net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost) [Orabug: 31055325] {CVE-2019-18806}
- net_sched: fix datalen for ematch (Cong Wang) [Orabug: 30877993]
- net/xfrm: fix out-of-bounds packet access (Alexei Starovoitov) [Orabug: 30885434]
- RDMA/nldev: Provide MR statistics (Erez Alfasi) [Orabug: 30729404]
- RDMA/mlx5: Return ODP type per MR (Erez Alfasi) [Orabug: 30729404]
- RDMA/nldev: Allow different fill function per resource (Erez Alfasi) [Orabug: 30729404]
- IB/mlx5: Introduce ODP diagnostic counters (Erez Alfasi) [Orabug: 30729404]
- RDMA/mlx5: Use odp instead of mr->umem in pagefault_mr (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/mlx5: Use ib_umem_start instead of umem.address (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Use kvcalloc for the dma_list and page_list (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Check for overflow when computing the umem_odp end (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Provide ib_umem_odp_release() to undo the allocs (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Split creating a umem_odp from ib_umem_get (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Make the three ways to create a umem_odp clear (Jason Gunthorpe) [Orabug: 30729404]
- RMDA/odp: Consolidate umem_odp initialization (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Make it clearer when a umem is an implicit ODP umem (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Iterate over the whole rbtree directly (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/odp: Use the common interval tree library instead of generic (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/mlx5: Fix MR npages calculation for IB_ACCESS_HUGETLB (Jason Gunthorpe) [Orabug: 30729404]
- IB/mlx5: Fix implicit MR release flow (Yishai Hadas) [Orabug: 30729404]
- RDMA/netlink: Implement counter dumpit calback (Mark Zhang) [Orabug: 30729404]
- RDMA/nldev: Allow counter auto mode configration through RDMA netlink (Mark Zhang) [Orabug: 30729404]
- RDMA/odp: Fix missed unlock in non-blocking invalidate_start (Jason Gunthorpe) [Orabug: 30729404]
- RDMA: Report available cdevs through RDMA_NLDEV_CMD_GET_CHARDEV (Jason Gunthorpe) [Orabug: 30729404]
- RDMA: Add NLDEV_GET_CHARDEV to allow char dev discovery and autoload (Jason Gunthorpe) [Orabug: 30729404]
- RDMA: Convert put_page() to put_user_page*() (John Hubbard) [Orabug: 30729404]
- RDMA/umem: Move page_shift from ib_umem to ib_odp_umem (Jason Gunthorpe) [Orabug: 30729404]
- mm: introduce put_user_page*(), placeholder versions (John Hubbard) [Orabug: 30729404]
- RDMA/umem: Remove hugetlb flag (Shiraz Saleem) [Orabug: 30729404]
- RDMA/bnxt_re: Use core helpers to get aligned DMA address (Shiraz Saleem) [Orabug: 30729404]
- RDMA/i40iw: Use core helpers to get aligned DMA address within a supported page size (Shiraz Saleem) [Orabug: 30729404]
- RDMA/verbs: Add a DMA iterator to return aligned contiguous memory blocks (Shiraz Saleem) [Orabug: 30729404]
- RDMA/umem: Add API to find best driver supported page size in an MR (Shiraz Saleem) [Orabug: 30729404]
- RDMA/umem: Handle page combining avoidance correctly in ib_umem_add_sg_table() (Shiraz Saleem) [Orabug: 30729404]
- RDMA/core: Add a netlink command to change net namespace of rdma device (Parav Pandit) [Orabug: 30729404]
- RDMA/umem: Use correct value for SG entries in sg_copy_to_buffer() (Shiraz Saleem) [Orabug: 30729404]
- RDMA/nldev: Return device protocol (Leon Romanovsky) [Orabug: 30729404]
- RDMA/umem: Combine contiguous PAGE_SIZE regions in SGEs (Shiraz Saleem) [Orabug: 30729404]
- RDMA/core: Add interface to read device namespace sharing mode (Parav Pandit) [Orabug: 30729404]
- IB/mlx5: Reset access mask when looping inside page fault handler (Moni Shoua) [Orabug: 30729404]
- IB/core: Ensure an invalidate_range callback on ODP MR (Ira Weiny) [Orabug: 30729404]
- RDMA/umem: Revert broken 'off by one' fix (John Hubbard) [Orabug: 30729404]
- RDMA/umem: minor bug fix in error handling path (John Hubbard) [Orabug: 30729404]
- RDMA/nldev: Provide parent IDs for PD, MR and QP objects (Leon Romanovsky) [Orabug: 30729404]
- RDMA/nldev: Share with user-space object IDs (Leon Romanovsky) [Orabug: 30729404]
- IB/uverbs: Add ib_ucontext to uverbs_attr_bundle sent from ioctl and cmd flows (Shamir Rabinovitch) [Orabug: 30729404]
- RDMA/rdmavt: Adapt to handle non-uniform sizes on umem SGEs (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/rxe: Use for_each_sg_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/ocrdma: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/qedr: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/cxgb3: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/cxgb4: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/i40iw: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/mthca: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- RDMA/bnxt_re: Use for_each_sg_dma_page iterator on umem SGL (Shiraz, Saleem) [Orabug: 30729404]
- lib/scatterlist: Provide a DMA page iterator (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/nldev: Dynamically generate restrack dumpit callbacks (Leon Romanovsky) [Orabug: 30729404]
- IB/{core,hw}: Have ib_umem_get extract the ib_ucontext from ib_udata (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/uverbs: Use uverbs_attr_bundle to pass udata for ioctl() (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/uverbs: Use uverbs_attr_bundle to pass udata for write_ex (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/uverbs: Replace ib_uverbs_file with uverbs_attr_bundle for write (Jason Gunthorpe) [Orabug: 30729404]
- RDMA/core: Refactor ib_register_device() function (Parav Pandit) [Orabug: 30729404]
- RDMA/core: Fix unwinding flow in case of error to register device (Parav Pandit) [Orabug: 30729404]
- RDMA/nldev: Allow IB device rename through RDMA netlink (Leon Romanovsky) [Orabug: 30729404]
- RDMA: Fully setup the device name in ib_register_device (Jason Gunthorpe) [Orabug: 30729404]
- mm: Introduce kvcalloc() (Kees Cook) [Orabug: 30729404]
- RDMA/uapi: Fix uapi breakage (Doug Ledford) [Orabug: 30729404]
- RDMA/nldev: helper functions to add driver attributes (Steve Wise) [Orabug: 30729404]
- RDMA/nldev: add driver-specific resource tracking (Steve Wise) [Orabug: 30729404]
- RDMA/nldev: Add explicit pad attribute (Steve Wise) [Orabug: 30729404]
- RDMA/bnxt_re: Add support for MRs with Huge pages (Somnath Kotur) [Orabug: 30729404]
- IB/{rdmavt, hfi1, qib}: Self determine driver name (Michael J. Ruhl) [Orabug: 30729404]
- RDMA/vmw_pvrdma: Do not re-calculate npages (Yuval Shaia) [Orabug: 30729404]
- iw_cxgb4: allocate wait object for each memory object (Steve Wise) [Orabug: 30729404]
- IB/uverbs: clean up INIT_UDATA() macro usage (Arnd Bergmann) [Orabug: 30729404]
- x86/init: Fix kasan gcc8+ type miss match error. (John Donnelly) [Orabug: 31076337]

[4.14.35-1902.301.0]
- kernel: cpu.c: fix return in void function cpu_smt_disable (Mihai Carabas) [Orabug: 31049316]
- media: usb: fix memory leak in af9005_identify_state (Navid Emamdoost) [Orabug: 31029908] {CVE-2019-18809}
- nvme: fix possible deadlock when nvme_update_formats fails (Sagi Grimberg) [Orabug: 31002557]
- alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (Thadeu Lima de Souza Cascardo) [Orabug: 30995760]
- uek-rpm: Make sure perf builds against libnuma and add run-time dependency (Dave Kleikamp) [Orabug: 30896468]
- perf/x86/intel: Add Icelake support (Thomas Tai) [Orabug: 30872256]
- x86/CPU: Add Icelake model number (Rajneesh Bhardwaj) [Orabug: 30872256]
- perf/x86/intel/ds: Handle PEBS overflow for fixed counters (Kan Liang) [Orabug: 30872256]
- perf/x86/intel: Introduce PMU flag for Extended PEBS (Kan Liang) [Orabug: 30872256]
- tty: Don't hold ldisc lock in tty_reopen() if ldisc present (Dmitry Safonov) [Orabug: 30591419]
- tty: Simplify tty->count math in tty_reopen() (Dmitry Safonov) [Orabug: 30591419]
- tty: Hold tty_ldisc_lock() during tty_reopen() (Dmitry Safonov) [Orabug: 30591419]
- tty/ldsem: Wake up readers after timed out down_write() (Dmitry Safonov) [Orabug: 30591419]
- tty: Drop tty->count on tty_reopen() failure (Dmitry Safonov) [Orabug: 30591419]
- rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 30328633]
- net: erspan: fix use-after-free (William Tu) [Orabug: 29784424]
- batman-adv: Force mac header to start of data on xmit (Sven Eckelmann) [Orabug: 29784399]
- sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero (Cong Wang) [Orabug: 30886600]
- ptr_ring: wrap back ->producer in __ptr_ring_swap_queue() (Cong Wang) [Orabug: 30884437]
- add extra symbols from UEK5R3 to the kABI whitelist (Dan Duval) [Orabug: 30295161]
- iommu: Force iommu shutdown on panic (John Donnelly) [Orabug: 31043947]
- iommu/amd: Only free resources once on init error (Kevin Mitchell) [Orabug: 31043947]
- iommu/amd: Move gart fallback to amd_iommu_init (Kevin Mitchell) [Orabug: 31043947]
- iommu/amd: Make iommu_disable safer (Kevin Mitchell) [Orabug: 31043947]
- iommu/vt-d: Turn off translations at shutdown (Deepa Dinamani) [Orabug: 31043947]


Related CVEs


CVE-2018-5953
CVE-2020-10942
CVE-2019-18806
CVE-2019-18809

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) kernel-uek-4.14.35-1902.301.1.el7uek.src.rpm82376b691df248f850c7ebf20bfb0de9ELSA-2021-9220
kernel-uek-4.14.35-1902.301.1.el7uek.aarch64.rpme9c2b33b5e1df73143e946cfe18cb621ELSA-2021-9220
kernel-uek-debug-4.14.35-1902.301.1.el7uek.aarch64.rpmdfe2a51805d027e1f21e185d420de69cELSA-2021-9220
kernel-uek-debug-devel-4.14.35-1902.301.1.el7uek.aarch64.rpm77245dafbe79677dd08ca426a43efda6ELSA-2021-9220
kernel-uek-devel-4.14.35-1902.301.1.el7uek.aarch64.rpm82dbd0e0fd8d6ed75e630dbcea74fbaeELSA-2021-9220
kernel-uek-headers-4.14.35-1902.301.1.el7uek.aarch64.rpm82ba2891d0298f14ec11ba992d86be3fELSA-2021-9222
kernel-uek-tools-4.14.35-1902.301.1.el7uek.aarch64.rpm9f360743154b26e9625a7d49f275ae4fELSA-2021-9220
kernel-uek-tools-libs-4.14.35-1902.301.1.el7uek.aarch64.rpm315223525849c17928c60d4ce42e7d65ELSA-2021-9220
kernel-uek-tools-libs-devel-4.14.35-1902.301.1.el7uek.aarch64.rpmf6b1700e43383476845a87952828297dELSA-2021-9222
perf-4.14.35-1902.301.1.el7uek.aarch64.rpmeca8b78607b658e0a2eed2be4372ef61ELSA-2021-9220
python-perf-4.14.35-1902.301.1.el7uek.aarch64.rpm88455d72cdf7247594d2fa33ebd9aeb2ELSA-2021-9220
Oracle Linux 7 (x86_64) kernel-uek-4.14.35-1902.301.1.el7uek.src.rpm82376b691df248f850c7ebf20bfb0de9ELSA-2021-9220
kernel-uek-4.14.35-1902.301.1.el7uek.x86_64.rpm0c36388773b4705e8ae9208fec3bf449ELSA-2021-9220
kernel-uek-debug-4.14.35-1902.301.1.el7uek.x86_64.rpm144822f23a9d7bfe0ddfcf8b39f19babELSA-2021-9220
kernel-uek-debug-devel-4.14.35-1902.301.1.el7uek.x86_64.rpmeb4d80397ab785cc0c706d9dda881afcELSA-2021-9220
kernel-uek-devel-4.14.35-1902.301.1.el7uek.x86_64.rpmdf96357fb60448052c993076df4a37faELSA-2021-9220
kernel-uek-doc-4.14.35-1902.301.1.el7uek.noarch.rpmcb98cecec6592fb98efe839e5134c76fELSA-2021-9220
kernel-uek-tools-4.14.35-1902.301.1.el7uek.x86_64.rpm0702529bce5a855668be4e0e335eba20ELSA-2021-9220



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete