ELSA-2020-5848 - Unbreakable Enterprise kernel security update

Release Date:2020-09-14


- Revert 'aarch64/BM: config failed, hub doesnt have any ports' (Thomas Tai) [Orabug: 31838351] [Orabug: 31844671]
- kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini) [Orabug: 31839185] [Orabug: 31844556]

- nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31779884] {CVE-2020-24394}
- arm64/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces (Kees Cook) [Orabug: 31776626]
- arm32/64/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK (Kees Cook) [Orabug: 31776626]
- arm32/64/elf: Add tables to document READ_IMPLIES_EXEC (Kees Cook) [Orabug: 31776626]
- x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit (Kees Cook) [Orabug: 31776626]
- x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK (Kees Cook) [Orabug: 31776626]
- x86/elf: Add table to document READ_IMPLIES_EXEC (Kees Cook) [Orabug: 31776626]
- x86/mm: use max memory block size on bare metal (Daniel Jordan) [Orabug: 31771277]
- drivers/base/memory.c: cache memory blocks in xarray to accelerate lookup (Scott Cheloha) [Orabug: 31771277]
- net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31755752]
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688620]
- arm64/dts: Serial console fix for RPi4 (Vijay Kumar) [Orabug: 31562971]
- md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31682033]
- md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31682033]

- RDMA/mlx5: Set MR cache limit for both PF and VF (Nikhil Krishna) [Orabug: 31358080]
- rds: ib: Revert 'net/rds: Avoid stalled connection due to CM REQ retries' (Hakon Bugge) [Orabug: 31648138]
- rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648138]
- RDMA/cm: Spurious WARNING triggered in cm_destroy_id() (Ka-Cheong Poon) [Orabug: 31483278]
- RDMA/cm: Make sure the cm_id is in the IB_CM_IDLE state in destroy (Jason Gunthorpe) [Orabug: 31483278]
- RDMA/cm: Allow ib_send_cm_sidr_rep() to be done under lock (Jason Gunthorpe) [Orabug: 31483278]
- RDMA/cm: Allow ib_send_cm_rej() to be done under lock (Jason Gunthorpe) [Orabug: 31483278]
- RDMA/cm: Allow ib_send_cm_drep() to be done under lock (Jason Gunthorpe) [Orabug: 31483278]
- RDMA/cm: Allow ib_send_cm_dreq() to be done under lock (Jason Gunthorpe) [Orabug: 31483278]
- RDMA/cm: Add some lockdep assertions for cm_id_priv->lock (Jason Gunthorpe) [Orabug: 31483278]
- RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (Jason Gunthorpe) [Orabug: 31483278]
- RDMA/cm: Make the destroy_id flow more robust (Jason Gunthorpe) [Orabug: 31483278]
- RDMA/cm: Remove a race freeing timewait_info (Jason Gunthorpe) [Orabug: 31483278]
- RDMA/cm: Use refcount_t type for refcount variable (Danit Goldberg) [Orabug: 31483278]
- bnxt_en: allow firmware to disable VLAN offloads (Michael Chan)
- bnxt_en: clean up VLAN feature bit handling (Michael Chan) [Orabug: 31663185]
- bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). (Michael Chan) [Orabug: 31663185]
- bnxt_en: Implement ethtool -X to set indirection table. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Return correct RSS indirection table entries to ethtool -x. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Fill HW RSS table from the RSS logical indirection table. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Add helper function to return the number of RSS contexts. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Add logical RSS indirection table structure. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Fix up bnxt_get_rxfh_indir_size(). (Michael Chan) [Orabug: 31663185]
- bnxt_en: Set up the chip specific RSS table size. (Michael Chan) [Orabug: 31663185]
- bnxt_en: fix firmware message length endianness (Michael Chan) [Orabug: 31663185]
- net: bnxt: Remove Comparison to bool in bnxt_ethtool.c (Jason Yan) [Orabug: 31663185]
- bnxt_en: show only relevant ethtool stats for a TX or RX ring (Rajesh Ravi) [Orabug: 31663185]
- bnxt_en: Split HW ring statistics strings into RX and TX parts. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Refactor the software ring counters. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Do not include ETH_FCS_LEN in the max packet length sent to fw. (Vasundhara Volam) [Orabug: 31663185]
- bnxt_en: Improve TQM ring context memory sizing formulas. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Allocate TQM ring context memory according to fw specification. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Update firmware spec. to (Michael Chan) [Orabug: 31663185]
- bnxt_en: Return error when allocating zero size context memory. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Reset rings if ring reservation fails during open() (Vasundhara Volam) [Orabug: 31663185]
- bnxt_en: Return error if bnxt_alloc_ctx_mem() fails. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Process the NQ under NAPI continuous polling. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Simplify __bnxt_poll_cqs_done(). (Michael Chan) [Orabug: 31663185]
- bnxt_en: Handle all NQ notifications in bnxt_poll_p5(). (Michael Chan) [Orabug: 31663185]
- bnxt_en: Disable workaround for lost interrupts on 575XX B0 and newer chips. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Periodically check and remove aged-out ntuple filters (Michael Chan) [Orabug: 31663185]
- bnxt_en: Do not accept fragments for aRFS flow steering. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Remove the setting of dev_port. (Michael Chan) [Orabug: 31663185]
- bnxt_en: Improve link up detection. (Michael Chan) [Orabug: 31663185]
- RDMA/nldev: Provide MR statistics (Erez Alfasi) [Orabug: 31079901]
- RDMA/mlx5: Return ODP type per MR (Erez Alfasi) [Orabug: 31079901]
- RDMA/nldev: Allow different fill function per resource (Erez Alfasi) [Orabug: 31079901]
- IB/mlx5: Introduce ODP diagnostic counters (Erez Alfasi) [Orabug: 31079901]
- x86/reboot: Move up iommu_shutdown() before stop_other_cpus() (Saeed Mirzamohammadi) [Orabug: 31542630]
- bcache: fix potential deadlock problem in btree_gc_coalesce (Zhiqiang Liu) [Orabug: 31350643] {CVE-2020-12771}
- selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore) [Orabug: 31439365] {CVE-2020-10751}
- Revert 'zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()' (Wade Mealing) [Orabug: 31510722] {CVE-2020-10781}
- Enable config option CONFIG_NFSD_V4_2_INTER_SSC (Dai Ngo) [Orabug: 31535947]
- NFSD: Fix NFS server build errors (Chuck Lever) [Orabug: 31535947]
- nfsd4: fix double free in nfsd4_do_async_copy() (Dan Carpenter) [Orabug: 31535947]
- NFSD fixing possible null pointer derefering in copy offload (Olga Kornievskaia) [Orabug: 31535947]
- NFSD fix nfserro errno mismatch (Olga Kornievskaia) [Orabug: 31535947]
- NFSD: fix seqid in copy stateid (Olga Kornievskaia) [Orabug: 31535947]
- NFSv4.2 fix memory leak in nfs42_ssc_open (Olga Kornievskaia) [Orabug: 31535947]
- NFSv4: Make _nfs42_proc_copy_notify() static (YueHaibing) [Orabug: 31535947]
- nfsv4: Move NFSPROC4_CLNT_COPY_NOTIFY to end of list (Trond Myklebust) [Orabug: 31535947]
- NFSD: allow inter server COPY to have a STALE source server fh (Olga Kornievskaia) [Orabug: 31535947]
- NFSD add nfs4 inter ssc to nfsd4_copy (Olga Kornievskaia) [Orabug: 31535947]
- NFSD check stateids against copy stateids (Olga Kornievskaia) [Orabug: 31535947]
- NFSD fix mismatching type in nfsd4_set_netaddr (Olga Kornievskaia) [Orabug: 31535947]
- NFSD fill-in netloc4 structure (Olga Kornievskaia) [Orabug: 31535947]
- NFSD add COPY_NOTIFY operation (Olga Kornievskaia) [Orabug: 31535947]
to COPY (Olga Kornievskaia) [Orabug: 31535947]
- NFSD COPY_NOTIFY xdr (Olga Kornievskaia) [Orabug: 31535947]
- NFSv4.2 fix kfree in __nfs42_copy_file_range (Olga Kornievskaia) [Orabug: 31535947]
- NFS based on file size issue sync copy or fallback to generic copy offload (Olga Kornievskaia) [Orabug: 31535947]
- NFS: handle source server reboot (Olga Kornievskaia) [Orabug: 31535947]
- NFS: skip recovery of copy open on dest server (Olga Kornievskaia) [Orabug: 31535947]
- NFS: inter ssc open (Olga Kornievskaia) [Orabug: 31535947]
to COPY (Olga Kornievskaia) [Orabug: 31535947]
- NFS: add COPY_NOTIFY operation (Olga Kornievskaia) [Orabug: 31535947]
- NFS NFSD: defining nl4_servers structure needed by both (Olga Kornievskaia) [Orabug: 31535947]
- kvm: svm: Introduce GA Log tracepoint for AVIC (Suravee Suthikulpanit) [Orabug: 31631367]
- KVM: SVM: Inhibit APIC virtualization for X2APIC guest (Oliver Upton) [Orabug: 31631367]
- KVM: SVM: allocate AVIC data structures based on kvm_amd module parameter (Paolo Bonzini) [Orabug: 31631367]
- kvm: x86: svm: Fix NULL pointer dereference when AVIC not enabled (Suravee Suthikulpanit) [Orabug: 31631367]
- KVM: SVM: allow AVIC without split irqchip (Paolo Bonzini) [Orabug: 31631367]
- kvm: ioapic: Lazy update IOAPIC EOI (Suravee Suthikulpanit) [Orabug: 31631367]
- kvm: ioapic: Refactor kvm_ioapic_update_eoi() (Suravee Suthikulpanit) [Orabug: 31631367]
- kvm: i8254: Deactivate APICv when using in-kernel PIT re-injection mode. (Suravee Suthikulpanit) [Orabug: 31631367]
- svm: Temporarily deactivate AVIC during ExtINT handling (Suravee Suthikulpanit) [Orabug: 31631367]
- svm: Deactivate AVIC when launching guest with nested SVM support (Suravee Suthikulpanit) [Orabug: 31631367]
- kvm: x86: hyperv: Use APICv update request interface (Suravee Suthikulpanit) [Orabug: 31631367]
- svm: Add support for dynamic APICv (Suravee Suthikulpanit) [Orabug: 31631367]
- kvm: x86: Introduce x86 ops hook for pre-update APICv (Suravee Suthikulpanit) [Orabug: 31631367]
- kvm: x86: Introduce APICv x86 ops for checking APIC inhibit reasons (Suravee Suthikulpanit) [Orabug: 31631367]
- KVM: svm: avic: Add support for dynamic setup/teardown of virtual APIC backing page (Suravee Suthikulpanit) [Orabug: 31631367]
- kvm: x86: svm: Add support to (de)activate posted interrupts (Suravee Suthikulpanit) [Orabug: 31631367]
- kvm: x86: Add APICv (de)activate request trace points (Suravee Suthikulpanit) [Orabug: 31631367]
- kvm: x86: Add support for dynamic APICv activation (Suravee Suthikulpanit) [Orabug: 31631367]
- KVM: x86: remove get_enable_apicv from kvm_x86_ops (Paolo Bonzini) [Orabug: 31631367]
- kvm: x86: Introduce APICv inhibit reason bits (Suravee Suthikulpanit) [Orabug: 31631367]
- kvm: lapic: Introduce APICv update helper function (Suravee Suthikulpanit) [Orabug: 31631367]
- KVM: X86: Drop KVM_APIC_SHORT_MASK and KVM_APIC_DEST_MASK (Peter Xu) [Orabug: 31631367]
- KVM: SVM: Remove check if APICv enabled in SVM update_cr8_intercept() handler (Liran Alon) [Orabug: 31631367]
- kvm: x86: Modify kvm_x86_ops.get_enable_apicv() to use struct kvm parameter (Suthikulpanit, Suravee) [Orabug: 31631367]
- kvm: Increase KVM_USER_MEM_SLOTS for dense memory hotplug (Eric DeVolder) [Orabug: 31694365]
- random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698078] {CVE-2020-16166}
- vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705117] {CVE-2020-14331} {CVE-2020-14331}
- net/rds: Incorrect WARN_ON() (Ka-Cheong Poon) [Orabug: 31718014]

Related CVEs


Updated Packages

Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) kernel-uek-5.4.17-2011.6.2.el7uek.src.rpm222838a667826391d9a8bddad3ddd6e2ELSA-2021-9220
Oracle Linux 7 (x86_64) kernel-uek-5.4.17-2011.6.2.el7uek.src.rpm222838a667826391d9a8bddad3ddd6e2ELSA-2021-9220
Oracle Linux 8 (aarch64) kernel-uek-5.4.17-2011.6.2.el8uek.src.rpmfbb2668d7a2894a47d07a8103c60345d-
Oracle Linux 8 (x86_64) kernel-uek-5.4.17-2011.6.2.el8uek.src.rpmfbb2668d7a2894a47d07a8103c60345d-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team