ELSA-2020-5884
- ULN >
- Oracle Linux Errata repository >
- ELSA-2020-5884
ELSA-2020-5884 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2020-10-12 |
Description
[5.4.17-2011.7.4]
- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit) [Orabug: 31931369]
- iommu/amd: Fix potential @entry null deref (Joao Martins) [Orabug: 31931369]
- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931369]
[5.4.17-2011.7.3]
- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895365] {CVE-2020-14385}
- ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895327] {CVE-2020-14314}
- mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884234] {CVE-2020-25285}
- rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884154] {CVE-2020-25284}
- nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872895] {CVE-2020-25212}
- libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (Jane Chu) [Orabug: 31861296]
- libnvdimm/security: the 'security' attr never (Jane Chu) [Orabug: 31861296]
- libnvdimm/security: fix a typo (Jane Chu) [Orabug: 31861296]
- mmc: sdhci: Silence MMC warnings (Maxime Ripard) [Orabug: 31746382]
- bcm2835-dma: Add support for per-channel flags (Phil Elwell) [Orabug: 31746382]
- mmc: sdhci-iproc: Fix vmmc regulators on iProc (Phil Elwell) [Orabug: 31746382]
- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722763]
- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722763]
- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722763]
[5.4.17-2011.7.2]
- net/packet: fix overflow in tpacket_rcv (Or Cohen) [Orabug: 31866487] {CVE-2020-14386} {CVE-2020-14386}
- block: better deal with the delayed not supported case in blk_cloned_rq_check_limits (Ritika Srivastava) [Orabug: 31850341]
- block: Return blk_status_t instead of errno codes (Ritika Srivastava) [Orabug: 31850341]
- iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (Suravee Suthikulpanit) [Orabug: 31849530]
- uek-rpm: ol8: config-aarch64: add *_MEMORY_HOTPLUG (Mihai Carabas) [Orabug: 31848696]
[5.4.17-2011.7.1]
- IB/mlx5: Expose RoCE accelerator counters (Avihai Horon) [Orabug: 31621895]
- net/mlx5: Add RoCE accelerator counters (Leon Romanovsky) [Orabug: 31621895]
- cgroup: Fix sock_cgroup_data on big-endian. (Cong Wang) [Orabug: 31779795] {CVE-2020-14356}
- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779795] {CVE-2020-14356}
- Revert 'aarch64/BM: config failed, hub doesn't have any ports' (Thomas Tai) [Orabug: 31838351]
- kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini) [Orabug: 31839185]
- iavf: use generic power management (Vaibhav Gupta) [Orabug: 31700015]
- iavf: Fix updating statistics (Tony Nguyen) [Orabug: 31700015]
- iavf: fix error return code in iavf_init_get_resources() (Wei Yongjun) [Orabug: 31700015]
- iavf: increase reset complete wait time (Paul Greenwalt) [Orabug: 31700015]
- iavf: Fix reporting 2.5 Gb and 5Gb speeds (Brett Creeley) [Orabug: 31700015]
- iavf: use appropriate enum for comparison (Aleksandr Loktionov) [Orabug: 31700015]
- iavf: Enable support for up to 16 queues (Mitch Williams) [Orabug: 31700015]
- iavf: fix speed reporting over virtchnl (Brett Creeley) [Orabug: 31700015]
- iavf: remove current MAC address filter on VF reset (Stefan Assmann) [Orabug: 31700015]
- i40e: Fix crash during removing i40e driver (Grzegorz Szczurek) [Orabug: 31700015]
- i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (Przemyslaw Patynowski) [Orabug: 31700015]
- i40e: introduce new dump desc XDP command (Ciara Loftus) [Orabug: 31700015]
- i40e: add XDP ring statistics to dump VSI debug output (Ciara Loftus) [Orabug: 31700015]
- i40e: add XDP ring statistics to VSI stats (Ciara Loftus) [Orabug: 31700015]
- i40e: move check of full Tx ring to outside of send loop (Magnus Karlsson) [Orabug: 31700015]
- i40e: eliminate division in napi_poll data path (Magnus Karlsson) [Orabug: 31700015]
- i40e: optimize AF_XDP Tx completion path (Magnus Karlsson) [Orabug: 31700015]
- i40e: Add support for a new feature Total Port Shutdown (Arkadiusz Kubalewski) [Orabug: 31700015]
- i40e: Remove scheduling while atomic possibility (Aleksandr Loktionov) [Orabug: 31700015]
- i40e: Add support for 5Gbps cards (Aleksandr Loktionov) [Orabug: 31700015]
- i40e: Add a check to see if MFS is set (Todd Fujinaka) [Orabug: 31700015]
- i40e: detect and log info about pre-recovery mode (Piotr Kwapulinski) [Orabug: 31700015]
- i40e: make PF wait reset loop reliable (Piotr Kwapulinski) [Orabug: 31700015]
- i40e: remove unused defines (Jesse Brandeburg) [Orabug: 31700015]
- i40e: Move client header location (Shiraz Saleem) [Orabug: 31700015]
- i40e: fix crash when Rx descriptor count is changed (Bjorn Topel) [Orabug: 31700015]
- i40e: Make i40e_shutdown_adminq() return void (Jason Yan) [Orabug: 31700015]
- i40e: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31700015]
- i40e: Separate kernel allocated rx_bi rings from AF_XDP rings (Bjorn Topel) [Orabug: 31700015]
- i40e: Refactor rx_bi accesses (Bjorn Topel) [Orabug: 31700015]
- i40e: Remove unneeded conversion to bool (Jason Yan) [Orabug: 31700015]
- i40e: fix spelling mistake 'to' -> 'too' (Colin Ian King) [Orabug: 31700015]
- i40e: Set PHY Access flag on X722 (Adam Ludkiewicz) [Orabug: 31700015]
- i40e: implement VF stats NDO (Jesse Brandeburg) [Orabug: 31700015]
- i40e: enable X710 support (Alice Michael) [Orabug: 31700015]
- i40e: Add UDP segmentation offload support (Josh Hunt) [Orabug: 31700015]
- i40e: Refactoring VF MAC filters counting to make more reliable (Aleksandr Loktionov) [Orabug: 31700015]
- i40e: Fix LED blinking flow for X710T*L devices (Damian Milosek) [Orabug: 31700015]
- i40e: allow ethtool to report SW and FW versions in recovery mode (Piotr Kwapulinski) [Orabug: 31700015]
- i40e: Extend PHY access with page change flag (Piotr Azarewicz) [Orabug: 31700015]
- i40e: Extract detection of HW flags into a function (Piotr Azarewicz) [Orabug: 31700015]
- i40e: Fix for persistent lldp support (Sylwia Wnuczko) [Orabug: 31700015]
- i40e: protect ring accesses with READ- and WRITE_ONCE (Ciara Loftus) [Orabug: 31700015]
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (Brett Creeley) [Orabug: 31700015]
- i40e: Relax i40e_xsk_wakeup's return value when PF is busy (Maciej Fijalkowski) [Orabug: 31700015]
- i40e: Fix virtchnl_queue_select bitmap validation (Brett Creeley) [Orabug: 31700015]
[5.4.17-2011.7.0]
- sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543029]
- sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543029]
- tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543029]
- tracing: Adding new functions for kernel access to Ftrace instances (Divya Indi) [Orabug: 31543029]
- tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543029]
- tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543029]
- tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543029]
- RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784656]
- RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784889]
- rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783146]
Related CVEs
| CVE-2020-25284 |
| CVE-2020-14314 |
| CVE-2020-14385 |
| CVE-2020-14386 |
| CVE-2020-14356 |
| CVE-2020-25212 |
| CVE-2020-25285 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (aarch64) | kernel-uek-5.4.17-2011.7.4.el7uek.src.rpm | 483df917936cbdeec1e6507c5772a83847b3e31bfc4ec9c2deadde528649a2f8 | ELSA-2025-20190 | ol7_aarch64_UEKR6 |
| kernel-uek-5.4.17-2011.7.4.el7uek.aarch64.rpm | e55c5efca2979079c2f635ca35fbae020971f121e3d73ec08d903353bb174149 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-debug-5.4.17-2011.7.4.el7uek.aarch64.rpm | faa7a7d5a8c2db1e25dc21211a633e724998bda79994b4fababb8a3ca41f0d9e | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-debug-devel-5.4.17-2011.7.4.el7uek.aarch64.rpm | c4070282582f932c6ed4135dc09ba7d8597dddc77cac5cfa1c40b1e965758920 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-devel-5.4.17-2011.7.4.el7uek.aarch64.rpm | 2c25f637cfe295ef4bdbc4ccbc407b54b3c2c8384a5e0245f52a68828b4a8029 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-doc-5.4.17-2011.7.4.el7uek.noarch.rpm | c5ca0f98d8e089d09eaedbbf769826dc151771e82273653181ad8bf21dd110d5 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-tools-5.4.17-2011.7.4.el7uek.aarch64.rpm | 95f0d6445ea39788c42d12978448802b1b7de46f1774c1142cfb59f802b5a5c3 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-tools-libs-5.4.17-2011.7.4.el7uek.aarch64.rpm | 536d4fb65f1ffeba84b526c531bd3378a84bb0d96ae1cb72af38e47da060e333 | ELSA-2025-20019 | ol7_aarch64_UEKR6 | |
| perf-5.4.17-2011.7.4.el7uek.aarch64.rpm | 209b178d9cbc3760c506629b771cda40ac041c45dffb4940e7addd6b4c8f1224 | ELSA-2025-20019 | ol7_aarch64_UEKR6 | |
| python-perf-5.4.17-2011.7.4.el7uek.aarch64.rpm | 44c2f67a48a811d69e6567868641a04659600408ea56351b81f5df4fe12eb046 | ELSA-2025-20019 | ol7_aarch64_UEKR6 | |
| Oracle Linux 7 (x86_64) | kernel-uek-5.4.17-2011.7.4.el7uek.src.rpm | 483df917936cbdeec1e6507c5772a83847b3e31bfc4ec9c2deadde528649a2f8 | ELSA-2025-20190 | ol7_x86_64_UEKR6 |
| kernel-uek-5.4.17-2011.7.4.el7uek.x86_64.rpm | cf11c8d72872ba64519a1db816e1891db10bf7b95b66394d10e845918d2efd1c | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-debug-5.4.17-2011.7.4.el7uek.x86_64.rpm | 597eecb62f380c5f524d1f12d9a6edeb28a2eadf5834f095a52050459da2198f | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-debug-devel-5.4.17-2011.7.4.el7uek.x86_64.rpm | 98f914bd947d7cd62ddb4e81ec418c75c57ca16540bd063515551dd9c045b9a6 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-devel-5.4.17-2011.7.4.el7uek.x86_64.rpm | 773b99d750e9c7517fce1d06eba50aface7c44e969ba1c2bd9b1d25665b044ca | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-doc-5.4.17-2011.7.4.el7uek.noarch.rpm | c5ca0f98d8e089d09eaedbbf769826dc151771e82273653181ad8bf21dd110d5 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-tools-5.4.17-2011.7.4.el7uek.x86_64.rpm | b168b782bc9ede315eb3382ff36fb9e5b97d96a5224de6a3871acf7a054fa48a | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| Oracle Linux 8 (aarch64) | kernel-uek-5.4.17-2011.7.4.el8uek.src.rpm | 6dd93449d569f541cb35890febd8866e46c618d2762daa91c2aab9d6ce4b7c4e | - | ol8_aarch64_baseos_latest |
| kernel-uek-5.4.17-2011.7.4.el8uek.src.rpm | 6dd93449d569f541cb35890febd8866e46c618d2762daa91c2aab9d6ce4b7c4e | - | ol8_aarch64_u2_baseos_patch | |
| kernel-uek-5.4.17-2011.7.4.el8uek.src.rpm | 6dd93449d569f541cb35890febd8866e46c618d2762daa91c2aab9d6ce4b7c4e | - | ol8_aarch64_u3_baseos_base | |
| kernel-uek-5.4.17-2011.7.4.el8uek.aarch64.rpm | fac0b00ff2b4e6764ff1579549886c08ce4d829dc1e06ca91c6c31186b29c635 | - | ol8_aarch64_baseos_latest | |
| kernel-uek-5.4.17-2011.7.4.el8uek.aarch64.rpm | fac0b00ff2b4e6764ff1579549886c08ce4d829dc1e06ca91c6c31186b29c635 | - | ol8_aarch64_u2_baseos_patch | |
| kernel-uek-5.4.17-2011.7.4.el8uek.aarch64.rpm | fac0b00ff2b4e6764ff1579549886c08ce4d829dc1e06ca91c6c31186b29c635 | - | ol8_aarch64_u3_baseos_base | |
| kernel-uek-debug-5.4.17-2011.7.4.el8uek.aarch64.rpm | 9606e489a904add88d60ec1419e2e2b6f9135278205a2d2ac95b9530aa9e1c7a | - | ol8_aarch64_baseos_latest | |
| kernel-uek-debug-5.4.17-2011.7.4.el8uek.aarch64.rpm | 9606e489a904add88d60ec1419e2e2b6f9135278205a2d2ac95b9530aa9e1c7a | - | ol8_aarch64_u2_baseos_patch | |
| kernel-uek-debug-5.4.17-2011.7.4.el8uek.aarch64.rpm | 9606e489a904add88d60ec1419e2e2b6f9135278205a2d2ac95b9530aa9e1c7a | - | ol8_aarch64_u3_baseos_base | |
| kernel-uek-debug-devel-5.4.17-2011.7.4.el8uek.aarch64.rpm | 366c491cbaa0af1cdb8efb6e62b81c52fbed9f947b96dd0b86cf969192a7f653 | - | ol8_aarch64_baseos_latest | |
| kernel-uek-debug-devel-5.4.17-2011.7.4.el8uek.aarch64.rpm | 366c491cbaa0af1cdb8efb6e62b81c52fbed9f947b96dd0b86cf969192a7f653 | - | ol8_aarch64_u2_baseos_patch | |
| kernel-uek-debug-devel-5.4.17-2011.7.4.el8uek.aarch64.rpm | 366c491cbaa0af1cdb8efb6e62b81c52fbed9f947b96dd0b86cf969192a7f653 | - | ol8_aarch64_u3_baseos_base | |
| kernel-uek-devel-5.4.17-2011.7.4.el8uek.aarch64.rpm | 0c9101e7f7afb63e12b114ea85b4db361e3be29a1df36f8d4edc2693be82c9ae | - | ol8_aarch64_baseos_latest | |
| kernel-uek-devel-5.4.17-2011.7.4.el8uek.aarch64.rpm | 0c9101e7f7afb63e12b114ea85b4db361e3be29a1df36f8d4edc2693be82c9ae | - | ol8_aarch64_u2_baseos_patch | |
| kernel-uek-devel-5.4.17-2011.7.4.el8uek.aarch64.rpm | 0c9101e7f7afb63e12b114ea85b4db361e3be29a1df36f8d4edc2693be82c9ae | - | ol8_aarch64_u3_baseos_base | |
| kernel-uek-doc-5.4.17-2011.7.4.el8uek.noarch.rpm | 7c0939c44e893f03791aa50fdaca0c4669f8b3d5faacd080ea7d2ef459c41085 | - | ol8_aarch64_baseos_latest | |
| kernel-uek-doc-5.4.17-2011.7.4.el8uek.noarch.rpm | 7c0939c44e893f03791aa50fdaca0c4669f8b3d5faacd080ea7d2ef459c41085 | - | ol8_aarch64_u2_baseos_patch | |
| kernel-uek-doc-5.4.17-2011.7.4.el8uek.noarch.rpm | 7c0939c44e893f03791aa50fdaca0c4669f8b3d5faacd080ea7d2ef459c41085 | - | ol8_aarch64_u3_baseos_base | |
| Oracle Linux 8 (x86_64) | kernel-uek-5.4.17-2011.7.4.el8uek.src.rpm | 6dd93449d569f541cb35890febd8866e46c618d2762daa91c2aab9d6ce4b7c4e | - | ol8_x86_64_UEKR6 |
| kernel-uek-5.4.17-2011.7.4.el8uek.src.rpm | 6dd93449d569f541cb35890febd8866e46c618d2762daa91c2aab9d6ce4b7c4e | - | ol8_x86_64_baseos_latest | |
| kernel-uek-5.4.17-2011.7.4.el8uek.src.rpm | 6dd93449d569f541cb35890febd8866e46c618d2762daa91c2aab9d6ce4b7c4e | - | ol8_x86_64_u2_baseos_patch | |
| kernel-uek-5.4.17-2011.7.4.el8uek.x86_64.rpm | 36e14d13770dafa6998c5227173149b41e36cd4be04567625cb096fb79e3a920 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-debug-5.4.17-2011.7.4.el8uek.x86_64.rpm | 31bdaaa2bc63e79675ee1bb44546d904ecdbc45e5c30bf0ea41e4850024a7f24 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-debug-devel-5.4.17-2011.7.4.el8uek.x86_64.rpm | 64189e44e7e9b2ed0e0b4a8f97abf9708b5eb147034a9bf447230be43ffc58ca | - | ol8_x86_64_UEKR6 | |
| kernel-uek-devel-5.4.17-2011.7.4.el8uek.x86_64.rpm | dabeccb38c829f73014ed001f2e28fa57574aebad13e9c0fdb7d6f6343df5cb1 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-doc-5.4.17-2011.7.4.el8uek.noarch.rpm | 7c0939c44e893f03791aa50fdaca0c4669f8b3d5faacd080ea7d2ef459c41085 | - | ol8_x86_64_UEKR6 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
