ELSA-2020-5884
- ULN >
- Oracle Linux Errata repository >
- ELSA-2020-5884
ELSA-2020-5884 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2020-10-12 |
Description
[5.4.17-2011.7.4]
- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit) [Orabug: 31931369]
- iommu/amd: Fix potential @entry null deref (Joao Martins) [Orabug: 31931369]
- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931369]
[5.4.17-2011.7.3]
- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895365] {CVE-2020-14385}
- ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895327] {CVE-2020-14314}
- mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884234] {CVE-2020-25285}
- rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884154] {CVE-2020-25284}
- nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872895] {CVE-2020-25212}
- libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (Jane Chu) [Orabug: 31861296]
- libnvdimm/security: the 'security' attr never (Jane Chu) [Orabug: 31861296]
- libnvdimm/security: fix a typo (Jane Chu) [Orabug: 31861296]
- mmc: sdhci: Silence MMC warnings (Maxime Ripard) [Orabug: 31746382]
- bcm2835-dma: Add support for per-channel flags (Phil Elwell) [Orabug: 31746382]
- mmc: sdhci-iproc: Fix vmmc regulators on iProc (Phil Elwell) [Orabug: 31746382]
- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722763]
- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722763]
- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722763]
[5.4.17-2011.7.2]
- net/packet: fix overflow in tpacket_rcv (Or Cohen) [Orabug: 31866487] {CVE-2020-14386} {CVE-2020-14386}
- block: better deal with the delayed not supported case in blk_cloned_rq_check_limits (Ritika Srivastava) [Orabug: 31850341]
- block: Return blk_status_t instead of errno codes (Ritika Srivastava) [Orabug: 31850341]
- iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (Suravee Suthikulpanit) [Orabug: 31849530]
- uek-rpm: ol8: config-aarch64: add *_MEMORY_HOTPLUG (Mihai Carabas) [Orabug: 31848696]
[5.4.17-2011.7.1]
- IB/mlx5: Expose RoCE accelerator counters (Avihai Horon) [Orabug: 31621895]
- net/mlx5: Add RoCE accelerator counters (Leon Romanovsky) [Orabug: 31621895]
- cgroup: Fix sock_cgroup_data on big-endian. (Cong Wang) [Orabug: 31779795] {CVE-2020-14356}
- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779795] {CVE-2020-14356}
- Revert 'aarch64/BM: config failed, hub doesn't have any ports' (Thomas Tai) [Orabug: 31838351]
- kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini) [Orabug: 31839185]
- iavf: use generic power management (Vaibhav Gupta) [Orabug: 31700015]
- iavf: Fix updating statistics (Tony Nguyen) [Orabug: 31700015]
- iavf: fix error return code in iavf_init_get_resources() (Wei Yongjun) [Orabug: 31700015]
- iavf: increase reset complete wait time (Paul Greenwalt) [Orabug: 31700015]
- iavf: Fix reporting 2.5 Gb and 5Gb speeds (Brett Creeley) [Orabug: 31700015]
- iavf: use appropriate enum for comparison (Aleksandr Loktionov) [Orabug: 31700015]
- iavf: Enable support for up to 16 queues (Mitch Williams) [Orabug: 31700015]
- iavf: fix speed reporting over virtchnl (Brett Creeley) [Orabug: 31700015]
- iavf: remove current MAC address filter on VF reset (Stefan Assmann) [Orabug: 31700015]
- i40e: Fix crash during removing i40e driver (Grzegorz Szczurek) [Orabug: 31700015]
- i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (Przemyslaw Patynowski) [Orabug: 31700015]
- i40e: introduce new dump desc XDP command (Ciara Loftus) [Orabug: 31700015]
- i40e: add XDP ring statistics to dump VSI debug output (Ciara Loftus) [Orabug: 31700015]
- i40e: add XDP ring statistics to VSI stats (Ciara Loftus) [Orabug: 31700015]
- i40e: move check of full Tx ring to outside of send loop (Magnus Karlsson) [Orabug: 31700015]
- i40e: eliminate division in napi_poll data path (Magnus Karlsson) [Orabug: 31700015]
- i40e: optimize AF_XDP Tx completion path (Magnus Karlsson) [Orabug: 31700015]
- i40e: Add support for a new feature Total Port Shutdown (Arkadiusz Kubalewski) [Orabug: 31700015]
- i40e: Remove scheduling while atomic possibility (Aleksandr Loktionov) [Orabug: 31700015]
- i40e: Add support for 5Gbps cards (Aleksandr Loktionov) [Orabug: 31700015]
- i40e: Add a check to see if MFS is set (Todd Fujinaka) [Orabug: 31700015]
- i40e: detect and log info about pre-recovery mode (Piotr Kwapulinski) [Orabug: 31700015]
- i40e: make PF wait reset loop reliable (Piotr Kwapulinski) [Orabug: 31700015]
- i40e: remove unused defines (Jesse Brandeburg) [Orabug: 31700015]
- i40e: Move client header location (Shiraz Saleem) [Orabug: 31700015]
- i40e: fix crash when Rx descriptor count is changed (Bjorn Topel) [Orabug: 31700015]
- i40e: Make i40e_shutdown_adminq() return void (Jason Yan) [Orabug: 31700015]
- i40e: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31700015]
- i40e: Separate kernel allocated rx_bi rings from AF_XDP rings (Bjorn Topel) [Orabug: 31700015]
- i40e: Refactor rx_bi accesses (Bjorn Topel) [Orabug: 31700015]
- i40e: Remove unneeded conversion to bool (Jason Yan) [Orabug: 31700015]
- i40e: fix spelling mistake 'to' -> 'too' (Colin Ian King) [Orabug: 31700015]
- i40e: Set PHY Access flag on X722 (Adam Ludkiewicz) [Orabug: 31700015]
- i40e: implement VF stats NDO (Jesse Brandeburg) [Orabug: 31700015]
- i40e: enable X710 support (Alice Michael) [Orabug: 31700015]
- i40e: Add UDP segmentation offload support (Josh Hunt) [Orabug: 31700015]
- i40e: Refactoring VF MAC filters counting to make more reliable (Aleksandr Loktionov) [Orabug: 31700015]
- i40e: Fix LED blinking flow for X710T*L devices (Damian Milosek) [Orabug: 31700015]
- i40e: allow ethtool to report SW and FW versions in recovery mode (Piotr Kwapulinski) [Orabug: 31700015]
- i40e: Extend PHY access with page change flag (Piotr Azarewicz) [Orabug: 31700015]
- i40e: Extract detection of HW flags into a function (Piotr Azarewicz) [Orabug: 31700015]
- i40e: Fix for persistent lldp support (Sylwia Wnuczko) [Orabug: 31700015]
- i40e: protect ring accesses with READ- and WRITE_ONCE (Ciara Loftus) [Orabug: 31700015]
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (Brett Creeley) [Orabug: 31700015]
- i40e: Relax i40e_xsk_wakeup's return value when PF is busy (Maciej Fijalkowski) [Orabug: 31700015]
- i40e: Fix virtchnl_queue_select bitmap validation (Brett Creeley) [Orabug: 31700015]
[5.4.17-2011.7.0]
- sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543029]
- sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543029]
- tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543029]
- tracing: Adding new functions for kernel access to Ftrace instances (Divya Indi) [Orabug: 31543029]
- tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543029]
- tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543029]
- tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543029]
- RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784656]
- RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784889]
- rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783146]
Related CVEs
| CVE-2020-14356 |
| CVE-2020-14385 |
| CVE-2020-14386 |
| CVE-2020-14314 |
| CVE-2020-25212 |
| CVE-2020-25284 |
| CVE-2020-25285 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (aarch64) | kernel-uek-5.4.17-2011.7.4.el7uek.src.rpm | fb9dcdcf136ff8a85bad6cc7eaf4ffad | ELSA-2021-9220 |
| kernel-uek-5.4.17-2011.7.4.el7uek.aarch64.rpm | 1831b99188435fb94c9d591e6efe6bc3 | ELSA-2021-9220 | |
| kernel-uek-debug-5.4.17-2011.7.4.el7uek.aarch64.rpm | e2930593cb618227f00a101869b24a99 | ELSA-2021-9220 | |
| kernel-uek-debug-devel-5.4.17-2011.7.4.el7uek.aarch64.rpm | f48dbcf4f47681deccdbbecabb5a7e56 | ELSA-2021-9220 | |
| kernel-uek-devel-5.4.17-2011.7.4.el7uek.aarch64.rpm | 01de919facfb2f70c8e59e600c489fe2 | ELSA-2021-9220 | |
| kernel-uek-doc-5.4.17-2011.7.4.el7uek.noarch.rpm | e2b4dae25dab6921c720f750cecab682 | ELSA-2021-9220 | |
| kernel-uek-tools-5.4.17-2011.7.4.el7uek.aarch64.rpm | a85de832d1930ddfbae7f92f54c23d9e | ELSA-2021-9220 | |
| kernel-uek-tools-libs-5.4.17-2011.7.4.el7uek.aarch64.rpm | c9311e4df51a072083144cb265f18bb7 | ELSA-2021-9220 | |
| perf-5.4.17-2011.7.4.el7uek.aarch64.rpm | cc39172c1f6cfd5cbf45d3358d1d385c | ELSA-2021-9220 | |
| python-perf-5.4.17-2011.7.4.el7uek.aarch64.rpm | e519568e39e3fbc1ed17cee3ec1b35e5 | ELSA-2021-9220 | |
| Oracle Linux 7 (x86_64) | kernel-uek-5.4.17-2011.7.4.el7uek.src.rpm | fb9dcdcf136ff8a85bad6cc7eaf4ffad | ELSA-2021-9220 |
| kernel-uek-5.4.17-2011.7.4.el7uek.x86_64.rpm | cfa87943123988c7974ba539603cb890 | ELSA-2021-9220 | |
| kernel-uek-debug-5.4.17-2011.7.4.el7uek.x86_64.rpm | ed0f977d1751146e9e8ad237eb89076a | ELSA-2021-9220 | |
| kernel-uek-debug-devel-5.4.17-2011.7.4.el7uek.x86_64.rpm | 614a3843728a938cf73834fa2bceaadb | ELSA-2021-9220 | |
| kernel-uek-devel-5.4.17-2011.7.4.el7uek.x86_64.rpm | 42f04ad0a2ed0d7dea0130fcb281018a | ELSA-2021-9220 | |
| kernel-uek-doc-5.4.17-2011.7.4.el7uek.noarch.rpm | e2b4dae25dab6921c720f750cecab682 | ELSA-2021-9220 | |
| kernel-uek-tools-5.4.17-2011.7.4.el7uek.x86_64.rpm | e4407994b0570e7c0c682f6eb89c9752 | ELSA-2021-9220 | |
| Oracle Linux 8 (aarch64) | kernel-uek-5.4.17-2011.7.4.el8uek.src.rpm | 305ef7dae92ff8ff714da055fe4459f2 | - |
| kernel-uek-5.4.17-2011.7.4.el8uek.aarch64.rpm | a68d6bdca24c04bb3b7551175440c410 | - | |
| kernel-uek-debug-5.4.17-2011.7.4.el8uek.aarch64.rpm | 7f373d9b5da5ad9fdac29167225880bc | - | |
| kernel-uek-debug-devel-5.4.17-2011.7.4.el8uek.aarch64.rpm | 884e531105be0f3b3685244ffd5cf80a | - | |
| kernel-uek-devel-5.4.17-2011.7.4.el8uek.aarch64.rpm | 833c17850fb091084b9e97af47d1f335 | - | |
| kernel-uek-doc-5.4.17-2011.7.4.el8uek.noarch.rpm | f98396a2a388ad40a18f97978573b204 | - | |
| Oracle Linux 8 (x86_64) | kernel-uek-5.4.17-2011.7.4.el8uek.src.rpm | 305ef7dae92ff8ff714da055fe4459f2 | - |
| kernel-uek-5.4.17-2011.7.4.el8uek.x86_64.rpm | 7f8cbdcd5653a50f0cd5a66e0c16383c | - | |
| kernel-uek-debug-5.4.17-2011.7.4.el8uek.x86_64.rpm | 1ba2f74da6f1570ee54dec63aff924a1 | - | |
| kernel-uek-debug-devel-5.4.17-2011.7.4.el8uek.x86_64.rpm | d7880fad411177b42ac9b361f4bade1f | - | |
| kernel-uek-devel-5.4.17-2011.7.4.el8uek.x86_64.rpm | ede78f540a2dbaa9f8d399c22f5d925f | - | |
| kernel-uek-doc-5.4.17-2011.7.4.el8uek.noarch.rpm | f98396a2a388ad40a18f97978573b204 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
