ELSA-2020-5913

ELSA-2020-5913 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2020-11-10

Description


[4.14.35-2025.402.2.1]
- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040805] {CVE-2020-8694} {CVE-2020-8695}

[4.14.35-2025.402.2]
- ocfs2: fix remounting needed after setfacl command (Gang He)
- Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770]
- drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349]
- i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050]
- bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757]
- SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763]
- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520]
- qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276]

[4.14.35-2025.402.1]
- configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427]
- IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798]
- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643}
- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303]
- SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341]
- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645}
- nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898]
- xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343]
- nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357]
- nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357]
- uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273]
- arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273]
- ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790]
- rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320]
- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003]
- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118]
- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118]
- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118]
- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541}
- Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205]
- btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377} {CVE-2019-19377} {CVE-2019-19377}
- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448} {CVE-2019-19448}
- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385}
- net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603]
- mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603]
- mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603]
- mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603]
- ghes: Corrects: warning: unused variable 'vaddr' [-Wunused-variable] (John Donnelly) [Orabug: 31995830]
- ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830]
- blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284]
- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336]

[4.14.35-2025.402.0]
- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089}
- efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380}
- RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865]
- rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865]
- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372]
- EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136]
- EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136]
- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346]
- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765]
- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765]
- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765]
- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765]
- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356}
- bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453]
- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211}
- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}
- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}
- KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096]
- Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628]
- uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869]
- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641}
- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628]


Related CVEs


CVE-2020-25643
CVE-2019-16089
CVE-2019-19377
CVE-2019-19448
CVE-2020-14390
CVE-2020-8694
CVE-2020-8695
CVE-2020-25211
CVE-2020-26541
CVE-2020-25645
CVE-2020-14356
CVE-2020-14385
CVE-2020-25641
CVE-2019-12380

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) kernel-uek-4.14.35-2025.402.2.1.el7uek.src.rpm1c477e39ae0e0e6dbbf01de393e301b5-
kernel-uek-4.14.35-2025.402.2.1.el7uek.aarch64.rpmf3d3b4b32408bdd79b6d9728f4032334-
kernel-uek-debug-4.14.35-2025.402.2.1.el7uek.aarch64.rpm25b3823b7aefd60556db95e4a0dcac91-
kernel-uek-debug-devel-4.14.35-2025.402.2.1.el7uek.aarch64.rpmf5133e2e98842eea3a87f9e003f58889-
kernel-uek-devel-4.14.35-2025.402.2.1.el7uek.aarch64.rpmcbff472bf10e61668c39312b2dd633b9-
kernel-uek-headers-4.14.35-2025.402.2.1.el7uek.aarch64.rpm616051245cbc4ff353f6209676d634be-
kernel-uek-tools-4.14.35-2025.402.2.1.el7uek.aarch64.rpmc835041a5d92d04079627fe8d74f61d3-
kernel-uek-tools-libs-4.14.35-2025.402.2.1.el7uek.aarch64.rpme0bc744894bb469784f4a3d054b9db90-
kernel-uek-tools-libs-devel-4.14.35-2025.402.2.1.el7uek.aarch64.rpm178f0aa2c9e332ae9e4a0ab576c25ca8-
perf-4.14.35-2025.402.2.1.el7uek.aarch64.rpm921d1c037fecc01a594915d8866e5165-
python-perf-4.14.35-2025.402.2.1.el7uek.aarch64.rpm3ec400dd6e2151b156c2c1ff55365448-
Oracle Linux 7 (x86_64) kernel-uek-4.14.35-2025.402.2.1.el7uek.src.rpm1c477e39ae0e0e6dbbf01de393e301b5-
kernel-uek-4.14.35-2025.402.2.1.el7uek.x86_64.rpmda88248b41a06cee7e41bf7e3ab07582-
kernel-uek-debug-4.14.35-2025.402.2.1.el7uek.x86_64.rpm6e7573cc9c2ea5fe90902ff11220c784-
kernel-uek-debug-devel-4.14.35-2025.402.2.1.el7uek.x86_64.rpm1cec2bbd1e74b966c657d1817e974242-
kernel-uek-devel-4.14.35-2025.402.2.1.el7uek.x86_64.rpmbb81f898ac1ad74eed0af5e7fbc9cb97-
kernel-uek-doc-4.14.35-2025.402.2.1.el7uek.noarch.rpm1e10917e1f8f53fed5ce8bd12e05bcc0-
kernel-uek-tools-4.14.35-2025.402.2.1.el7uek.x86_64.rpm2c07a0b301c1030daa825cf93f16412f-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete