ELSA-2020-5914
- ULN >
- Oracle Linux Errata repository >
- ELSA-2020-5914
ELSA-2020-5914 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2020-11-10 |
Description
[5.4.17-2036.100.6.1.el8uek]
- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695}
- KVM: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [Orabug: 32066585] {CVE-2020-27152} {CVE-2020-27152}
- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999339]
- x86/jump_label: Patch one site at a time (Boris Ostrovsky) [Orabug: 31999339]
[5.4.17-2036.100.5.el8uek]
- uek-rpm: Fix integer test for 4k page size module signing (Dave Kleikamp) [Orabug: 32021114]
- uek-rpm/kernel-uek.spec: Sign modules for 4k kernel (Vijay Kumar) [Orabug: 32021114]
- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989185] {CVE-2020-25643}
- dm crypt: add flags to optionally bypass kcryptd workqueues (Ignat Korchagin) [Orabug: 31998688]
- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010302]
- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32013938] {CVE-2020-25645}
- nvmet: Disable keep-alive timer when kato is cleared to 0h (Amit Engel) [Orabug: 31997181]
- KVM: nVMX: stop abusing need_vmcs12_to_shadow_sync for eVMCS mapping (Vitaly Kuznetsov) [Orabug: 31986433]
- cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug (Daniel Jordan) [Orabug: 31985221]
- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979626]
- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961115]
- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961115]
- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961115]
- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961115] {CVE-2020-26541}
- bcache: stop setting ->queuedata (Christoph Hellwig) [Orabug: 30210051]
- bcache: pr_info() format clean up in bcache_device_init() (Coly Li) [Orabug: 30210051]
- bcache: use delayed kworker fo asynchronous devices registration (Coly Li) [Orabug: 30210051]
- bcache: check and adjust logical block size for backing devices (Mauricio Faria de Oliveira) [Orabug: 30210051]
- bcache: configure the asynchronous registertion to be experimental (Coly Li) [Orabug: 30210051]
- bcache: asynchronous devices registration (Coly Li) [Orabug: 30210051]
uses to a more typical style (Joe Perches) [Orabug: 30210051]
- bcache: remove redundant variables i and n (Colin Ian King) [Orabug: 30210051]
- bcache: remove a duplicate ->make_request_fn assignment (Christoph Hellwig) [Orabug: 30210051]
- bcache: pass the make_request methods to blk_queue_make_request (Christoph Hellwig) [Orabug: 30210051]
- bcache: remove dupplicated declaration from btree.h (Coly Li) [Orabug: 30210051]
- bcache: optimize barrier usage for atomic operations (Coly Li) [Orabug: 30210051]
- bcache: optimize barrier usage for Rmw atomic bitops (Davidlohr Bueso) [Orabug: 30210051]
- bcache: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 30210051]
- bcache: make bch_sectors_dirty_init() to be multithreaded (Coly Li) [Orabug: 30210051]
- bcache: make bch_btree_check() to be multithreaded (Coly Li) [Orabug: 30210051]
- bcache: add bcache_ prefix to btree_root() and btree() macros (Coly Li) [Orabug: 30210051]
- bcache: move macro btree() and btree_root() into btree.h (Coly Li) [Orabug: 30210051]
- bcache: remove macro nr_to_fifo_front() (Coly Li) [Orabug: 30210051]
- bcache: Revert 'bcache: shrink btree node cache after bch_btree_check()' (Coly Li) [Orabug: 30210051]
- bcache: check return value of prio_read() (Coly Li) [Orabug: 30210051]
- bcache: reap from tail of c->btree_cache in bch_mca_scan() (Coly Li) [Orabug: 30210051]
- bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (Coly Li) [Orabug: 30210051]
- bcache: remove member accessed from struct btree (Coly Li) [Orabug: 30210051]
- bcache: add code comments for state->pool in __btree_sort() (Coly Li) [Orabug: 30210051]
- bcache: use read_cache_page_gfp to read the superblock (Christoph Hellwig) [Orabug: 30210051]
- bcache: store a pointer to the on-disk sb in the cache and cached_dev structures (Christoph Hellwig) [Orabug: 30210051]
- bcache: return a pointer to the on-disk sb from read_super (Christoph Hellwig) [Orabug: 30210051]
- bcache: transfer the sb_page reference to register_{bdev,cache} (Christoph Hellwig) [Orabug: 30210051]
- bcache: use a separate data structure for the on-disk super block (Christoph Hellwig) [Orabug: 30210051]
- bcache: don't export symbols (Christoph Hellwig) [Orabug: 30210051]
- bcache: remove the extra cflags for request.o (Christoph Hellwig) [Orabug: 30210051]
- bcache: add idle_max_writeback_rate sysfs interface (Coly Li) [Orabug: 30210051]
- bcache: add code comments in bch_btree_leaf_dirty() (Coly Li) [Orabug: 30210051]
- bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (Coly Li) [Orabug: 30210051]
- bcache: deleted code comments for dead code in bch_data_insert_keys() (Coly Li) [Orabug: 30210051]
- bcache: add more accurate error messages in read_super() (Coly Li) [Orabug: 30210051]
- bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (Guoju Fang) [Orabug: 30210051]
- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31965669]
- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31933715]
- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 31916337]
- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31972480] {CVE-2019-16089}
- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}
- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}
- net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (Shung-Hsi Yu) [Orabug: 31907969]
- PCI: pciehp: Reduce noisiness on hot removal (Lukas Wunner) [Orabug: 30512596]
- kdump: update Documentation about crashkernel (Chen Zhou) [Orabug: 31554906]
- arm64: kdump: add memory for devices by DT property linux, usable-memory-range (Chen Zhou) [Orabug: 31554906]
- kdump: add threshold for the required memory (Chen Zhou) [Orabug: 31554906]
- arm64: kdump: reimplement crashkernel=X (Chen Zhou) [Orabug: 31554906]
- arm64: kdump: introduce some macroes for crash kernel reservation (Chen Zhou) [Orabug: 31554906]
- x86: kdump: move reserve_crashkernel[_low]() into crash_core.c (Chen Zhou) [Orabug: 31554906]
- x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel[_low]() (Chen Zhou) [Orabug: 31554906]
- x86: kdump: make the lower bound of crash kernel reservation consistent (Chen Zhou) [Orabug: 31554906]
- x86: kdump: move CRASH_ALIGN to 2M (Chen Zhou) [Orabug: 31554906]
- block: allow 'chunk_sectors' to be non-power-of-2 (Mike Snitzer) [Orabug: 31827023]
- block: use lcm_not_zero() when stacking chunk_sectors (Mike Snitzer) [Orabug: 31827023]
- dm: fix comment in dm_process_bio() (Mike Snitzer) [Orabug: 31827023]
- dm: fix bio splitting and its bio completion order for regular IO (Mike Snitzer) [Orabug: 31827023]
- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955136] {CVE-2020-25641}
[5.4.17-2036.100.4.el8uek]
- xfs: force writes to delalloc regions to unwritten (Darrick J. Wong) [Orabug: 30787888]
- xfs: properly serialise fallocate against AIO+DIO (Dave Chinner) [Orabug: 31366104]
- perf/x86/rapl: Add Ice Lake RAPL support (Thomas Tai) [Orabug: 31766610]
- xfs: attach dquots and reserve quota blocks during unwritten conversion (Darrick J. Wong) [Orabug: 31785972]
- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872853] {CVE-2020-25211}
- net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880140]
- uek-rpm: streamline 4konly build (Dave Kleikamp) [Orabug: 31891770]
- bnxt: correct warning: unused variable: 'rc' (John Donnelly) [Orabug: 31907548]
- i40e: Correct warning: 'aq_ret' may be used uninitialized, (John Donnelly) [Orabug: 31907631]
- uek-rpm: Add ovmapi.ko to uek6 nano_modules (Joe Jin) [Orabug: 31908852]
- uek-rpm: config: Enable OVM API (Joe Jin) [Orabug: 31908852]
- uek-rpm: Fix kernel-ueknano depmod warnings vhost_iotlb regmap-i2c (Vijayendra Suman) [Orabug: 31916879]
- kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (Muchun Song) [Orabug: 31920526]
- scsi: page warning: 'page' may be used uninitialized. (John Donnelly) [Orabug: 31920671]
- x86/speculation/taa: Add TAA_MITIGATION_IDLE mode (Patrick Colp) [Orabug: 31921884]
- oracleasm: Access d_bdev before dropping inode (Stephen Brennan) [Orabug: 31927355]
- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit) [Orabug: 31931368]
- iommu/amd: Fix potential @entry null deref (Joao Martins) [Orabug: 31931368]
- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931368]
Related CVEs
| CVE-2020-8694 |
| CVE-2020-8695 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (aarch64) | kernel-uek-5.4.17-2036.100.6.1.el7uek.src.rpm | 6b23f5e2a8a778971d6b0e37954cb56c290adb18766a826372da05b5602ce0ba | ELSA-2025-20190 | ol7_aarch64_UEKR6 |
| kernel-uek-5.4.17-2036.100.6.1.el7uek.aarch64.rpm | bab314f19c35448bdbd73a0bae86cca82fa9a1cd02ea9a324d61cbae4ebf4b23 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-debug-5.4.17-2036.100.6.1.el7uek.aarch64.rpm | 46d63eb57a350a32ab8391a20c38d0e29936f4510a11e27ebf73da2f3f7066b4 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-debug-devel-5.4.17-2036.100.6.1.el7uek.aarch64.rpm | dd8626376c842d3f7285b9411f8192902aea1cce9ff48a75637363e0bd62fb2b | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-devel-5.4.17-2036.100.6.1.el7uek.aarch64.rpm | 215110a454a551698021eb060bd13c96c2cfbaa98047ee464d309779660b3048 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-doc-5.4.17-2036.100.6.1.el7uek.noarch.rpm | cc88649bebd10acc97f41729824c97f682e0f59ed93a214df22902a1a837c3e3 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-tools-5.4.17-2036.100.6.1.el7uek.aarch64.rpm | 5c1e3cbd236530a886f3c1ad6901b5ca6b9dfcceab980112d6f83eee121d8269 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-tools-libs-5.4.17-2036.100.6.1.el7uek.aarch64.rpm | 0a6a9fbeef7646e7307a87572c509652d247b6991bee650953f6f8713d1590ea | ELSA-2025-20019 | ol7_aarch64_UEKR6 | |
| perf-5.4.17-2036.100.6.1.el7uek.aarch64.rpm | bc26c365d73e95fd9aff3c14689594355eed541b6be0d0ff13736ca3a7dc2784 | ELSA-2025-20019 | ol7_aarch64_UEKR6 | |
| python-perf-5.4.17-2036.100.6.1.el7uek.aarch64.rpm | 7e6c9a3b23fadc3b712a8e9eef96bbfc7a0ceb39448385f5d8cffce1d89f6380 | ELSA-2025-20019 | ol7_aarch64_UEKR6 | |
| Oracle Linux 7 (x86_64) | kernel-uek-5.4.17-2036.100.6.1.el7uek.src.rpm | 6b23f5e2a8a778971d6b0e37954cb56c290adb18766a826372da05b5602ce0ba | ELSA-2025-20190 | ol7_x86_64_UEKR6 |
| kernel-uek-5.4.17-2036.100.6.1.el7uek.x86_64.rpm | 07076ed71047b0cb3ff5a678e8265c76170086d94ab9c06dc3ce83adde85a894 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-debug-5.4.17-2036.100.6.1.el7uek.x86_64.rpm | bb46c3146f4c314b52c94825fb14ef83c0a5cefedd5ae589160dfebf5ba9aaf4 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-debug-devel-5.4.17-2036.100.6.1.el7uek.x86_64.rpm | c8e6834dc3d048c5ae16a380035555b072ceead98982cc4281fd3292b1ee8482 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-devel-5.4.17-2036.100.6.1.el7uek.x86_64.rpm | 79d1f34960dcc9cf32f63e9ea87e696bee214e065f866d3602e70b71eb87383f | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-doc-5.4.17-2036.100.6.1.el7uek.noarch.rpm | cc88649bebd10acc97f41729824c97f682e0f59ed93a214df22902a1a837c3e3 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-tools-5.4.17-2036.100.6.1.el7uek.x86_64.rpm | f188fec46aae7e86c2eccd4a78af2813350ac257c8708bbda8660c91ce6eb5b6 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| Oracle Linux 8 (aarch64) | kernel-uek-5.4.17-2036.100.6.1.el8uek.src.rpm | 4b9fc8e09a7ed1024b310e39ef8e5424022984eebf9d8fb521dc8d62b4b67c9d | - | ol8_aarch64_baseos_latest |
| kernel-uek-5.4.17-2036.100.6.1.el8uek.src.rpm | 4b9fc8e09a7ed1024b310e39ef8e5424022984eebf9d8fb521dc8d62b4b67c9d | - | ol8_aarch64_u2_baseos_patch | |
| kernel-uek-5.4.17-2036.100.6.1.el8uek.aarch64.rpm | ac7f8e65777ee6d39ba3800cb4224eb47fb782fc722a7df8f654a70a00d452fd | - | ol8_aarch64_baseos_latest | |
| kernel-uek-5.4.17-2036.100.6.1.el8uek.aarch64.rpm | ac7f8e65777ee6d39ba3800cb4224eb47fb782fc722a7df8f654a70a00d452fd | - | ol8_aarch64_u2_baseos_patch | |
| kernel-uek-debug-5.4.17-2036.100.6.1.el8uek.aarch64.rpm | d27c07649c3201b161eeba7d52bb79a209f1778c07daf64439e2dc1a09a7a214 | - | ol8_aarch64_baseos_latest | |
| kernel-uek-debug-5.4.17-2036.100.6.1.el8uek.aarch64.rpm | d27c07649c3201b161eeba7d52bb79a209f1778c07daf64439e2dc1a09a7a214 | - | ol8_aarch64_u2_baseos_patch | |
| kernel-uek-debug-devel-5.4.17-2036.100.6.1.el8uek.aarch64.rpm | 2d9010daff245a9b271ffb98f559e7dfa31fc66233c28652be42ef24b08aa8ab | - | ol8_aarch64_baseos_latest | |
| kernel-uek-debug-devel-5.4.17-2036.100.6.1.el8uek.aarch64.rpm | 2d9010daff245a9b271ffb98f559e7dfa31fc66233c28652be42ef24b08aa8ab | - | ol8_aarch64_u2_baseos_patch | |
| kernel-uek-devel-5.4.17-2036.100.6.1.el8uek.aarch64.rpm | 7c1b63181ea32ce0c73cb173b4525b09b7e3d395b964abe8909820aa3321e544 | - | ol8_aarch64_baseos_latest | |
| kernel-uek-devel-5.4.17-2036.100.6.1.el8uek.aarch64.rpm | 7c1b63181ea32ce0c73cb173b4525b09b7e3d395b964abe8909820aa3321e544 | - | ol8_aarch64_u2_baseos_patch | |
| kernel-uek-doc-5.4.17-2036.100.6.1.el8uek.noarch.rpm | 0e6bae32252cdb0fdb11bf111602f61f8f751d4d9a381b27aaa74fb711d49131 | - | ol8_aarch64_baseos_latest | |
| kernel-uek-doc-5.4.17-2036.100.6.1.el8uek.noarch.rpm | 0e6bae32252cdb0fdb11bf111602f61f8f751d4d9a381b27aaa74fb711d49131 | - | ol8_aarch64_u2_baseos_patch | |
| Oracle Linux 8 (x86_64) | kernel-uek-5.4.17-2036.100.6.1.el8uek.src.rpm | 4b9fc8e09a7ed1024b310e39ef8e5424022984eebf9d8fb521dc8d62b4b67c9d | - | ol8_x86_64_UEKR6 |
| kernel-uek-5.4.17-2036.100.6.1.el8uek.src.rpm | 4b9fc8e09a7ed1024b310e39ef8e5424022984eebf9d8fb521dc8d62b4b67c9d | - | ol8_x86_64_baseos_latest | |
| kernel-uek-5.4.17-2036.100.6.1.el8uek.x86_64.rpm | 74cf20c1fc77d2ef5a26a31eaef96c2c3a1e0ae49225b448d4b5b7ac5bbd2441 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-debug-5.4.17-2036.100.6.1.el8uek.x86_64.rpm | d85ac3553ddde045213ea5a29834119806e55376599ab642ef7bf247f6937b1b | - | ol8_x86_64_UEKR6 | |
| kernel-uek-debug-devel-5.4.17-2036.100.6.1.el8uek.x86_64.rpm | 6c7a5fef9070aed931b0b895f37819abbf9af6e466da25aafa2b45d955edeee0 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-devel-5.4.17-2036.100.6.1.el8uek.x86_64.rpm | 97d7ba9eea29195262a322c39db91ac63626ef77694b5f6ca0454097cd865b4c | - | ol8_x86_64_UEKR6 | |
| kernel-uek-doc-5.4.17-2036.100.6.1.el8uek.noarch.rpm | 0e6bae32252cdb0fdb11bf111602f61f8f751d4d9a381b27aaa74fb711d49131 | - | ol8_x86_64_UEKR6 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
