Stay Connected:

ELSA-2021-1093

ELSA-2021-1093 - kernel security, bug fix, and enhancement update

Type:SECURITY
Impact:IMPORTANT
Release Date:2021-04-07

Description


[4.18.0-240.22.1_3.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5

[4.18.0-240.22.1_3]
- futex: Handle faults correctly for PI futexes (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Simplify fixup_pi_state_owner() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Use pi_state_update_owner() in put_pi_state() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Provide and use pi_state_update_owner() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Replace pointless printk in fixup_owner() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Ensure the correct return value from futex_lock_pi() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Don't enable IRQs unconditionally in put_pi_state() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Fix incorrect should_fail_futex() handling (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Consistently use fshared as boolean (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Remove needless goto's (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Remove put_futex_key() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [1930832 1930833] {CVE-2021-27364}
- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [1930855 1930856] {CVE-2021-27365}
- scsi: iscsi: Restrict sessions and handles to admin capabilities (Chris Leech) [1940423 1930809] {CVE-2021-27363}

[4.18.0-240.21.1_3]
- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (Paolo Bonzini) [1939013 1912448]
- gfs2: Fix deadlock between gfs2_{create_inode, inode_lookup} and delete_work_func (Andreas Gruenbacher) [1937109 1903190]
- gfs2: Don't call cancel_delayed_work_sync from within delete work function (Andreas Gruenbacher) [1937109 1903190]
- gfs2: Only access gl_delete for iopen glocks (Andreas Gruenbacher) [1937109 1903190]
- gfs2: Don't sleep during glock hash walk (Andreas Gruenbacher) [1937109 1903190]
- [netdrv] net/mlx5e: Add missing set of destination vport flags in termtbl create (Alaa Hleihel) [1924689 1851700]
- [tools] tools arch x86: Sync asm/cpufeatures.h with the kernel sources (David Arcari) [1929740 1916478]
- [x86] x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (David Arcari) [1929740 1916478]

[4.18.0-240.20.1_3]
- fix regression in 'epoll: Keep a reference on files added to the check list' (Carlos Maiolino) [1920775 1920776] {CVE-2020-0466}
- do_epoll_ctl(): clean the failure exits up a bit (Carlos Maiolino) [1920775 1920776] {CVE-2020-0466}
- epoll: Keep a reference on files added to the check list (Carlos Maiolino) [1920775 1920776] {CVE-2020-0466}
- [kernel] sched/features: Distinguish between NORMAL and DEADLINE hrtick (Juri Lelli) [1930735 1912118]
- [kernel] sched/features: Fix hrtick reprogramming (Juri Lelli) [1930735 1912118]
- iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built (Vitaly Kuznetsov) [1932199 1887216]
- iommu/vt-d: Gracefully handle DMAR units with no supported address widths (Vitaly Kuznetsov) [1932199 1887216]
- iommu/vt-d: Skip TE disabling on quirky gfx dedicated iommu (Vitaly Kuznetsov) [1932199 1887216]
- net/vmw_vsock: fix NULL pointer dereference (Jon Maloy) [1925599 1925600] {CVE-2021-26708}
- net/vmw_vsock: improve locking in vsock_connect_timeout() (Jon Maloy) [1925599 1925600] {CVE-2021-26708}
- vsock: fix locking in vsock_shutdown() (Jon Maloy) [1925599 1925600] {CVE-2021-26708}
- vsock: fix the race conditions in multi-transport support (Jon Maloy) [1925599 1925600] {CVE-2021-26708}
- [base] mm: don't panic when links can't be created in sysfs (Baoquan He) [1930168 1890171]
- mm: don't rely on system state to detect hot-plug operations (Baoquan He) [1930168 1890171]
- mm: replace memmap_context by meminit_context (Baoquan He) [1930168 1890171]
- [tools] kvm: nvmx: check for invalid hdr.vmx.flags (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: nvmx: check for required but missing VMCS12 in KVM_SET_NESTED_STATE (Paolo Bonzini) [1923281 1904128]
- [tools] selftests: kvm: do not set guest mode flag (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: svm: Fix offset computation bug in __sev_dbg_decrypt() (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: nvmx: Sync unsync'd vmcs02 state to vmcs12 on migration (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86: get smi pending status correctly (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86: Add more protection against undefined behavior in rsvd_bits() (Paolo Bonzini) [1923281 1904128]
- [documentation] kvm: Forbid the use of tagged userspace addresses for memslots (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86: allow KVM_REQ_GET_NESTED_STATE_PAGES outside guest mode for VMX (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: nsvm: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: nsvm: mark vmcb as dirty when forcingly leaving the guest mode (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: nsvm: correctly restore nested_run_pending on migration (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86: fix shift out of bounds reported by UBSAN (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (Paolo Bonzini) [1923281 1904128]
- [target] scsi: target: Fix XCOPY NAA identifier lookup (Maurizio Lombardi) [1900462 1900463] {CVE-2020-28374}
- scsi: qla2xxx: Fix mailbox Ch erroneous error (Nilesh Javali) [1924222 1894578]
- [net] fix iteration for sctp transport seq_files (Xin Long) [1927521 1916824]
- [scsi] scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (Dick Kennedy) [1927921 1887549]
- [mm] mm, oom: remove oom_lock from oom_reaper (Waiman Long) [1929738 1873759]

[4.18.0-240.19.1_3]
- audit: trigger accompanying records when no rules present (Richard Guy Briggs) [1907520 1896480]
- revert: 1320a4052ea1 ('audit: trigger accompanying records when no rules present') (Richard Guy Briggs) [1907520 1896480]
- audit: issue CWD record to accompany LSM_AUDIT_DATA_* records (Richard Guy Briggs) [1907520 1896480]
- audit: remove unused !CONFIG_AUDITSYSCALL __audit_inode* stubs (Richard Guy Briggs) [1907520 1896480]
- redhat: use tags from git notes for zstream to generate changelog (Frantisek Hrbata)

[4.18.0-240.18.1_3]
- [scsi] scsi: fnic: Do not call 'scsi_done()' for unhandled commands (Govindarajulu Varadarajan) [1925186 1870397]
- [target] scsi: target: iscsi: Fix cmd abort fabric stop race (Maurizio Lombardi) [1918354 1908215]
- [target] scsi: target: Modify core_tmr_abort_task() (Maurizio Lombardi) [1918363 1880395]
- [s390] s390/crypto: add arch_get_random_long() support (Vladis Dronov) [1915816 1904274]

[4.18.0-240.17.1_3]
- [mm] mm/slub: fix panic in slab_alloc_node() (Oleksandr Natalenko) [1925511 1921056]
- [s390] s390/early: improve machine detection (Claudio Imbrenda) [1925508 1896307]
- [infiniband] RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (Kamal Heib) [1924691 1903992]

[4.18.0-240.16.1_3]
- [netdrv] net/mlx5e: Fix using wrong stats_grps in mlx5e_update_ndo_stats() (Alaa Hleihel) [1921060 1870593]
- [net] tcp: Fix potential use-after-free due to double kfree() (Florian Westphal) [1915529 1915164]
- [net] tcp: fix race condition when creating child sockets from syncookies (Florian Westphal) [1915529 1915164]
- [x86] kvm: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [1906438 1882793]


Related CVEs


CVE-2021-26708
CVE-2021-3347
CVE-2021-27365
CVE-2021-27363
CVE-2021-27364
CVE-2020-27152
CVE-2020-0466
CVE-2020-28374

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) kernel-4.18.0-240.22.1.el8_3.src.rpm11672e8e2ad961f031c892383b13d73eea686b981c7d4bd8c26f0c0b3c88dfa4-ol8_aarch64_baseos_latest
kernel-4.18.0-240.22.1.el8_3.src.rpm11672e8e2ad961f031c892383b13d73eea686b981c7d4bd8c26f0c0b3c88dfa4-ol8_aarch64_codeready_builder
kernel-4.18.0-240.22.1.el8_3.src.rpm11672e8e2ad961f031c892383b13d73eea686b981c7d4bd8c26f0c0b3c88dfa4-ol8_aarch64_u3_baseos_patch
bpftool-4.18.0-240.22.1.el8_3.aarch64.rpm010caea501fa29634a1713fed7ba75bbe5c7520cdaefac2226cb3490726a796b-ol8_aarch64_baseos_latest
bpftool-4.18.0-240.22.1.el8_3.aarch64.rpm010caea501fa29634a1713fed7ba75bbe5c7520cdaefac2226cb3490726a796b-ol8_aarch64_u3_baseos_patch
kernel-cross-headers-4.18.0-240.22.1.el8_3.aarch64.rpm9aee4465e15ea9d0558647c92ae68e3384d48f088d6f313b68eb10e761b25d4d-ol8_aarch64_baseos_latest
kernel-cross-headers-4.18.0-240.22.1.el8_3.aarch64.rpm9aee4465e15ea9d0558647c92ae68e3384d48f088d6f313b68eb10e761b25d4d-ol8_aarch64_u3_baseos_patch
kernel-headers-4.18.0-240.22.1.el8_3.aarch64.rpme1b9e28886633ccb626902840d129eca8f189d24f030cc3547f6c6f28cf8f934-ol8_aarch64_baseos_latest
kernel-headers-4.18.0-240.22.1.el8_3.aarch64.rpme1b9e28886633ccb626902840d129eca8f189d24f030cc3547f6c6f28cf8f934-ol8_aarch64_u3_baseos_patch
kernel-tools-4.18.0-240.22.1.el8_3.aarch64.rpmac525aa179dab34b8cfb340751d0acb5fdc545891417d52773ae4e547c251b3c-ol8_aarch64_baseos_latest
kernel-tools-4.18.0-240.22.1.el8_3.aarch64.rpmac525aa179dab34b8cfb340751d0acb5fdc545891417d52773ae4e547c251b3c-ol8_aarch64_u3_baseos_patch
kernel-tools-libs-4.18.0-240.22.1.el8_3.aarch64.rpm25caa1ab09737413935790e102a74fe459f2e618999e9ff99e7cbdebb57a3fa4-ol8_aarch64_baseos_latest
kernel-tools-libs-4.18.0-240.22.1.el8_3.aarch64.rpm25caa1ab09737413935790e102a74fe459f2e618999e9ff99e7cbdebb57a3fa4-ol8_aarch64_u3_baseos_patch
kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.aarch64.rpm374b16c04150dc7f3c0ed80cb2c568db8a756c53a87573dd6caa55918ec85b22-ol8_aarch64_codeready_builder
perf-4.18.0-240.22.1.el8_3.aarch64.rpm5368c42725d754c14c43b9ee9e50fe39771da798dfe118d85e9569c0ee4e92a7-ol8_aarch64_baseos_latest
perf-4.18.0-240.22.1.el8_3.aarch64.rpm5368c42725d754c14c43b9ee9e50fe39771da798dfe118d85e9569c0ee4e92a7-ol8_aarch64_u3_baseos_patch
python3-perf-4.18.0-240.22.1.el8_3.aarch64.rpm11784787f4893657320c2c9d1d1fdcf7028e163eb9a5fa383a8c24c916b23644-ol8_aarch64_baseos_latest
python3-perf-4.18.0-240.22.1.el8_3.aarch64.rpm11784787f4893657320c2c9d1d1fdcf7028e163eb9a5fa383a8c24c916b23644-ol8_aarch64_u3_baseos_patch
Oracle Linux 8 (x86_64) kernel-4.18.0-240.22.1.el8_3.src.rpm11672e8e2ad961f031c892383b13d73eea686b981c7d4bd8c26f0c0b3c88dfa4-ol8_x86_64_baseos_latest
kernel-4.18.0-240.22.1.el8_3.src.rpm11672e8e2ad961f031c892383b13d73eea686b981c7d4bd8c26f0c0b3c88dfa4-ol8_x86_64_codeready_builder
kernel-4.18.0-240.22.1.el8_3.src.rpm11672e8e2ad961f031c892383b13d73eea686b981c7d4bd8c26f0c0b3c88dfa4-ol8_x86_64_u3_baseos_patch
bpftool-4.18.0-240.22.1.el8_3.x86_64.rpmc4ea85d0ddbcb04deaab222cf8867faed08540285ba12b47e4873913a70b7462-ol8_x86_64_baseos_latest
bpftool-4.18.0-240.22.1.el8_3.x86_64.rpmc4ea85d0ddbcb04deaab222cf8867faed08540285ba12b47e4873913a70b7462-ol8_x86_64_u3_baseos_patch
kernel-4.18.0-240.22.1.el8_3.x86_64.rpm14dbd7442dda423e180a1a1d15e1fbf3717ca822a899c546267adb499a0f31a3-ol8_x86_64_baseos_latest
kernel-4.18.0-240.22.1.el8_3.x86_64.rpm14dbd7442dda423e180a1a1d15e1fbf3717ca822a899c546267adb499a0f31a3-ol8_x86_64_u3_baseos_patch
kernel-abi-whitelists-4.18.0-240.22.1.el8_3.noarch.rpm822714bb7f600792a8ba4897184124314a6b3d87adb9b61e2fa49520f512db96-ol8_x86_64_baseos_latest
kernel-abi-whitelists-4.18.0-240.22.1.el8_3.noarch.rpm822714bb7f600792a8ba4897184124314a6b3d87adb9b61e2fa49520f512db96-ol8_x86_64_u3_baseos_patch
kernel-core-4.18.0-240.22.1.el8_3.x86_64.rpma7649110784e9a38f10d8b44c68df87debbcc6a5f3d0193f0ede1add59f17fc7-ol8_x86_64_baseos_latest
kernel-core-4.18.0-240.22.1.el8_3.x86_64.rpma7649110784e9a38f10d8b44c68df87debbcc6a5f3d0193f0ede1add59f17fc7-ol8_x86_64_u3_baseos_patch
kernel-cross-headers-4.18.0-240.22.1.el8_3.x86_64.rpm53087970b17cf51a8c8c12696db3903011fb7ecf261accd0b9b0e79bc4403937-ol8_x86_64_baseos_latest
kernel-cross-headers-4.18.0-240.22.1.el8_3.x86_64.rpm53087970b17cf51a8c8c12696db3903011fb7ecf261accd0b9b0e79bc4403937-ol8_x86_64_u3_baseos_patch
kernel-debug-4.18.0-240.22.1.el8_3.x86_64.rpm7fb90608750ca7e2631dd53639cf309b4c7ca78a47c34dd29f3dfca46c5af536-ol8_x86_64_baseos_latest
kernel-debug-4.18.0-240.22.1.el8_3.x86_64.rpm7fb90608750ca7e2631dd53639cf309b4c7ca78a47c34dd29f3dfca46c5af536-ol8_x86_64_u3_baseos_patch
kernel-debug-core-4.18.0-240.22.1.el8_3.x86_64.rpm9ba687082f1cd825e3c6857c747593280a0937bf4ca254c1ae4e6bb8c98a68d7-ol8_x86_64_baseos_latest
kernel-debug-core-4.18.0-240.22.1.el8_3.x86_64.rpm9ba687082f1cd825e3c6857c747593280a0937bf4ca254c1ae4e6bb8c98a68d7-ol8_x86_64_u3_baseos_patch
kernel-debug-devel-4.18.0-240.22.1.el8_3.x86_64.rpmd3b0824a626ddff17bd5bc2029a5d9574a08e16337b864d9bdb2a7dd4c095e45-ol8_x86_64_baseos_latest
kernel-debug-devel-4.18.0-240.22.1.el8_3.x86_64.rpmd3b0824a626ddff17bd5bc2029a5d9574a08e16337b864d9bdb2a7dd4c095e45-ol8_x86_64_u3_baseos_patch
kernel-debug-modules-4.18.0-240.22.1.el8_3.x86_64.rpmb676e05988115b3dcd1dd91fb1e9cbc4c5596a20e0338db9a88b9328ce658615-ol8_x86_64_baseos_latest
kernel-debug-modules-4.18.0-240.22.1.el8_3.x86_64.rpmb676e05988115b3dcd1dd91fb1e9cbc4c5596a20e0338db9a88b9328ce658615-ol8_x86_64_u3_baseos_patch
kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.x86_64.rpm4dd75fdd4aa04fd788d93843acc47c0da201f5650d9d22b6f065507f12340830-ol8_x86_64_baseos_latest
kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.x86_64.rpm4dd75fdd4aa04fd788d93843acc47c0da201f5650d9d22b6f065507f12340830-ol8_x86_64_u3_baseos_patch
kernel-devel-4.18.0-240.22.1.el8_3.x86_64.rpm87c591bc6f9b5e663c91024325f63cca9d97f53a4c8bc3cd6ba2fd3af35e8b30-ol8_x86_64_baseos_latest
kernel-devel-4.18.0-240.22.1.el8_3.x86_64.rpm87c591bc6f9b5e663c91024325f63cca9d97f53a4c8bc3cd6ba2fd3af35e8b30-ol8_x86_64_u3_baseos_patch
kernel-doc-4.18.0-240.22.1.el8_3.noarch.rpmafb38a2aee9e4a7a633ed9c765a309d38bafc1ce126a4b5e2114001dec3a1851-ol8_x86_64_baseos_latest
kernel-doc-4.18.0-240.22.1.el8_3.noarch.rpmafb38a2aee9e4a7a633ed9c765a309d38bafc1ce126a4b5e2114001dec3a1851-ol8_x86_64_u3_baseos_patch
kernel-headers-4.18.0-240.22.1.el8_3.x86_64.rpm97fe7b4210c7506b15c70d0357f2cf153eb518a93b670d06f909c663781fe205-ol8_x86_64_baseos_latest
kernel-headers-4.18.0-240.22.1.el8_3.x86_64.rpm97fe7b4210c7506b15c70d0357f2cf153eb518a93b670d06f909c663781fe205-ol8_x86_64_u3_baseos_patch
kernel-modules-4.18.0-240.22.1.el8_3.x86_64.rpm4f70db99183fb29072aafd8a0db403541e2034c8e69075dd6a6206faef35c104-ol8_x86_64_baseos_latest
kernel-modules-4.18.0-240.22.1.el8_3.x86_64.rpm4f70db99183fb29072aafd8a0db403541e2034c8e69075dd6a6206faef35c104-ol8_x86_64_u3_baseos_patch
kernel-modules-extra-4.18.0-240.22.1.el8_3.x86_64.rpm15f282d53b74b6b8a4c4122905ac262d8569b403d0db1f5ac533eb17e8e9498a-ol8_x86_64_baseos_latest
kernel-modules-extra-4.18.0-240.22.1.el8_3.x86_64.rpm15f282d53b74b6b8a4c4122905ac262d8569b403d0db1f5ac533eb17e8e9498a-ol8_x86_64_u3_baseos_patch
kernel-tools-4.18.0-240.22.1.el8_3.x86_64.rpm91d18689268bbea091d8bf42bc0aa12c953ac9a77a50773434797f438d6b3bbf-ol8_x86_64_baseos_latest
kernel-tools-4.18.0-240.22.1.el8_3.x86_64.rpm91d18689268bbea091d8bf42bc0aa12c953ac9a77a50773434797f438d6b3bbf-ol8_x86_64_u3_baseos_patch
kernel-tools-libs-4.18.0-240.22.1.el8_3.x86_64.rpm26616a736b070379d5bf04589b0af15e6892bef9753a81aa9cbc8505a9765790-ol8_x86_64_baseos_latest
kernel-tools-libs-4.18.0-240.22.1.el8_3.x86_64.rpm26616a736b070379d5bf04589b0af15e6892bef9753a81aa9cbc8505a9765790-ol8_x86_64_u3_baseos_patch
kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.x86_64.rpm47b89c343f44f93cff960a87084aa2b0210c8612ef5ab61a0d47b9b4f4ae0652-ol8_x86_64_codeready_builder
perf-4.18.0-240.22.1.el8_3.x86_64.rpma4c9bf2bb29d55d39da1a8154006239c23b16a6f4c54d7a3b12f5e2931290093-ol8_x86_64_baseos_latest
perf-4.18.0-240.22.1.el8_3.x86_64.rpma4c9bf2bb29d55d39da1a8154006239c23b16a6f4c54d7a3b12f5e2931290093-ol8_x86_64_u3_baseos_patch
python3-perf-4.18.0-240.22.1.el8_3.x86_64.rpm3ba754f6d6e4025cca429e49ad86968ab90ddf15084b727b399071fbac0789ab-ol8_x86_64_baseos_latest
python3-perf-4.18.0-240.22.1.el8_3.x86_64.rpm3ba754f6d6e4025cca429e49ad86968ab90ddf15084b727b399071fbac0789ab-ol8_x86_64_u3_baseos_patch



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights