ELSA-2021-1093

ELSA-2021-1093 - kernel security, bug fix, and enhancement update

Type:SECURITY
Severity:IMPORTANT
Release Date:2021-04-07

Description


[4.18.0-240.22.1_3.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5

[4.18.0-240.22.1_3]
- futex: Handle faults correctly for PI futexes (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Simplify fixup_pi_state_owner() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Use pi_state_update_owner() in put_pi_state() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Provide and use pi_state_update_owner() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Replace pointless printk in fixup_owner() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Ensure the correct return value from futex_lock_pi() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Don't enable IRQs unconditionally in put_pi_state() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Fix incorrect should_fail_futex() handling (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Consistently use fshared as boolean (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Remove needless goto's (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- futex: Remove put_futex_key() (Waiman Long) [1924633 1924635] {CVE-2021-3347}
- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [1930832 1930833] {CVE-2021-27364}
- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [1930855 1930856] {CVE-2021-27365}
- scsi: iscsi: Restrict sessions and handles to admin capabilities (Chris Leech) [1940423 1930809] {CVE-2021-27363}

[4.18.0-240.21.1_3]
- KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off (Paolo Bonzini) [1939013 1912448]
- gfs2: Fix deadlock between gfs2_{create_inode, inode_lookup} and delete_work_func (Andreas Gruenbacher) [1937109 1903190]
- gfs2: Don't call cancel_delayed_work_sync from within delete work function (Andreas Gruenbacher) [1937109 1903190]
- gfs2: Only access gl_delete for iopen glocks (Andreas Gruenbacher) [1937109 1903190]
- gfs2: Don't sleep during glock hash walk (Andreas Gruenbacher) [1937109 1903190]
- [netdrv] net/mlx5e: Add missing set of destination vport flags in termtbl create (Alaa Hleihel) [1924689 1851700]
- [tools] tools arch x86: Sync asm/cpufeatures.h with the kernel sources (David Arcari) [1929740 1916478]
- [x86] x86/cpu/amd: Call init_amd_zn() om Family 19h processors too (David Arcari) [1929740 1916478]

[4.18.0-240.20.1_3]
- fix regression in 'epoll: Keep a reference on files added to the check list' (Carlos Maiolino) [1920775 1920776] {CVE-2020-0466}
- do_epoll_ctl(): clean the failure exits up a bit (Carlos Maiolino) [1920775 1920776] {CVE-2020-0466}
- epoll: Keep a reference on files added to the check list (Carlos Maiolino) [1920775 1920776] {CVE-2020-0466}
- [kernel] sched/features: Distinguish between NORMAL and DEADLINE hrtick (Juri Lelli) [1930735 1912118]
- [kernel] sched/features: Fix hrtick reprogramming (Juri Lelli) [1930735 1912118]
- iommu/vt-d: Don't dereference iommu_device if IOMMU_API is not built (Vitaly Kuznetsov) [1932199 1887216]
- iommu/vt-d: Gracefully handle DMAR units with no supported address widths (Vitaly Kuznetsov) [1932199 1887216]
- iommu/vt-d: Skip TE disabling on quirky gfx dedicated iommu (Vitaly Kuznetsov) [1932199 1887216]
- net/vmw_vsock: fix NULL pointer dereference (Jon Maloy) [1925599 1925600] {CVE-2021-26708}
- net/vmw_vsock: improve locking in vsock_connect_timeout() (Jon Maloy) [1925599 1925600] {CVE-2021-26708}
- vsock: fix locking in vsock_shutdown() (Jon Maloy) [1925599 1925600] {CVE-2021-26708}
- vsock: fix the race conditions in multi-transport support (Jon Maloy) [1925599 1925600] {CVE-2021-26708}
- [base] mm: don't panic when links can't be created in sysfs (Baoquan He) [1930168 1890171]
- mm: don't rely on system state to detect hot-plug operations (Baoquan He) [1930168 1890171]
- mm: replace memmap_context by meminit_context (Baoquan He) [1930168 1890171]
- [tools] kvm: nvmx: check for invalid hdr.vmx.flags (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: nvmx: check for required but missing VMCS12 in KVM_SET_NESTED_STATE (Paolo Bonzini) [1923281 1904128]
- [tools] selftests: kvm: do not set guest mode flag (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: svm: Fix offset computation bug in __sev_dbg_decrypt() (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: nvmx: Sync unsync'd vmcs02 state to vmcs12 on migration (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86: get smi pending status correctly (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh() (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86: Add more protection against undefined behavior in rsvd_bits() (Paolo Bonzini) [1923281 1904128]
- [documentation] kvm: Forbid the use of tagged userspace addresses for memslots (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86: allow KVM_REQ_GET_NESTED_STATE_PAGES outside guest mode for VMX (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: nsvm: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: nsvm: mark vmcb as dirty when forcingly leaving the guest mode (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: nsvm: correctly restore nested_run_pending on migration (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86: fix shift out of bounds reported by UBSAN (Paolo Bonzini) [1923281 1904128]
- [x86] kvm: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (Paolo Bonzini) [1923281 1904128]
- [target] scsi: target: Fix XCOPY NAA identifier lookup (Maurizio Lombardi) [1900462 1900463] {CVE-2020-28374}
- scsi: qla2xxx: Fix mailbox Ch erroneous error (Nilesh Javali) [1924222 1894578]
- [net] fix iteration for sctp transport seq_files (Xin Long) [1927521 1916824]
- [scsi] scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (Dick Kennedy) [1927921 1887549]
- [mm] mm, oom: remove oom_lock from oom_reaper (Waiman Long) [1929738 1873759]

[4.18.0-240.19.1_3]
- audit: trigger accompanying records when no rules present (Richard Guy Briggs) [1907520 1896480]
- revert: 1320a4052ea1 ('audit: trigger accompanying records when no rules present') (Richard Guy Briggs) [1907520 1896480]
- audit: issue CWD record to accompany LSM_AUDIT_DATA_* records (Richard Guy Briggs) [1907520 1896480]
- audit: remove unused !CONFIG_AUDITSYSCALL __audit_inode* stubs (Richard Guy Briggs) [1907520 1896480]
- redhat: use tags from git notes for zstream to generate changelog (Frantisek Hrbata)

[4.18.0-240.18.1_3]
- [scsi] scsi: fnic: Do not call 'scsi_done()' for unhandled commands (Govindarajulu Varadarajan) [1925186 1870397]
- [target] scsi: target: iscsi: Fix cmd abort fabric stop race (Maurizio Lombardi) [1918354 1908215]
- [target] scsi: target: Modify core_tmr_abort_task() (Maurizio Lombardi) [1918363 1880395]
- [s390] s390/crypto: add arch_get_random_long() support (Vladis Dronov) [1915816 1904274]

[4.18.0-240.17.1_3]
- [mm] mm/slub: fix panic in slab_alloc_node() (Oleksandr Natalenko) [1925511 1921056]
- [s390] s390/early: improve machine detection (Claudio Imbrenda) [1925508 1896307]
- [infiniband] RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz() (Kamal Heib) [1924691 1903992]

[4.18.0-240.16.1_3]
- [netdrv] net/mlx5e: Fix using wrong stats_grps in mlx5e_update_ndo_stats() (Alaa Hleihel) [1921060 1870593]
- [net] tcp: Fix potential use-after-free due to double kfree() (Florian Westphal) [1915529 1915164]
- [net] tcp: fix race condition when creating child sockets from syncookies (Florian Westphal) [1915529 1915164]
- [x86] kvm: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [1906438 1882793]


Related CVEs


CVE-2020-0466
CVE-2021-26708
CVE-2020-27152
CVE-2021-3347
CVE-2021-27363
CVE-2021-27364
CVE-2021-27365
CVE-2020-28374

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) kernel-4.18.0-240.22.1.el8_3.src.rpmfcadc50fad73e1e72ff633af2e4d0999-
bpftool-4.18.0-240.22.1.el8_3.aarch64.rpm13f485e84b9e6545093a027e47227698-
kernel-cross-headers-4.18.0-240.22.1.el8_3.aarch64.rpm4a48a6f5829d45ee7d8d642f0d6738a8-
kernel-headers-4.18.0-240.22.1.el8_3.aarch64.rpm71998a99057d743e1338ca77f5ac227a-
kernel-tools-4.18.0-240.22.1.el8_3.aarch64.rpmd029b73c2fe05cb711883236ac67bc2a-
kernel-tools-libs-4.18.0-240.22.1.el8_3.aarch64.rpm0bc06aca52c5a29953296ed4d5720ef9-
kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.aarch64.rpm49a3c329a83e0096bb8f68885a3b5326-
perf-4.18.0-240.22.1.el8_3.aarch64.rpmbd5bbc6a3ae446dcb493d549bf6e67b0-
python3-perf-4.18.0-240.22.1.el8_3.aarch64.rpm94e80d1300a3620ada226abe356aae6b-
Oracle Linux 8 (x86_64) kernel-4.18.0-240.22.1.el8_3.src.rpmfcadc50fad73e1e72ff633af2e4d0999-
bpftool-4.18.0-240.22.1.el8_3.x86_64.rpm7ff48ee5cd83a844eb553b182217b02a-
kernel-4.18.0-240.22.1.el8_3.x86_64.rpm497b87c7a19648d830d7d752cdd29243-
kernel-abi-whitelists-4.18.0-240.22.1.el8_3.noarch.rpm90e43a72f88d30f604a20b8ea12f858f-
kernel-core-4.18.0-240.22.1.el8_3.x86_64.rpm03d02fabd45ca2b81144f71b6d81c437-
kernel-cross-headers-4.18.0-240.22.1.el8_3.x86_64.rpm76d586fa240f4d33d885d231f9d95247-
kernel-debug-4.18.0-240.22.1.el8_3.x86_64.rpmd0a0c6d1d059640b905d5261f3434bb7-
kernel-debug-core-4.18.0-240.22.1.el8_3.x86_64.rpm1305659499bd2e2a9d07224aaf625dce-
kernel-debug-devel-4.18.0-240.22.1.el8_3.x86_64.rpmf857170d2bd25144718f74798d845bb2-
kernel-debug-modules-4.18.0-240.22.1.el8_3.x86_64.rpma169ff5bac037777cd5e29d563eda621-
kernel-debug-modules-extra-4.18.0-240.22.1.el8_3.x86_64.rpm38b814ff4720a8a1b926db701b08d77a-
kernel-devel-4.18.0-240.22.1.el8_3.x86_64.rpm6629712d13fc843c24ed4852827c278f-
kernel-doc-4.18.0-240.22.1.el8_3.noarch.rpm95057dfcf08c3b783e389f7bd92003ca-
kernel-headers-4.18.0-240.22.1.el8_3.x86_64.rpmc1a5f5b4e9e9a4a75e2629ad43a76f58-
kernel-modules-4.18.0-240.22.1.el8_3.x86_64.rpm778fd47fe575172fc1a03650351422c2-
kernel-modules-extra-4.18.0-240.22.1.el8_3.x86_64.rpm5cf6e5fcb3d13338b320f3ced2e10fa0-
kernel-tools-4.18.0-240.22.1.el8_3.x86_64.rpmc9870a1c3b5625de6372a5905d8d7033-
kernel-tools-libs-4.18.0-240.22.1.el8_3.x86_64.rpmf435abe809262beb1eee0112cd0cb629-
kernel-tools-libs-devel-4.18.0-240.22.1.el8_3.x86_64.rpme8b99c83cbb53d189c315459bcf4f7c0-
perf-4.18.0-240.22.1.el8_3.x86_64.rpm9617e664a9e71b83f9d9ac11f51375f9-
python3-perf-4.18.0-240.22.1.el8_3.x86_64.rpm10fc70b50f09b5252471234ad7b36060-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete