ELSA-2021-3548

ELSA-2021-3548 - kernel security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2021-09-16

Description

[4.18.0-305.19.1_4.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5

[4.18.0-305.19.1_4]
- libceph: allow addrvecs with a single NONE/blank address (Jeff Layton) [1996682 1972278]
- ice: Only lock to update netdev dev_addr (Michal Schmidt) [2000129 1995868]
- ice: don't remove netdev->dev_addr from uc sync list (Ken Cox) [2000130 1961018]

[4.18.0-305.18.1_4]
- mfd: intel-lpss: Use devm_ioremap_uc for MMIO (Steve Best) [1989560 1986715]
- lib: devres: add a helper function for ioremap_uc (Steve Best) [1989560 1986715]
- ceph: fix test for whether we can skip read when writing beyond EOF (Jeff Layton) [1996680 1971101]
- arm64: memory: Add missing brackets to untagged_addr() macro (Chris von Recklinghausen) [1997998 1955809]
- arm64: tags: Preserve tags for addresses translated via TTBR1 (Chris von Recklinghausen) [1997998 1955809]
- arm64: entry: Move ct_user_exit before any other exception (Chris von Recklinghausen) [1997998 1955809]
- arm64: memory: Implement __tag_set() as common function (Chris von Recklinghausen) [1997998 1955809]
- arm64: mm: Really fix sparse warning in untagged_addr() (Chris von Recklinghausen) [1997998 1955809]
- arm64: untag user pointers in access_ok and __uaccess_mask_ptr (Chris von Recklinghausen) [1997998 1955809]
- arm64/mm: fix variable 'tag' set but not used (Chris von Recklinghausen) [1997998 1955809]
- arm64: entry: SP Alignment Fault doesn't write to FAR_EL1 (Chris von Recklinghausen) [1997998 1955809]
- arm64: compat: Add separate CP15 trapping hook (Chris von Recklinghausen) [1997998 1955809]
- arm64: don't restore GPRs when context tracking (Chris von Recklinghausen) [1997998 1955809]
- KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) (Jon Maloy) [1985429 1985430] {CVE-2021-3656}
- KVM: SVM: add module param to control the #SMI interception (Jon Maloy) [1985429 1985430] {CVE-2021-3656}
- tty: Don't hold ldisc lock in tty_reopen() if ldisc present (Waiman Long) [1997999 1968271]
- tty/ldsem: Add lockdep asserts for ldisc_sem (Waiman Long) [1997999 1968271]
- tty: Simplify tty->count math in tty_reopen() (Waiman Long) [1997999 1968271]
- tty: Don't block on IO when ldisc change is pending (Waiman Long) [1997999 1968271]
- tty: Hold tty_ldisc_lock() during tty_reopen() (Waiman Long) [1997999 1968271]
- tty: Drop tty->count on tty_reopen() failure (Waiman Long) [1997999 1968271]
- [s390] s390/vtime: fix increased steal time accounting (Claudio Imbrenda) [1988386 1963075]
- XArray: Fix splitting to non-zero orders (Chris von Recklinghausen) [1997997 1946304]
- XArray: Fix split documentation (Chris von Recklinghausen) [1997997 1946304]
- ima: extend boot_aggregate with kernel measurements (Bruno Meneguele) [1997766 1977422]
- ceph: reduce contention in ceph_check_delayed_caps() (Jeff Layton) [1995862 1953430]
- ice: Stop processing VF messages during teardown (Ken Cox) [1997538 1986451]
- iavf: Set RSS LUT and key in reset handle path (Ken Cox) [1997536 1910853]
- KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) (Jon Maloy) [1985412 1985413] {CVE-2021-3653}
- scsi: ibmvfc: Fix potential race in ibmvfc_wait_for_ops() (Steve Best) [1969792 1941180]
- [s390] s390/dasd: add missing discipline function (Claudio Imbrenda) [1995206 1981804]
- serial_core: switch to ->[sg]et_serial() (Artem Savkov) [1993872 1952415]
- net/mlx5e: Fix mapping of ct_label zero (Jan Stancek) [1983681 1915308]
- drm/qxl: add lock asserts to qxl_bo_vmap_locked + qxl_bo_vunmap_locked (Lyude Paul) [1992839 1907341]
- drm/qxl: rework cursor plane (Lyude Paul) [1992839 1907341]
- drm/qxl: move shadow handling to new qxl_prepare_shadow() (Lyude Paul) [1992839 1907341]
- drm/qxl: fix monitors object vmap (Lyude Paul) [1992839 1907341]
- drm/qxl: fix prime vmap (Lyude Paul) [1992839 1907341]
- drm/qxl: rename qxl_bo_kmap -> qxl_bo_vmap_locked (Lyude Paul) [1992839 1907341]
- drm/qxl: fix lockdep issue in qxl_alloc_release_reserved (Lyude Paul) [1992839 1907341]
- drm/qxl: use ttm bo priorities (Lyude Paul) [1992839 1907341]
- drm/qxl: more fence wait rework (Lyude Paul) [1992839 1907341]
- drm/qxl: properly handle device init failures (Lyude Paul) [1992839 1907341]
- drm/qxl: allocate dumb buffers in ram (Lyude Paul) [1992839 1907341]
- drm/qxl: simplify qxl_fence_wait (Lyude Paul) [1992839 1907341]
- drm/qxl: properly free qxl releases (Lyude Paul) [1992839 1907341]
- drm/qxl: handle shadow in primary destroy (Lyude Paul) [1992839 1907341]
- drm/qxl: properly pin/unpin shadow (Lyude Paul) [1992839 1907341]
- drm/qxl: release shadow on shutdown (Lyude Paul) [1992839 1907341]
- drm/qxl: unpin release objects (Lyude Paul) [1992839 1907341]
- drm/qxl: use drmm_mode_config_init (Lyude Paul) [1992839 1907341]
- qxl/ttm: drop the unusued no wait flag to reserve function (Lyude Paul) [1992839 1907341]

Related CVEs

CVE-2021-3653

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	kernel-4.18.0-305.19.1.el8_4.src.rpm	3af1a5985ada9a8d5c2bc91ac4d91776be81ef2cf169ecb957b53c9af73d7f08	-	ol8_aarch64_baseos_latest
	kernel-4.18.0-305.19.1.el8_4.src.rpm	3af1a5985ada9a8d5c2bc91ac4d91776be81ef2cf169ecb957b53c9af73d7f08	-	ol8_aarch64_codeready_builder
	kernel-4.18.0-305.19.1.el8_4.src.rpm	3af1a5985ada9a8d5c2bc91ac4d91776be81ef2cf169ecb957b53c9af73d7f08	-	ol8_aarch64_u4_baseos_patch
	bpftool-4.18.0-305.19.1.el8_4.aarch64.rpm	d041d4af773e40f2163d3c8dd9dd89743fb9e35e35888bec636a2eed22416a45	-	ol8_aarch64_baseos_latest
	bpftool-4.18.0-305.19.1.el8_4.aarch64.rpm	d041d4af773e40f2163d3c8dd9dd89743fb9e35e35888bec636a2eed22416a45	-	ol8_aarch64_u4_baseos_patch
	kernel-headers-4.18.0-305.19.1.el8_4.aarch64.rpm	ec343dba2bee4274b3939934bfb7ba855f25a37a1bcd78e14d0078971025fbec	-	ol8_aarch64_baseos_latest
	kernel-headers-4.18.0-305.19.1.el8_4.aarch64.rpm	ec343dba2bee4274b3939934bfb7ba855f25a37a1bcd78e14d0078971025fbec	-	ol8_aarch64_u4_baseos_patch
	kernel-tools-4.18.0-305.19.1.el8_4.aarch64.rpm	3a46c755a13dc07bc07f125f6184104e25cb3dec8ce733b05fd5f3d9873de950	-	ol8_aarch64_baseos_latest
	kernel-tools-4.18.0-305.19.1.el8_4.aarch64.rpm	3a46c755a13dc07bc07f125f6184104e25cb3dec8ce733b05fd5f3d9873de950	-	ol8_aarch64_u4_baseos_patch
	kernel-tools-libs-4.18.0-305.19.1.el8_4.aarch64.rpm	4cf9c0a730bc32a962ac64aa4592be4bc3db9196f18e204936df62d3fe8e604f	-	ol8_aarch64_baseos_latest
	kernel-tools-libs-4.18.0-305.19.1.el8_4.aarch64.rpm	4cf9c0a730bc32a962ac64aa4592be4bc3db9196f18e204936df62d3fe8e604f	-	ol8_aarch64_u4_baseos_patch
	kernel-tools-libs-devel-4.18.0-305.19.1.el8_4.aarch64.rpm	add9bdc3960c3db086dc35647702ab7578fc0ca9794315fc591a94d6800b6608	-	ol8_aarch64_codeready_builder
	perf-4.18.0-305.19.1.el8_4.aarch64.rpm	7501a818b3ead2a6695130644a41e80b6d90725c79f4f002cf5571058d5ebf2d	-	ol8_aarch64_baseos_latest
	perf-4.18.0-305.19.1.el8_4.aarch64.rpm	7501a818b3ead2a6695130644a41e80b6d90725c79f4f002cf5571058d5ebf2d	-	ol8_aarch64_u4_baseos_patch
	python3-perf-4.18.0-305.19.1.el8_4.aarch64.rpm	d40c55d405da2d8d1ae3a79bac911546f49ec724abd55cb3fb80512c648e72b8	-	ol8_aarch64_baseos_latest
	python3-perf-4.18.0-305.19.1.el8_4.aarch64.rpm	d40c55d405da2d8d1ae3a79bac911546f49ec724abd55cb3fb80512c648e72b8	-	ol8_aarch64_u4_baseos_patch
Oracle Linux 8 (x86_64)	kernel-4.18.0-305.19.1.el8_4.src.rpm	3af1a5985ada9a8d5c2bc91ac4d91776be81ef2cf169ecb957b53c9af73d7f08	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-305.19.1.el8_4.src.rpm	3af1a5985ada9a8d5c2bc91ac4d91776be81ef2cf169ecb957b53c9af73d7f08	-	ol8_x86_64_codeready_builder
	kernel-4.18.0-305.19.1.el8_4.src.rpm	3af1a5985ada9a8d5c2bc91ac4d91776be81ef2cf169ecb957b53c9af73d7f08	-	ol8_x86_64_u4_baseos_patch
	bpftool-4.18.0-305.19.1.el8_4.x86_64.rpm	53cc856d35147c0df2467b8b9ca36fb1cbb5953f3fac0ee50b268307a08386e4	-	ol8_x86_64_baseos_latest
	bpftool-4.18.0-305.19.1.el8_4.x86_64.rpm	53cc856d35147c0df2467b8b9ca36fb1cbb5953f3fac0ee50b268307a08386e4	-	ol8_x86_64_u4_baseos_patch
	kernel-4.18.0-305.19.1.el8_4.x86_64.rpm	876285e04a2936e25ef71dba978be833369b00027d7ffe24e22e65c8aca727d3	-	ol8_x86_64_baseos_latest
	kernel-4.18.0-305.19.1.el8_4.x86_64.rpm	876285e04a2936e25ef71dba978be833369b00027d7ffe24e22e65c8aca727d3	-	ol8_x86_64_u4_baseos_patch
	kernel-abi-stablelists-4.18.0-305.19.1.el8_4.noarch.rpm	83cb5391a965eb605f8e8b523e060da4b4d4fdbb26c8a7f11eeb66583cb847c8	-	ol8_x86_64_baseos_latest
	kernel-abi-stablelists-4.18.0-305.19.1.el8_4.noarch.rpm	83cb5391a965eb605f8e8b523e060da4b4d4fdbb26c8a7f11eeb66583cb847c8	-	ol8_x86_64_u4_baseos_patch
	kernel-core-4.18.0-305.19.1.el8_4.x86_64.rpm	4930e34e75209284c7b91708c63f17c91684fb755dec76159a010ef156731ea5	-	ol8_x86_64_baseos_latest
	kernel-core-4.18.0-305.19.1.el8_4.x86_64.rpm	4930e34e75209284c7b91708c63f17c91684fb755dec76159a010ef156731ea5	-	ol8_x86_64_u4_baseos_patch
	kernel-cross-headers-4.18.0-305.19.1.el8_4.x86_64.rpm	a636a4bc42e0e8dd8aae1eb72fc5c9eac713373e554cd316eda90b107486e52e	-	ol8_x86_64_baseos_latest
	kernel-cross-headers-4.18.0-305.19.1.el8_4.x86_64.rpm	a636a4bc42e0e8dd8aae1eb72fc5c9eac713373e554cd316eda90b107486e52e	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-4.18.0-305.19.1.el8_4.x86_64.rpm	27cf249598d2524f7e3723f1c198dadb25e24b4ff57d56da14d1b05ac0ff49e7	-	ol8_x86_64_baseos_latest
	kernel-debug-4.18.0-305.19.1.el8_4.x86_64.rpm	27cf249598d2524f7e3723f1c198dadb25e24b4ff57d56da14d1b05ac0ff49e7	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-core-4.18.0-305.19.1.el8_4.x86_64.rpm	1d38ab18d3178b8677ddeb7404d6554ca2f6b59d9e29963be2039350576f41b8	-	ol8_x86_64_baseos_latest
	kernel-debug-core-4.18.0-305.19.1.el8_4.x86_64.rpm	1d38ab18d3178b8677ddeb7404d6554ca2f6b59d9e29963be2039350576f41b8	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-devel-4.18.0-305.19.1.el8_4.x86_64.rpm	07ec3c8aae46de498864abcd52913ca6c3a9e99e4f10a5996ce6244d98b0be5e	-	ol8_x86_64_baseos_latest
	kernel-debug-devel-4.18.0-305.19.1.el8_4.x86_64.rpm	07ec3c8aae46de498864abcd52913ca6c3a9e99e4f10a5996ce6244d98b0be5e	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-modules-4.18.0-305.19.1.el8_4.x86_64.rpm	083d36251b521dd51650d0dbe1f06b777ab641babf3fcdcc03b3356ceb3f224e	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-4.18.0-305.19.1.el8_4.x86_64.rpm	083d36251b521dd51650d0dbe1f06b777ab641babf3fcdcc03b3356ceb3f224e	-	ol8_x86_64_u4_baseos_patch
	kernel-debug-modules-extra-4.18.0-305.19.1.el8_4.x86_64.rpm	7e1196b4ece559d2ff92d2f20312a24b5934c25e814ef29236ce147dfc4e07f4	-	ol8_x86_64_baseos_latest
	kernel-debug-modules-extra-4.18.0-305.19.1.el8_4.x86_64.rpm	7e1196b4ece559d2ff92d2f20312a24b5934c25e814ef29236ce147dfc4e07f4	-	ol8_x86_64_u4_baseos_patch
	kernel-devel-4.18.0-305.19.1.el8_4.x86_64.rpm	cf21ba58dd51bb4a743a6921723ce713ed1074391546d702dda9020925f674b8	-	ol8_x86_64_baseos_latest
	kernel-devel-4.18.0-305.19.1.el8_4.x86_64.rpm	cf21ba58dd51bb4a743a6921723ce713ed1074391546d702dda9020925f674b8	-	ol8_x86_64_u4_baseos_patch
	kernel-doc-4.18.0-305.19.1.el8_4.noarch.rpm	f6cd27eb720dd343845d90d9e312c8a0525e67b93f4ad353bada30e05a13c475	-	ol8_x86_64_baseos_latest
	kernel-doc-4.18.0-305.19.1.el8_4.noarch.rpm	f6cd27eb720dd343845d90d9e312c8a0525e67b93f4ad353bada30e05a13c475	-	ol8_x86_64_u4_baseos_patch
	kernel-headers-4.18.0-305.19.1.el8_4.x86_64.rpm	cdaa80f2fcbe1f91b64a8270bdd26684e1b11bc58e736275e3d089d657a93d28	-	ol8_x86_64_baseos_latest
	kernel-headers-4.18.0-305.19.1.el8_4.x86_64.rpm	cdaa80f2fcbe1f91b64a8270bdd26684e1b11bc58e736275e3d089d657a93d28	-	ol8_x86_64_u4_baseos_patch
	kernel-modules-4.18.0-305.19.1.el8_4.x86_64.rpm	bca471ed13088abf292cb6e0dd47c610ee61bb59a71c7f33e7656f9671648e0e	-	ol8_x86_64_baseos_latest
	kernel-modules-4.18.0-305.19.1.el8_4.x86_64.rpm	bca471ed13088abf292cb6e0dd47c610ee61bb59a71c7f33e7656f9671648e0e	-	ol8_x86_64_u4_baseos_patch
	kernel-modules-extra-4.18.0-305.19.1.el8_4.x86_64.rpm	00db6e586c4648099f0e26e0e1ecf564c4b978ce7e40ae9918e86e56b276cacd	-	ol8_x86_64_baseos_latest
	kernel-modules-extra-4.18.0-305.19.1.el8_4.x86_64.rpm	00db6e586c4648099f0e26e0e1ecf564c4b978ce7e40ae9918e86e56b276cacd	-	ol8_x86_64_u4_baseos_patch
	kernel-tools-4.18.0-305.19.1.el8_4.x86_64.rpm	d6cf38790893d3f51b924841c31eb46cca6fe38496a27dc3cbd0e5d39680d885	-	ol8_x86_64_baseos_latest
	kernel-tools-4.18.0-305.19.1.el8_4.x86_64.rpm	d6cf38790893d3f51b924841c31eb46cca6fe38496a27dc3cbd0e5d39680d885	-	ol8_x86_64_u4_baseos_patch
	kernel-tools-libs-4.18.0-305.19.1.el8_4.x86_64.rpm	9b78c4877b0934f64ed0c152f4980c0f71516748646168efe723faeb19b34ece	-	ol8_x86_64_baseos_latest
	kernel-tools-libs-4.18.0-305.19.1.el8_4.x86_64.rpm	9b78c4877b0934f64ed0c152f4980c0f71516748646168efe723faeb19b34ece	-	ol8_x86_64_u4_baseos_patch
	kernel-tools-libs-devel-4.18.0-305.19.1.el8_4.x86_64.rpm	0b4c88bc0bed0cfc0b2c1aefa4e36b16b3dd1bcb6d5c6584e19e6a3c37973821	-	ol8_x86_64_codeready_builder
	perf-4.18.0-305.19.1.el8_4.x86_64.rpm	2e8f240879815f09b24e009316bb812fad20703c835e9b67296a73a7b1c52298	-	ol8_x86_64_baseos_latest
	perf-4.18.0-305.19.1.el8_4.x86_64.rpm	2e8f240879815f09b24e009316bb812fad20703c835e9b67296a73a7b1c52298	-	ol8_x86_64_u4_baseos_patch
	python3-perf-4.18.0-305.19.1.el8_4.x86_64.rpm	838b935c50b2975794d3d4e3310f03ee146230976a5c376f42983fdaf9037c5c	-	ol8_x86_64_baseos_latest
	python3-perf-4.18.0-305.19.1.el8_4.x86_64.rpm	838b935c50b2975794d3d4e3310f03ee146230976a5c376f42983fdaf9037c5c	-	ol8_x86_64_u4_baseos_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team