ELSA-2021-9002

ELSA-2021-9002 - Unbreakable Enterprise kernel security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2021-01-07

Description

[4.1.12-124.46.3]
- mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Ganapathi Bhat) [Orabug: 30781859] {CVE-2019-14895} {CVE-2019-14895}
- ext4: fix ext4_empty_dir() for directories with holes (Jan Kara) [Orabug: 31265320] {CVE-2019-19037} {CVE-2019-19037}
- netlabel: cope with NULL catmap (Paolo Abeni) [Orabug: 31350493] {CVE-2020-10711}
- scsi: mptfusion: Fix double fetch bug in ioctl (Dan Carpenter) [Orabug: 31350941] {CVE-2020-12652}
- scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() (Dan Carpenter) [Orabug: 31350941] {CVE-2020-12652}
- USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan Stern) [Orabug: 31350967] {CVE-2020-12464}
- drivers: usb: core: Minimize irq disabling in usb_sg_cancel() (David Mosberger) [Orabug: 31350967] {CVE-2020-12464}
- drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit. (David Mosberger) [Orabug: 31350967] {CVE-2020-12464}
- ext4: work around deleting a file with i_nlink == 0 safely (Theodore Ts'o) [Orabug: 31351014] {CVE-2019-19447}
- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 31984319]
- xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (Josh Abraham) [Orabug: 31984319]
- ext4: fix fencepost in s_first_meta_bg validation (Theodore Ts'o) [Orabug: 32197511]
- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32202000]
- sched/fair: Don't free p->numa_faults with concurrent readers (Jann Horn) [Orabug: 32212524] {CVE-2019-20934}
- netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 (Vasily Averin) [Orabug: 32222844] {CVE-2020-14305}
- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233360] {CVE-2020-14351}
- ext4: fix calculation of meta_bg descriptor backups (Andy Leiserson) [Orabug: 32245133]

[4.1.12-124.46.2]
- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 31780626]
- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176264] {CVE-2020-28915}
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176264] {CVE-2020-28915}
- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177993]
- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187749] {CVE-2020-28974}
- block: Fix use-after-free in blkdev_get() (Jason Yan) [Orabug: 32194609] {CVE-2020-15436}
- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227971] {CVE-2020-25705}

[4.1.12-124.46.1]
- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722767]
- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722767]
- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722767]
- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722767]
- xfs: catch inode allocation state mismatch corruption (Gautham Ananthakrishna) [Orabug: 32071488]
- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122731] {CVE-2020-25668}
- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136900]
- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136900]
- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136900]
- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136900]
- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136900]
- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136900]

Related CVEs

CVE-2019-14895

CVE-2020-10711

CVE-2020-12464

CVE-2020-12652

CVE-2019-19447

CVE-2019-19037

CVE-2020-14305

CVE-2020-25668

CVE-2020-28915

CVE-2020-28974

CVE-2019-20934

CVE-2020-15436

CVE-2020-14351

CVE-2020-25705

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory
Oracle Linux 6 (x86_64)	kernel-uek-4.1.12-124.46.3.el6uek.src.rpm	c579dd4e9f6dedb1ebadcf387a4fa1cd	ELSA-2021-9215
	kernel-uek-4.1.12-124.46.3.el6uek.x86_64.rpm	1561eeb0e9ef704f3736ba80e99bc9eb	ELSA-2021-9215
	kernel-uek-debug-4.1.12-124.46.3.el6uek.x86_64.rpm	2c56e08d3014454ec02f75799c954ec3	ELSA-2021-9215
	kernel-uek-debug-devel-4.1.12-124.46.3.el6uek.x86_64.rpm	1e38c040957a781857b5f45a78347f1a	ELSA-2021-9215
	kernel-uek-devel-4.1.12-124.46.3.el6uek.x86_64.rpm	55a009e0b6f2d08c6820afd8857ba3ca	ELSA-2021-9215
	kernel-uek-doc-4.1.12-124.46.3.el6uek.noarch.rpm	26549fe4bf9bb613a31cc8f5329f98e1	ELSA-2021-9215
	kernel-uek-firmware-4.1.12-124.46.3.el6uek.noarch.rpm	e4d839951a84e4520600db2db2f52dcd	ELSA-2021-9215
Oracle Linux 7 (x86_64)	kernel-uek-4.1.12-124.46.3.el7uek.src.rpm	d986c0920c0bffb73b02726d8b0b77d7	ELSA-2021-9220
	kernel-uek-4.1.12-124.46.3.el7uek.x86_64.rpm	b45eea5bc8551c7cd39ddc176c469e58	ELSA-2021-9220
	kernel-uek-debug-4.1.12-124.46.3.el7uek.x86_64.rpm	de6646c63e6e88f26af76735ea425719	ELSA-2021-9220
	kernel-uek-debug-devel-4.1.12-124.46.3.el7uek.x86_64.rpm	58fef592943ee48f392f0b448c43de96	ELSA-2021-9220
	kernel-uek-devel-4.1.12-124.46.3.el7uek.x86_64.rpm	15c21a785000fed9e5080c0b361e8681	ELSA-2021-9220
	kernel-uek-doc-4.1.12-124.46.3.el7uek.noarch.rpm	eaaa2ce8766e671680dd1b2e604c567e	ELSA-2021-9220
	kernel-uek-firmware-4.1.12-124.46.3.el7uek.noarch.rpm	0b4279908454f27102a0ccdfc6d4cda9	ELSA-2021-9215

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team