ELSA-2021-9038

ULN >
Oracle Linux Errata repository >
ELSA-2021-9038

ELSA-2021-9038 - Unbreakable Enterprise kernel-container security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2021-02-08

Description

[5.4.17-2036.103.3.el7]
- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug:
32426610]

[5.4.17-2036.103.2.el7]
- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380824]
- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372530] {CVE-2021-20177}
- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372158]
- uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380061]
- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350974]
- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32346419]
- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}

[5.4.17-2036.103.1.el7]
- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349203] {CVE-2020-36158}
- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32234812]
- add license checking to kABI checker (Dan Duval) [Orabug: 32355206]

[5.4.17-2036.103.0.el7]
- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337715]
- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32321484]
- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32321484]
- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32321484]
- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32321484]
- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32321484]
- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32321484]
- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32321484]
- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32321484]
- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32321484]
- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32321484]
- perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32321484]
- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32321484]
- perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32321484]
- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32321484]
- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32321484]
- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32321484]
- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32321484]
- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302136]
- Revert 'cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug' (Daniel Jordan) [Orabug: 32295229]
- cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295229]
- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290034]
- driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290034]
- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290034]
- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290034]
- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290034]
- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290034]
- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290034]
- arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 32290034]
- ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290034]
- iommu/arm-smmu-v3: Don't reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290034]
- Revert 'BACKPORT: perf: Add Arm CMN-600 DT binding' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'BACKPORT: WIP: perf/arm-cmn: Add ACPI support' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf: Add ARM DMC-620 PMU driver.' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'Perf: arm-cmn: Allow irq to be shared.' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf: arm_cmn: improve and make it work on 2P.' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf: arm_dsu: Allow IRQ to be shared among devices.' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf: arm_dsu: Support ACPI mode.' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf: arm_dmc620: Update ACPI ID.' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf: avoid breaking KABI by reusing enum' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf/smmuv3: Allow sharing MMIO registers with the SMMU driver' (Dave Kleikamp) [Orabug: 32290034]
- tty: Fix ->session locking (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}
- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}
- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}
- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251910]

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	kernel-uek-container-5.4.17-2036.103.3.el7.src.rpm	1186fcd55b85b9f3846d9e6561115f3d087f8d1c5bed23b9b8588f4db233078d	ELSA-2025-20190	ol7_x86_64_UEKR6
	kernel-uek-container-5.4.17-2036.103.3.el7.x86_64.rpm	41ae97db6a6d00512893db4a8e7b1f5e688f915905081ed649d7412cc197f6e9	ELSA-2025-20190	ol7_x86_64_UEKR6
	kernel-uek-container-debug-5.4.17-2036.103.3.el7.x86_64.rpm	041a91c5001dae88a33f3406ba3c831006f72db446cabc51caa7c03631206569	ELSA-2025-20190	ol7_x86_64_UEKR6

Oracle Linux 8 (x86_64)	kernel-uek-container-5.4.17-2036.103.3.el8.src.rpm	99319eda900f12aebcec887c61183b9852a023689774f665c691a9d293250f91	-	ol8_x86_64_UEKR6
	kernel-uek-container-5.4.17-2036.103.3.el8.x86_64.rpm	3b8f4d402257b4ad32fab3fdb39c7ea88d55cde2665b32a837cc0e5d6d7803ef	-	ol8_x86_64_UEKR6
	kernel-uek-container-debug-5.4.17-2036.103.3.el8.x86_64.rpm	c9bc0ff5b8e8b0a97504354f3093ca149ad2dcdc08e5c5d1d9507e5040f2e7e0	-	ol8_x86_64_UEKR6

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691