ELSA-2021-9085
- ULN >
- Oracle Linux Errata repository >
- ELSA-2021-9085
ELSA-2021-9085 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2021-03-11 |
Description
[5.4.17-2036.104.4.el8uek]
- KVM: arm64: guest context in x18 instead of x29 (Mihai Carabas) [Orabug: 32545182]
[5.4.17-2036.104.3.el8uek]
- config: enable CONFIG_MLX5_MPFS (Brian Maly) [Orabug: 32249042]
- net: Fix bridge enslavement failure (Ido Schimmel) [Orabug: 32503298]
- inet: do not call sublist_rcv on empty list (Florian Westphal) [Orabug: 32512814]
- KVM: arm64: pmu: Dont mark a counter as chained if the odd one is disabled (Eric Auger) [Orabug: 32499188]
- random: wire /dev/random with a DRBG instance (Saeed Mirzamohammadi) [Orabug: 32522087]
- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) [Orabug: 32522087]
- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) [Orabug: 32522087]
- crypto: jitter - SP800-90B compliance (Stephan Muller) [Orabug: 32522087]
- crypto: jitter - add header to fix buildwarnings (Ben Dooks) [Orabug: 32522087]
- crypto: jitter - fix comments (Alexander E. Patrakov) [Orabug: 32522087]
- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492109] {CVE-2021-26930}
- xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}
- xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}
- xen-blkback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}
- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
[5.4.17-2036.104.2.el8uek]
- tcp: fix to update snd_wl1 in bulk receiver fast path (Neal Cardwell) [Orabug: 32498822]
- selinux: allow reading labels before policy is loaded (Jonathan Lebon) [Orabug: 32492277]
- selinux: allow labeling before policy is loaded (Jonathan Lebon) [Orabug: 32492277]
- KVM: SVM: Initialize prev_ga_tag before use (Suravee Suthikulpanit) [Orabug: 32478549]
- tools/power turbostat: Support additional CPU model numbers (Len Brown) [Orabug: 32422451]
- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) [Orabug: 32422451]
- x86/cpu: Add Sapphire Rapids CPU model number (Tony Luck) [Orabug: 32422451]
- tools/power turbostat: Support Tiger Lake (Chen Yu) [Orabug: 32422451]
- uek-rpm: config-aarch64: enable MEMORY HOTREMOVE (Mihai Carabas) [Orabug: 32353851]
- arm64/mm/hotplug: Ensure early memory sections are all online (Anshuman Khandual) [Orabug: 32353851]
- arm64/mm/hotplug: Enable MEM_OFFLINE event handling (Anshuman Khandual) [Orabug: 32353851]
- arm64/mm/hotplug: Register boot memory hot remove notifier earlier (Anshuman Khandual) [Orabug: 32353851]
- arm64/mm: Enable memory hot remove (Anshuman Khandual) [Orabug: 32353851]
- arm64/mm: Hold memory hotplug lock while walking for kernel page table dump (Anshuman Khandual) [Orabug: 32353851]
- KVM: arm64: Save/restore sp_el0 as part of __guest_enter (Marc Zyngier) [Orabug: 32171445]
- net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32492969]
- net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32492969]
[5.4.17-2036.104.1.el8uek]
- vhost scsi: alloc vhost_scsi with kvzalloc() to avoid delay (Dongli Zhang) [Orabug: 32471677]
- HID: hid-input: fix stylus battery reporting (Dmitry Torokhov) [Orabug: 32464784] {CVE-2020-0431}
- nbd: freeze the queue while were adding connections (Josef Bacik) [Orabug: 32447285] {CVE-2021-3348}
- futex: Handle faults correctly for PI futexes (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Simplify fixup_pi_state_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Dont enable IRQs unconditionally in put_pi_state() (Dan Carpenter) [Orabug: 32447187] {CVE-2021-3347}
- futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- uek-rpm: Enable Oracle Pilot BMC module (Eric Snowberg) [Orabug: 32422662]
- hwmon: Add a new Oracle Pilot BMC driver (Eric Snowberg) [Orabug: 32422662]
- arm64: Reserve only 256M on RPi for crashkernel=auto (Vijay Kumar) [Orabug: 32301026]
[5.4.17-2036.104.0.el8uek]
- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426610]
- thermal: intel_pch_thermal: Add PCI ids for Lewisburg PCH. (Andres Freund) [Orabug: 32424705]
- thermal: intel: intel_pch_thermal: Add Cannon Lake Low Power PCH support (Sumeet Pawnikar) [Orabug: 32424705]
- thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (Gayatri Kammela) [Orabug: 32424705]
- nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug: 32350989]
- ovl: check permission to open real file (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}
- ovl: verify permissions in ovl_path_open() (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}
- ovl: switch to mounter creds in readdir (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}
- ovl: pass correct flags for opening real directory (Miklos Szeredi) [Orabug: 32046372]
- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381883]
Related CVEs
| CVE-2020-16120 |
| CVE-2021-26931 |
| CVE-2020-0431 |
| CVE-2021-26930 |
| CVE-2021-3347 |
| CVE-2021-3348 |
| CVE-2021-26932 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (aarch64) | kernel-uek-5.4.17-2036.104.4.el7uek.aarch64.rpm | 1b83014808127d59dd68ecc56285b4dc1daa671d211f4f3ae785ead5c4bdb8c8 | ELSA-2025-20190 | ol7_aarch64_UEKR6 |
| kernel-uek-debug-5.4.17-2036.104.4.el7uek.aarch64.rpm | 77f24e3f97dcf3f850478f1cf1f42742796e5d58d17be5516aab032db4281ea2 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-debug-devel-5.4.17-2036.104.4.el7uek.aarch64.rpm | be3d84fada36c8b1217dac4b3bd889248006bacb0842df2b33a511e98e7a0f5f | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-devel-5.4.17-2036.104.4.el7uek.aarch64.rpm | 767018a3063baa00e16e08a60854142e7500c7675af372e9b5d33fc74c27dbfe | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-doc-5.4.17-2036.104.4.el7uek.noarch.rpm | dcc06dc63770641d99584f17a136b7f3f6dcfa1ea379131631a1d423e3fe98c4 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-tools-5.4.17-2036.104.4.el7uek.aarch64.rpm | a25cf30248c2297b489823581f873f346b61b0e3b8a1bbe9edbdad9ebbdc3340 | ELSA-2025-20190 | ol7_aarch64_UEKR6 | |
| kernel-uek-tools-libs-5.4.17-2036.104.4.el7uek.aarch64.rpm | f660650cf96f5b9f206eed789cc22df2be4926d8c874357054386eb899192360 | ELSA-2025-20019 | ol7_aarch64_UEKR6 | |
| perf-5.4.17-2036.104.4.el7uek.aarch64.rpm | d6fea9fef598509cc7ea6e00144f9da1ad501ee35c30724ad10a01d2f27933e6 | ELSA-2025-20019 | ol7_aarch64_UEKR6 | |
| python-perf-5.4.17-2036.104.4.el7uek.aarch64.rpm | c180ab151d4ca442dd9bbcfc90a6f3d2355b4f1a3cf924bec90676262ba5a7d7 | ELSA-2025-20019 | ol7_aarch64_UEKR6 | |
| Oracle Linux 7 (x86_64) | kernel-uek-5.4.17-2036.104.4.el7uek.x86_64.rpm | 6b851c2bd6c960fca210f0359d205707293d8fa280d6ca725aff437c3229c347 | ELSA-2025-20190 | ol7_x86_64_UEKR6 |
| kernel-uek-debug-5.4.17-2036.104.4.el7uek.x86_64.rpm | 1b532db5c1cb8915ef4171ce1eaa1f939d728be459422095521b94714534bb95 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-debug-devel-5.4.17-2036.104.4.el7uek.x86_64.rpm | 804a3b53145f65c435374c163902f8611057b050245b5fe1767345866395c632 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-devel-5.4.17-2036.104.4.el7uek.x86_64.rpm | d21e3f84db90cc035b4e7ef77921286aa6ae8a619f2b215b40ac17acfd7f516f | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-doc-5.4.17-2036.104.4.el7uek.noarch.rpm | dcc06dc63770641d99584f17a136b7f3f6dcfa1ea379131631a1d423e3fe98c4 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| kernel-uek-tools-5.4.17-2036.104.4.el7uek.x86_64.rpm | 53908eace3800fd33af4fc9fe3bef5d3d5ec1cbf2fae132127687f2d147a31c6 | ELSA-2025-20190 | ol7_x86_64_UEKR6 | |
| Oracle Linux 8 (aarch64) | kernel-uek-5.4.17-2036.104.4.el8uek.src.rpm | 17cd20d0f20756735afd25fbcd4a594aa79adcc2ea170fb299372f9b22018bd9 | - | ol8_aarch64_baseos_latest |
| kernel-uek-5.4.17-2036.104.4.el8uek.src.rpm | 17cd20d0f20756735afd25fbcd4a594aa79adcc2ea170fb299372f9b22018bd9 | - | ol8_aarch64_u3_baseos_patch | |
| kernel-uek-5.4.17-2036.104.4.el8uek.aarch64.rpm | 237444bba212575d32f776073efad13eb86b83c6e33039be99b4df3f10c048ae | - | ol8_aarch64_baseos_latest | |
| kernel-uek-5.4.17-2036.104.4.el8uek.aarch64.rpm | 237444bba212575d32f776073efad13eb86b83c6e33039be99b4df3f10c048ae | - | ol8_aarch64_u3_baseos_patch | |
| kernel-uek-debug-5.4.17-2036.104.4.el8uek.aarch64.rpm | 2a20e4ab079eed93f00e043af3e28d195d952af3547ed1b28764e75806362e2b | - | ol8_aarch64_baseos_latest | |
| kernel-uek-debug-5.4.17-2036.104.4.el8uek.aarch64.rpm | 2a20e4ab079eed93f00e043af3e28d195d952af3547ed1b28764e75806362e2b | - | ol8_aarch64_u3_baseos_patch | |
| kernel-uek-debug-devel-5.4.17-2036.104.4.el8uek.aarch64.rpm | 9cee780e74d7091d284bdff39b1e8cffc7c7eb1f0e97f71c3305ec78bb623819 | - | ol8_aarch64_baseos_latest | |
| kernel-uek-debug-devel-5.4.17-2036.104.4.el8uek.aarch64.rpm | 9cee780e74d7091d284bdff39b1e8cffc7c7eb1f0e97f71c3305ec78bb623819 | - | ol8_aarch64_u3_baseos_patch | |
| kernel-uek-devel-5.4.17-2036.104.4.el8uek.aarch64.rpm | 19028a362b2823738e3922772f537ed55ce250966217914a31963d8296deaf9b | - | ol8_aarch64_baseos_latest | |
| kernel-uek-devel-5.4.17-2036.104.4.el8uek.aarch64.rpm | 19028a362b2823738e3922772f537ed55ce250966217914a31963d8296deaf9b | - | ol8_aarch64_u3_baseos_patch | |
| kernel-uek-doc-5.4.17-2036.104.4.el8uek.noarch.rpm | e86e0762214ce298d13f41ca7fd54da114b7c7e656a0e5c1a555e86f8377c2bb | - | ol8_aarch64_baseos_latest | |
| kernel-uek-doc-5.4.17-2036.104.4.el8uek.noarch.rpm | e86e0762214ce298d13f41ca7fd54da114b7c7e656a0e5c1a555e86f8377c2bb | - | ol8_aarch64_u3_baseos_patch | |
| Oracle Linux 8 (x86_64) | kernel-uek-5.4.17-2036.104.4.el8uek.src.rpm | 17cd20d0f20756735afd25fbcd4a594aa79adcc2ea170fb299372f9b22018bd9 | - | ol8_x86_64_UEKR6 |
| kernel-uek-5.4.17-2036.104.4.el8uek.src.rpm | 17cd20d0f20756735afd25fbcd4a594aa79adcc2ea170fb299372f9b22018bd9 | - | ol8_x86_64_baseos_latest | |
| kernel-uek-5.4.17-2036.104.4.el8uek.src.rpm | 17cd20d0f20756735afd25fbcd4a594aa79adcc2ea170fb299372f9b22018bd9 | - | ol8_x86_64_u3_baseos_patch | |
| kernel-uek-5.4.17-2036.104.4.el8uek.x86_64.rpm | c9ea7c89b4b02e36aec6b655f9978daa3e5b040b15c1c0a16e86170fad6b649b | - | ol8_x86_64_UEKR6 | |
| kernel-uek-debug-5.4.17-2036.104.4.el8uek.x86_64.rpm | 7c2da1d41d256d95c21da68a15974f39c8e5586a0fe84ac0610c9a8a602d474b | - | ol8_x86_64_UEKR6 | |
| kernel-uek-debug-devel-5.4.17-2036.104.4.el8uek.x86_64.rpm | 9dcf39cd5b5be6ade176a90238eb0de6a8faf8f37396862054eff96b3004e258 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-devel-5.4.17-2036.104.4.el8uek.x86_64.rpm | 44888db97121355e50804ed01bd542ea2b7f540d84730312579f28698de74f70 | - | ol8_x86_64_UEKR6 | |
| kernel-uek-doc-5.4.17-2036.104.4.el8uek.noarch.rpm | e86e0762214ce298d13f41ca7fd54da114b7c7e656a0e5c1a555e86f8377c2bb | - | ol8_x86_64_UEKR6 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
