ELSA-2021-9487 - Unbreakable Enterprise kernel-container security update

Release Date:2021-10-14


- KVM: SVM: Fix mismerge in svm_update_pi_irte() (Liam Merwick) [Orabug: 33446526]
- Revert KVM: x86: hyperv: Remove duplicate definitions of Reference TSC Page (Liam Merwick) [Orabug: 33450675]

- Revert scsi: core: Cap scsi_host cmd_per_lun at can_queue (Jack Vogel) [Orabug: 33441404]

- dccp: dont duplicate ccid when cloning dccp sock (Lin, Zhenpeng) [Orabug: 33408808] {CVE-2017-6074} {CVE-2020-16119} {CVE-2020-16119}
- block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33396355]
- uek-rpm: add ofb.ko and crypto_user.ko modules to nano kernel (Somasundaram Krishnasamy) [Orabug: 31895743]

- Reintroduce: certs: Add EFI_CERT_X509_GUID support for dbx entries (Konrad Rzeszutek Wilk) [Orabug: 33382994]
- bnxt_en: Update the driver version string (Jack Vogel) [Orabug: 33392416]

- net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug: 33379543]
- KVM: X86: MMU: Use the correct inherited permissions to get shadow page (Lai Jiangshan) [Orabug: 33359297] {CVE-2021-38198}
- KVM: x86: adjust SEV for commit 7e8e6eed75e (Paolo Bonzini) [Orabug: 33375655]
- net/mlx5: Implement Oracle-only solution for mlx device names (Mikhael Goikhman) [Orabug: 33247746]

- btrfs: fix NULL pointer dereference when deleting device by invalid id (Qu Wenruo) [Orabug: 33365609] {CVE-2021-3739}
- Revert uek-rpm: mark /etc/ld.so.conf.d/ files as %config (aloktiw) [Orabug: 33359669]
- bpf: provide BPF Type Format (BTF) info for kernel (Alan Maguire) [Orabug: 33331233]
- perf/x86/amd: Dont touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (Like Xu) [Orabug: 33194216]
- IB/core: Read subnet_prefix in ib_query_port via cache. (Anand Khoje) [Orabug: 33283556]
- IB/core: Shifting initialization of device->cache_lock (Anand Khoje) [Orabug: 33283556]
- IB/core: Updating cache for subnet_prefix in config_non_roce_gid_cache() (Anand Khoje) [Orabug: 33283556]
- IB/core: Shuffle locks in ib_port_data to save memory (Anand Khoje) [Orabug: 33283556]
- IB/core: Removed port validity check from ib_get_cached_subnet_prefix (Anand Khoje) [Orabug: 33283556]
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (Dongli Zhang) [Orabug: 33106728]

- net: qrtr: fix another OOB Read in qrtr_endpoint_post (Xiaolong Huang) [Orabug: 33336805] {CVE-2021-3743}
- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Tso) [Orabug: 33336785] {CVE-2021-40490}
- net/mlx5: E-Switch, Fix vlan or qos setting in legacy mode (Vu Pham) [Orabug: 33291040]
- rds: ib: Set SEND_SIGNALED on the last WR posted (Hakon Bugge) [Orabug: 33331710]
- RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33331640]
- usb: hso: fix error handling code of hso_create_net_device (Dongliang Mu) [Orabug: 33329086] {CVE-2021-37159}
- hso: fix bailout in error case of probe (Oliver Neukum) [Orabug: 33329086] {CVE-2021-37159}
- uek-rpm: Set DEFAULTKERNEL in /etc/sysconfig/kernel correctly (Dave Kleikamp) [Orabug: 33219604]
- RDMA/mlx5: Fix crash when unbind multiport slave (Maor Gottlieb) [Orabug: 33303425]
- net/mlx5: Dont overwrite HCA capabilities when setting MSI-X count (Leon Romanovsky) [Orabug: 33220810]
- net/mlx5: Implement sriov_get_vf_total_msix/count() callbacks (Leon Romanovsky) [Orabug: 33220810]
- net/mlx5: Dynamically assign MSI-X vectors count (Leon Romanovsky) [Orabug: 33220810]
- net/mlx5: Add dynamic MSI-X capabilities bits (Leon Romanovsky) [Orabug: 33220810]
- PCI/IOV: Add sysfs MSI-X vector assignment interface (Leon Romanovsky) [Orabug: 33220810]
- net/mlx5: Check that driver was probed prior attaching the device (Leon Romanovsky) [Orabug: 33286656]

- misc/pvpanic: fix set driver data (Mihai Carabas) [Orabug: 33290806]
- btrfs: fix race between marking inode needs to be logged and log syncing (Filipe Manana) [Orabug: 33265208]
- vdpa/mlx5: fix feature negotiation across device reset (Si-Wei Liu) [Orabug: 33247045]
- net/mlx5: E-switch, When eswitch is unsupported, return -EOPNOTSUPP (Parav Pandit) [Orabug: 33241452]
- xen-acpi-processor: fix coordination type mismatch (Elena Ufimtseva)
- net/mlx5: E-switch, Use eswitch total_vports (Parav Pandit) [Orabug: 33213269]
- net/mlx5: E-switch, Reuse total_vports and avoid duplicate nvports (Parav Pandit) [Orabug: 33213269]
- net/mlx5: E-switch, Consider maximum vf vports for steering init (Parav Pandit) [Orabug: 33213269]
- RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (Maor Gottlieb) [Orabug: 33303297]
- rds: fix statistics counters and check for memory leak (Hans Westgaard Ry) [Orabug: 31372378]
- KVM: X86: Micro-optimize IPI fastpath delay (Wanpeng Li) [Orabug: 33119431]
- net/mlx5_core: Restore driver version (Roy Novich) [Orabug: 33112151]
- RDMA/umem: Use ib_dma_max_seg_size instead of dma_get_max_seg_size (Christoph Hellwig) [Orabug: 33107202]
- lib/scatterlist: Do not limit max_segment to PAGE_ALIGNED values (Jason Gunthorpe) [Orabug: 33107202]
- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 33107202]
- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 33107202]
- uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33246580]
- rdmaip: trace message buffer size too small for rdmaip debug tracepoints (Alan Maguire) [Orabug: 33267573]
- driver core: auxiliary bus: Fix memory leak when driver_register() fail (Peter Ujfalusi) [Orabug: 32461425]
- driver core: auxiliary bus: Remove unneeded module bits (Dave Jiang) [Orabug: 32461425]
- driver core: auxiliary bus: Fix calling stage for auxiliary bus init (Dave Jiang) [Orabug: 32461425]
- driver core: auxiliary bus: Fix auxiliary bus shutdown null auxdrv ptr (Dave Jiang) [Orabug: 32461425]
- bnxt_en: Use register window 6 instead of 5 to read the PHC (Michael Chan) [Orabug: 33181761]
- bnxt_en: Update firmware call to retrieve TX PTP timestamp (Michael Chan) [Orabug: 33181761]
- bnxt_en: Update firmware interface to (Michael Chan) [Orabug: 33181761]

- ice: implement device flash update via devlink (Jacob Keller) [Orabug: 33236075]
- ice: add board identifier info to devlink .info_get (Jacob Keller) [Orabug: 33236075]
- ice: add basic handler for devlink .info_get (Jacob Keller) [Orabug: 33236075]
- ice: enable initial devlink support (Jacob Keller) [Orabug: 33236075]
- bitops: introduce the for_each_set_clump8 macro (William Breathitt Gray) [Orabug: 33236075]
- Add pldmfw library for PLDM firmware update (Jacob Keller) [Orabug: 33236075]
- devlink: expand the devlink-info documentation (Jakub Kicinski) [Orabug: 33236075]
- devlink: promote fw.bundle_id to a generic info version (Jacob Keller) [Orabug: 33236075]
- devlink: remove trigger command from devlink-region.rst (Jacob Keller) [Orabug: 33236075]
- devlink: add trap metadata type for cookie (Jiri Pirko) [Orabug: 33236075]
- devlink: add ACL generic packet traps (Jiri Pirko) [Orabug: 33236075]
- devlink: Force enclosing array on binary fmsg data (Aya Levin) [Orabug: 33236075]
- devlink: document devlink info versions reported by bnxt_en driver (Vasundhara Volam) [Orabug: 33236075]
- devlink: add macro for fw.roce (Vasundhara Volam) [Orabug: 33236075]
- devlink: Add health recover notifications on devlink flows (Moshe Shemesh) [Orabug: 33236075]
- devlink: Add overlay source MAC is multicast trap (Amit Cohen) [Orabug: 33236075]
- devlink: Add tunnel generic packet traps (Amit Cohen) [Orabug: 33236075]
- devlink: Add non-routable packet trap (Amit Cohen) [Orabug: 33236075]
- devlink: fix typos in qed documentation (Jacob Keller) [Orabug: 33236075]
- devlink: correct misspelling of snapshot (Jacob Keller) [Orabug: 33236075]
- devlink: document region snapshot triggering from userspace (Jacob Keller) [Orabug: 33236075]
- devlink: introduce devlink-dpipe.rst documentation file (Jacob Keller) [Orabug: 33236075]
- devlink: add a devlink-resource.rst documentation file (Jacob Keller) [Orabug: 33236075]
- devlink: rename and expand devlink-trap-netdevsim.rst (Jacob Keller) [Orabug: 33236075]
- devlink: add documentation for ionic device driver (Jacob Keller) [Orabug: 33236075]
- devlink: add a file documenting devlink regions (Jacob Keller) [Orabug: 33236075]
- devlink: add a driver-specific file for the qed driver (Jacob Keller) [Orabug: 33236075]
- devlink: add parameter documentation for the mlx4 driver (Jacob Keller) [Orabug: 33236075]
- devlink: document info versions for each driver (Jacob Keller) [Orabug: 33236075]
- devlink: convert driver-specific files to reStructuredText (Jacob Keller) [Orabug: 33236075]
- devlink: mention reloading in devlink-params.rst (Jacob Keller) [Orabug: 33236075]
- devlink: add documentation for generic devlink parameters (Jacob Keller) [Orabug: 33236075]
- devlink: convert devlink-params.txt to reStructuredText (Jacob Keller) [Orabug: 33236075]
- devlink: rename devlink-info-versions.rst and add a header (Jacob Keller) [Orabug: 33236075]
- devlink: convert devlink-health.txt to rst format (Jacob Keller) [Orabug: 33236075]
- devlink: move devlink documentation to subfolder (Jacob Keller) [Orabug: 33236075]
- devlink: add macro for fw.psid (Jacob Keller) [Orabug: 33236075]
- devlink: add devink notification when reporter update health state (Vikas Gupta) [Orabug: 33236075]
- rds_rdma: add missing rds_ib_cm_handle_connect tracepoint (Alan Maguire) [Orabug: 33243559]

- fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950}
- fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950}
- block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33392821]
- net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug: 33352735]

Related CVEs


Updated Packages

Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) kernel-uek-container-5.4.17-2136.300.7.el7.src.rpm242bad9cc37cea285a6f3fd89df20834-
Oracle Linux 8 (x86_64) kernel-uek-container-5.4.17-2136.300.7.el8.src.rpmdfd840b9003d9cd812e2ba410e0f7fc2-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team