[ELSA-2017-3651] Unbreakable Enterprise kernel security update
[4.1.12-103.10.1]
- mm, thp: Do not make page table dirty unconditionally in follow_trans_huge_pmd() (Kirill A. Shutemov) [Orabug: 27200879] {CVE-2017-1000405}
- NFS: Add static NFS I/O tracepoints (Chuck Lever)
- storvsc: dont assume SG list is contiguous (Aruna Ramakrishna) [Orabug: 27044692]
- fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069038] {CVE-2017-12190}
- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069038] {CVE-2017-12190}
- packet: in packet_do_bind, test fanout with bind_lock held (Willem de Bruijn) [Orabug: 27069065] {CVE-2017-15649}
- packet: hold bind lock when rebinding to fanout hook (Willem de Bruijn) [Orabug: 27069065] {CVE-2017-15649}
- net: convert packet_fanout.sk_ref from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 27069065] {CVE-2017-15649}
- packet: fix races in fanout_add() (Eric Dumazet) [Orabug: 27069065] {CVE-2017-15649}
- refcount_t: Introduce a special purpose refcount type (Peter Zijlstra) [Orabug: 27069065] {CVE-2017-15649}
- locking/atomics: Add _{acquire|release|relaxed}() variants of some atomic operations (Will Deacon) [Orabug: 27069065] {CVE-2017-15649}
- net: qmi_wwan: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215225] {CVE-2017-16650}
- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148276] {CVE-2017-16527}
- scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D. Milne) [Orabug: 27187217]
- ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 27126129]
- scsi: Dont abort scsi_scan due to unexpected response (John Sobecki) [Orabug: 27119628]
- ocfs2: code clean up for direct io (Ryan Ding)
- xscore: add dma address check (Zhu Yanjun) [Orabug: 27076919]
- KVM: nVMX: Fix loss of L2s NMI blocking state (Wanpeng Li) [Orabug: 27062498]
- KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27062498]
- KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27062498]
- KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27062498]
- uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard) [Orabug: 26798697]
- thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 27026180]
- selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001717] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618}
- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036903] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191}
- KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050248] {CVE-2017-12192}
- IB/ipoib: For sendonly join free the multicast group on leave (Christoph Lameter) [Orabug: 27077718]
- IB/ipoib: increase the max mcast backlog queue (Doug Ledford) [Orabug: 27077718]
- IB/ipoib: Make sendonly multicast joins create the mcast group (Doug Ledford) [Orabug: 27077718]
- IB/ipoib: Expire sendonly multicast joins (Christoph Lameter) [Orabug: 27077718]
- IB/ipoib: Suppress warning for send only join failures (Jason Gunthorpe) [Orabug: 27077718]
- IB/ipoib: Clean up send-only multicast joins (Doug Ledford) [Orabug: 27077718]
- netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077944]
- netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077944]
- netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27077944]
- netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27077944]
- netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27077944]
- netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27077944]
- netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27077944]
- Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) [Orabug: 27052681]
- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug: 27037811]
- ID
- ELSA-2017-3651
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2017-3651.html
- Published
-
2017-12-07T00:00:00
(6 years ago) - Modified
-
2017-12-07T00:00:00
(6 years ago) - Rights
- Copyright 2017 Oracle, Inc.
- Other Advisories
-
- ALAS-2017-925
- ALAS-2017-937
- ALAS-2018-956
- ALAS2-2018-956
- ELSA-2017-3657
- ELSA-2017-3658
- ELSA-2018-0151
- ELSA-2018-1062
- ELSA-2018-1854
- ELSA-2019-4644
- FEDORA-2017-905bb449bc
- FEDORA-2017-92a0ae09aa
- FEDORA-2017-9ea11e444d
- FEDORA-2017-aa9927961f
- FEDORA-2017-b0c1f44130
- FEDORA-2017-c110ac0eb1
- FEDORA-2017-cafcdbdde5
- FEDORA-2017-f9f3d80442
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-1e033dc308
- FEDORA-2018-2a0f8b2c9d
- FEDORA-2018-2ee3411cb8
- FEDORA-2018-2f6df9abfb
- FEDORA-2018-49bda79bd5
- FEDORA-2018-4ca01704a2
- FEDORA-2018-6367a17aa3
- FEDORA-2018-79d7c3d2df
- FEDORA-2018-8484550fff
- FEDORA-2018-884a105c04
- FEDORA-2018-93c2e74446
- FEDORA-2018-94315e9a6b
- FEDORA-2018-9d0e4e40b5
- FEDORA-2018-b57db4753c
- FEDORA-2018-b68776e5b0
- FEDORA-2018-b997780dca
- FEDORA-2018-c0a1284064
- FEDORA-2018-c449dc1c9c
- FEDORA-2018-d77cc41f35
- FEDORA-2018-e71875c4aa
- FEDORA-2018-e8f793bbfc
- RHSA-2018:0151
- RHSA-2018:0152
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1854
- SUSE-SU-2017:2847-1
- SUSE-SU-2017:2869-1
- SUSE-SU-2017:2908-1
- SUSE-SU-2017:2920-1
- SUSE-SU-2017:3072-1
- SUSE-SU-2017:3074-1
- SUSE-SU-2017:3076-1
- SUSE-SU-2017:3103-1
- SUSE-SU-2017:3116-1
- SUSE-SU-2017:3117-1
- SUSE-SU-2017:3118-1
- SUSE-SU-2017:3119-1
- SUSE-SU-2017:3120-1
- SUSE-SU-2017:3121-1
- SUSE-SU-2017:3122-1
- SUSE-SU-2017:3123-1
- SUSE-SU-2017:3124-1
- SUSE-SU-2017:3125-1
- SUSE-SU-2017:3126-1
- SUSE-SU-2017:3127-1
- SUSE-SU-2017:3128-1
- SUSE-SU-2017:3129-1
- SUSE-SU-2017:3130-1
- SUSE-SU-2017:3131-1
- SUSE-SU-2017:3132-1
- SUSE-SU-2017:3134-1
- SUSE-SU-2017:3136-1
- SUSE-SU-2017:3139-1
- SUSE-SU-2017:3145-1
- SUSE-SU-2017:3146-1
- SUSE-SU-2017:3147-1
- SUSE-SU-2017:3148-1
- SUSE-SU-2017:3149-1
- SUSE-SU-2017:3150-1
- SUSE-SU-2017:3151-1
- SUSE-SU-2017:3152-1
- SUSE-SU-2017:3153-1
- SUSE-SU-2017:3154-1
- SUSE-SU-2017:3156-1
- SUSE-SU-2017:3157-1
- SUSE-SU-2017:3158-1
- SUSE-SU-2017:3159-1
- SUSE-SU-2017:3160-1
- SUSE-SU-2017:3210-1
- SUSE-SU-2017:3225-1
- SUSE-SU-2017:3226-1
- SUSE-SU-2017:3249-1
- SUSE-SU-2017:3265-1
- SUSE-SU-2017:3267-1
- SUSE-SU-2017:3284-1
- SUSE-SU-2017:3285-1
- SUSE-SU-2017:3286-1
- SUSE-SU-2017:3295-1
- SUSE-SU-2017:3296-1
- SUSE-SU-2017:3297-1
- SUSE-SU-2017:3300-1
- SUSE-SU-2017:3307-1
- SUSE-SU-2017:3310-1
- SUSE-SU-2017:3314-1
- SUSE-SU-2017:3315-1
- SUSE-SU-2017:3317-1
- SUSE-SU-2017:3319-1
- SUSE-SU-2017:3324-1
- SUSE-SU-2018:0040-1
- SUSE-SU-2018:0180-1
- SUSE-SU-2018:0213-1
- SUSE-SU-2018:0233-1
- SUSE-SU-2018:0562-1
- SUSE-SU-2018:0664-1
- SUSE-SU-2018:0834-1
- SUSE-SU-2018:0848-1
- SUSE-SU-2018:1080-1
- SUSE-SU-2018:1172-1
- SUSE-SU-2018:1309-1
- SUSE-SU-2020:3400-1
- SUSE-SU-2020:3449-1
- USN-3485-1
- USN-3485-2
- USN-3485-3
- USN-3487-1
- USN-3507-1
- USN-3507-2
- USN-3508-1
- USN-3508-2
- USN-3509-1
- USN-3509-2
- USN-3510-1
- USN-3510-2
- USN-3511-1
- USN-3582-1
- USN-3582-2
- USN-3583-1
- USN-3583-2
- USN-3617-1
- USN-3617-2
- USN-3617-3
- USN-3619-1
- USN-3619-2
- USN-3754-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2017-3651 | http://linux.oracle.com/errata/ELSA-2017-3651.html | |
CVE | CVE-2017-1000405 | http://linux.oracle.com/cve/CVE-2017-1000405.html | |
CVE | CVE-2017-12190 | http://linux.oracle.com/cve/CVE-2017-12190.html | |
CVE | CVE-2017-15649 | http://linux.oracle.com/cve/CVE-2017-15649.html | |
CVE | CVE-2017-16527 | http://linux.oracle.com/cve/CVE-2017-16527.html | |
CVE | CVE-2017-16650 | http://linux.oracle.com/cve/CVE-2017-16650.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 4.1.12-103.10.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6 | oraclelinux | kernel-uek | < 4.1.12-103.10.1.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-7 | oraclelinux | kernel-uek-firmware | < 4.1.12-103.10.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6 | oraclelinux | kernel-uek-firmware | < 4.1.12-103.10.1.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 4.1.12-103.10.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6 | oraclelinux | kernel-uek-doc | < 4.1.12-103.10.1.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 4.1.12-103.10.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6 | oraclelinux | kernel-uek-devel | < 4.1.12-103.10.1.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 4.1.12-103.10.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6 | oraclelinux | kernel-uek-debug | < 4.1.12-103.10.1.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 4.1.12-103.10.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6 | oraclelinux | kernel-uek-debug-devel | < 4.1.12-103.10.1.el6uek | oraclelinux-6 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |