[ELSA-2019-3979] kernel security and bug fix update
[3.10.0-1062.7.1.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
[3.10.0-1062.7.1]
- [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756815 1756816] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756815 1756816] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
- [x86] tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] tsx: Add 'auto' option to the tsx= cmdline parameter (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [x86] msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766539 1766540] {CVE-2019-11135}
- [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
- [kernel] sched/fair: Fix endless loop in idle_balance() (Phil Auld) [1766087 1740941]
- [kernel] sched: Skip double execution of pick_next_task_fair() (Phil Auld) [1766098 1750819]
- [kernel] sched/fair: Prevent throttling in early pick_next_task_fair() (Phil Auld) [1756267 1740038]
- [kernel] sched: Check for stop task appearance when balancing happens (Phil Auld) [1756267 1740038]
- [kernel] sched/core: Fix endless loop in pick_next_task() (Phil Auld) [1756267 1740038]
- [kernel] sched/fair: Push down check for high priority class task into idle_balance() (Phil Auld) [1756267 1740038]
- [kernel] sched/rt: Fix picking RT and DL tasks from empty queue (Phil Auld) [1756267 1740038]
- [kernel] sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (Phil Auld) [1756265 1722234]
- [kernel] sched, dl: Convert switched_{from, to}_dl() / prio_changed_dl() to balance callbacks (Phil Auld) [1756265 1722234]
- [kernel] sched,dl: Remove return value from pull_dl_task() (Phil Auld) [1756265 1722234]
- [kernel] sched, rt: Convert switched_{from, to}_rt() / prio_changed_rt() to balance callbacks (Phil Auld) [1756265 1722234]
- [kernel] sched,rt: Remove return value from pull_rt_task() (Phil Auld) [1756265 1722234]
- [kernel] sched: Allow balance callbacks for check_class_changed() (Phil Auld) [1756265 1722234]
- [kernel] sched: Use replace normalize_task() with __sched_setscheduler() (Phil Auld) [1756265 1722234]
- [kernel] sched: Handle priority boosted tasks proper in setscheduler() (Phil Auld) [1756265 1722234]
- [kernel] sched: Fix broken setscheduler() (Phil Auld) [1756265 1722234]
- [kernel] sched: Consider pi boosting in setscheduler() (Phil Auld) [1756265 1722234]
- [kernel] sched: Replace post_schedule with a balance callback list (Phil Auld) [1756265 1722234]
- [kernel] sched: Guarantee task priority in pick_next_task() (Phil Auld) [1756265 1722234]
- [kernel] sched: Remove some #ifdeffery (Phil Auld) [1756265 1722234]
- [kernel] sched: Clean up idle task SMP logic (Phil Auld) [1756265 1722234]
- [kernel] sched: Fix hotplug task migration (Phil Auld) [1756265 1722234]
- [kernel] sched/fair: Remove idle_balance() declaration in sched.h (Phil Auld) [1756265 1722234]
- [kernel] sched: Push down pre_schedule() and idle_balance() (Phil Auld) [1756265 1722234]
- [kernel] sched/fair: Optimize cgroup pick_next_task_fair() (Phil Auld) [1756265 1722234]
- [kernel] sched/fair: Clean up the __clear_buddies_*() functions (Phil Auld) [1756265 1722234]
- [kernel] sched: Push put_prev_task() into pick_next_task() (Phil Auld) [1756265 1722234]
- [kernel] sched: Move rq->idle_stamp up to the core (Phil Auld) [1756265 1722234]
- [kernel] sched: Fix race in idle_balance() (Phil Auld) [1756265 1722234]
- [kernel] sched: Remove 'cpu' parameter from idle_balance() (Phil Auld) [1756265 1722234]
- [kernel] sched/fair: Reset se-depth when task switched to FAIR (Phil Auld) [1756265 1722234]
- [kernel] sched/fair: Track cgroup depth (Phil Auld) [1756265 1722234]
[3.10.0-1062.6.1]
- [virt] KVM: coalesced_mmio: add bounds checking (Bandan Das) [1746797 1746798] {CVE-2019-14821}
- [fs] xfs: Fix deadlock between AGI and AGF with RENAME_WHITEOUT (Brian Foster) [1764245 1759117]
- [powerpc] powerpc/pseries/mobility: rebuild cacheinfo hierarchy post-migration (Desnes Augusto Nunes do Rosario) [1763625 1720930]
- [powerpc] powerpc/pseries/mobility: prevent cpu hotplug during DT update (Desnes Augusto Nunes do Rosario) [1763625 1720930]
- [powerpc] powerpc/cacheinfo: add cacheinfo_teardown, cacheinfo_rebuild (Desnes Augusto Nunes do Rosario) [1763625 1720930]
- [crypto] crypto: vmx - ghash: do nosimd fallback manually (Desnes Augusto Nunes do Rosario) [1763621 1739765]
- [crypto] crypto: vmx - Remove overly verbose printk from AES init routines (Desnes Augusto Nunes do Rosario) [1763621 1739765]
- [crypto] powerpc: Create disable_kernel_{fp, altivec, vsx, spe}() (Desnes Augusto Nunes do Rosario) [1763621 1739765]
- [crypto] crypto: vmx - CTR: always increment IV as quadword (Desnes Augusto Nunes do Rosario) [1763621 1739765]
- [crypto] crypto: vmx - fix copy-paste error in CTR mode (Desnes Augusto Nunes do Rosario) [1763621 1739765]
- [crypto] vmac - separate tfm and request context (Vladis Dronov) [1763620 1733561]
- [crypto] crypto: blkcipher - fix crash flushing dcache in error path (Vladis Dronov) [1761804 1741525]
- [crypto] crypto: remove direct blkcipher_walk dependency on transform (Vladis Dronov) [1761804 1741525]
- [crypto] crypto: user - prevent operating on larval algorithms (Vladis Dronov) [1761804 1741525]
- [netdrv] net/mlx5e: Support LAG TX port affinity distribution (Alaa Hleihel) [1759449 1724344]
- [netdrv] net/mlx5e: Expose new function for TIS destroy loop (Alaa Hleihel) [1759449 1724344]
- [include] net/mlx5: Add lag_tx_port_affinity capability bit (Alaa Hleihel) [1759449 1724344]
- [netdrv] net/mlx5e: Re-work TIS creation functions (Alaa Hleihel) [1759449 1724344]
- [netdrv] net/mlx5e: Disallow tc redirect offload cases we don't support (Alaa Hleihel) [1759003 1721626]
- [netdrv] net/mlx5e: Support ndo_get_phys_port_name for PF under switchdev mode (Alaa Hleihel) [1759003 1721626]
- [netdrv] net/mlx5e: Expose same physical switch_id for all representors (Alaa Hleihel) [1759003 1721626]
- [net] tcp: reset sk_send_head in tcp_write_queue_purge (Marcelo Leitner) [1748357 1748358] {CVE-2019-15239}
- [x86] kvm: x86: vmx: fix vpid leak (Vitaly Kuznetsov) [1755781 1716188]
- [kvm] kvm/x86: Move MSR_IA32_ARCH_CAPABILITIES to array emulated_msrs (Paul Lai) [1757757 1708465]
- [kvm] kvm: x86: Emulate MSR_IA32_ARCH_CAPABILITIES on AMD hosts (Paul Lai) [1757757 1708465]
- [kvm] kvm: vmx: Tell the nested hypervisor to skip L1D flush on vmentry (Paul Lai) [1757757 1708465]
- [kvm] kvm: vmx: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (Paul Lai) [1757757 1708465]
- [kvm] kvm: x86: Introduce kvm_get_msr_feature() (Paul Lai) [1757757 1708465]
- [kvm] kvm: x86: Add a framework for supporting MSR-based features (Paul Lai) [1757757 1708465]
- [nvme] nvme: don't ask blk-mq to handle timed-out request (Ming Lei) [1758051 1750202]
- [block] blk-mq: mark request as REQ_TIMEOUT when .timeout() is called (Ming Lei) [1758051 1750202]
- [block] blk-mq: introduce blk_mq_clear_rq_complete() (Ming Lei) [1758051 1750202]
- [block] blk-mq: remove 'sync' argument from __blk_mq_complete_request() (Ming Lei) [1758051 1750202]
- [nvme] blk-mq: remove blk_mq_complete_request_sync (Ming Lei) [1763624 1730922]
- [nvme] nvme: wait until all completed request's complete fn is called (Ming Lei) [1763624 1730922]
- [nvme] nvme: don't abort completed request in nvme_cancel_request (Ming Lei) [1763624 1730922]
- [block] blk-mq: introduce blk_mq_tagset_wait_completed_request() (Ming Lei) [1763624 1730922]
- [block] blk-mq: introduce blk_mq_request_completed() (Ming Lei) [1763624 1730922]
- [scsi] scsi: qla2xxx: Use correct size in call to dma_free_coherent() in qla2400_sp_unmap() (Himanshu Madhani) [1759447 1668767]
- [scsi] scsi: qla2xxx: Fix different size DMA Alloc/Unmap (Himanshu Madhani) [1759447 1668767]
- [scsi] scsi: qla2xxx: Fix DMA unmap leak (Himanshu Madhani) [1759447 1668767]
- [scsi] scsi: qla2xxx: Prevent memory leak for CT req/rsp allocation (Himanshu Madhani) [1759447 1668767]
- [scsi] scsi: fnic: fix msix interrupt allocation (Govindarajulu Varadarajan) [1754836 1745053]
- [scsi] scsi: fnic: print port speed only at driver init or speed change (Govindarajulu Varadarajan) [1754836 1745053]
- [nvme] nvme-scsi: updating struct nvme_ctrl (Gopal Tiwari) [1752423 1749524]
[3.10.0-1062.5.1]
- [netdrv] ixgbe: Prevent u8 wrapping of ITR value to something less than 10us (Ken Cox) [1757350 1750856]
- ID
- ELSA-2019-3979
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2019-3979.html
- Published
-
2019-11-26T00:00:00
(4 years ago) - Modified
-
2019-11-26T00:00:00
(4 years ago) - Rights
- Copyright 2019 Oracle, Inc.
- Other Advisories
-
- ALAS-2019-1293
- ALAS2-2019-1293
- DSA-4497-1
- DSA-4531-1
- ELSA-2019-3517
- ELSA-2019-4256
- ELSA-2019-4799
- ELSA-2019-4800
- ELSA-2019-4808
- ELSA-2019-4810
- ELSA-2019-4820
- FEDORA-2019-021c968423
- FEDORA-2019-057d691fd4
- FEDORA-2019-124a241044
- FEDORA-2019-15e141c6a7
- FEDORA-2019-1689d3fe07
- FEDORA-2019-41e28660ae
- FEDORA-2019-7a3fc17778
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-a570a92d5a
- FEDORA-2020-2a5cdd665c
- FEDORA-2020-c2d89d14d0
- FEDORA-2020-fe00e12580
- openSUSE-SU-2019:2173-1
- openSUSE-SU-2019:2181-1
- openSUSE-SU-2019:2307-1
- openSUSE-SU-2019:2308-1
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2019:3978
- RHSA-2019:3979
- RHSA-2019:4256
- RHSA-2020:0027
- SSA:2019-311-01
- SUSE-SU-2019:2412-1
- SUSE-SU-2019:2414-1
- SUSE-SU-2019:2424-1
- SUSE-SU-2019:2648-1
- SUSE-SU-2019:2651-1
- SUSE-SU-2019:2658-1
- SUSE-SU-2019:2706-1
- SUSE-SU-2019:2710-1
- SUSE-SU-2019:2738-1
- SUSE-SU-2019:2756-1
- SUSE-SU-2019:2879-1
- SUSE-SU-2019:2949-1
- SUSE-SU-2019:2950-1
- SUSE-SU-2019:2984-1
- SUSE-SU-2019:3200-1
- SUSE-SU-2019:3215-1
- SUSE-SU-2019:3228-1
- SUSE-SU-2019:3230-1
- SUSE-SU-2019:3249-1
- SUSE-SU-2019:3258-1
- SUSE-SU-2019:3295-1
- SUSE-SU-2020:0093-1
- USN-4157-1
- USN-4157-2
- USN-4162-1
- USN-4162-2
- USN-4163-1
- USN-4163-2
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2019-3979 | http://linux.oracle.com/errata/ELSA-2019-3979.html | |
CVE | CVE-2019-15239 | http://linux.oracle.com/cve/CVE-2019-15239.html | |
CVE | CVE-2019-14821 | http://linux.oracle.com/cve/CVE-2019-14821.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 3.10.0-1062.7.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 3.10.0-1062.7.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | oraclelinux | kernel | < 3.10.0-1062.7.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | oraclelinux | kernel-tools | < 3.10.0-1062.7.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs | < 3.10.0-1062.7.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs-devel | < 3.10.0-1062.7.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | oraclelinux | kernel-headers | < 3.10.0-1062.7.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | oraclelinux | kernel-doc | < 3.10.0-1062.7.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | oraclelinux | kernel-devel | < 3.10.0-1062.7.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | oraclelinux | kernel-debug | < 3.10.0-1062.7.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-debug-devel | < 3.10.0-1062.7.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | oraclelinux | kernel-abi-whitelists | < 3.10.0-1062.7.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-7 | oraclelinux | bpftool | < 3.10.0-1062.7.1.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |