[ELSA-2019-4836] Unbreakable Enterprise kernel security update
[4.14.35-1902.7.3]
- rds: Rename rds_send_ping to rds_send_hs_ping (Hakon Bugge) [Orabug: 30418043]
- rds: Use {READ,WRITE}_ONCE for heartbeat start and state (Hakon Bugge) [Orabug: 30418043]
- rds: Change heartbeat params from module params to sysctl (Hakon Bugge) [Orabug: 30418043]
- rds: Fix and augment probe counters (Hakon Bugge) [Orabug: 30418043]
- rds: Introduce heartbeat interval (Hakon Bugge) [Orabug: 30418043]
- rds: Fix heartbeat (Hakon Bugge) [Orabug: 30418043]
- kexec: generate VMCOREINFO for modules (Isaac Chen) [Orabug: 30464386]
- rds: RDS does not flush IPv6 neighbor cache (Ka-Cheong Poon) [Orabug: 30283690]
- kvm: x86: mmu: Recovery of shattered NX large pages (Junaid Shahid) [Orabug: 29967630] {CVE-2018-12207}
- kvm: Add helper function for creating VM worker threads (Junaid Shahid) [Orabug: 29967630] {CVE-2018-12207}
- kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [Orabug: 29967630] {CVE-2018-12207}
- x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta) [Orabug: 29967630] {CVE-2018-12207}
- KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [Orabug: 29967630] {CVE-2018-12207}
- KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [Orabug: 29967630] {CVE-2018-12207}
- kvm: x86: Do not release the page inside mmu_set_spte() (Junaid Shahid) [Orabug: 29967630] {CVE-2018-12207}
- kvm: Convert kvm_lock to a mutex (Junaid Shahid) [Orabug: 29967630] {CVE-2018-12207}
- x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30419234] {CVE-2019-11135}
- x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}
- x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}
- x86/speculation/taa: Add mitigation for TSX Async Abort (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}
- x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}
- x86/cpu: Add a helper function x86_read_arch_cap_msr() (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}
- x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30419234] {CVE-2019-11135}
[4.14.35-1902.7.2]
- floppy: fix div-by-zero in setup_format_params (Denis Efremov) [Orabug: 30447842] {CVE-2019-14284}
- perfutil: Warn when exceeding MAX_NR_CPUS in cpumap (Kyle Meyer) [Orabug: 30441330]
- perf header: Replace MAX_NR_CPUS with cpu__max_cpu() (Kyle Meyer) [Orabug: 30441330]
- perf machine: Replace MAX_NR_CPUS with perf_env::nr_cpus_online (Kyle Meyer) [Orabug: 30441330]
- perf session: Replace MAX_NR_CPUS with perf_env::nr_cpus_online (Kyle Meyer) [Orabug: 30441330]
- perf stat: Replace MAX_NR_CPUS with cpu__max_cpu() (Kyle Meyer) [Orabug: 30441330]
- perf svghelper: Replace MAX_NR_CPUS with perf_env::nr_cpus_online (Kyle Meyer) [Orabug: 30441330]
- perf timechart: Refactor svg_build_topology_map() (Kyle Meyer) [Orabug: 30441330]
- perf tools: Increase MAX_NR_CPUS and MAX_CACHES (Kyle Meyer) [Orabug: 30441330]
- x86/boot/64: Round memory hole size up to next PMD page (Steve Wahl) [Orabug: 30441300]
- x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (Steve Wahl) [Orabug: 30441300]
- ACPICA: Increase total number of possible Owner IDs (Bob Moore) [Orabug: 30448814]
[4.14.35-1902.7.1]
- tcp: fix tcp_rtx_queue_tail in case of empty retransmit queue (Tim Froidcoeur) [Orabug: 30331228]
- tcp: be more careful in tcp_fragment() (Eric Dumazet) [Orabug: 30331228]
- tcp: refine memory limit test in tcp_fragment() (Eric Dumazet) [Orabug: 30331228]
- scsi: mpt3sas: Bump mpt3sas driver version to 32.100.00.00 (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Fix module parameter max_msix_vectors (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Use Component img header to get Package ver (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Fail release cmnd if diag buffer is released (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Add app owned flag support for diag buffer (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Reuse diag buffer allocated at load time (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: clear release bit when buffer reregistered (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Maintain owner of buffer through UniqueID (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Free diag buffer without any status check (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Fix clear pending bit in ioctl status (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Display message before releasing diag buffer (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Register trace buffer based on NVDATA settings (Sreekanth Reddy) [Orabug: 30376510]
- scsi: mpt3sas: Update driver version to 31.100.00.00 (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Run SAS DEVICE STATUS CHANGE EVENT from ISR (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Reduce the performance drop (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Handle fault during HBA initialization (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Add sysfs to know supported features (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Support MEMORY MOVE Tool box command (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Allow ioctls to blocked access status NVMe (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Enumerate SES of a managed PCIe switch (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Update MPI headers to 2.6.8 spec (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Gracefully handle online firmware update (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: memset request frame before reusing (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Add support for PCIe Lane margin (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: support target smid for [abort|query] task (Minwoo Im) [Orabug: 30299961]
- scsi: mpt3sas: clean up a couple sizeof() uses (Dan Carpenter) [Orabug: 30299961]
- scsi: mpt3sas: Fix msix load balance on and off settings (Sreekanth Reddy) [Orabug: 30299961]
- scsi: mpt3sas: Determine smp affinity on per HBA basis (Sreekanth Reddy) [Orabug: 30299961]
- scsi: mpt3sas: Use configured PCIe link speed, not max (Sreekanth Reddy) [Orabug: 30299961]
- scsi: mpt3sas: Remove CPU arch check to determine perf_mode (Sreekanth Reddy) [Orabug: 30299961]
- scsi: mpt3sas: use DEVICE_ATTR_{RO, RW} (Tomas Henzl) [Orabug: 30299961]
- scsi: mpt3sas: make driver options visible in sys (Tomas Henzl) [Orabug: 30299961]
- scsi: mpt3sas: Mark expected switch fall-through (Gustavo A. R. Silva) [Orabug: 30299961]
- scsi: mpt3sas: Update driver version to 29.100.00.00 (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: Introduce perf_mode module parameter (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: Enable interrupt coalescing on high iops (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: Affinity high iops queues IRQs to local node (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: save and use MSI-X index for posting RD (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: Use high iops queues under some circumstances (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: change _base_get_msix_index prototype (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: Add flag high_iops_queues (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: Add Atomic RequestDescriptor support on Aero (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: function pointers of request descriptor (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas_ctl: fix double-fetch bug in _ctl_ioctl_main() (Gen Zhang) [Orabug: 30299961]
- scsi: mpt3sas: fix indentation issue (Colin Ian King) [Orabug: 30299961]
- scsi: mpt3sas: Fix kernel panic during expander reset (Sreekanth Reddy) [Orabug: 30299961]
- scsi: mpt3sas: Update mpt3sas driver version to 28.100.00.00 (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Improve the threshold value and introduce module param (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Load balance to improve performance and avoid soft lockups (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Irq poll to avoid CPU hard lockups (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: simplify interrupt handler (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Fix typo in request_desript_type (Suganath Prabu) [Orabug: 30299961]
- scsi: mpt3sas: Add missing breaks in switch statements (Gustavo A. R. Silva) [Orabug: 30299961]
- scsi: mpt3sas: Update driver version to 27.102.00.00 (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: Add support for ATLAS PCIe switch (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: Add support for NVMe Switch Adapter (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: Rename mpi endpoint device ID macro. (Suganath Prabu S) [Orabug: 30299961]
- scsi: mpt3sas: mpt3sas_scsih: Mark expected switch fall-through (Gustavo A. R. Silva) [Orabug: 30299961]
[4.14.35-1902.7.0]
- rds: fix uninteneded increase of rds_rdma:pool->max_items_soft (Manjunath Patil) [Orabug: 30397933]
- ACPI / APEI: Fix parsing HEST that includes Deferred Machine Check subtable (Yazen Ghannam) [Orabug: 30385327]
- rds: add ibmr to busy_list in flush code path (Manjunath Patil) [Orabug: 30383090]
- net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing) [Orabug: 30350262] {CVE-2019-15916}
- kernel-uek.spec: defuse a memory bomb in xargs (Lukas Lipinsky) [Orabug: 30339974]
- xen-netfront: do not use ~0U as error return value for xennet_fill_frags() (Dongli Zhang) [Orabug: 30395404]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | < 4.14.35-1902.7.3.el7uek |
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | < 4.14.35-1902.7.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | < 4.14.35-1902.7.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | < 4.14.35-1902.7.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | < 4.14.35-1902.7.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | < 4.14.35-1902.7.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | < 4.14.35-1902.7.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | < 4.14.35-1902.7.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | < 4.14.35-1902.7.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | < 4.14.35-1902.7.3.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | < 4.14.35-1902.7.3.el7uek |
- ID
- ELSA-2019-4836
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2019-4836.html
- Published
-
2019-11-12T00:00:00
(4 years ago) - Modified
-
2019-11-12T00:00:00
(4 years ago) - Rights
- Copyright 2019 Oracle, Inc.
- Other Advisories
-
- ALAS-2019-1318
- ALAS-2019-1322
- ALAS2-2019-1364
- ALAS2-2019-1366
- ALPINE:CVE-2018-12207
- ALPINE:CVE-2019-11135
- ALSA-2020:0279
- ASA-201911-14
- DSA-4495-1
- DSA-4497-1
- DSA-4564-1
- DSA-4565-1
- DSA-4602-1
- ELSA-2019-3517
- ELSA-2019-3832
- ELSA-2019-3834
- ELSA-2019-3836
- ELSA-2019-4837
- ELSA-2019-4838
- ELSA-2019-4839
- ELSA-2019-4850
- ELSA-2019-4854
- ELSA-2019-4855
- ELSA-2019-4867
- ELSA-2019-4868
- ELSA-2020-0279
- ELSA-2020-0366
- ELSA-2020-1016
- ELSA-2020-5532
- FEDORA-2019-021c968423
- FEDORA-2019-124a241044
- FEDORA-2019-1689d3fe07
- FEDORA-2019-2e12bd3a9a
- FEDORA-2019-34a75d7e61
- FEDORA-2019-376ec5c107
- FEDORA-2019-39e97683e8
- FEDORA-2019-3d7105bd2a
- FEDORA-2019-68d7f68507
- FEDORA-2019-6aad703290
- FEDORA-2019-7a3fc17778
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-91f6e7bb71
- FEDORA-2019-b737d03b83
- FEDORA-2019-b86a7bdba0
- FEDORA-2019-cbb732f760
- FEDORA-2020-203ffedeb5
- FEDORA-2020-227a4c0530
- FEDORA-2020-2a5cdd665c
- FEDORA-2020-2d9a75fadb
- FEDORA-2020-3cd64d683c
- FEDORA-2020-8490989850
- FEDORA-2020-c2d89d14d0
- FEDORA-2020-e328697628
- FEDORA-2020-f884f9dd7d
- FEDORA-2020-fe00e12580
- FREEBSD:EDC0BF7E-05A1-11EA-9DFA-F8B156AC3FF9
- FREEBSD:FBE10A8A-05A1-11EA-9DFA-F8B156AC3FF9
- GLSA-202003-56
- MS:CVE-2018-12207
- MS:CVE-2019-11135
- openSUSE-SU-2019:1923-1
- openSUSE-SU-2019:1924-1
- openSUSE-SU-2019:2503-1
- openSUSE-SU-2019:2504-1
- openSUSE-SU-2019:2505-1
- openSUSE-SU-2019:2506-1
- openSUSE-SU-2019:2507-1
- openSUSE-SU-2019:2509-1
- openSUSE-SU-2019:2510-1
- openSUSE-SU-2019:2527-1
- openSUSE-SU-2019:2528-1
- openSUSE-SU-2019:2675-1
- openSUSE-SU-2019:2710-1
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2019:3832
- RHSA-2019:3833
- RHSA-2019:3834
- RHSA-2019:3835
- RHSA-2019:3836
- RHSA-2019:3936
- RHSA-2020:0028
- RHSA-2020:0279
- RHSA-2020:0366
- RHSA-2020:1016
- RHSA-2020:1070
- RLSA-2020:0279
- SSA:2019-226-01
- SSA:2019-320-01
- SUSE-SU-2019:2068-1
- SUSE-SU-2019:2069-1
- SUSE-SU-2019:2070-1
- SUSE-SU-2019:2071-1
- SUSE-SU-2019:2072-1
- SUSE-SU-2019:2073-1
- SUSE-SU-2019:2262-1
- SUSE-SU-2019:2263-1
- SUSE-SU-2019:2299-1
- SUSE-SU-2019:2430-1
- SUSE-SU-2019:2450-1
- SUSE-SU-2019:2946-1
- SUSE-SU-2019:2947-1
- SUSE-SU-2019:2948-1
- SUSE-SU-2019:2949-1
- SUSE-SU-2019:2950-1
- SUSE-SU-2019:2951-1
- SUSE-SU-2019:2952-1
- SUSE-SU-2019:2953-1
- SUSE-SU-2019:2954-1
- SUSE-SU-2019:2955-1
- SUSE-SU-2019:2956-1
- SUSE-SU-2019:2957-1
- SUSE-SU-2019:2958-1
- SUSE-SU-2019:2959-1
- SUSE-SU-2019:2960-1
- SUSE-SU-2019:2961-1
- SUSE-SU-2019:2962-1
- SUSE-SU-2019:2984-1
- SUSE-SU-2019:2986-1
- SUSE-SU-2019:2987-1
- SUSE-SU-2019:2988-1
- SUSE-SU-2019:3091-1
- SUSE-SU-2019:3200-1
- SUSE-SU-2019:3289-1
- SUSE-SU-2019:3294-1
- SUSE-SU-2019:3295-1
- SUSE-SU-2019:3297-1
- SUSE-SU-2019:3316-1
- SUSE-SU-2019:3317-1
- SUSE-SU-2019:3340-1
- SUSE-SU-2019:3348-1
- SUSE-SU-2019:3371-1
- SUSE-SU-2019:3372-1
- SUSE-SU-2019:3381-1
- SUSE-SU-2020:0093-1
- SUSE-SU-2020:0334-1
- SUSE-SU-2020:0388-1
- USN-4114-1
- USN-4115-1
- USN-4116-1
- USN-4117-1
- USN-4118-1
- USN-4182-1
- USN-4182-2
- USN-4183-1
- USN-4184-1
- USN-4185-1
- USN-4185-2
- USN-4186-1
- USN-4186-2
- USN-4187-1
- USN-4188-1
- VMSA-2019-0020
- XSA-304
- XSA-305
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2019-4836 | http://linux.oracle.com/errata/ELSA-2019-4836.html | |
CVE | CVE-2019-11135 | http://linux.oracle.com/cve/CVE-2019-11135.html | |
CVE | CVE-2019-14284 | http://linux.oracle.com/cve/CVE-2019-14284.html | |
CVE | CVE-2019-15916 | http://linux.oracle.com/cve/CVE-2019-15916.html | |
CVE | CVE-2018-12207 | http://linux.oracle.com/cve/CVE-2018-12207.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 4.14.35-1902.7.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 4.14.35-1902.7.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 4.14.35-1902.7.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools | < 4.14.35-1902.7.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs | < 4.14.35-1902.7.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs-devel | < 4.14.35-1902.7.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | oraclelinux | kernel-uek-headers | < 4.14.35-1902.7.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 4.14.35-1902.7.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 4.14.35-1902.7.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 4.14.35-1902.7.3.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 4.14.35-1902.7.3.el7uek | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |