[ELSA-2019-4850] Unbreakable Enterprise kernel security update
[4.1.12-124.33.4]
- ocfs2: protect extent tree in ocfs2_prepare_inode_for_write() (Shuning Zhang) [Orabug: 30036349]
- ocfs2: direct-IO: protect get_blocks (Junxiao Bi) [Orabug: 30036349]
- SUNRPC: Remove xprt_connect_status() (Trond Myklebust) [Orabug: 30165838]
- SUNRPC: Handle ENETDOWN errors (Trond Myklebust) [Orabug: 30165838]
- vhost: make sure log_num < in_num (yongduan) [Orabug: 30312787] {CVE-2019-14835}
- vhost: block speculation of translated descriptors (Michael S. Tsirkin) [Orabug: 30312787] {CVE-2019-14835}
- vhost: Fix Spectre V1 vulnerability (Jason Wang) [Orabug: 30312787]
- array_index_nospec: Sanitize speculative array de-references (Dan Williams) [Orabug: 30312787]
- net: hsr: fix memory leak in hsr_dev_finalize() (Mao Wenan) [Orabug: 30444853] {CVE-2019-16995}
- ieee802154: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30444946] {CVE-2019-17053}
- mISDN: enforce CAP_NET_RAW for raw sockets (Ori Nimron) [Orabug: 30445158] {CVE-2019-17055}
- net: sit: fix memory leak in sit_init_net() (Mao Wenan) [Orabug: 30445305] {CVE-2019-16994}
- media: dvb: usb: fix use after free in dvb_usb_device_exit (Oliver Neukum) [Orabug: 30490491] {CVE-2019-15213}
- media: cpia2_usb: first wake up, then free in disconnect (Oliver Neukum) [Orabug: 30511741] {CVE-2019-15215}
- media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Vandana BN) [Orabug: 30532774] {CVE-2019-15217}
- target: Propagate backend read-only to core_tpg_add_lun (Nicholas Bellinger) [Orabug: 30538419]
- kvm: mmu: ITLB_MULTIHIT mitigation selection (Kanth Ghatraju) [Orabug: 30539766]
- cpu/speculation: Uninline and export CPU mitigations helpers (Kanth Ghatraju) [Orabug: 30539766]
[4.1.12-124.33.3]
- rds: Use correct conn when dropping connections due to cancel (Hakon Bugge) [Orabug: 30316058]
- rds: ib: Optimize rds_ib_laddr_check (Hakon Bugge) [Orabug: 30327671]
- rds: Bring loop-back peer down as well (Hakon Bugge) [Orabug: 30271704]
- rds: ib: Avoid connect retry on loopback connections (Hakon Bugge) [Orabug: 30271704]
- rds: ib: Qualify CM REQ duplicate detection with connection being up (Hakon Bugge) [Orabug: 30062150]
- rds: Further prioritize local loop-back connections (Hakon Bugge) [Orabug: 30062150]
- rds: Fix initial zero delay when queuing re-connect work (Hakon Bugge) [Orabug: 30062150]
- rds: Re-introduce separate work-queue for local connections (Hakon Bugge) [Orabug: 30062150]
- rds: Re-factor and avoid superfluous queuing of shutdown work (Hakon Bugge) [Orabug: 29994551]
- rds: ib: Flush ARP cache when connection attempt is rejected (Hakon Bugge) [Orabug: 29994550]
- rds: ib: Fix incorrect setting of cp_reconnect_racing (Hakon Bugge) [Orabug: 29994553]
- RDMA/cma: Make # CM retries configurable (Hakon Bugge) [Orabug: 29994555]
- rds: Re-factor and avoid superfluous queuing of reconnect work (Hakon Bugge) [Orabug: 29994558]
- rds: ib: Correct the cm_id compare commit (Hakon Bugge) [Orabug: 29994560]
- rds: Increase entropy in hashing (Hakon Bugge) [Orabug: 29994561]
- rds: ib: Resurrect the CQs instead of delete+create (Hakon Bugge) [Orabug: 29994566]
- rds: Avoid queuing superfluous send and recv work (Hakon Bugge) [Orabug: 29994564]
[4.1.12-124.33.2]
- x86/tsx: Add config options to set tsx=on|off|auto (Michal Hocko) [Orabug: 30517133] {CVE-2019-11135}
- x86/speculation/taa: Add documentation for TSX Async Abort (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135}
- x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135}
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135}
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135}
- x86/speculation/taa: Add mitigation for TSX Async Abort (Kanth Ghatraju) [Orabug: 30517133] {CVE-2019-11135}
- x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135}
- x86/cpu: Add a helper function x86_read_arch_cap_msr() (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135}
- x86/msr: Add the IA32_TSX_CTRL MSR (Pawan Gupta) [Orabug: 30517133] {CVE-2019-11135}
- kvm: x86: mmu: Recovery of shattered NX large pages (Junaid Shahid) [Orabug: 30517059] {CVE-2018-12207}
- kvm: Add helper function for creating VM worker threads (Junaid Shahid) [Orabug: 30517059] {CVE-2018-12207}
- kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [Orabug: 30517059] {CVE-2018-12207}
- kvm: x86: Do not release the page inside mmu_set_spte() (Junaid Shahid) [Orabug: 30517059] {CVE-2018-12207}
- x86/cpu: Add Tremont to the cpu vulnerability whitelist (Pawan Gupta) [Orabug: 30517059] {CVE-2018-12207}
- x86: Add ITLB_MULTIHIT bug infrastructure (Pawan Gupta) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: MMU: Move mapping_level_dirty_bitmap() call in mapping_level() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
- Revert 'KVM: x86: use the fast way to invalidate all pages' (Sean Christopherson) [Orabug: 30517059] {CVE-2018-12207}
- kvm: Convert kvm_lock to a mutex (Junaid Shahid) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: MMU: Simplify force_pt_level calculation code in FNAME(page_fault)() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: MMU: Make force_pt_level bool (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: MMU: Remove unused parameter parent_pte from kvm_mmu_get_page() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: extend usage of RET_MMIO_PF_* constants (Paolo Bonzini) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: MMU: Make mmu_set_spte() return emulate value (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: MMU: Move parent_pte handling from kvm_mmu_get_page() to link_shadow_page() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
- KVM: x86: MMU: Move initialization of parent_ptes out from kvm_mmu_alloc_page() (Takuya Yoshikawa) [Orabug: 30517059] {CVE-2018-12207}
[4.1.12-124.33.1]
- scsi: qla2xxx: Fix NULL pointer crash due to probe failure (himanshu.madhani@cavium.com) [Orabug: 30161119]
- i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (Jeremy Compostella) [Orabug: 30210503] {CVE-2017-18551}
- scsi: qla2xxx: Ability to process multiple SGEs in Command SGL for CT passthrough commands. (Giridhar Malavali) [Orabug: 30256423]
- net-sysfs: Fix mem leak in netdev_register_kobject (YueHaibing) [Orabug: 30350263] {CVE-2019-15916}
- Drivers: hv: vmbus: add special crash handler (Vitaly Kuznetsov) [Orabug: 30374399]
- ID
- ELSA-2019-4850
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2019-4850.html
- Published
-
2019-11-20T00:00:00
(4 years ago) - Modified
-
2019-11-20T00:00:00
(4 years ago) - Rights
- Copyright 2019 Oracle, Inc.
- Other Advisories
-
- ALAS-2019-1222
- ALAS-2019-1293
- ALAS-2019-1318
- ALAS-2019-1322
- ALAS2-2019-1222
- ALAS2-2019-1293
- ALAS2-2019-1364
- ALAS2-2019-1366
- ALPINE:CVE-2018-12207
- ALPINE:CVE-2019-11135
- ALSA-2020:0279
- ASA-201906-12
- ASA-201906-13
- ASA-201906-14
- ASA-201906-15
- ASA-201911-14
- DSA-4465-1
- DSA-4495-1
- DSA-4497-1
- DSA-4531-1
- DSA-4564-1
- DSA-4565-1
- DSA-4602-1
- ELSA-2019-1479
- ELSA-2019-1481
- ELSA-2019-1488
- ELSA-2019-2827
- ELSA-2019-2829
- ELSA-2019-2863
- ELSA-2019-3517
- ELSA-2019-3832
- ELSA-2019-3834
- ELSA-2019-3836
- ELSA-2019-4684
- ELSA-2019-4685
- ELSA-2019-4686
- ELSA-2019-4689
- ELSA-2019-4789
- ELSA-2019-4820
- ELSA-2019-4836
- ELSA-2019-4837
- ELSA-2019-4838
- ELSA-2019-4839
- ELSA-2019-4854
- ELSA-2019-4855
- ELSA-2019-4867
- ELSA-2019-4868
- ELSA-2019-4871
- ELSA-2019-4872
- ELSA-2019-4878
- ELSA-2020-0279
- ELSA-2020-0366
- ELSA-2020-0790
- ELSA-2020-1016
- ELSA-2020-1769
- ELSA-2020-4060
- ELSA-2020-5532
- FEDORA-2019-021c968423
- FEDORA-2019-057d691fd4
- FEDORA-2019-124a241044
- FEDORA-2019-15e141c6a7
- FEDORA-2019-1689d3fe07
- FEDORA-2019-2e12bd3a9a
- FEDORA-2019-34a75d7e61
- FEDORA-2019-376ec5c107
- FEDORA-2019-39e97683e8
- FEDORA-2019-3d7105bd2a
- FEDORA-2019-41e28660ae
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-6817686c4d
- FEDORA-2019-68d7f68507
- FEDORA-2019-69c132b061
- FEDORA-2019-6aad703290
- FEDORA-2019-6bda4c81f4
- FEDORA-2019-6c3d89b3d0
- FEDORA-2019-7a3fc17778
- FEDORA-2019-7aecfe1c4b
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-914542e05c
- FEDORA-2019-91f6e7bb71
- FEDORA-2019-97380355ae
- FEDORA-2019-9d3fe6fd5b
- FEDORA-2019-a570a92d5a
- FEDORA-2019-a95015e60f
- FEDORA-2019-b1de72b00b
- FEDORA-2019-b737d03b83
- FEDORA-2019-b86a7bdba0
- FEDORA-2019-cbb732f760
- FEDORA-2019-e3010166bd
- FEDORA-2019-e37c348348
- FEDORA-2020-203ffedeb5
- FEDORA-2020-227a4c0530
- FEDORA-2020-2a5cdd665c
- FEDORA-2020-2d9a75fadb
- FEDORA-2020-3cd64d683c
- FEDORA-2020-8490989850
- FEDORA-2020-c2d89d14d0
- FEDORA-2020-e328697628
- FEDORA-2020-f884f9dd7d
- FEDORA-2020-fe00e12580
- FREEBSD:EDC0BF7E-05A1-11EA-9DFA-F8B156AC3FF9
- FREEBSD:FBE10A8A-05A1-11EA-9DFA-F8B156AC3FF9
- GLSA-202003-56
- MS:CVE-2018-12207
- MS:CVE-2019-11135
- openSUSE-SU-2019:1571-1
- openSUSE-SU-2019:1579-1
- openSUSE-SU-2019:1923-1
- openSUSE-SU-2019:1924-1
- openSUSE-SU-2019:2173-1
- openSUSE-SU-2019:2181-1
- openSUSE-SU-2019:2444-1
- openSUSE-SU-2019:2503-1
- openSUSE-SU-2019:2504-1
- openSUSE-SU-2019:2505-1
- openSUSE-SU-2019:2506-1
- openSUSE-SU-2019:2507-1
- openSUSE-SU-2019:2509-1
- openSUSE-SU-2019:2510-1
- openSUSE-SU-2019:2527-1
- openSUSE-SU-2019:2528-1
- openSUSE-SU-2019:2675-1
- openSUSE-SU-2019:2710-1
- openSUSE-SU-2020:0336-1
- RHSA-2019:1479
- RHSA-2019:1480
- RHSA-2019:1481
- RHSA-2019:1486
- RHSA-2019:1488
- RHSA-2019:2827
- RHSA-2019:2828
- RHSA-2019:2829
- RHSA-2019:2830
- RHSA-2019:2854
- RHSA-2019:2863
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2019:3832
- RHSA-2019:3833
- RHSA-2019:3834
- RHSA-2019:3835
- RHSA-2019:3836
- RHSA-2019:3936
- RHSA-2020:0028
- RHSA-2020:0279
- RHSA-2020:0366
- RHSA-2020:0790
- RHSA-2020:1016
- RHSA-2020:1070
- RHSA-2020:1567
- RHSA-2020:1769
- RHSA-2020:4060
- RHSA-2020:4062
- RLSA-2020:0279
- SSA:2019-169-01
- SSA:2019-226-01
- SSA:2019-311-01
- SSA:2019-320-01
- SSA:2020-086-01
- SUSE-SU-2017:3210-1
- SUSE-SU-2017:3249-1
- SUSE-SU-2017:3265-1
- SUSE-SU-2018:0040-1
- SUSE-SU-2018:0180-1
- SUSE-SU-2019:1527-1
- SUSE-SU-2019:1529-1
- SUSE-SU-2019:1530-1
- SUSE-SU-2019:1532-1
- SUSE-SU-2019:1533-1
- SUSE-SU-2019:1534-1
- SUSE-SU-2019:1535-1
- SUSE-SU-2019:1550-1
- SUSE-SU-2019:1581-1
- SUSE-SU-2019:1588-1
- SUSE-SU-2019:1668-1
- SUSE-SU-2019:1671-1
- SUSE-SU-2019:1674-1
- SUSE-SU-2019:1692-1
- SUSE-SU-2019:1851-1
- SUSE-SU-2019:1855-1
- SUSE-SU-2019:1882-1
- SUSE-SU-2019:1888-1
- SUSE-SU-2019:1889-1
- SUSE-SU-2019:1924-1
- SUSE-SU-2019:1935-1
- SUSE-SU-2019:1948-1
- SUSE-SU-2019:2068-1
- SUSE-SU-2019:2069-1
- SUSE-SU-2019:2070-1
- SUSE-SU-2019:2071-1
- SUSE-SU-2019:2072-1
- SUSE-SU-2019:2073-1
- SUSE-SU-2019:2262-1
- SUSE-SU-2019:2263-1
- SUSE-SU-2019:2299-1
- SUSE-SU-2019:2412-1
- SUSE-SU-2019:2414-1
- SUSE-SU-2019:2424-1
- SUSE-SU-2019:2430-1
- SUSE-SU-2019:2450-1
- SUSE-SU-2019:2572-1
- SUSE-SU-2019:2600-1
- SUSE-SU-2019:2601-1
- SUSE-SU-2019:2613-1
- SUSE-SU-2019:2648-1
- SUSE-SU-2019:2651-1
- SUSE-SU-2019:2658-1
- SUSE-SU-2019:2738-1
- SUSE-SU-2019:2756-1
- SUSE-SU-2019:2821-1
- SUSE-SU-2019:2864-1
- SUSE-SU-2019:2946-1
- SUSE-SU-2019:2947-1
- SUSE-SU-2019:2948-1
- SUSE-SU-2019:2949-1
- SUSE-SU-2019:2950-1
- SUSE-SU-2019:2951-1
- SUSE-SU-2019:2952-1
- SUSE-SU-2019:2953-1
- SUSE-SU-2019:2954-1
- SUSE-SU-2019:2955-1
- SUSE-SU-2019:2956-1
- SUSE-SU-2019:2957-1
- SUSE-SU-2019:2958-1
- SUSE-SU-2019:2959-1
- SUSE-SU-2019:2960-1
- SUSE-SU-2019:2961-1
- SUSE-SU-2019:2962-1
- SUSE-SU-2019:2984-1
- SUSE-SU-2019:2986-1
- SUSE-SU-2019:2987-1
- SUSE-SU-2019:2988-1
- SUSE-SU-2019:3091-1
- SUSE-SU-2019:3200-1
- SUSE-SU-2019:3289-1
- SUSE-SU-2019:3294-1
- SUSE-SU-2019:3295-1
- SUSE-SU-2019:3297-1
- SUSE-SU-2019:3316-1
- SUSE-SU-2019:3317-1
- SUSE-SU-2019:3340-1
- SUSE-SU-2019:3348-1
- SUSE-SU-2019:3371-1
- SUSE-SU-2019:3372-1
- SUSE-SU-2019:3379-1
- SUSE-SU-2019:3381-1
- SUSE-SU-2019:3389-1
- SUSE-SU-2020:0093-1
- SUSE-SU-2020:0183-1
- SUSE-SU-2020:0334-1
- SUSE-SU-2020:0388-1
- SUSE-SU-2020:0511-1
- SUSE-SU-2020:0558-1
- SUSE-SU-2020:0559-1
- SUSE-SU-2020:0560-1
- SUSE-SU-2020:0580-1
- SUSE-SU-2020:0584-1
- SUSE-SU-2020:0599-1
- SUSE-SU-2020:0605-1
- SUSE-SU-2020:0613-1
- SUSE-SU-2020:1255-1
- SUSE-SU-2020:1663-1
- USN-3583-1
- USN-3583-2
- USN-4017-1
- USN-4017-2
- USN-4114-1
- USN-4115-1
- USN-4116-1
- USN-4117-1
- USN-4118-1
- USN-4135-1
- USN-4135-2
- USN-4145-1
- USN-4147-1
- USN-4182-1
- USN-4182-2
- USN-4183-1
- USN-4184-1
- USN-4185-1
- USN-4185-2
- USN-4186-1
- USN-4186-2
- USN-4187-1
- USN-4188-1
- USN-4286-1
- USN-4286-2
- USN-4302-1
- VMSA-2019-0010.3
- VMSA-2019-0020
- VU:905115
- XSA-304
- XSA-305
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 4.1.12-124.33.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6 | oraclelinux | kernel-uek | < 4.1.12-124.33.4.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-7 | oraclelinux | kernel-uek-firmware | < 4.1.12-124.33.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6 | oraclelinux | kernel-uek-firmware | < 4.1.12-124.33.4.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 4.1.12-124.33.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6 | oraclelinux | kernel-uek-doc | < 4.1.12-124.33.4.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 4.1.12-124.33.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6 | oraclelinux | kernel-uek-devel | < 4.1.12-124.33.4.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 4.1.12-124.33.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6 | oraclelinux | kernel-uek-debug | < 4.1.12-124.33.4.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 4.1.12-124.33.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6 | oraclelinux | kernel-uek-debug-devel | < 4.1.12-124.33.4.el6uek | oraclelinux-6 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |