[ELSA-2020-0834] kernel security, bug fix, and enhancement update
[3.10.0-1062.18.1.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
[3.10.0-1062.18.1]
- [x86] x86/boot/64: Round memory hole size up to next PMD page (Frank Ramsay) [1798163 1773762]
- [x86] x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (Frank Ramsay) [1798163 1773762]
- [fs] gfs2: Use d_materialise_unique instead of d_splice_alias (2) (Andreas Grunbacher) [1796431 1784550]
- [fs] gfs2: gfs2_create_inode(): don't bother with d_splice_alias() (Andreas Grunbacher) [1796431 1784550]
- [fs] gfs2: bugger off early if O_CREAT open finds a directory (Andreas Grunbacher) [1796431 1784550]
- [scsi] scsi: hpsa: remove printing internal cdb on tag collision (Joseph Szczypek) [1793579 1741355]
- [scsi] scsi: hpsa: correct scsi command status issue after reset (Joseph Szczypek) [1793579 1741355]
- [infiniband] IB/mlx5: Fix MR registration flow to use UMR properly (Alaa Hleihel) [1792371 1741343]
- [scsi] qedf: Initialize rport while creation of vport (Nilesh Javali) [1791825 1760746]
- [scsi] scsi: hpsa: add missing hunks in reset-patch (Joseph Szczypek) [1791782 1761978]
- [block] block: don't change REQ_NR_BITS (Ming Lei) [1791781 1779712]
- [scsi] scsi: qla2xxx: Fix panic in qla_dfs_tgt_counters_show (Himanshu Madhani) [1791595 1729270]
- [drm] drm/radeon: fix si_enable_smc_cac() failed issue (Dave Airlie) [1789744 1780026]
- [scsi] scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Nilesh Javali) [1784824 1772966]
- [md] md/raid10: prevent access of uninitialized resync_pages offset (Nigel Croxon) [1781584 1767935]
- [fs] fix inode leaks on d_splice_alias() failure exits (Miklos Szeredi) [1781159 1749390]
- [fs] cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (David Howells) [1780149 1765975]
- [mm] mm: swap: clean up swap readahead (Rafael Aquini) [1780035 1725396]
- [mm] mm: do_swap_page: clean up parameter list passing a pointer to struct vm_fault (Rafael Aquini) [1780035 1725396]
- [mm] mm: __handle_mm_fault: introduce explicit barrier after orig_pte dereference (Rafael Aquini) [1780035 1725396]
- [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [1779766 1779768]
- [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm: x86: Mark expected switch fall-throughs (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo Bonzini) [1779766 1779768] {CVE-2019-19338}
- [s390] scsi: zfcp: fix reaction on bit error threshold notification (Philipp Rudo) [1778691 1765123]
- [net] ipv6: Rewind hlist offset on interrupted /proc/net/if_inet6 read (Stefano Brivio) [1778084 1753480]
- [net] revert '[net] ipv6: Display all addresses in output of /proc/net/if_inet6' (Stefano Brivio) [1778084 1753480]
- [wireless] rtlwifi: Fix potential overflow on P2P code (Josef Oskera) [1775235 1775236] {CVE-2019-17666}
- [md] md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (Xiao Ni) [1773482 1752061]
- [fs] fscache: Don't use a constructor function on the slab allocator (David Howells) [1793086 1739996]
- [mm] mm: fix insert_pfn regression (Jeff Moyer) [1793088 1739889]
- [mm] mm/page_idle.c: fix oops because end_pfn is larger than max_pfn (Rafael Aquini) [1768386 1730471]
- [mm] mm/mlock.c: mlockall error for flag MCL_ONFAULT (Rafael Aquini) [1768386 1730471]
- [mm] hugetlb: use same fault hash key for shared and private mappings (Rafael Aquini) [1768386 1730471]
- [mm] hugetlbfs: on restore reserve error path retain subpool reservation (Rafael Aquini) [1768386 1730471]
- [mm] mm/memory.c: fix modifying of page protection by insert_pfn() (Rafael Aquini) [1768386 1730471]
- [mm] mm, swap: bounds check swap_info array accesses to avoid NULL derefs (Rafael Aquini) [1768386 1730471]
- [mm] mm/slub.c: remove an unused addr argument (Rafael Aquini) [1768386 1730471]
- [mm] hugetlbfs: fix races and page leaks during migration (Rafael Aquini) [1768386 1730471]
- [mm] mm, oom: fix use-after-free in oom_kill_process (Rafael Aquini) [1768386 1730471]
- [mm] percpu: convert spin_lock_irq to spin_lock_irqsave (Rafael Aquini) [1768386 1730471]
- [mm] mm/swapfile.c: use kvzalloc for swap_info_struct allocation (Rafael Aquini) [1768386 1730471]
- [mm] hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:444! (Rafael Aquini) [1768386 1730471]
- [mm] mm: Fix warning in insert_pfn() (Rafael Aquini) [1768386 1730471]
- [mm] hugetlbfs: dirty pages as they are added to pagecache (Rafael Aquini) [1768386 1730471]
- [mm] mm/swapfile.c: fix swap_count comment about nonexistent SWAP_HAS_CONT (Rafael Aquini) [1768386 1730471]
- [mm] slab: __GFP_ZERO is incompatible with a constructor (Rafael Aquini) [1768386 1730471]
- [mm] mm: fix the NULL mapping case in __isolate_lru_page() (Rafael Aquini) [1768386 1730471]
- [mm] mm/filemap.c: fix NULL pointer in page_cache_tree_insert() (Rafael Aquini) [1768386 1730471]
- [fs] block_invalidatepage(): only release page if the full page was invalidated (Rafael Aquini) [1768386 1730471]
- [mm] mm/mempolicy.c: avoid use uninitialized preferred_node (Rafael Aquini) [1768386 1730471]
- [mm] mm: pin address_space before dereferencing it while isolating an LRU page (Rafael Aquini) [1768386 1730471]
- [fs] fs/hugetlbfs/inode.c: change put_page/unlock_page order in hugetlbfs_fallocate() (Rafael Aquini) [1768386 1730471]
- [mm] mm: do not rely on preempt_count in print_vma_addr (Rafael Aquini) [1768386 1730471]
- [mm] mm, swap: fix race between swap count continuation operations (Rafael Aquini) [1768386 1730471]
- [mm] mm: meminit: mark init_reserved_page as __meminit (Rafael Aquini) [1768386 1730471]
- [mm] mm/vmstat.c: fix wrong comment (Rafael Aquini) [1768386 1730471]
- [mm] mm, hugetlb: do not allocate non-migrateable gigantic pages from movable zones (Rafael Aquini) [1768386 1730471]
- [mm] mm: always flush VMA ranges affected by zap_page_range (Rafael Aquini) [1768386 1730471]
- [mm] mm/mremap: fail map duplication attempts for private mappings (Rafael Aquini) [1768386 1730471]
- [mm] mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (Rafael Aquini) [1768386 1730471]
- [mm] mm: numa: avoid waiting on freed migrated pages (Rafael Aquini) [1768386 1730471]
- [mm] mm/memory-failure.c: use compound_head() flags for huge pages (Rafael Aquini) [1768386 1730471]
- [fs] fs/block_dev: always invalidate cleancache in invalidate_bdev() (Rafael Aquini) [1768386 1730471]
- [mm] percpu: remove unused chunk_alloc parameter from pcpu_get_pages() (Rafael Aquini) [1768386 1730471]
- [mm] percpu: acquire pcpu_lock when updating pcpu_nr_empty_pop_pages (Rafael Aquini) [1768386 1730471]
- [mm] mm: do not access page->mapping directly on page_endio (Rafael Aquini) [1768386 1730471]
- [mm] mm/page_alloc: fix nodes for reclaim in fast path (Rafael Aquini) [1768386 1730471]
- [mm] mm: alloc_contig_range: allow to specify GFP mask (Rafael Aquini) [1768386 1730471]
- [mm] mm: vmscan: scan dirty pages even in laptop mode (Rafael Aquini) [1768386 1730471]
- [mm] mm/mempolicy.c: do not put mempolicy before using its nodemask (Rafael Aquini) [1768386 1730471]
- [mm] mm: fix set pageblock migratetype in deferred struct page init (Rafael Aquini) [1768386 1730471]
- [mm] mm: delete unnecessary and unsafe init_tlb_ubc() (Rafael Aquini) [1768386 1730471]
- [kernel] mm, mempolicy: task->mempolicy must be NULL before dropping final reference (Rafael Aquini) [1768386 1730471]
- [mm] mm: use phys_addr_t for reserve_bootmem_region() arguments (Rafael Aquini) [1768386 1730471]
- [mm] mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (Rafael Aquini) [1768386 1730471]
- [mm] mm: soft-offline: check return value in second __get_any_page() call (Rafael Aquini) [1768386 1730471]
- [include] include/linux/memblock.h: fix ordering of 'flags' argument in comments (Rafael Aquini) [1768386 1730471]
- [mm] rmap: fix theoretical race between do_wp_page and shrink_active_list (Rafael Aquini) [1768386 1730471]
- [mm] mm/mremap.c: clean up goto just return ERR_PTR (Rafael Aquini) [1768386 1730471]
- [mm] mremap should return -ENOMEM when vm_enough_memory fail (Rafael Aquini) [1768386 1730471]
- [mm] writeback: fix possible underflow in write bandwidth calculation (Rafael Aquini) [1768386 1730471]
- [mm] writeback: add missing INITIAL_JIFFIES init in global_update_bandwidth() (Rafael Aquini) [1768386 1730471]
- [mm] mm/memory.c: actually remap enough memory (Rafael Aquini) [1768386 1730471]
- [mm] mm/compaction: fix wrong order check in compact_finished() (Rafael Aquini) [1768386 1730471]
- [mm] mm, vmscan: prevent kswapd livelock due to pfmemalloc-throttled process being killed (Rafael Aquini) [1768386 1730471]
- [mm] mm: fix anon_vma_clone() error treatment (Rafael Aquini) [1768386 1730471]
- [mm] mm, thp: fix collapsing of hugepages on madvise (Rafael Aquini) [1768386 1730471]
- [mm] cgroup/kmemleak: add kmemleak_free() for cgroup deallocations (Rafael Aquini) [1768386 1730471]
- [mm] OOM, PM: OOM killed task shouldn't escape PM suspend (Rafael Aquini) [1768386 1730471]
- [mm] mm, compaction: pass gfp mask to compact_control (Rafael Aquini) [1768386 1730471]
- [mm] mm: page_alloc: abort fair zone allocation policy when remotes nodes are encountered (Rafael Aquini) [1768386 1730471]
- [mm] mm: vmscan: only update per-cpu thresholds for online CPU (Rafael Aquini) [1768386 1730471]
- [mm] mm, thp: replace smp_mb after atomic_add by smp_mbafter_atomic (Rafael Aquini) [1768386 1730471]
- [mm] mm, thp: move invariant bug check out of loop in __split_huge_page_map (Rafael Aquini) [1768386 1730471]
- [mm] thp: consolidate assert checks in __split_huge_page() (Rafael Aquini) [1768386 1730471]
- [mm] mm: fix sleeping function warning from __put_anon_vma (Rafael Aquini) [1768386 1730471]
- [mm] mm: cleanup add_to_page_cache_locked() (Rafael Aquini) [1768386 1730471]
- [mm] mm: mempolicy: turn vma_set_policy() into vma_dup_policy() (Rafael Aquini) [1768386 1730471]
- [powerpc] powerpc/pseries: correctly track irq state in default idle (Steve Best) [1767620 1751970]
- [mm] mm: prevent get_user_pages() from overflowing page refcount (Aristeu Rozanski) [1705004 1705005] {CVE-2019-11487}
- [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors (Aristeu Rozanski) [1705004 1705005] {CVE-2019-11487}
[3.10.0-1062.17.1]
- [kvm] kvm: x86: always expose VIRT_SSBD to guests (Eduardo Habkost) [1797511 1744281]
- [kvm] kvm: x86: fix reporting of AMD speculation bug CPUID leaf (Eduardo Habkost) [1797511 1744281]
[3.10.0-1062.16.1]
- [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1796798 1794812]
- [kernel] sched: Fix schedule_tail() to disable preemption (Phil Auld) [1796261 1771094]
[3.10.0-1062.15.1]
- [tools] perf top: Fix global-buffer-overflow issue (Michael Petlan) [1793581 1757325]
- [tools] perf top: Always sample time to satisfy needs of use of ordered queuing (Michael Petlan) [1793581 1757325]
[3.10.0-1062.14.1]
- [s390] jump_label: replace stop_machine with smp_call_function (Hendrik Brueckner) [1787559 1720387]
- [s390] kernel: avoid cpu yield in SMT environment (Philipp Rudo) [1787558 1777876]
- [x86] mm: serialize against gup_fast in pmdp_splitting_flush() (Vitaly Kuznetsov) [1783177 1674266]
[3.10.0-1062.13.1]
- [scsi] libiscsi: fall back to sendmsg for slab pages (Oleksandr Natalenko) [1784826 1720506]
- ID
- ELSA-2020-0834
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-0834.html
- Published
-
2020-03-18T00:00:00
(4 years ago) - Modified
-
2020-03-18T00:00:00
(4 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
- ASA-201911-10
- ASA-201911-11
- ASA-201911-12
- ASA-201911-9
- ELSA-2019-2703
- ELSA-2020-0339
- ELSA-2020-1524
- ELSA-2020-4182
- ELSA-2020-5533
- ELSA-2020-5535
- ELSA-2020-5845
- ELSA-2020-5866
- FEDORA-2019-021c968423
- FEDORA-2019-124a241044
- FEDORA-2019-1689d3fe07
- FEDORA-2019-6a67ff8793
- FEDORA-2019-7a3fc17778
- FEDORA-2019-8846a1a5a2
- FEDORA-2020-2a5cdd665c
- FEDORA-2020-c2d89d14d0
- FEDORA-2020-fe00e12580
- MS:CVE-2019-19338
- openSUSE-SU-2019:1571-1
- openSUSE-SU-2019:1579-1
- openSUSE-SU-2019:2392-1
- openSUSE-SU-2019:2444-1
- openSUSE-SU-2020:0336-1
- RHSA-2019:2703
- RHSA-2019:2741
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0834
- RHSA-2020:0839
- RHSA-2020:1524
- RHSA-2020:4182
- SSA:2020-008-01
- SSA:2020-086-01
- SUSE-SU-2019:1529-1
- SUSE-SU-2019:1530-1
- SUSE-SU-2019:1535-1
- SUSE-SU-2019:1536-1
- SUSE-SU-2019:1550-1
- SUSE-SU-2019:1581-1
- SUSE-SU-2019:1588-1
- SUSE-SU-2019:1668-1
- SUSE-SU-2019:1671-1
- SUSE-SU-2019:1674-1
- SUSE-SU-2019:1767-1
- SUSE-SU-2019:1768-1
- SUSE-SU-2019:1823-1
- SUSE-SU-2019:1823-2
- SUSE-SU-2019:1852-1
- SUSE-SU-2019:1870-1
- SUSE-SU-2019:2430-1
- SUSE-SU-2019:2821-1
- SUSE-SU-2019:2879-1
- SUSE-SU-2019:2946-1
- SUSE-SU-2019:2947-1
- SUSE-SU-2019:2949-1
- SUSE-SU-2019:2951-1
- SUSE-SU-2019:2952-1
- SUSE-SU-2019:2953-1
- SUSE-SU-2019:2984-1
- SUSE-SU-2019:3200-1
- SUSE-SU-2019:3294-1
- SUSE-SU-2019:3295-1
- SUSE-SU-2019:3316-1
- SUSE-SU-2019:3379-1
- SUSE-SU-2019:3381-1
- SUSE-SU-2019:3389-1
- SUSE-SU-2020:0093-1
- SUSE-SU-2020:0511-1
- SUSE-SU-2020:0560-1
- SUSE-SU-2020:0584-1
- SUSE-SU-2020:0599-1
- SUSE-SU-2020:0613-1
- USN-4069-1
- USN-4069-2
- USN-4115-1
- USN-4118-1
- USN-4145-1
- USN-4183-1
- USN-4184-1
- USN-4185-1
- USN-4186-1
- USN-4186-2
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2020-0834 | https://linux.oracle.com/errata/ELSA-2020-0834.html | |
CVE | CVE-2019-17666 | https://linux.oracle.com/cve/CVE-2019-17666.html | |
CVE | CVE-2019-19338 | https://linux.oracle.com/cve/CVE-2019-19338.html | |
CVE | CVE-2019-11487 | https://linux.oracle.com/cve/CVE-2019-11487.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 3.10.0-1062.18.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 3.10.0-1062.18.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | oraclelinux | kernel | < 3.10.0-1062.18.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | oraclelinux | kernel-tools | < 3.10.0-1062.18.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs | < 3.10.0-1062.18.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs-devel | < 3.10.0-1062.18.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | oraclelinux | kernel-headers | < 3.10.0-1062.18.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | oraclelinux | kernel-doc | < 3.10.0-1062.18.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | oraclelinux | kernel-devel | < 3.10.0-1062.18.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | oraclelinux | kernel-debug | < 3.10.0-1062.18.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-debug-devel | < 3.10.0-1062.18.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | oraclelinux | kernel-abi-whitelists | < 3.10.0-1062.18.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-7 | oraclelinux | bpftool | < 3.10.0-1062.18.1.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |