[ELSA-2020-3010] kernel security, bug fix, and enhancement update
[4.18.0-193.13.2_2.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
[4.18.0-193.13.2_2]
- Rebuild to get kernel image properly signed (Bruno Meneguele)
[4.18.0-193.13.1_2]
- [x86] x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (Lenny Szubowicz) [1846180 1824005]
[4.18.0-193.12.1_2]
- [net] openvswitch: simplify the ovs_dp_cmd_new (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: fix possible memleak on destroy flow-table (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: add likely in flow_lookup (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: simplify the flow_hash (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: optimize flow-mask looking up (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: optimize flow mask cache hash collision (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: shrink the mask array if necessary (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: convert mask list in mask array (Eelco Chaudron) [1851235 1819202]
- [net] openvswitch: add flow-mask cache for performance (Eelco Chaudron) [1851235 1819202]
- [net] netfilter: nf_tables: use-after-free in dynamic operations (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: add missing ->release_ops() in error path of newrule() (Phil Sutter) [1845164 1757933]
- [net] netfilter: nft_compat: use .release_ops and remove list of extension (Phil Sutter) [1845164 1757933]
- [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
- [pci] PCI: pciehp: Fix MSI interrupt race (Myron Stowe) [1852045 1779610]
- [kernel] smp: Allow smp_call_function_single_async() to insert locked csd (Peter Xu) [1851406 1830014]
- [x86] kvm: Clean up host's steal time structure (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
- [x86] kvm: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
- [virt] x86/kvm: Cache gfn to pfn translation (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
- [virt] x86/kvm: Introduce kvm_(un)map_gfn() (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
- [x86] kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
[4.18.0-193.11.1_2]
- [net] netfilter: conntrack: fix infinite loop on rmmod (Florian Westphal) [1851005 1832381]
- [net] netfilter: conntrack: allow insertion of clashing entries (Florian Westphal) [1851003 1821404]
- [net] netfilter: conntrack: split resolve_clash function (Florian Westphal) [1851003 1821404]
- [net] netfilter: conntrack: place confirm-bit setting in a helper (Florian Westphal) [1851003 1821404]
- [net] netfilter: never get/set skb->tstamp (Florian Westphal) [1851003 1821404]
- [net] netfilter: conntrack: remove two args from resolve_clash (Florian Westphal) [1851003 1821404]
- [net] netfilter: conntrack: tell compiler to not inline nf_ct_resolve_clash (Florian Westphal) [1851003 1821404]
- [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843440 1843441] {CVE-2020-10757}
- [x86] x86/vector: Remove warning on managed interrupt migration (Peter Xu) [1848545 1812331]
- [s390] s390/cio: fix virtio-ccw DMA without PV (Philipp Rudo) [1842620 1814787]
[4.18.0-193.10.1_2]
- [misc] dma-mapping: zero memory returned from dma_alloc_* (Philipp Rudo) [1847453 1788928]
- [nvme] nvme-multipath: fix crash in nvme_mpath_clear_ctrl_paths (Gopal Tiwari) [1846405 1781927]
- [net] netfilter: nf_tables: fix infinite loop when expr is not available (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: autoload modules from the abort path (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: remove WARN and add NLA_STRING upper limits (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: store transaction list locally while requesting module (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: use-after-free in failing rule with bound set (Phil Sutter) [1845164 1757933]
- [net] netfilter: nft_meta: skip EAGAIN if nft_meta_bridge is not a module (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: force module load in case select_ops() returns -EAGAIN (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: add nft_expr_type_request_module() (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: bogus EBUSY in helper removal from transaction (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: fix set double-free in abort path (Phil Sutter) [1845164 1757933]
- [net] netfilter: nft_compat: don't use refcount_inc on newly allocated entry (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: unbind set in rule from commit path (Phil Sutter) [1845164 1757933]
- [net] netfilter: nft_compat: destroy function must not have side effects (Phil Sutter) [1845164 1757933]
- [net] netfilter: nft_compat: make lists per netns (Phil Sutter) [1845164 1757933]
- [net] netfilter: nft_compat: use refcnt_t type for nft_xt reference count (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: fix suspicious RCU usage in nft_chain_stats_replace() (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: asynchronous release (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: split set destruction in deactivate and destroy phase (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: flow event notifier must use transaction mutex (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: use dedicated mutex to guard transactions (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: avoid global info storage (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: take module reference when starting a batch (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: make valid_genid callback mandatory (Phil Sutter) [1845164 1757933]
- [net] netfilter: nf_tables: add and use helper for module autoload (Phil Sutter) [1845164 1757933]
- [net] netfilter: nat: never update the UDP checksum when it's 0 (Guillaume Nault) [1847128 1794714]
- [x86] x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches (Waiman Long) [1847395 1847396] {CVE-2020-10768}
- [x86] x86/speculation: Prevent rogue cross-process SSBD shutdown (Waiman Long) [1847357 1847358] {CVE-2020-10766}
- [x86] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS (Waiman Long) [1847378 1847379] {CVE-2020-10767}
- [x86] x86/speculation: Add support for STIBP always-on preferred mode (Waiman Long) [1847378 1847379] {CVE-2020-10767}
- [x86] x86/speculation: Change misspelled STIPB to STIBP (Waiman Long) [1847378 1847379] {CVE-2020-10767}
- [powerpc] powerpc/pseries/ddw: Extend upper limit for huge DMA window for persistent memory (Steve Best) [1842406 1817596]
[4.18.0-193.9.1_2]
- [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844073 1844031] {CVE-2020-12654}
- [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844049 1844039] {CVE-2020-12653}
- [netdrv] net/mlx5: FPGA, support network cards with standalone FPGA (Alaa Hleihel) [1843544 1789380]
- [mm] hugetlbfs: don't retry when pool page allocations start to fail (Rafael Aquini) [1835789 1727288]
- [mm] mm, compaction: raise compaction priority after it withdrawns (Rafael Aquini) [1835789 1727288]
- [mm] mm, reclaim: cleanup should_continue_reclaim() (Rafael Aquini) [1835789 1727288]
- [mm] mm, reclaim: make should_continue_reclaim perform dryrun detection (Rafael Aquini) [1835789 1727288]
- [kernel] exit: panic before exit_mm() on global init exit (Oleg Nesterov) [1821378 1808944]
- [documentation] x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}
- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}
- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}
- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}
- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}
[4.18.0-193.8.1_2]
- [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
- [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
- [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
- [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
- [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
- [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
[4.18.0-193.7.1_2]
- [sound] ALSA: timer: Fix incorrectly assigned timer instance (Jaroslav Kysela) [1821714 1798468] {CVE-2019-19807}
- [netdrv] ibmvnic: Do not process device remove during device reset (Steve Best) [1836229 1813223]
- [net] ipv4: really enforce backoff for redirects (Paolo Abeni) [1836302 1834184]
- ID
- ELSA-2020-3010
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-3010.html
- Published
-
2020-07-24T00:00:00
(4 years ago) - Modified
-
2020-07-24T00:00:00
(4 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
-
ALAS-2020-1401
-
ALAS-2020-1437
-
ALAS2-2020-1465
-
ALAS2-2020-1480
-
ASB-A-156766097
-
ASB-A-169505740
-
ASB-A-169505929
-
DSA-4698-1
-
DSA-4699-1
-
ELSA-2020-2664
-
ELSA-2020-3220
-
ELSA-2020-4060
-
ELSA-2020-5526
-
ELSA-2020-5528
-
ELSA-2020-5533
-
ELSA-2020-5714
-
ELSA-2020-5755
-
ELSA-2020-5756
-
ELSA-2020-5801
-
ELSA-2020-5804
-
ELSA-2020-5805
-
ELSA-2020-5844
-
ELSA-2020-5845
-
ELSA-2020-5885
-
ELSA-2021-9030
-
ELSA-2022-9969
-
FEDORA-2020-07f0be216f
-
FEDORA-2020-125ccdc871
-
FEDORA-2020-1b2dae6219
-
FEDORA-2020-203ffedeb5
-
FEDORA-2020-5436586091
-
FEDORA-2020-57bf620276
-
FEDORA-2020-e47d28bc2b
-
MS:CVE-2020-10757
-
MS:CVE-2020-10766
-
MS:CVE-2020-10767
-
MS:CVE-2020-10768
-
MS:CVE-2020-12653
-
MS:CVE-2020-12654
-
MS:CVE-2020-12888
-
openSUSE-SU-2020:0801-1
-
openSUSE-SU-2020:0935-1
-
openSUSE-SU-2020:1153-1
-
openSUSE-SU-2021:0242-1
-
RHSA-2020:2664
-
RHSA-2020:2665
-
RHSA-2020:3010
-
RHSA-2020:3016
-
RHSA-2020:3073
-
RHSA-2020:3220
-
RHSA-2020:3221
-
RHSA-2020:4060
-
RHSA-2020:4062
-
SUSE-SU-2020:1452-1
-
SUSE-SU-2020:1475-1
-
SUSE-SU-2020:1486-1
-
SUSE-SU-2020:1587-1
-
SUSE-SU-2020:1596-1
-
SUSE-SU-2020:1597-1
-
SUSE-SU-2020:1599-1
-
SUSE-SU-2020:1602-1
-
SUSE-SU-2020:1603-1
-
SUSE-SU-2020:1604-1
-
SUSE-SU-2020:1605-1
-
SUSE-SU-2020:1646-1
-
SUSE-SU-2020:1656-1
-
SUSE-SU-2020:1663-1
-
SUSE-SU-2020:1671-1
-
SUSE-SU-2020:1693-1
-
SUSE-SU-2020:1699-1
-
SUSE-SU-2020:1713-1
-
SUSE-SU-2020:1754-1
-
SUSE-SU-2020:1758-1
-
SUSE-SU-2020:1764-1
-
SUSE-SU-2020:1767-1
-
SUSE-SU-2020:1775-1
-
SUSE-SU-2020:1779-1
-
SUSE-SU-2020:1781-1
-
SUSE-SU-2020:1784-1
-
SUSE-SU-2020:2027-1
-
SUSE-SU-2020:2103-1
-
SUSE-SU-2020:2105-1
-
SUSE-SU-2020:2106-1
-
SUSE-SU-2020:2107-1
-
SUSE-SU-2020:2119-1
-
SUSE-SU-2020:2121-1
-
SUSE-SU-2020:2122-1
-
SUSE-SU-2020:2134-1
-
SUSE-SU-2020:2156-1
-
SUSE-SU-2020:2478-1
-
SUSE-SU-2020:2487-1
-
SUSE-SU-2020:2508-1
-
USN-4225-1
-
USN-4227-1
-
USN-4227-2
-
USN-4300-1
-
USN-4301-1
-
USN-4392-1
-
USN-4393-1
-
USN-4426-1
-
USN-4427-1
-
USN-4439-1
-
USN-4440-1
-
USN-4483-1
-
USN-4485-1
-
USN-4525-1
-
USN-4526-1
-
USN-5361-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2020-3010 |
|
|
| CVE | CVE-2019-19807 |
|
|
| CVE | CVE-2020-10757 |
|
|
| CVE | CVE-2020-10766 |
|
|
| CVE | CVE-2020-10767 |
|
|
| CVE | CVE-2020-10768 |
|
|
| CVE | CVE-2019-3016 |
|
|
| CVE | CVE-2020-12654 |
|
|
| CVE | CVE-2020-12653 |
|
|
| CVE | CVE-2020-12888 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-8.2 | oraclelinux |
 python3-perf
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-8.2 | oraclelinux |
perf
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-8.2 | oraclelinux |
kernel
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-8.2 | oraclelinux |
kernel-tools
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-8.2 | oraclelinux |
kernel-tools-libs
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-8.2 | oraclelinux |
kernel-tools-libs-devel
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-8.2 | oraclelinux |
kernel-modules
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-8.2 | oraclelinux |
kernel-modules-extra
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-8.2 | oraclelinux |
kernel-headers
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-8.2 | oraclelinux |
kernel-doc
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-8.2 | oraclelinux |
kernel-devel
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-8.2 | oraclelinux |
kernel-debug
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-8.2 | oraclelinux |
kernel-debug-modules
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-8.2 | oraclelinux |
kernel-debug-modules-extra
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-8.2 | oraclelinux |
kernel-debug-devel
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-8.2 | oraclelinux |
kernel-debug-core
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-8.2 | oraclelinux |
kernel-cross-headers
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-8.2 | oraclelinux |
kernel-core
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-8.2 | oraclelinux |
kernel-abi-whitelists
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 | ||
| Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-8.2 | oraclelinux |
bpftool
|
< 4.18.0-193.13.2.el8_2 | oraclelinux-8.2 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |