[ELSA-2020-5533] Unbreakable Enterprise kernel security update

Severity Important

Affected Packages 11

CVEs 9

[4.14.35-1902.10.7]
- rtlwifi: Fix potential overflow on P2P code (Laura Abbott) [Orabug: 30807747] {CVE-2019-17666}
- rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu) [Orabug: 30770961] {CVE-2016-5244}
- KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) (Paolo Bonzini) [Orabug: 30658694] {CVE-2019-19332}

[4.14.35-1902.10.6]
- IB/mlx4: Fix use after free in RDMA CM disconnect code path (Manjunath Patil)

- RDMA/cma: Relax device check in cma_match_net_dev() (Hakon Bugge) [Orabug: 30809126]

- IB/mlx4: Fix leak in id_map_find_del (Hakon Bugge) [Orabug: 30805810]

- net: IP6 defrag: use rbtrees in nf_conntrack_reasm.c (Peter Oskolkov) [Orabug: 30787503]

- net: IP6 defrag: use rbtrees for IPv6 defrag (Peter Oskolkov) [Orabug: 30787503]

- ipv6: remove dependency of nf_defrag_ipv6 on ipv6 module (Florian Westphal) [Orabug: 30787503]

- net: IP defrag: encapsulate rbtree defrag code into callable functions (Peter Oskolkov) [Orabug: 30787503]

- ipv6: frags: fix a lockdep false positive (Eric Dumazet) [Orabug: 30787503]

[4.14.35-1902.10.5]
- drm/i915/cmdparser: Fix jump whitelist clearing (Ben Hutchings) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/gen8+: Add RC6 CTX corruption WA (Imre Deak) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Lower RM timeout to avoid DSI hard hangs (Uma Shankar) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/cmdparser: Ignore Length operands during command matching (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/cmdparser: Add support for backward jumps (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/cmdparser: Use explicit goto for error paths (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Add gen9 BCS cmdparsing (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Allow parsing of unsized batches (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Add support for mandatory cmdparsing (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Remove Master tables from cmdparser (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Disable Secure Batches for gen6+ (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Rename gen7 cmdparser tables (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Move engine->needs_cmd_parser to engine->flags (Tvrtko Ursulin) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Dont use GPU relocations prior to cmdparser stalls (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Silence smatch for cmdparser (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/cmdparser: Do not check past the cmd length. (Michal Srb) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/cmdparser: Check reg_table_count before derefencing. (Michal Srb) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915: Prevent writing into a read-only object via a GGTT mmap (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/gtt: Disable read-only support under GVT (Chris Wilson) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/gtt: Read-only pages for insert_entries on bdw+ (Vivi, Rodrigo) [Orabug: 30656819] {CVE-2019-0154}
- drm/i915/gtt: Add read only pages to gen8_pte_encode (Jon Bloomfield) [Orabug: 30656819] {CVE-2019-0154}
- blk-wbt: Avoid lock contention and thundering herd issue in wbt_wait (Anchal Agarwal) [Orabug: 30681025]

- x86: microcode: propagate return value to siblings (Mihai Carabas) [Orabug: 30557081]

- x86/bugs: TSX not disabled at late loading (Mihai Carabas) [Orabug: 30557081]

- x86/bugs: missed initconst cpu_vuln_whitelist used at late loading (Mihai Carabas) [Orabug: 30659681]

- mwifiex: Fix mem leak in mwifiex_tm_cmd (YueHaibing) [Orabug: 30732918] {CVE-2019-20095}
- fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732937] {CVE-2019-20054}
- fjes: Handle workqueue allocation failure (Will Deacon) [Orabug: 30771875] {CVE-2019-16231}

Package	Affected Version
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7	< 4.14.35-1902.10.7.el7uek
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7	< 4.14.35-1902.10.7.el7uek
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7	< 4.14.35-1902.10.7.el7uek
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7	< 4.14.35-1902.10.7.el7uek
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7	< 4.14.35-1902.10.7.el7uek
pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7	< 4.14.35-1902.10.7.el7uek
pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7	< 4.14.35-1902.10.7.el7uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7	< 4.14.35-1902.10.7.el7uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7	< 4.14.35-1902.10.7.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7	< 4.14.35-1902.10.7.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7	< 4.14.35-1902.10.7.el7uek

ID

ELSA-2020-5533

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2020-5533.html

Published

2020-02-10T00:00:00
(4 years ago)

Modified

2020-02-10T00:00:00
(4 years ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2020-5533	https://linux.oracle.com/errata/ELSA-2020-5533.html
CVE	CVE-2019-16231	https://linux.oracle.com/cve/CVE-2019-16231.html
CVE	CVE-2019-20054	https://linux.oracle.com/cve/CVE-2019-20054.html
CVE	CVE-2019-17666	https://linux.oracle.com/cve/CVE-2019-17666.html
CVE	CVE-2016-5244	https://linux.oracle.com/cve/CVE-2016-5244.html
CVE	CVE-2019-20095	https://linux.oracle.com/cve/CVE-2019-20095.html
CVE	CVE-2019-3016	https://linux.oracle.com/cve/CVE-2019-3016.html
CVE	CVE-2019-0154	https://linux.oracle.com/cve/CVE-2019-0154.html
CVE	CVE-2019-15917	https://linux.oracle.com/cve/CVE-2019-15917.html
CVE	CVE-2019-19332	https://linux.oracle.com/cve/CVE-2019-19332.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7	oraclelinux	python-perf	< 4.14.35-1902.10.7.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/perf?distro=oraclelinux-7	oraclelinux	perf	< 4.14.35-1902.10.7.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7	oraclelinux	kernel-uek	< 4.14.35-1902.10.7.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7	oraclelinux	kernel-uek-tools	< 4.14.35-1902.10.7.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7	oraclelinux	kernel-uek-tools-libs	< 4.14.35-1902.10.7.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7	oraclelinux	kernel-uek-tools-libs-devel	< 4.14.35-1902.10.7.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7	oraclelinux	kernel-uek-headers	< 4.14.35-1902.10.7.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7	oraclelinux	kernel-uek-doc	< 4.14.35-1902.10.7.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7	oraclelinux	kernel-uek-devel	< 4.14.35-1902.10.7.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7	oraclelinux	kernel-uek-debug	< 4.14.35-1902.10.7.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7	oraclelinux	kernel-uek-debug-devel	< 4.14.35-1902.10.7.el7uek	oraclelinux-7

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date