[ELSA-2020-5663] Unbreakable Enterprise kernel security update
[5.4.17-2011.1.2]
- ctf: discard CTF from the vDSO (Nick Alcock) [Orabug: 31194036]
[5.4.17-2011.1.1]
- slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136750] {CVE-2020-11494}
- blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123573] {CVE-2019-19768}
- KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118688]
- perf/x86/amd: Add support for Large Increment per Cycle Events (Kim Phillips) [Orabug: 31104924]
- perf/x86/amd: Constrain Large Increment per Cycle events (Kim Phillips) [Orabug: 31104924]
- kvm/svm: PKU not currently supported (John Allen) [Orabug: 31104924]
- KVM: SVM: Override default MMIO mask if memory encryption is enabled (Tom Lendacky) [Orabug: 31104924]
- EDAC/amd64: Drop some family checks for newer systems (Yazen Ghannam) [Orabug: 31104924]
- x86/amd_nb: Add Family 19h PCI IDs (Yazen Ghannam) [Orabug: 31104924]
- EDAC/mce_amd: Always load on SMCA systems (Yazen Ghannam) [Orabug: 31104924]
- x86/MCE/AMD, EDAC/mce_amd: Add new Load Store unit McaType (Yazen Ghannam) [Orabug: 31104924]
- EDAC/amd64: Add family ops for Family 19h Models 00h-0Fh (Yazen Ghannam) [Orabug: 31104924]
- EDAC/amd64: Check for memory before fully initializing an instance (Yazen Ghannam) [Orabug: 31104924]
- EDAC/amd64: Use cached data when checking for ECC (Yazen Ghannam) [Orabug: 31104924]
- EDAC/amd64: Save max number of controllers to family type (Yazen Ghannam) [Orabug: 31104924]
- EDAC/amd64: Gather hardware information early (Yazen Ghannam) [Orabug: 31104924]
- EDAC/amd64: Make struct amd64_family_type global (Yazen Ghannam) [Orabug: 31104924]
- floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067510] {CVE-2020-9383}
- KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (Tom Lendacky) [Orabug: 31012269]
- KVM: SVM: Serialize access to the SEV ASID bitmap (Tom Lendacky) [Orabug: 31012269]
- iommu/vt-d: Allow devices with RMRRs to use identity domain (Lu Baolu) [Orabug: 31127400]
[5.4.17-2011.1.0]
- vhost: Check docket sk_family instead of call getname (Eugenio Perez) [Orabug: 31085989] {CVE-2020-10942}
- selftests/net: add definition for SOL_DCCP to fix compilation errors for old libc (Alan Maguire) [Orabug: 31078892]
- kernel: cpu.c: fix print typo about SMT status (Mihai Carabas) [Orabug: 31053334]
- nfs: optimise XXXXXXX cache page invalidation (Dai Ngo) [Orabug: 31044292]
- NFS: Directory page cache pages need to be locked when read (Trond Myklebust) [Orabug: 31044292]
- rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 31032126]
- efi: Fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [Orabug: 31020408]
- net: Support GRO/GSO fraglist chaining. (Steffen Klassert) [Orabug: 30670829]
- net: Add fraglist GRO/GSO feature flags (Steffen Klassert) [Orabug: 30670829]
- udp: Support UDP fraglist GRO/GSO. (Steffen Klassert) [Orabug: 30670829]
- net: remove the check argument from __skb_gro_checksum_convert (Li RongQing) [Orabug: 30670829]
- Revert 'nvme_fc: add module to ops template to allow module references' (John Donnelly) [Orabug: 31119387]
- ext4: add cond_resched() to ext4_protect_reserved_inode (Shijie Luo) [Orabug: 31067112] {CVE-2020-8992}
- dsa: disable module unloading for ARM64 (Allen Pais) [Orabug: 30456791]
- bpf: Undo incorrect __reg_bound_offset32 handling (Daniel Borkmann) [Orabug: 31127385] {CVE-2020-8835}
- bpf: Fix tnum constraints for 32-bit comparisons (Jann Horn) [Orabug: 31127385] {CVE-2020-8835}
- ID
- ELSA-2020-5663
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-5663.html
- Published
-
2020-04-27T00:00:00
(4 years ago) - Modified
-
2020-04-27T00:00:00
(4 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
-
ALAS-2020-1360
-
ALAS-2020-1377
-
ALAS2-2020-1405
-
ALAS2-2020-1431
-
ALSA-2020:4431
-
ASA-202003-6
-
ASA-202004-2
-
ASA-202004-3
-
ASA-202004-4
-
DSA-4667-1
-
DSA-4698-1
-
ELSA-2020-1769
-
ELSA-2020-2082
-
ELSA-2020-4060
-
ELSA-2020-5642
-
ELSA-2020-5649
-
ELSA-2020-5670
-
ELSA-2020-5676
-
ELSA-2020-5866
-
FEDORA-2020-203ffedeb5
-
FEDORA-2020-4ef0bcc89c
-
FEDORA-2020-666f3b1ac3
-
FEDORA-2020-73c00eda1c
-
MS:CVE-2020-10942
-
MS:CVE-2020-11494
-
MS:CVE-2020-8992
-
MS:CVE-2020-9383
-
openSUSE-SU-2020:0336-1
-
openSUSE-SU-2020:0388-1
-
openSUSE-SU-2020:0543-1
-
RHSA-2020:1567
-
RHSA-2020:1769
-
RHSA-2020:2082
-
RHSA-2020:2085
-
RHSA-2020:4060
-
RHSA-2020:4062
-
RHSA-2020:4431
-
RHSA-2020:4609
-
SSA:2020-086-01
-
SSA:2020-163-01
-
SUSE-SU-2020:0511-1
-
SUSE-SU-2020:0558-1
-
SUSE-SU-2020:0559-1
-
SUSE-SU-2020:0560-1
-
SUSE-SU-2020:0580-1
-
SUSE-SU-2020:0584-1
-
SUSE-SU-2020:0649-1
-
SUSE-SU-2020:0667-1
-
SUSE-SU-2020:0688-1
-
SUSE-SU-2020:0836-1
-
SUSE-SU-2020:1084-1
-
SUSE-SU-2020:1085-1
-
SUSE-SU-2020:1087-1
-
SUSE-SU-2020:1118-1
-
SUSE-SU-2020:1119-1
-
SUSE-SU-2020:1123-1
-
SUSE-SU-2020:1141-1
-
SUSE-SU-2020:1142-1
-
SUSE-SU-2020:1146-1
-
SUSE-SU-2020:1255-1
-
SUSE-SU-2020:1275-1
-
SUSE-SU-2020:1663-1
-
USN-4313-1
-
USN-4318-1
-
USN-4324-1
-
USN-4342-1
-
USN-4344-1
-
USN-4345-1
-
USN-4346-1
-
USN-4363-1
-
USN-4364-1
-
USN-4368-1
-
USN-4369-1
-
USN-4419-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2020-5663 |
|
|
| CVE | CVE-2019-19768 |
|
|
| CVE | CVE-2020-10942 |
|
|
| CVE | CVE-2020-11494 |
|
|
| CVE | CVE-2020-8992 |
|
|
| CVE | CVE-2020-9383 |
|
|
| CVE | CVE-2020-8835 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux |
 python-perf
|
< 5.4.17-2011.1.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux |
perf
|
< 5.4.17-2011.1.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-8 | oraclelinux |
kernel-uek
|
< 5.4.17-2011.1.2.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux |
kernel-uek
|
< 5.4.17-2011.1.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux |
kernel-uek-tools
|
< 5.4.17-2011.1.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux |
kernel-uek-tools-libs
|
< 5.4.17-2011.1.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-8 | oraclelinux |
kernel-uek-doc
|
< 5.4.17-2011.1.2.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux |
kernel-uek-doc
|
< 5.4.17-2011.1.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-8 | oraclelinux |
kernel-uek-devel
|
< 5.4.17-2011.1.2.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-devel
|
< 5.4.17-2011.1.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-8 | oraclelinux |
kernel-uek-debug
|
< 5.4.17-2011.1.2.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug
|
< 5.4.17-2011.1.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-8 | oraclelinux |
kernel-uek-debug-devel
|
< 5.4.17-2011.1.2.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug-devel
|
< 5.4.17-2011.1.2.el7uek | oraclelinux-7 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |