[ELSA-2020-5676] Unbreakable Enterprise kernel security update
[4.14.35-1902.302.2]
- KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092]
- KVM: x86: Protect MSR-based index computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092]
- KVM: x86: Protect x86_decode_insn from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092]
- KVM: x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks in x86.c (Marios Pomonis) [Orabug: 31191092]
- KVM: x86: Protect ioapic_read_indirect() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] {CVE-2013-1798}
- KVM: x86: Protect MSR-based index computations in pmu.h from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092]
- KVM: x86: Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092]
- KVM: x86: Protect kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092]
- KVM: x86: Protect kvm_lapic_reg_write() from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092]
- KVM: x86: Protect DR-based index computations from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092]
- KVM: x86: Refactor prefix decoding to prevent Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092]
- KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092]
- x86/microcode/AMD: Increase microcode PATCH_MAX_SIZE (John Allen) [Orabug: 31213449]
- HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206359] {CVE-2019-19527}
- HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206359] {CVE-2019-19527}
- net/ethernet/octeon: Add ptp_dbg_group module param in octeon-pow-ethernet (Vijay Kumar) [Orabug: 31198851]
- net/rds: Fix MR reference counting problem (Ka-Cheong Poon) [Orabug: 31130197]
- net/rds: Replace struct rds_mr's r_refcount with struct kref (Ka-Cheong Poon) [Orabug: 31130197]
- rds: Fix use-after-free in rds_ib_free_caches (Hans Westgaard Ry) [Orabug: 31200770]
- include/linux/relay.h: fix percpu annotation in struct rchan (Luc Van Oostenryck) [Orabug: 31183399] {CVE-2019-19462}
- uek-rpm: fix dts rpmbuild when using cross-compiler (Tom Saeger) [Orabug: 30896439]
- HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 30622561] {CVE-2019-19532}
- net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth device (Vijay Kumar) [Orabug: 31191751]
- vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu) [Orabug: 31143946] {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8649}
- crypto: ecdh - fix big endian bug in ECC library (Ard Biesheuvel) [Orabug: 31203429]
- KVM: x86: fix nested guest live migration with PML (Paolo Bonzini) [Orabug: 31202733]
- KVM: x86: assign two bits to track SPTE kinds (Paolo Bonzini) [Orabug: 31202733]
- x86/kvm/mmu: introduce guest_mmu (Vitaly Kuznetsov) [Orabug: 31202733]
- x86/kvm/mmu.c: add kvm_mmu parameter to kvm_mmu_free_roots() (Vitaly Kuznetsov) [Orabug: 31202733]
- x86/kvm/mmu.c: set get_pdptr hook in kvm_init_shadow_ept_mmu() (Vitaly Kuznetsov) [Orabug: 31202733]
- x86/kvm/mmu: make vcpu->mmu a pointer to the current MMU (Vitaly Kuznetsov) [Orabug: 31202733]
- x86/kvm/nVMX: allow bare VMXON state migration (Vitaly Kuznetsov) [Orabug: 31202164]
- sched/fair: Prevent a division by 0 in scale_rt_capacity() (John Sobecki) [Orabug: 31124463]
- blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123575] {CVE-2019-19768}
- blktrace: fix unlocked access to init/start-stop/teardown (Jens Axboe) [Orabug: 31123575] {CVE-2019-19768}
[4.14.35-1902.302.1]
- xfs: revert commit c6314bc8055a (Darrick J. Wong) [Orabug: 31180825]
- vt: selection, push sel_lock up (Jiri Slaby) [Orabug: 30923296] {CVE-2020-8648}
- vt: selection, push console lock down (Jiri Slaby) [Orabug: 30923296] {CVE-2020-8648}
- vt: selection, close sel_buffer race (Jiri Slaby) [Orabug: 30923296] {CVE-2020-8648} {CVE-2020-8648}
- net_sched: fix an OOB access in cls_tcindex (Cong Wang) [Orabug: 31181100]
- mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) [Orabug: 31178433]
- efi: Fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [Orabug: 30990726]
- genhd: Fix use after free in __blkdev_get() (Jan Kara) [Orabug: 31161462]
- blockdev: Fix livelocks on loop device (Jan Kara) [Orabug: 31161462]
- net: validate untrusted gso packets without csum offload (Willem de Bruijn) [Orabug: 31161828]
- slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136752] {CVE-2020-11494}
- crypto: user - fix leaking uninitialized memory to userspace (Eric Biggers) [Orabug: 31081816] {CVE-2018-19854}
- scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) [Orabug: 30770911] {CVE-2019-19965}
- dccp: Fix memleak in __feat_register_sp (YueHaibing) [Orabug: 30755059] {CVE-2019-20096}
- ovl: relax WARN_ON() on rename to self (Amir Goldstein) [Orabug: 30451796]
- bnx2x: Fix VF's VLAN reconfiguration in reload. (Manish Chopra)
- bnx2x: Remove configured vlans as part of unload sequence. (Sudarsana Reddy Kalluru)
- sch_dsmark: fix potential NULL deref in dsmark_init() (Eric Dumazet) [Orabug: 30453287]
[4.14.35-1902.302.0]
- mips64:uek-rpm/ol7/config-mips: Enable IP_SET configs (Vijay Kumar) [Orabug: 31123145]
- IB/ipoib: Avoid race from waking up the transmission queue (Praveen Kumar Kannoju) [Orabug: 31118993]
- KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118690]
- mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Wen Huang) [Orabug: 31104480] {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816}
- arch/mips: Discard the contents of the PCI console if the buffer is full for more than 10 milliseconds (Victor Michel) [Orabug: 31097950]
- Add in-kernel X.509 certificate on mips64 (Eric Saint-Etienne) [Orabug: 31090468]
- floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067513] {CVE-2020-9383}
- KVM: X86: Fix NULL deref in vcpu_scan_ioapic (Wanpeng Li) [Orabug: 31004914]
- rds: Add debugfs for inc/frag cache statistics (Hans Westgaard Ry) [Orabug: 30827415]
- rds: Add inc/frag cache statistics (Hans Westgaard Ry) [Orabug: 30827415]
- rds: Control the CPU (de)allocating fragments (Hans Westgaard Ry) [Orabug: 30827415]
- rds: Change caching strategy for receive buffers (Hans Westgaard Ry) [Orabug: 30827415]
- rds: Add lockfree stack routines (Hans Westgaard Ry) [Orabug: 30827415]
[4.14.35-1902.301.2]
- xfs: ratelimit inode flush on buffered write ENOSPC (Darrick J. Wong) [Orabug: 31056429]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | < 4.14.35-1902.302.2.el7uek |
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | < 4.14.35-1902.302.2.el7uek |
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | < 4.14.35-1902.302.2.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | < 4.14.35-1902.302.2.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | < 4.14.35-1902.302.2.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | < 4.14.35-1902.302.2.el7uek |
pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | < 4.14.35-1902.302.2.el7uek |
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | < 4.14.35-1902.302.2.el7uek |
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | < 4.14.35-1902.302.2.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | < 4.14.35-1902.302.2.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | < 4.14.35-1902.302.2.el7uek |
- ID
- ELSA-2020-5676
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-5676.html
- Published
-
2020-05-11T00:00:00
(4 years ago) - Modified
-
2020-05-11T00:00:00
(4 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
- ALAS-2020-1338
- ALAS-2020-1349
- ALAS-2020-1360
- ALAS-2020-1377
- ALAS-2020-1401
- ALAS2-2020-1392
- ALAS2-2020-1399
- ALAS2-2020-1405
- ALAS2-2020-1431
- ALAS2-2020-1465
- ALSA-2020:4431
- ASA-202003-6
- DSA-4698-1
- DSA-4699-1
- ELSA-2013-0727
- ELSA-2013-0744
- ELSA-2013-2519
- ELSA-2013-2520
- ELSA-2019-3517
- ELSA-2020-0339
- ELSA-2020-0374
- ELSA-2020-1372
- ELSA-2020-1769
- ELSA-2020-2082
- ELSA-2020-3220
- ELSA-2020-4060
- ELSA-2020-5663
- ELSA-2020-5670
- ELSA-2020-5671
- ELSA-2020-5691
- ELSA-2020-5709
- ELSA-2020-5805
- ELSA-2020-5866
- ELSA-2020-5879
- ELSA-2021-0856
- ELSA-2021-2314
- FEDORA-2013-10695
- FEDORA-2013-12530
- FEDORA-2013-12990
- FEDORA-2013-13536
- FEDORA-2013-15151
- FEDORA-2013-16336
- FEDORA-2013-17010
- FEDORA-2013-17942
- FEDORA-2013-18364
- FEDORA-2013-18822
- FEDORA-2013-20748
- FEDORA-2013-21822
- FEDORA-2013-22695
- FEDORA-2013-4240
- FEDORA-2013-4357
- FEDORA-2013-5368
- FEDORA-2013-6041
- FEDORA-2013-6537
- FEDORA-2013-6999
- FEDORA-2013-9123
- FEDORA-2019-021c968423
- FEDORA-2019-057d691fd4
- FEDORA-2019-124a241044
- FEDORA-2019-15e141c6a7
- FEDORA-2019-1689d3fe07
- FEDORA-2019-41e28660ae
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-7a3fc17778
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-97380355ae
- FEDORA-2019-a570a92d5a
- FEDORA-2019-e3010166bd
- FEDORA-2020-2a5cdd665c
- FEDORA-2020-c2d89d14d0
- FEDORA-2020-fe00e12580
- MS:CVE-2020-11494
- MS:CVE-2020-8647
- MS:CVE-2020-8648
- MS:CVE-2020-8649
- MS:CVE-2020-9383
- openSUSE-SU-2019:0065-1
- openSUSE-SU-2019:2173-1
- openSUSE-SU-2019:2181-1
- openSUSE-SU-2020:0336-1
- openSUSE-SU-2020:0388-1
- openSUSE-SU-2020:0543-1
- openSUSE-SU-2020:0801-1
- openSUSE-SU-2020:0935-1
- openSUSE-SU-2021:0242-1
- RHSA-2013:0744
- RHSA-2019:3309
- RHSA-2019:3517
- RHSA-2020:0328
- RHSA-2020:0339
- RHSA-2020:0374
- RHSA-2020:0375
- RHSA-2020:1016
- RHSA-2020:1070
- RHSA-2020:1372
- RHSA-2020:1378
- RHSA-2020:1567
- RHSA-2020:1769
- RHSA-2020:2082
- RHSA-2020:2085
- RHSA-2020:3220
- RHSA-2020:3221
- RHSA-2020:4060
- RHSA-2020:4062
- RHSA-2020:4431
- RHSA-2020:4609
- RHSA-2021:0856
- RHSA-2021:0857
- RHSA-2021:2314
- RHSA-2021:2316
- SSA:2019-311-01
- SSA:2020-086-01
- SSA:2020-163-01
- SUSE-SU-2015:0481-1
- SUSE-SU-2015:0652-1
- SUSE-SU-2019:0150-1
- SUSE-SU-2019:0196-1
- SUSE-SU-2019:0222-1
- SUSE-SU-2019:0224-1
- SUSE-SU-2019:2412-1
- SUSE-SU-2019:2414-1
- SUSE-SU-2019:2424-1
- SUSE-SU-2019:2648-1
- SUSE-SU-2019:2651-1
- SUSE-SU-2019:2658-1
- SUSE-SU-2019:2738-1
- SUSE-SU-2019:2756-1
- SUSE-SU-2019:2949-1
- SUSE-SU-2019:2950-1
- SUSE-SU-2019:2984-1
- SUSE-SU-2019:3316-1
- SUSE-SU-2019:3379-1
- SUSE-SU-2019:3381-1
- SUSE-SU-2019:3389-1
- SUSE-SU-2020:0093-1
- SUSE-SU-2020:0511-1
- SUSE-SU-2020:0558-1
- SUSE-SU-2020:0559-1
- SUSE-SU-2020:0560-1
- SUSE-SU-2020:0580-1
- SUSE-SU-2020:0584-1
- SUSE-SU-2020:0599-1
- SUSE-SU-2020:0605-1
- SUSE-SU-2020:0613-1
- SUSE-SU-2020:0649-1
- SUSE-SU-2020:0667-1
- SUSE-SU-2020:0688-1
- SUSE-SU-2020:0836-1
- SUSE-SU-2020:1084-1
- SUSE-SU-2020:1085-1
- SUSE-SU-2020:1087-1
- SUSE-SU-2020:1118-1
- SUSE-SU-2020:1119-1
- SUSE-SU-2020:1123-1
- SUSE-SU-2020:1141-1
- SUSE-SU-2020:1142-1
- SUSE-SU-2020:1146-1
- SUSE-SU-2020:1255-1
- SUSE-SU-2020:1275-1
- SUSE-SU-2020:1587-1
- SUSE-SU-2020:1599-1
- SUSE-SU-2020:1602-1
- SUSE-SU-2020:1603-1
- SUSE-SU-2020:1604-1
- SUSE-SU-2020:1605-1
- SUSE-SU-2020:1663-1
- SUSE-SU-2020:2027-1
- SUSE-SU-2020:2105-1
- SUSE-SU-2020:2156-1
- SUSE-SU-2020:2478-1
- SUSE-SU-2020:2487-1
- SUSE-SU-2020:2491-1
- USN-1809-1
- USN-1812-1
- USN-1813-1
- USN-1876-1
- USN-1877-1
- USN-3872-1
- USN-3878-1
- USN-3878-2
- USN-3901-1
- USN-3901-2
- USN-4157-1
- USN-4157-2
- USN-4162-1
- USN-4162-2
- USN-4163-1
- USN-4163-2
- USN-4226-1
- USN-4284-1
- USN-4285-1
- USN-4286-1
- USN-4286-2
- USN-4287-1
- USN-4287-2
- USN-4342-1
- USN-4344-1
- USN-4345-1
- USN-4346-1
- USN-4363-1
- USN-4364-1
- USN-4368-1
- USN-4369-1
- USN-4414-1
- USN-4425-1
- USN-4439-1
- USN-4440-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 4.14.35-1902.302.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 4.14.35-1902.302.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 4.14.35-1902.302.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools | < 4.14.35-1902.302.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs | < 4.14.35-1902.302.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs-devel | < 4.14.35-1902.302.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | oraclelinux | kernel-uek-headers | < 4.14.35-1902.302.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 4.14.35-1902.302.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 4.14.35-1902.302.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 4.14.35-1902.302.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 4.14.35-1902.302.2.el7uek | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |