[ELSA-2020-5845] Unbreakable Enterprise kernel security update

Severity Important

Affected Packages 11

CVEs 32

[4.14.35-1902.306.2]
- rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783150]
- sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices (Dave Chiluk) [Orabug: 31350999] {CVE-2019-19922}
- sched/fair: Fix throttle_list starvation with low CFS quota (Phil Auld) [Orabug: 31350999] {CVE-2019-19922}
- sched/fair: Fix bandwidth timer clock drift condition (Xunlei Pang) [Orabug: 31350999] {CVE-2019-19922}
- btrfs: tree-checker: Verify block_group_item (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-check: reduce stack consumption in check_dir_item (David Sterba) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: use %zu format string for size_t (Arnd Bergmann) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: Add checker for dir item (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: Fix false panic for sanity test (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: Enhance btrfs_check_node output (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Move leaf and node validation checker to tree-checker.c (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Add checker for EXTENT_CSUM (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Add sanity check for EXTENT_DATA when reading out leaf (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Check if item pointer overlaps with the item itself (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Refactor check_leaf function for later expansion (Qu Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784659]
- nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31779888] {CVE-2020-24394}
- Reverts 'rds: avoid unnecessary cong_update in loop transport' (Iraimani Pavadai) [Orabug: 31741325]
- sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351959] {CVE-2019-3874}
- vhost_net: fix possible infinite loop (Jason Wang) [Orabug: 31351949] {CVE-2019-3900} {CVE-2019-3900}
- vhost: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351949] {CVE-2019-3900}
- vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351949] {CVE-2019-3900}
- vhost_net: use packet weight for rx handler, too (Paolo Abeni) [Orabug: 31351949] {CVE-2019-3900}
- vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang() [Orabug: 31351949] {CVE-2019-3900}
- repair kABI breakage from 'fs: prevent page refcount overflow in pipe_buf_get' (Dan Duval) [Orabug: 31351940] {CVE-2019-11487}
- fs: prevent page refcount overflow in pipe_buf_get (Matthew Wilcox) [Orabug: 31351940] {CVE-2019-11487}
- mm: add 'try_get_page()' helper function (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487}
- mm: prevent get_user_pages() from overflowing page refcount (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487}
- mm: make page ref count overflow check tighter and more explicit (Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487}
- tracing: Fix buffer_ref pipe ops (Jann Horn) [Orabug: 31351940] {CVE-2019-11487}
- RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784892]
- net/rds: rds_ib_remove_one() needs to wait (Ka-Cheong Poon) [Orabug: 31794612]
- uek-rpm: Disable secureboot signing for OL7 aarch64 (Somasundaram Krishnasamy) [Orabug: 31793663]

Package	Affected Version
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7	< 4.14.35-1902.306.2.el7uek
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7	< 4.14.35-1902.306.2.el7uek
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7	< 4.14.35-1902.306.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7	< 4.14.35-1902.306.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7	< 4.14.35-1902.306.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7	< 4.14.35-1902.306.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7	< 4.14.35-1902.306.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7	< 4.14.35-1902.306.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7	< 4.14.35-1902.306.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7	< 4.14.35-1902.306.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7	< 4.14.35-1902.306.2.el7uek

ID

ELSA-2020-5845

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2020-5845.html

Published

2020-09-11T00:00:00
(4 years ago)

Modified

2020-09-11T00:00:00
(4 years ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2020-5845	https://linux.oracle.com/errata/ELSA-2020-5845.html
CVE	CVE-2019-19535	https://linux.oracle.com/cve/CVE-2019-19535.html
CVE	CVE-2019-17133	https://linux.oracle.com/cve/CVE-2019-17133.html
CVE	CVE-2020-12771	https://linux.oracle.com/cve/CVE-2020-12771.html
CVE	CVE-2019-15218	https://linux.oracle.com/cve/CVE-2019-15218.html
CVE	CVE-2019-19052	https://linux.oracle.com/cve/CVE-2019-19052.html
CVE	CVE-2019-19063	https://linux.oracle.com/cve/CVE-2019-19063.html
CVE	CVE-2019-19078	https://linux.oracle.com/cve/CVE-2019-19078.html
CVE	CVE-2020-10767	https://linux.oracle.com/cve/CVE-2020-10767.html
CVE	CVE-2019-10639	https://linux.oracle.com/cve/CVE-2019-10639.html
CVE	CVE-2020-10781	https://linux.oracle.com/cve/CVE-2020-10781.html
CVE	CVE-2019-10638	https://linux.oracle.com/cve/CVE-2019-10638.html
CVE	CVE-2019-19066	https://linux.oracle.com/cve/CVE-2019-19066.html
CVE	CVE-2019-3874	https://linux.oracle.com/cve/CVE-2019-3874.html
CVE	CVE-2019-5108	https://linux.oracle.com/cve/CVE-2019-5108.html
CVE	CVE-2020-16166	https://linux.oracle.com/cve/CVE-2020-16166.html
CVE	CVE-2019-20812	https://linux.oracle.com/cve/CVE-2019-20812.html
CVE	CVE-2019-3900	https://linux.oracle.com/cve/CVE-2019-3900.html
CVE	CVE-2019-11487	https://linux.oracle.com/cve/CVE-2019-11487.html
CVE	CVE-2019-19074	https://linux.oracle.com/cve/CVE-2019-19074.html
CVE	CVE-2020-14331	https://linux.oracle.com/cve/CVE-2020-14331.html
CVE	CVE-2019-16746	https://linux.oracle.com/cve/CVE-2019-16746.html
CVE	CVE-2018-14613	https://linux.oracle.com/cve/CVE-2018-14613.html
CVE	CVE-2020-12114	https://linux.oracle.com/cve/CVE-2020-12114.html
CVE	CVE-2019-14898	https://linux.oracle.com/cve/CVE-2019-14898.html
CVE	CVE-2019-19922	https://linux.oracle.com/cve/CVE-2019-19922.html
CVE	CVE-2020-24394	https://linux.oracle.com/cve/CVE-2020-24394.html
CVE	CVE-2020-10751	https://linux.oracle.com/cve/CVE-2020-10751.html
CVE	CVE-2019-19073	https://linux.oracle.com/cve/CVE-2019-19073.html
CVE	CVE-2020-10769	https://linux.oracle.com/cve/CVE-2020-10769.html
CVE	CVE-2018-16884	https://linux.oracle.com/cve/CVE-2018-16884.html
CVE	CVE-2019-17075	https://linux.oracle.com/cve/CVE-2019-17075.html
CVE	CVE-2019-18885	https://linux.oracle.com/cve/CVE-2019-18885.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7	oraclelinux	python-perf	< 4.14.35-1902.306.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/perf?distro=oraclelinux-7	oraclelinux	perf	< 4.14.35-1902.306.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7	oraclelinux	kernel-uek	< 4.14.35-1902.306.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7	oraclelinux	kernel-uek-tools	< 4.14.35-1902.306.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7	oraclelinux	kernel-uek-tools-libs	< 4.14.35-1902.306.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7	oraclelinux	kernel-uek-tools-libs-devel	< 4.14.35-1902.306.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7	oraclelinux	kernel-uek-headers	< 4.14.35-1902.306.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7	oraclelinux	kernel-uek-doc	< 4.14.35-1902.306.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7	oraclelinux	kernel-uek-devel	< 4.14.35-1902.306.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7	oraclelinux	kernel-uek-debug	< 4.14.35-1902.306.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7	oraclelinux	kernel-uek-debug-devel	< 4.14.35-1902.306.2.el7uek	oraclelinux-7

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date