[ELSA-2020-5884] Unbreakable Enterprise kernel security update
[5.4.17-2011.7.4]
- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit) [Orabug: 31931369]
- iommu/amd: Fix potential @entry null deref (Joao Martins) [Orabug: 31931369]
- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931369]
[5.4.17-2011.7.3]
- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895365] {CVE-2020-14385}
- ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895327] {CVE-2020-14314}
- mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884234] {CVE-2020-25285}
- rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884154] {CVE-2020-25284}
- nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872895] {CVE-2020-25212}
- libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (Jane Chu) [Orabug: 31861296]
- libnvdimm/security: the 'security' attr never (Jane Chu) [Orabug: 31861296]
- libnvdimm/security: fix a typo (Jane Chu) [Orabug: 31861296]
- mmc: sdhci: Silence MMC warnings (Maxime Ripard) [Orabug: 31746382]
- bcm2835-dma: Add support for per-channel flags (Phil Elwell) [Orabug: 31746382]
- mmc: sdhci-iproc: Fix vmmc regulators on iProc (Phil Elwell) [Orabug: 31746382]
- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722763]
- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722763]
- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722763]
[5.4.17-2011.7.2]
- net/packet: fix overflow in tpacket_rcv (Or Cohen) [Orabug: 31866487] {CVE-2020-14386} {CVE-2020-14386}
- block: better deal with the delayed not supported case in blk_cloned_rq_check_limits (Ritika Srivastava) [Orabug: 31850341]
- block: Return blk_status_t instead of errno codes (Ritika Srivastava) [Orabug: 31850341]
- iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (Suravee Suthikulpanit) [Orabug: 31849530]
- uek-rpm: ol8: config-aarch64: add *_MEMORY_HOTPLUG (Mihai Carabas) [Orabug: 31848696]
[5.4.17-2011.7.1]
- IB/mlx5: Expose RoCE accelerator counters (Avihai Horon) [Orabug: 31621895]
- net/mlx5: Add RoCE accelerator counters (Leon Romanovsky) [Orabug: 31621895]
- cgroup: Fix sock_cgroup_data on big-endian. (Cong Wang) [Orabug: 31779795] {CVE-2020-14356}
- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779795] {CVE-2020-14356}
- Revert 'aarch64/BM: config failed, hub doesn't have any ports' (Thomas Tai) [Orabug: 31838351]
- kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini) [Orabug: 31839185]
- iavf: use generic power management (Vaibhav Gupta) [Orabug: 31700015]
- iavf: Fix updating statistics (Tony Nguyen) [Orabug: 31700015]
- iavf: fix error return code in iavf_init_get_resources() (Wei Yongjun) [Orabug: 31700015]
- iavf: increase reset complete wait time (Paul Greenwalt) [Orabug: 31700015]
- iavf: Fix reporting 2.5 Gb and 5Gb speeds (Brett Creeley) [Orabug: 31700015]
- iavf: use appropriate enum for comparison (Aleksandr Loktionov) [Orabug: 31700015]
- iavf: Enable support for up to 16 queues (Mitch Williams) [Orabug: 31700015]
- iavf: fix speed reporting over virtchnl (Brett Creeley) [Orabug: 31700015]
- iavf: remove current MAC address filter on VF reset (Stefan Assmann) [Orabug: 31700015]
- i40e: Fix crash during removing i40e driver (Grzegorz Szczurek) [Orabug: 31700015]
- i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (Przemyslaw Patynowski) [Orabug: 31700015]
- i40e: introduce new dump desc XDP command (Ciara Loftus) [Orabug: 31700015]
- i40e: add XDP ring statistics to dump VSI debug output (Ciara Loftus) [Orabug: 31700015]
- i40e: add XDP ring statistics to VSI stats (Ciara Loftus) [Orabug: 31700015]
- i40e: move check of full Tx ring to outside of send loop (Magnus Karlsson) [Orabug: 31700015]
- i40e: eliminate division in napi_poll data path (Magnus Karlsson) [Orabug: 31700015]
- i40e: optimize AF_XDP Tx completion path (Magnus Karlsson) [Orabug: 31700015]
- i40e: Add support for a new feature Total Port Shutdown (Arkadiusz Kubalewski) [Orabug: 31700015]
- i40e: Remove scheduling while atomic possibility (Aleksandr Loktionov) [Orabug: 31700015]
- i40e: Add support for 5Gbps cards (Aleksandr Loktionov) [Orabug: 31700015]
- i40e: Add a check to see if MFS is set (Todd Fujinaka) [Orabug: 31700015]
- i40e: detect and log info about pre-recovery mode (Piotr Kwapulinski) [Orabug: 31700015]
- i40e: make PF wait reset loop reliable (Piotr Kwapulinski) [Orabug: 31700015]
- i40e: remove unused defines (Jesse Brandeburg) [Orabug: 31700015]
- i40e: Move client header location (Shiraz Saleem) [Orabug: 31700015]
- i40e: fix crash when Rx descriptor count is changed (Bjorn Topel) [Orabug: 31700015]
- i40e: Make i40e_shutdown_adminq() return void (Jason Yan) [Orabug: 31700015]
- i40e: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31700015]
- i40e: Separate kernel allocated rx_bi rings from AF_XDP rings (Bjorn Topel) [Orabug: 31700015]
- i40e: Refactor rx_bi accesses (Bjorn Topel) [Orabug: 31700015]
- i40e: Remove unneeded conversion to bool (Jason Yan) [Orabug: 31700015]
- i40e: fix spelling mistake 'to' -> 'too' (Colin Ian King) [Orabug: 31700015]
- i40e: Set PHY Access flag on X722 (Adam Ludkiewicz) [Orabug: 31700015]
- i40e: implement VF stats NDO (Jesse Brandeburg) [Orabug: 31700015]
- i40e: enable X710 support (Alice Michael) [Orabug: 31700015]
- i40e: Add UDP segmentation offload support (Josh Hunt) [Orabug: 31700015]
- i40e: Refactoring VF MAC filters counting to make more reliable (Aleksandr Loktionov) [Orabug: 31700015]
- i40e: Fix LED blinking flow for X710T*L devices (Damian Milosek) [Orabug: 31700015]
- i40e: allow ethtool to report SW and FW versions in recovery mode (Piotr Kwapulinski) [Orabug: 31700015]
- i40e: Extend PHY access with page change flag (Piotr Azarewicz) [Orabug: 31700015]
- i40e: Extract detection of HW flags into a function (Piotr Azarewicz) [Orabug: 31700015]
- i40e: Fix for persistent lldp support (Sylwia Wnuczko) [Orabug: 31700015]
- i40e: protect ring accesses with READ- and WRITE_ONCE (Ciara Loftus) [Orabug: 31700015]
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (Brett Creeley) [Orabug: 31700015]
- i40e: Relax i40e_xsk_wakeup's return value when PF is busy (Maciej Fijalkowski) [Orabug: 31700015]
- i40e: Fix virtchnl_queue_select bitmap validation (Brett Creeley) [Orabug: 31700015]
[5.4.17-2011.7.0]
- sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543029]
- sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543029]
- tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543029]
- tracing: Adding new functions for kernel access to Ftrace instances (Divya Indi) [Orabug: 31543029]
- tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543029]
- tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543029]
- tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543029]
- RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784656]
- RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784889]
- rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783146]
- ID
- ELSA-2020-5884
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-5884.html
- Published
-
2020-10-12T00:00:00
(3 years ago) - Modified
-
2020-10-12T00:00:00
(3 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
- ALAS-2020-1430
- ALAS-2020-1437
- ALAS-2020-1446
- ALAS2-2020-1480
- ALAS2-2020-1488
- ALAS2-2020-1495
- ALAS2-2020-1520
- ALSA-2021:1578
- ELSA-2020-4286
- ELSA-2020-5437
- ELSA-2020-5866
- ELSA-2020-5879
- ELSA-2020-5881
- ELSA-2020-5885
- ELSA-2020-5913
- ELSA-2021-1578
- FEDORA-2020-00e872744f
- FEDORA-2020-468121099e
- FEDORA-2020-5081eec059
- FEDORA-2020-708b23f2ce
- FEDORA-2020-b858b48b23
- MS:CVE-2020-14314
- MS:CVE-2020-14356
- MS:CVE-2020-14385
- MS:CVE-2020-14386
- MS:CVE-2020-25212
- MS:CVE-2020-25284
- MS:CVE-2020-25285
- openSUSE-SU-2020:1236-1
- openSUSE-SU-2020:1325-1
- openSUSE-SU-2020:1379-1
- openSUSE-SU-2020:1382-1
- openSUSE-SU-2020:1586-1
- openSUSE-SU-2020:1655-1
- openSUSE-SU-2020:1682-1
- openSUSE-SU-2020:1698-1
- openSUSE-SU-2020:1906-1
- openSUSE-SU-2020:2112-1
- openSUSE-SU-2021:0242-1
- RHSA-2020:4286
- RHSA-2020:4289
- RHSA-2020:4331
- RHSA-2020:5050
- RHSA-2020:5437
- RHSA-2020:5441
- RHSA-2021:1578
- RHSA-2021:1739
- SSA:2020-295-01
- SUSE-SU-2020:2485-1
- SUSE-SU-2020:2486-1
- SUSE-SU-2020:2540-1
- SUSE-SU-2020:2541-1
- SUSE-SU-2020:2574-1
- SUSE-SU-2020:2575-1
- SUSE-SU-2020:2576-1
- SUSE-SU-2020:2577-1
- SUSE-SU-2020:2578-1
- SUSE-SU-2020:2579-1
- SUSE-SU-2020:2580-1
- SUSE-SU-2020:2582-1
- SUSE-SU-2020:2605-1
- SUSE-SU-2020:2610-1
- SUSE-SU-2020:2623-1
- SUSE-SU-2020:2631-1
- SUSE-SU-2020:2879-1
- SUSE-SU-2020:2904-1
- SUSE-SU-2020:2905-1
- SUSE-SU-2020:2906-1
- SUSE-SU-2020:2907-1
- SUSE-SU-2020:2908-1
- SUSE-SU-2020:2981-1
- SUSE-SU-2020:2999-1
- SUSE-SU-2020:3014-1
- SUSE-SU-2020:3122-1
- SUSE-SU-2020:3178-1
- SUSE-SU-2020:3180-1
- SUSE-SU-2020:3181-1
- SUSE-SU-2020:3186-1
- SUSE-SU-2020:3187-1
- SUSE-SU-2020:3188-1
- SUSE-SU-2020:3190-1
- SUSE-SU-2020:3204-1
- SUSE-SU-2020:3210-1
- SUSE-SU-2020:3219-1
- SUSE-SU-2020:3222-1
- SUSE-SU-2020:3225-1
- SUSE-SU-2020:3230-1
- SUSE-SU-2020:3272-1
- SUSE-SU-2020:3281-1
- SUSE-SU-2020:3326-1
- SUSE-SU-2020:3484-1
- SUSE-SU-2020:3491-1
- SUSE-SU-2020:3501-1
- SUSE-SU-2020:3503-1
- SUSE-SU-2020:3512-1
- SUSE-SU-2020:3513-1
- SUSE-SU-2020:3522-1
- SUSE-SU-2020:3532-1
- SUSE-SU-2020:3544-1
- SUSE-SU-2021:0437-1
- SUSE-SU-2021:0452-1
- USN-4483-1
- USN-4484-1
- USN-4489-1
- USN-4525-1
- USN-4526-1
- USN-4527-1
- USN-4576-1
- USN-4578-1
- USN-4579-1
- USN-4657-1
- USN-4658-1
- USN-4660-1
- USN-4752-1
- USN-4912-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2020-5884 | https://linux.oracle.com/errata/ELSA-2020-5884.html | |
CVE | CVE-2020-25284 | https://linux.oracle.com/cve/CVE-2020-25284.html | |
CVE | CVE-2020-14314 | https://linux.oracle.com/cve/CVE-2020-14314.html | |
CVE | CVE-2020-14385 | https://linux.oracle.com/cve/CVE-2020-14385.html | |
CVE | CVE-2020-14386 | https://linux.oracle.com/cve/CVE-2020-14386.html | |
CVE | CVE-2020-14356 | https://linux.oracle.com/cve/CVE-2020-14356.html | |
CVE | CVE-2020-25212 | https://linux.oracle.com/cve/CVE-2020-25212.html | |
CVE | CVE-2020-25285 | https://linux.oracle.com/cve/CVE-2020-25285.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 5.4.17-2011.7.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 5.4.17-2011.7.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-8 | oraclelinux | kernel-uek | < 5.4.17-2011.7.4.el8uek | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 5.4.17-2011.7.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools | < 5.4.17-2011.7.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs | < 5.4.17-2011.7.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-8 | oraclelinux | kernel-uek-doc | < 5.4.17-2011.7.4.el8uek | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 5.4.17-2011.7.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-8 | oraclelinux | kernel-uek-devel | < 5.4.17-2011.7.4.el8uek | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 5.4.17-2011.7.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-8 | oraclelinux | kernel-uek-debug | < 5.4.17-2011.7.4.el8uek | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 5.4.17-2011.7.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-8 | oraclelinux | kernel-uek-debug-devel | < 5.4.17-2011.7.4.el8uek | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 5.4.17-2011.7.4.el7uek | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |