[ELSA-2020-5913] Unbreakable Enterprise kernel security update
[4.14.35-2025.402.2.1]
- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040805] {CVE-2020-8694} {CVE-2020-8695}
[4.14.35-2025.402.2]
- ocfs2: fix remounting needed after setfacl command (Gang He)
- Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770]
- drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349]
- i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050]
- bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757]
- SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763]
- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520]
- qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276]
[4.14.35-2025.402.1]
- configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427]
- IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798]
- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643}
- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303]
- SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341]
- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645}
- nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898]
- xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343]
- nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357]
- nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357]
- uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273]
- arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273]
- ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790]
- rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320]
- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003]
- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118]
- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118]
- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118]
- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541}
- Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205]
- btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377} {CVE-2019-19377} {CVE-2019-19377}
- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448} {CVE-2019-19448}
- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385}
- net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603]
- mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603]
- mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603]
- mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603]
- ghes: Corrects: warning: unused variable 'vaddr' -Wunused-variable [Orabug: 31995830]
- ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830]
- blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284]
- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336]
[4.14.35-2025.402.0]
- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089}
- efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380}
- RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865]
- rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865]
- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372]
- EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136]
- EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136]
- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346]
- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765]
- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765]
- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765]
- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765]
- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356}
- bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453]
- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211}
- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}
- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}
- KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096]
- Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628]
- uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869]
- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641}
- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | < 4.14.35-2025.402.2.1.el7uek |
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | < 4.14.35-2025.402.2.1.el7uek |
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | < 4.14.35-2025.402.2.1.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | < 4.14.35-2025.402.2.1.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | < 4.14.35-2025.402.2.1.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | < 4.14.35-2025.402.2.1.el7uek |
pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | < 4.14.35-2025.402.2.1.el7uek |
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | < 4.14.35-2025.402.2.1.el7uek |
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | < 4.14.35-2025.402.2.1.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | < 4.14.35-2025.402.2.1.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | < 4.14.35-2025.402.2.1.el7uek |
- ID
- ELSA-2020-5913
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-5913.html
- Published
-
2020-11-10T00:00:00
(3 years ago) - Modified
-
2020-11-10T00:00:00
(3 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
- ALAS-2020-1430
- ALAS-2020-1437
- ALAS-2020-1446
- ALAS-2021-1461
- ALAS2-2020-1480
- ALAS2-2020-1495
- ALAS2-2020-1520
- ALAS2-2020-1556
- ALAS2-2020-1566
- ALPINE:CVE-2020-8694
- ALSA-2020:4431
- ALSA-2021:1578
- ALSA-2021:2570
- ALSA-2021:3027
- ASA-202011-10
- DSA-4774-1
- ELSA-2020-4286
- ELSA-2020-5083
- ELSA-2020-5085
- ELSA-2020-5437
- ELSA-2020-5714
- ELSA-2020-5884
- ELSA-2020-5912
- ELSA-2020-5914
- ELSA-2020-5917
- ELSA-2020-5923
- ELSA-2020-5924
- ELSA-2020-5926
- ELSA-2020-5995
- ELSA-2020-5996
- ELSA-2021-0003
- ELSA-2021-0856
- ELSA-2021-1578
- ELSA-2021-2570
- ELSA-2021-3027
- ELSA-2021-3028
- ELSA-2021-9459
- ELSA-2022-10065
- ELSA-2022-9852
- FEDORA-2019-021c968423
- FEDORA-2019-057d691fd4
- FEDORA-2019-124a241044
- FEDORA-2019-15e141c6a7
- FEDORA-2019-1689d3fe07
- FEDORA-2019-41e28660ae
- FEDORA-2019-4c91a2f76e
- FEDORA-2019-6817686c4d
- FEDORA-2019-69c132b061
- FEDORA-2019-6bda4c81f4
- FEDORA-2019-6c3d89b3d0
- FEDORA-2019-7a3fc17778
- FEDORA-2019-7aecfe1c4b
- FEDORA-2019-7ec378191e
- FEDORA-2019-83858fc57b
- FEDORA-2019-8846a1a5a2
- FEDORA-2019-914542e05c
- FEDORA-2019-97380355ae
- FEDORA-2019-9d3fe6fd5b
- FEDORA-2019-a570a92d5a
- FEDORA-2019-a95015e60f
- FEDORA-2019-c03eda3cc6
- FEDORA-2019-e3010166bd
- FEDORA-2019-e37c348348
- FEDORA-2019-f40bd7826f
- FEDORA-2020-00e872744f
- FEDORA-2020-14fda1bf85
- FEDORA-2020-1afbe7ba2d
- FEDORA-2020-2a5cdd665c
- FEDORA-2020-2c8824c6b1
- FEDORA-2020-3c6fedeb83
- FEDORA-2020-5081eec059
- FEDORA-2020-5920a7a0b2
- FEDORA-2020-708b23f2ce
- FEDORA-2020-c2d89d14d0
- FEDORA-2020-d5941ea479
- FEDORA-2020-fe00e12580
- MS:CVE-2020-14356
- MS:CVE-2020-14385
- MS:CVE-2020-14390
- MS:CVE-2020-25211
- MS:CVE-2020-25641
- MS:CVE-2020-25643
- MS:CVE-2020-25645
- MS:CVE-2020-26541
- openSUSE-SU-2019:1571-1
- openSUSE-SU-2019:1579-1
- openSUSE-SU-2020:1236-1
- openSUSE-SU-2020:1325-1
- openSUSE-SU-2020:1586-1
- openSUSE-SU-2020:1655-1
- openSUSE-SU-2020:1682-1
- openSUSE-SU-2020:1698-1
- openSUSE-SU-2020:1906-1
- openSUSE-SU-2020:2075-1
- openSUSE-SU-2020:2098-1
- openSUSE-SU-2020:2112-1
- openSUSE-SU-2021:0241-1
- openSUSE-SU-2021:0242-1
- openSUSE-SU-2022:2173-1
- openSUSE-SU-2022:2177-1
- RHSA-2020:4286
- RHSA-2020:4289
- RHSA-2020:4331
- RHSA-2020:4431
- RHSA-2020:4609
- RHSA-2020:5050
- RHSA-2020:5083
- RHSA-2020:5085
- RHSA-2020:5437
- RHSA-2020:5441
- RHSA-2021:0003
- RHSA-2021:0004
- RHSA-2021:0856
- RHSA-2021:0857
- RHSA-2021:1578
- RHSA-2021:1739
- RHSA-2021:2570
- RHSA-2021:2599
- RHSA-2021:3027
- RHSA-2021:3028
- RLSA-2021:2570
- SSA:2020-295-01
- SUSE-SU-2019:1823-1
- SUSE-SU-2019:1823-2
- SUSE-SU-2019:1829-1
- SUSE-SU-2019:1852-1
- SUSE-SU-2019:1855-1
- SUSE-SU-2019:2430-1
- SUSE-SU-2019:2450-1
- SUSE-SU-2020:2485-1
- SUSE-SU-2020:2486-1
- SUSE-SU-2020:2540-1
- SUSE-SU-2020:2541-1
- SUSE-SU-2020:2574-1
- SUSE-SU-2020:2575-1
- SUSE-SU-2020:2605-1
- SUSE-SU-2020:2610-1
- SUSE-SU-2020:2623-1
- SUSE-SU-2020:2631-1
- SUSE-SU-2020:2879-1
- SUSE-SU-2020:2904-1
- SUSE-SU-2020:2905-1
- SUSE-SU-2020:2906-1
- SUSE-SU-2020:2907-1
- SUSE-SU-2020:2908-1
- SUSE-SU-2020:2972-1
- SUSE-SU-2020:2980-1
- SUSE-SU-2020:2981-1
- SUSE-SU-2020:2999-1
- SUSE-SU-2020:3014-1
- SUSE-SU-2020:3230-1
- SUSE-SU-2020:3271-1
- SUSE-SU-2020:3272-1
- SUSE-SU-2020:3273-1
- SUSE-SU-2020:3274-1
- SUSE-SU-2020:3275-1
- SUSE-SU-2020:3276-1
- SUSE-SU-2020:3279-1
- SUSE-SU-2020:3281-1
- SUSE-SU-2020:3326-1
- SUSE-SU-2020:3372-1
- SUSE-SU-2020:3373-1
- SUSE-SU-2020:3374-1
- SUSE-SU-2020:3389-1
- SUSE-SU-2020:3400-1
- SUSE-SU-2020:3402-1
- SUSE-SU-2020:3433-1
- SUSE-SU-2020:3441-1
- SUSE-SU-2020:3449-1
- SUSE-SU-2020:3457-1
- SUSE-SU-2020:3484-1
- SUSE-SU-2020:3491-1
- SUSE-SU-2020:3501-1
- SUSE-SU-2020:3503-1
- SUSE-SU-2020:3512-1
- SUSE-SU-2020:3513-1
- SUSE-SU-2020:3514-1
- SUSE-SU-2020:3522-1
- SUSE-SU-2020:3532-1
- SUSE-SU-2020:3544-1
- SUSE-SU-2020:3648-1
- SUSE-SU-2020:3651-1
- SUSE-SU-2020:3656-1
- SUSE-SU-2020:3670-1
- SUSE-SU-2020:3713-1
- SUSE-SU-2020:3715-1
- SUSE-SU-2021:0347-1
- SUSE-SU-2021:0353-1
- SUSE-SU-2021:0354-1
- SUSE-SU-2021:0427-1
- SUSE-SU-2021:0434-1
- SUSE-SU-2021:0437-1
- SUSE-SU-2021:0438-1
- SUSE-SU-2021:0452-1
- SUSE-SU-2021:0835-1
- SUSE-SU-2021:1074-1
- SUSE-SU-2021:1148-1
- SUSE-SU-2022:2077-1
- SUSE-SU-2022:2078-1
- SUSE-SU-2022:2079-1
- SUSE-SU-2022:2080-1
- SUSE-SU-2022:2082-1
- SUSE-SU-2022:2103-1
- SUSE-SU-2022:2104-1
- SUSE-SU-2022:2111-1
- SUSE-SU-2022:2116-1
- SUSE-SU-2022:2172-1
- SUSE-SU-2022:2173-1
- SUSE-SU-2022:2177-1
- SUSE-SU-2022:2377-1
- SUSE-SU-2022:2382-1
- SUSE-SU-2022:2393-1
- SUSE-SU-2022:2407-1
- SUSE-SU-2022:2629-1
- SUSE-SU-2022:4561-1
- SUSE-SU-2022:4611-1
- SUSE-SU-2023:4625-1
- SUSE-SU-2023:4936-1
- USN-4367-1
- USN-4369-1
- USN-4414-1
- USN-4425-1
- USN-4427-1
- USN-4439-1
- USN-4440-1
- USN-4483-1
- USN-4484-1
- USN-4526-1
- USN-4576-1
- USN-4578-1
- USN-4626-1
- USN-4627-1
- USN-4628-1
- USN-4628-3
- USN-4657-1
- USN-4658-1
- USN-4660-1
- USN-4752-1
- USN-4912-1
- USN-5070-1
- USN-5106-1
- USN-5120-1
- USN-5210-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 4.14.35-2025.402.2.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 4.14.35-2025.402.2.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 4.14.35-2025.402.2.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools | < 4.14.35-2025.402.2.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs | < 4.14.35-2025.402.2.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs-devel | < 4.14.35-2025.402.2.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | oraclelinux | kernel-uek-headers | < 4.14.35-2025.402.2.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 4.14.35-2025.402.2.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 4.14.35-2025.402.2.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 4.14.35-2025.402.2.1.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 4.14.35-2025.402.2.1.el7uek | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |