[ELSA-2020-5924] Unbreakable Enterprise kernel-container security update
[4.14.35-2025.402.2.1.el7]
- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug:
32040805] {CVE-2020-8694} {CVE-2020-8695}
[4.14.35-2025.402.2.el7]
- ocfs2: fix remounting needed after setfacl command (Gang He)
- Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770]
- drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349]
- i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050]
- bnxt: Corrects warning: 'struct tc_cls_flower_offload' (John Donnelly) [Orabug: 32041757]
- SCSI: Corrects 'ret' not used warning (John Donnelly) [Orabug: 32041763]
- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520]
- qed: Corrects warning: 'qed_iwarp_ll2_slowpath' defined but not used (John Donnelly) [Orabug: 32052276]
[4.14.35-2025.402.1.el7]
- configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427]
- IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31596798]
- hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643}
- uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303]
- SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341]
- geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645}
- nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898]
- xfs: fix warning: unused variable 'sb' (John Donnelly) [Orabug: 32010343]
- nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357]
- nvme: Corrects warning: unused variable 'startka' (John Donnelly) [Orabug: 32010357]
- uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273]
- arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273]
- ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790]
- rds: fixes warning: unused variable 'cache_sz_k' (John Donnelly) [Orabug: 32008320]
- panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003]
- uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118]
- certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118]
- certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118]
- certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541}
- Revert 'l2tp: initialise PPP sessions before registering them' (George Kennedy) [Orabug: 31906205]
- btrfs: Don't submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377}
- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448}
- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385}
- net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603]
- mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31907603]
- mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603]
- mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603]
- ghes: Corrects: warning: unused variable 'vaddr' -Wunused-variable [Orabug: 31995830]
- ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830]
- blk-mq: warning: unused variable 'ctx' (John Donnelly) [Orabug: 31996284]
- x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336]
[4.14.35-2025.402.0.el7]
- nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089}
- efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380}
- RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865]
- rds: Revert 'Disable module unload by default' (Hans Westgaard Ry) [Orabug: 31503865]
- rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372]
- EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136]
- EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136]
- mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346]
- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765]
- KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765]
- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765]
- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765]
- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356}
- bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453]
- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211}
- vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}
- fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}
- KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096]
- Revert 'usb: xhci: do not create and register shared_hcd when USB3.0 is disabled' (Thomas Tai) [Orabug: 31943628]
- uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869]
- block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641}
- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 | < 4.14.35-2025.402.2.1.el7 |
- ID
- ELSA-2020-5924
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-5924.html
- Published
-
2020-11-12T00:00:00
(3 years ago) - Modified
-
2020-11-12T00:00:00
(3 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
- ALAS-2021-1461
- ALAS2-2020-1566
- ALPINE:CVE-2020-8694
- ALSA-2021:3027
- ASA-202011-10
- ELSA-2020-5083
- ELSA-2020-5085
- ELSA-2020-5913
- ELSA-2020-5914
- ELSA-2020-5917
- ELSA-2020-5923
- ELSA-2020-5926
- ELSA-2020-5995
- ELSA-2020-5996
- ELSA-2021-3027
- ELSA-2021-3028
- FEDORA-2020-14fda1bf85
- FEDORA-2020-1afbe7ba2d
- FEDORA-2020-2c8824c6b1
- FEDORA-2020-d5941ea479
- openSUSE-SU-2020:1906-1
- openSUSE-SU-2020:2075-1
- openSUSE-SU-2020:2098-1
- openSUSE-SU-2020:2112-1
- openSUSE-SU-2021:0242-1
- RHSA-2020:5083
- RHSA-2020:5085
- RHSA-2021:3027
- RHSA-2021:3028
- SUSE-SU-2020:3271-1
- SUSE-SU-2020:3272-1
- SUSE-SU-2020:3273-1
- SUSE-SU-2020:3274-1
- SUSE-SU-2020:3275-1
- SUSE-SU-2020:3276-1
- SUSE-SU-2020:3279-1
- SUSE-SU-2020:3326-1
- SUSE-SU-2020:3372-1
- SUSE-SU-2020:3373-1
- SUSE-SU-2020:3374-1
- SUSE-SU-2020:3457-1
- SUSE-SU-2020:3484-1
- SUSE-SU-2020:3501-1
- SUSE-SU-2020:3503-1
- SUSE-SU-2020:3512-1
- SUSE-SU-2020:3513-1
- SUSE-SU-2020:3514-1
- SUSE-SU-2020:3522-1
- SUSE-SU-2020:3532-1
- SUSE-SU-2020:3544-1
- SUSE-SU-2020:3651-1
- SUSE-SU-2020:3670-1
- SUSE-SU-2020:3713-1
- SUSE-SU-2020:3715-1
- SUSE-SU-2023:4625-1
- SUSE-SU-2023:4936-1
- USN-4626-1
- USN-4627-1
- USN-4628-1
- USN-4628-3
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2020-5924 | https://linux.oracle.com/errata/ELSA-2020-5924.html | |
CVE | CVE-2020-8695 | https://linux.oracle.com/cve/CVE-2020-8695.html | |
CVE | CVE-2020-8694 | https://linux.oracle.com/cve/CVE-2020-8694.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 | oraclelinux | kernel-uek-container | < 4.14.35-2025.402.2.1.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |