[ELSA-2020-5996] Unbreakable Enterprise kernel security update
[5.4.17-2036.101.2uek]
- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187738] {CVE-2020-28974}
- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177966]
- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}
- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159053]
- net/rds: rds_ib_remove_one() accesses freed memory (Ka-Cheong Poon) [Orabug: 32213896]
- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159973]
- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159973]
- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005752]
- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005752]
- arm64:uek/config: Enable ZONE_DMA config (Vijay Kumar) [Orabug: 31970521]
- Revert 'arm64/dts: Serial console fix for RPi4' (Vijay Kumar) [Orabug: 31970521]
- uek-rpm: aarch64: enable CONFIG_ACPI_APEI_EINJ (Dave Kleikamp) [Orabug: 32182237]
- NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (Dai Ngo) [Orabug: 32177992]
- NFSD: Fix use-after-free warning when doing inter-server copy (Dai Ngo) [Orabug: 32177992]
- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177543]
[5.4.17-2036.101.1uek]
- uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32161425]
- platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32161425]
- platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32161425]
- platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32161425]
- IB/mlx4: Convert rej_tmout radix-tree to XArray (Hakon Bugge) [Orabug: 32136895]
- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136895]
- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136895]
- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136895]
- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136895]
- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136895]
- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136895]
- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin) [Orabug: 32131172] {CVE-2020-25704}
- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656} {CVE-2020-25656}
- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656}
- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122725] {CVE-2020-25668}
- NFSv4.2: Fix NFS4ERR_STALE error when doing inter server copy (Dai Ngo) [Orabug: 31879682]
[5.4.17-2036.101.0uek]
- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152142]
- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152142]
- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakex (Ankur Arora) [Orabug: 32143850]
- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32143850]
- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32143850]
- mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32143850]
- x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32143850]
- x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32143850]
- perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32143850]
- x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32143850]
- x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32143850]
- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32137996]
- cifs: handle empty list of targets in cifs_reconnect() (Paulo Alcantara) [Orabug: 32124750]
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (Paulo Alcantara) [Orabug: 32124750]
- rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113472]
- net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095959]
- uek-rpm: aarch64: increase CONFIG_NODES_SHIFT from 3 to 6 (Dave Kleikamp) [Orabug: 32075923]
- rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 32072247]
- rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32072245]
- rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert 'UEK6 compiler warning for /net/rds/send.c' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32048971]
- x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32048971]
- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32048971]
- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32048971]
- x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32048971]
- ocfs2: fix remounting needed after setfacl command (Gang He) [Orabug: 32042684]
- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042517]
- net/rds: Refactor sendmsg ancillary data processing (Ka-Cheong Poon) [Orabug: 32027845]
- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021285] {CVE-2020-12352}
- ima: Use ima_hash_algo for collision detection in the measurement list (Roberto Sassu) [Orabug: 31973040]
- ima: Calculate and extend PCR with digests in ima_template_entry (Roberto Sassu) [Orabug: 31973040]
- ima: Allocate and initialize tfm for each PCR bank (Roberto Sassu) [Orabug: 31973040]
- ima: Switch to dynamically allocated buffer for template digests (Roberto Sassu) [Orabug: 31973040]
- ima: Store template digest directly in ima_template_entry (Roberto Sassu) [Orabug: 31973040]
- scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (James Smart) [Orabug: 31598148]
- net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113840]
- A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095766]
- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695}
- ID
- ELSA-2020-5996
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-5996.html
- Published
-
2020-12-15T00:00:00
(3 years ago) - Modified
-
2020-12-15T00:00:00
(3 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
- ALAS-2020-1446
- ALAS-2021-1461
- ALAS2-2020-1556
- ALAS2-2020-1566
- ALPINE:CVE-2020-8694
- ALSA-2021:1578
- ALSA-2021:3027
- ALSA-2022:5316
- ALSA-2024:3138
- ASA-202010-2
- ASA-202010-3
- ASA-202010-4
- ASA-202010-9
- ASA-202011-10
- DSA-4774-1
- ELSA-2020-4276
- ELSA-2020-4286
- ELSA-2020-5083
- ELSA-2020-5085
- ELSA-2020-5913
- ELSA-2020-5914
- ELSA-2020-5917
- ELSA-2020-5923
- ELSA-2020-5924
- ELSA-2020-5926
- ELSA-2020-5995
- ELSA-2021-0856
- ELSA-2021-1578
- ELSA-2021-3027
- ELSA-2021-3028
- ELSA-2021-9001
- ELSA-2021-9002
- ELSA-2021-9009
- ELSA-2021-9043
- ELSA-2021-9346
- ELSA-2022-0063
- ELSA-2022-5316
- ELSA-2024-3138
- FEDORA-2020-14fda1bf85
- FEDORA-2020-1afbe7ba2d
- FEDORA-2020-2c8824c6b1
- FEDORA-2020-98ccae320c
- FEDORA-2020-ad980d282f
- FEDORA-2020-ce117eff51
- FEDORA-2020-d5941ea479
- FEDORA-2020-e211716d08
- FEDORA-2020-e288acda9a
- GLSA-202011-06
- MS:CVE-2020-25656
- MS:CVE-2020-25704
- MS:CVE-2020-28915
- MS:CVE-2020-28974
- openSUSE-SU-2020:1682-1
- openSUSE-SU-2020:1698-1
- openSUSE-SU-2020:1783-1
- openSUSE-SU-2020:1844-1
- openSUSE-SU-2020:1906-1
- openSUSE-SU-2020:2034-1
- openSUSE-SU-2020:2075-1
- openSUSE-SU-2020:2098-1
- openSUSE-SU-2020:2112-1
- openSUSE-SU-2020:2161-1
- openSUSE-SU-2020:2193-1
- openSUSE-SU-2020:2260-1
- openSUSE-SU-2021:0242-1
- openSUSE-SU-2021:1975-1
- openSUSE-SU-2021:1977-1
- RHSA-2020:4276
- RHSA-2020:4280
- RHSA-2020:4286
- RHSA-2020:4289
- RHSA-2020:5083
- RHSA-2020:5085
- RHSA-2021:0856
- RHSA-2021:0857
- RHSA-2021:1578
- RHSA-2021:1739
- RHSA-2021:3027
- RHSA-2021:3028
- RHSA-2022:0063
- RHSA-2022:0065
- RHSA-2022:5316
- RHSA-2022:5344
- RHSA-2024:2950
- RHSA-2024:3138
- RLSA-2022:5316
- RLSA-2024:3138
- SSA:2020-295-01
- SUSE-SU-2020:2972-1
- SUSE-SU-2020:2980-1
- SUSE-SU-2020:2981-1
- SUSE-SU-2020:3049-1
- SUSE-SU-2020:3050-1
- SUSE-SU-2020:3051-1
- SUSE-SU-2020:3052-1
- SUSE-SU-2020:3088-1
- SUSE-SU-2020:3271-1
- SUSE-SU-2020:3272-1
- SUSE-SU-2020:3273-1
- SUSE-SU-2020:3274-1
- SUSE-SU-2020:3275-1
- SUSE-SU-2020:3276-1
- SUSE-SU-2020:3279-1
- SUSE-SU-2020:3281-1
- SUSE-SU-2020:3326-1
- SUSE-SU-2020:3372-1
- SUSE-SU-2020:3373-1
- SUSE-SU-2020:3374-1
- SUSE-SU-2020:3457-1
- SUSE-SU-2020:3484-1
- SUSE-SU-2020:3491-1
- SUSE-SU-2020:3501-1
- SUSE-SU-2020:3503-1
- SUSE-SU-2020:3507-1
- SUSE-SU-2020:3512-1
- SUSE-SU-2020:3513-1
- SUSE-SU-2020:3514-1
- SUSE-SU-2020:3522-1
- SUSE-SU-2020:3532-1
- SUSE-SU-2020:3544-1
- SUSE-SU-2020:3648-1
- SUSE-SU-2020:3651-1
- SUSE-SU-2020:3670-1
- SUSE-SU-2020:3690-1
- SUSE-SU-2020:3698-1
- SUSE-SU-2020:3713-1
- SUSE-SU-2020:3714-1
- SUSE-SU-2020:3715-1
- SUSE-SU-2020:3717-1
- SUSE-SU-2020:3718-1
- SUSE-SU-2020:3748-1
- SUSE-SU-2020:3764-1
- SUSE-SU-2020:3766-1
- SUSE-SU-2020:3798-1
- SUSE-SU-2021:0434-1
- SUSE-SU-2021:0437-1
- SUSE-SU-2021:0438-1
- SUSE-SU-2021:0452-1
- SUSE-SU-2021:1176-1
- SUSE-SU-2021:1573-1
- SUSE-SU-2021:1596-1
- SUSE-SU-2021:1623-1
- SUSE-SU-2021:1624-1
- SUSE-SU-2021:1975-1
- SUSE-SU-2021:1977-1
- SUSE-SU-2023:4625-1
- SUSE-SU-2023:4936-1
- USN-4591-1
- USN-4592-1
- USN-4626-1
- USN-4627-1
- USN-4628-1
- USN-4628-3
- USN-4657-1
- USN-4658-1
- USN-4659-1
- USN-4660-1
- USN-4679-1
- USN-4680-1
- USN-4681-1
- USN-4683-1
- USN-4710-1
- USN-4711-1
- USN-4751-1
- USN-4752-1
- XSA-332
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2020-5996 | https://linux.oracle.com/errata/ELSA-2020-5996.html | |
CVE | CVE-2020-12352 | https://linux.oracle.com/cve/CVE-2020-12352.html | |
CVE | CVE-2020-8694 | https://linux.oracle.com/cve/CVE-2020-8694.html | |
CVE | CVE-2020-8695 | https://linux.oracle.com/cve/CVE-2020-8695.html | |
CVE | CVE-2020-25656 | https://linux.oracle.com/cve/CVE-2020-25656.html | |
CVE | CVE-2020-27673 | https://linux.oracle.com/cve/CVE-2020-27673.html | |
CVE | CVE-2020-25668 | https://linux.oracle.com/cve/CVE-2020-25668.html | |
CVE | CVE-2020-25704 | https://linux.oracle.com/cve/CVE-2020-25704.html | |
CVE | CVE-2020-28915 | https://linux.oracle.com/cve/CVE-2020-28915.html | |
CVE | CVE-2020-28974 | https://linux.oracle.com/cve/CVE-2020-28974.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-8 | oraclelinux | kernel-uek | < 5.4.17-2036.101.2.el8uek | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools | < 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs | < 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-8 | oraclelinux | kernel-uek-doc | < 5.4.17-2036.101.2.el8uek | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-8 | oraclelinux | kernel-uek-devel | < 5.4.17-2036.101.2.el8uek | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-8 | oraclelinux | kernel-uek-debug | < 5.4.17-2036.101.2.el8uek | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-8 | oraclelinux | kernel-uek-debug-devel | < 5.4.17-2036.101.2.el8uek | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 5.4.17-2036.101.2.el7uek | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |