[ELSA-2020-5996] Unbreakable Enterprise kernel security update
[5.4.17-2036.101.2uek]
- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187738] {CVE-2020-28974}
- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177966]
- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}
- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159053]
- net/rds: rds_ib_remove_one() accesses freed memory (Ka-Cheong Poon) [Orabug: 32213896]
- hv_netvsc: make recording RSS hash depend on feature flag (Stephen Hemminger) [Orabug: 32159973]
- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 32159973]
- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005752]
- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005752]
- arm64:uek/config: Enable ZONE_DMA config (Vijay Kumar) [Orabug: 31970521]
- Revert 'arm64/dts: Serial console fix for RPi4' (Vijay Kumar) [Orabug: 31970521]
- uek-rpm: aarch64: enable CONFIG_ACPI_APEI_EINJ (Dave Kleikamp) [Orabug: 32182237]
- NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (Dai Ngo) [Orabug: 32177992]
- NFSD: Fix use-after-free warning when doing inter-server copy (Dai Ngo) [Orabug: 32177992]
- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: add a new 'late EOI' evtchn framework (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177543]
[5.4.17-2036.101.1uek]
- uek-rpm: Enable Intel Speed Select Technology interface support (Somasundaram Krishnasamy) [Orabug: 32161425]
- platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 32161425]
- platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) [Orabug: 32161425]
- platform/x86: ISST: Allow additional core-power mailbox commands (Srinivas Pandruvada) [Orabug: 32161425]
- IB/mlx4: Convert rej_tmout radix-tree to XArray (Hakon Bugge) [Orabug: 32136895]
- IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136895]
- IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136895]
- IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136895]
- IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136895]
- IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136895]
- IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136895]
- perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin) [Orabug: 32131172] {CVE-2020-25704}
- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656} {CVE-2020-25656}
- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122948] {CVE-2020-25656}
- tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122725] {CVE-2020-25668}
- NFSv4.2: Fix NFS4ERR_STALE error when doing inter server copy (Dai Ngo) [Orabug: 31879682]
[5.4.17-2036.101.0uek]
- hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152142]
- hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152142]
- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakex (Ankur Arora) [Orabug: 32143850]
- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) [Orabug: 32143850]
- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur Arora) [Orabug: 32143850]
- mm, clear_huge_page: use clear_page_uncached() for gigantic pages (Ankur Arora) [Orabug: 32143850]
- x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32143850]
- x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32143850]
- perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32143850]
- x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32143850]
- x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32143850]
- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32137996]
- cifs: handle empty list of targets in cifs_reconnect() (Paulo Alcantara) [Orabug: 32124750]
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (Paulo Alcantara) [Orabug: 32124750]
- rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113472]
- net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095959]
- uek-rpm: aarch64: increase CONFIG_NODES_SHIFT from 3 to 6 (Dave Kleikamp) [Orabug: 32075923]
- rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 32072247]
- rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32072245]
- rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert 'RDS: Drop the connection as part of cancel to avoid hangs' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert 'rds: fix warning in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert 'rds: Use correct conn when dropping connections due to cancel' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert 'rds: prevent use-after-free of rds conn in rds_send_drop_to()' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert 'rds: Use bitmap to designate dropped connections' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert 'UEK6 compiler warning for /net/rds/send.c' (Hakon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32048971]
- x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32048971]
- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32048971]
- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32048971]
- x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32048971]
- ocfs2: fix remounting needed after setfacl command (Gang He) [Orabug: 32042684]
- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042517]
- net/rds: Refactor sendmsg ancillary data processing (Ka-Cheong Poon) [Orabug: 32027845]
- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021285] {CVE-2020-12352}
- ima: Use ima_hash_algo for collision detection in the measurement list (Roberto Sassu) [Orabug: 31973040]
- ima: Calculate and extend PCR with digests in ima_template_entry (Roberto Sassu) [Orabug: 31973040]
- ima: Allocate and initialize tfm for each PCR bank (Roberto Sassu) [Orabug: 31973040]
- ima: Switch to dynamically allocated buffer for template digests (Roberto Sassu) [Orabug: 31973040]
- ima: Store template digest directly in ima_template_entry (Roberto Sassu) [Orabug: 31973040]
- scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (James Smart) [Orabug: 31598148]
- net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113840]
- A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095766]
- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695}
- ID
- ELSA-2020-5996
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-5996.html
- Published
-
2020-12-15T00:00:00
(3 years ago) - Modified
-
2020-12-15T00:00:00
(3 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
-
ALAS-2020-1446
-
ALAS-2021-1461
-
ALAS2-2020-1556
-
ALAS2-2020-1566
-
ALPINE:CVE-2020-8694
-
ALSA-2021:1578
-
ALSA-2021:3027
-
ALSA-2022:5316
-
ALSA-2024:3138
-
ASA-202010-2
-
ASA-202010-3
-
ASA-202010-4
-
ASA-202010-9
-
ASA-202011-10
-
DSA-4774-1
-
ELSA-2020-4276
-
ELSA-2020-4286
-
ELSA-2020-5083
-
ELSA-2020-5085
-
ELSA-2020-5913
-
ELSA-2020-5914
-
ELSA-2020-5917
-
ELSA-2020-5923
-
ELSA-2020-5924
-
ELSA-2020-5926
-
ELSA-2020-5995
-
ELSA-2021-0856
-
ELSA-2021-1578
-
ELSA-2021-3027
-
ELSA-2021-3028
-
ELSA-2021-9001
-
ELSA-2021-9002
-
ELSA-2021-9009
-
ELSA-2021-9043
-
ELSA-2021-9346
-
ELSA-2022-0063
-
ELSA-2022-5316
-
ELSA-2024-3138
-
FEDORA-2020-14fda1bf85
-
FEDORA-2020-1afbe7ba2d
-
FEDORA-2020-2c8824c6b1
-
FEDORA-2020-98ccae320c
-
FEDORA-2020-ad980d282f
-
FEDORA-2020-ce117eff51
-
FEDORA-2020-d5941ea479
-
FEDORA-2020-e211716d08
-
FEDORA-2020-e288acda9a
-
GLSA-202011-06
-
MS:CVE-2020-25656
-
MS:CVE-2020-25704
-
MS:CVE-2020-28915
-
MS:CVE-2020-28974
-
openSUSE-SU-2020:1682-1
-
openSUSE-SU-2020:1698-1
-
openSUSE-SU-2020:1783-1
-
openSUSE-SU-2020:1844-1
-
openSUSE-SU-2020:1906-1
-
openSUSE-SU-2020:2034-1
-
openSUSE-SU-2020:2075-1
-
openSUSE-SU-2020:2098-1
-
openSUSE-SU-2020:2112-1
-
openSUSE-SU-2020:2161-1
-
openSUSE-SU-2020:2193-1
-
openSUSE-SU-2020:2260-1
-
openSUSE-SU-2021:0242-1
-
openSUSE-SU-2021:1975-1
-
openSUSE-SU-2021:1977-1
-
RHSA-2020:4276
-
RHSA-2020:4280
-
RHSA-2020:4286
-
RHSA-2020:4289
-
RHSA-2020:5083
-
RHSA-2020:5085
-
RHSA-2021:0856
-
RHSA-2021:0857
-
RHSA-2021:1578
-
RHSA-2021:1739
-
RHSA-2021:3027
-
RHSA-2021:3028
-
RHSA-2022:0063
-
RHSA-2022:0065
-
RHSA-2022:5316
-
RHSA-2022:5344
-
RHSA-2024:2950
-
RHSA-2024:3138
-
RLSA-2022:5316
-
RLSA-2024:3138
-
SSA:2020-295-01
-
SUSE-SU-2020:2972-1
-
SUSE-SU-2020:2980-1
-
SUSE-SU-2020:2981-1
-
SUSE-SU-2020:3049-1
-
SUSE-SU-2020:3050-1
-
SUSE-SU-2020:3051-1
-
SUSE-SU-2020:3052-1
-
SUSE-SU-2020:3088-1
-
SUSE-SU-2020:3271-1
-
SUSE-SU-2020:3272-1
-
SUSE-SU-2020:3273-1
-
SUSE-SU-2020:3274-1
-
SUSE-SU-2020:3275-1
-
SUSE-SU-2020:3276-1
-
SUSE-SU-2020:3279-1
-
SUSE-SU-2020:3281-1
-
SUSE-SU-2020:3326-1
-
SUSE-SU-2020:3372-1
-
SUSE-SU-2020:3373-1
-
SUSE-SU-2020:3374-1
-
SUSE-SU-2020:3457-1
-
SUSE-SU-2020:3484-1
-
SUSE-SU-2020:3491-1
-
SUSE-SU-2020:3501-1
-
SUSE-SU-2020:3503-1
-
SUSE-SU-2020:3507-1
-
SUSE-SU-2020:3512-1
-
SUSE-SU-2020:3513-1
-
SUSE-SU-2020:3514-1
-
SUSE-SU-2020:3522-1
-
SUSE-SU-2020:3532-1
-
SUSE-SU-2020:3544-1
-
SUSE-SU-2020:3648-1
-
SUSE-SU-2020:3651-1
-
SUSE-SU-2020:3670-1
-
SUSE-SU-2020:3690-1
-
SUSE-SU-2020:3698-1
-
SUSE-SU-2020:3713-1
-
SUSE-SU-2020:3714-1
-
SUSE-SU-2020:3715-1
-
SUSE-SU-2020:3717-1
-
SUSE-SU-2020:3718-1
-
SUSE-SU-2020:3748-1
-
SUSE-SU-2020:3764-1
-
SUSE-SU-2020:3766-1
-
SUSE-SU-2020:3798-1
-
SUSE-SU-2021:0434-1
-
SUSE-SU-2021:0437-1
-
SUSE-SU-2021:0438-1
-
SUSE-SU-2021:0452-1
-
SUSE-SU-2021:1176-1
-
SUSE-SU-2021:1573-1
-
SUSE-SU-2021:1596-1
-
SUSE-SU-2021:1623-1
-
SUSE-SU-2021:1624-1
-
SUSE-SU-2021:1975-1
-
SUSE-SU-2021:1977-1
-
SUSE-SU-2023:4625-1
-
SUSE-SU-2023:4936-1
-
USN-4591-1
-
USN-4592-1
-
USN-4626-1
-
USN-4627-1
-
USN-4628-1
-
USN-4628-3
-
USN-4657-1
-
USN-4658-1
-
USN-4659-1
-
USN-4660-1
-
USN-4679-1
-
USN-4680-1
-
USN-4681-1
-
USN-4683-1
-
USN-4710-1
-
USN-4711-1
-
USN-4751-1
-
USN-4752-1
-
XSA-332
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2020-5996 |
|
|
| CVE | CVE-2020-12352 |
|
|
| CVE | CVE-2020-8694 |
|
|
| CVE | CVE-2020-8695 |
|
|
| CVE | CVE-2020-25656 |
|
|
| CVE | CVE-2020-27673 |
|
|
| CVE | CVE-2020-25668 |
|
|
| CVE | CVE-2020-25704 |
|
|
| CVE | CVE-2020-28915 |
|
|
| CVE | CVE-2020-28974 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux |
 python-perf
|
< 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux |
perf
|
< 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-8 | oraclelinux |
kernel-uek
|
< 5.4.17-2036.101.2.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux |
kernel-uek
|
< 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux |
kernel-uek-tools
|
< 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux |
kernel-uek-tools-libs
|
< 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-8 | oraclelinux |
kernel-uek-doc
|
< 5.4.17-2036.101.2.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux |
kernel-uek-doc
|
< 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-8 | oraclelinux |
kernel-uek-devel
|
< 5.4.17-2036.101.2.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-devel
|
< 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-8 | oraclelinux |
kernel-uek-debug
|
< 5.4.17-2036.101.2.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug
|
< 5.4.17-2036.101.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-8 | oraclelinux |
kernel-uek-debug-devel
|
< 5.4.17-2036.101.2.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug-devel
|
< 5.4.17-2036.101.2.el7uek | oraclelinux-7 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |