[ELSA-2021-0558] kernel security, bug fix, and enhancement update
[4.18.0-240.15.1_3.OL8]
- Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7
[4.18.0-240.15.1_3]
- [x86] kvm: svm: Initialize prev_ga_tag before use (Vitaly Kuznetsov) [1919885 1909254]
- [net] tls: move mark_tech_preview to tls_init (Sabrina Dubroca) [1918743 1907477]
- [video] hyperv_fb: Fix the cache type when mapping the VRAM (Mohammed Gamal) [1917711 1908893]
- [video] hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (Mohammed Gamal) [1917711 1908893]
- [net] esp: select CRYPTO_SEQIV (Vladis Dronov) [1912872 1905088]
- [crypto] treewide: Use fallthrough pseudo-keyword (Vladis Dronov) [1912872 1905088]
- [crypto] crypto: drbg - always try to free Jitter RNG instance (Vladis Dronov) [1912872 1905088]
- [crypto] crypto: drbg - should select CTR (Vladis Dronov) [1912872 1905088]
- [crypto] crypto: ctr - no longer needs CRYPTO_SEQIV (Vladis Dronov) [1912872 1905088]
- [crypto] crypto: drbg - always seeded with SP800-90B compliant noise source (Vladis Dronov) [1912872 1905088]
- [crypto] crypto: jitter - SP800-90B compliance (Vladis Dronov) [1912872 1905088]
- [crypto] crypto: jitter - add header to fix buildwarnings (Vladis Dronov) [1912872 1905088]
- [crypto] crypto: jitter - fix comments (Vladis Dronov) [1912872 1905088]
- [crypto] crypto: jitter - update implementation to 2.1.2 (Vladis Dronov) [1912872 1905088]
- [crypto] crypto: drbg - in-place cipher operation for CTR (Vladis Dronov) [1912872 1905088]
- [crypto] crypto: drbg - eliminate constant reinitialization of SGL (Vladis Dronov) [1912872 1905088]
- [netdrv] ionic: start queues before announcing link up (Jonathan Toppins) [1918372 1906250]
- [drm] drm/i915: Enable Tigerlake support by default (Lyude Paul) [1882620 1877005]
- [drm] drm/i915: Simplify intel_set_cdclk_{pre, post}_plane_update() calling convention (Lyude Paul) [1882620 1877005]
- [drm] drm/i915/psr: Program default IO buffer Wake and Fast Wake (Lyude Paul) [1882620 1877005]
- [kernel] rcu: Force on tick when invoking lots of callbacks (Waiman Long) [1915638 1862812]
- [kernel] nohz: Add TICK_DEP_BIT_RCU (Waiman Long) [1915638 1862812]
- [pci] PCI: Mark AMD Navi10 GPU rev 0x00 ATS as broken (Myron Stowe) [1906516 1888310]
[4.18.0-240.14.1_3]
- [netdrv] net: usb: lan78xx: Disable interrupts before calling generic_handle_irq() (Waiman Long) [1915814 1904213]
- [mm] x86/mm/cpa: Prevent large page split when ftrace flips RW on kernel text (Waiman Long) [1915814 1904213]
- [mm] x86/mm/cpa: Fix cpa_flush_array() TLB invalidation (Waiman Long) [1915814 1904213]
- [hv] hv: vmbus: Add timeout to vmbus_wait_for_unload (Mohammed Gamal) [1913528 1888980]
- [kernel] perf/core: Fix race in the perf_mmap_close() function (Michael Petlan) [1897016 1869925] {CVE-2020-14351}
- [kernel] perf: Make struct ring_buffer less ambiguous (Michael Petlan) [1897016 1869925] {CVE-2020-14351}
- [tty] tty: Fix ->pgrp locking in tiocspgrp() (Waiman Long) [1908196 1908197] {CVE-2020-29661}
- [x86] x86/tboot: Don't disable swiotlb when iommu is forced on (Tony Camuso) [1911555 1883395]
- [iommu] iommu/vt-d: Avoid panic if iommu init fails in tboot system (Tony Camuso) [1911555 1883395]
- [kernel] sched/deadline: Fix priority inheritance with multiple scheduling classes (Phil Auld) [1908731 1780490]
- [kernel] locking/rwsem: Remove reader optimistic spinning (Waiman Long) [1908519 1895046]
- [kernel] locking/rwsem: Enable reader optimistic lock stealing (Waiman Long) [1908519 1895046]
- [kernel] locking/rwsem: Prevent potential lock starvation (Waiman Long) [1908519 1895046]
- [kernel] locking/rwsem: Pass the current atomic count to rwsem_down_read_slowpath() (Waiman Long) [1908519 1895046]
- [kernel] locking/rwsem: Fold __down_{read,write}*() (Waiman Long) [1908519 1895046]
- [kernel] locking/rwsem: Introduce rwsem_write_trylock() (Waiman Long) [1908519 1895046]
- [kernel] locking/rwsem: Better collate rwsem_read_trylock() (Waiman Long) [1908519 1895046]
- [kernel] rwsem: Implement down_read_interruptible (Waiman Long) [1908519 1895046]
- [kernel] rwsem: Implement down_read_killable_nested (Waiman Long) [1908519 1895046]
- [firmware] efi/esrt: Only call efi_mem_reserve() for boot services memory (Kairui Song) [1907775 1878024]
- [firmware] efi: Drop type and attribute checks in efi_mem_desc_lookup() (Kairui Song) [1907775 1878024]
- [scsi] scsi: core: Don't start concurrent async scan on same host (Ming Lei) [1905214 1874501]
[4.18.0-240.13.1_3]
- [arm64] arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (Andrew Jones) [1909577 1908439]
- [arm64] arm64: pgtable: Fix pte_accessible() (Andrew Jones) [1909577 1908439]
- [net] icmp: randomize the global rate limiter (Guillaume Nault) [1906371 1896516] {CVE-2020-25705}
- [tools] kvm: x86: do not attempt TSC synchronization on guest writes (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: x86: fix MSR_IA32_TSC read for nested migration (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: nsvm: delay MSR permission processing to first nested VM run (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: x86: rename KVM_REQ_GET_VMCS12_PAGES (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: svm: use __GFP_ZERO instead of clear_page (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: svm: refactor msr permission bitmap allocation (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: svm: rename a variable in the svm_create_vcpu (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: nsvm: Avoid freeing uninitialized pointers in svm_set_nested_state() (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: svm: nested: Don't allocate VMCB structures on stack (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: nsvm: more strict SMM checks when returning to nested guest (Paolo Bonzini) [1905084 1898018]
- [x86] svm: nsvm: setup nested msr permission bitmap on nested state load (Paolo Bonzini) [1905084 1898018]
- [x86] svm: nsvm: correctly restore GIF on vmexit from nesting after migration (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: svm: avoid emulation with stale next_rip (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: nsvm: remove nonsensical EXITINFO1 adjustment on nested NPF (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: svm: Rename svm_nested_virtualize_tpr() to nested_svm_virtualize_tpr() (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: svm: Add svm_ prefix to set/clr/is_intercept() (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: svm: Add vmcb_ prefix to mark_*() functions (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: svm: Rename struct nested_state to svm_nested_state (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: nsvm: Check that DR6[63:32] and DR7[64:32] are not set on vmrun of nested guests (Paolo Bonzini) [1905084 1898018]
- [x86] kvm: x86: Move the check for upper 32 reserved bits of DR6 to separate function (Paolo Bonzini) [1905084 1898018]
- [netdrv] net/mlx5e: Add IPv6 traffic class (DSCP) header rewrite support (Alaa Hleihel) [1897688 1889981]
- [netdrv] net/mlx5e: Fix endianness when calculating pedit mask first bit (Alaa Hleihel) [1897688 1889981]
- [net] openvswitch: fix to make sure flow_lookup() is not preempted (Eelco Chaudron) [1893281 1888237]
[4.18.0-240.12.1_3]
- [net] SUNRPC: Properly set the @subbuf parameter of xdr_buf_subsegment() (Steve Dickson) [1912478 1884361]
- [net] SUNRPC: Fix ('SUNRPC: Add '@len' parameter to gss_unwrap()') (Steve Dickson) [1912478 1884361]
- [mm] x86/ioremap: Map EFI runtime services data as encrypted for SEV (Lenny Szubowicz) [1909243 1883134]
- [kernel] sched/deadline: Unthrottle PI boosted threads while enqueuing (Daniel Bristot de Oliveira) [1913964 1869760]
- [kernel] sched/deadline: Fix stale throttling on de-/boosted tasks (Daniel Bristot de Oliveira) [1913964 1869760]
- [fs] NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (Scott Mayhew) [1908313 1881550]
- [fs] NFS: Fix interrupted slots by sending a solo SEQUENCE operation (Scott Mayhew) [1908312 1887577]
- [net] netfilter: bridge: reset skb->pkt_type after NF_INET_POST_ROUTING traversal (Antoine Tenart) [1907576 1901026]
- [powerpc] powerpc/powernv/opal-dump : Use IRQ_HANDLED instead of numbers in interrupt handler (Diego Domingos) [1907301 1891822]
- [powerpc] powerpc/powernv/dump: Handle multiple writes to ack attribute (Diego Domingos) [1907301 1891822]
- [powerpc] powerpc/powernv/dump: Fix race while processing OPAL dump (Diego Domingos) [1907301 1891822]
- [powerpc] powerpc/opal_elog: Handle multiple writes to ack attribute (Diego Domingos) [1907301 1891822]
- [powerpc] powerpc/powernv/elog: Fix race while processing OPAL error log event (Diego Domingos) [1907301 1891822]
- [block] block: fix incorrect branching in blk_max_size_offset() (Mike Snitzer) [1905136 1903722]
- [md] dm: fix IO splitting (Mike Snitzer) [1905136 1903722]
- [block] block: fix get_max_io_size() (Mike Snitzer) [1905136 1903722]
- [block] block: Improve physical block alignment of split bios (Mike Snitzer) [1905136 1903722]
- [block] block: use gcd() to fix chunk_sectors limit stacking (Mike Snitzer) [1905136 1903722]
- [netdrv] net/mlx5e: Add LAG warning if bond slave is not lag master (Alaa Hleihel) [1892344 1851709]
- [netdrv] net/mlx5e: Add LAG warning for unsupported tx type (Alaa Hleihel) [1892344 1851709]
- [netdrv] net/mlx5e: Return a valid errno if can't get lag device index (Alaa Hleihel) [1892344 1851709]
- [net] openvswitch: handle DNAT tuple collision (Dumitru Ceara) [1892744 1877128]
- [mm] mm/page_idle.c: skip offline pages (Chris von Recklinghausen) [1903019 1867490]
- [include] mm/hotplug: invalid PFNs from pfn_to_online_page() (Waiman Long) [1903019 1878006]
[4.18.0-240.11.1_3]
- [scsi] scsi: core: Return BLK_STS_AGAIN for ALUA transitioning (Ewan Milne) [1900112 1867264]
- [scsi] scsi: scsi_dh_alua: Set 'transitioning' state on Unit Attention (Ewan Milne) [1900112 1867264]
- [scsi] scsi: scsi_dh_alua: Return BLK_STS_AGAIN for ALUA transitioning state (Ewan Milne) [1900112 1867264]
- [block] scsi: block: Return status code in blk_mq_end_request() (Ewan Milne) [1900112 1867264]
- [include] compiler_attributes.h: Add 'fallthrough' pseudo keyword for switch/case use (Ivan Vecera) [1900112 1867168]
- [net] net: sctp: Rename fallthrough label to unhandled (Ivan Vecera) [1900112 1867168]
- [idle] intel_idle: Customize IceLake server support (David Arcari) [1897183 1881620]
- ID
- ELSA-2021-0558
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2021-0558.html
- Published
-
2021-02-17T00:00:00
(3 years ago) - Modified
-
2021-02-17T00:00:00
(3 years ago) - Rights
- Copyright 2021 Oracle, Inc.
- Other Advisories
-
-
ALAS-2021-1461
-
ALAS-2021-1477
-
ALAS2-2020-1566
-
ALAS2-2021-1588
-
ALSA-2021:0558
-
ASB-A-174737972
-
ASB-A-175451802
-
DSA-4843-1
-
ELSA-2021-0856
-
ELSA-2021-9002
-
ELSA-2021-9006
-
ELSA-2021-9007
-
ELSA-2021-9212
-
FEDORA-2020-b732958765
-
FEDORA-2020-bc0cc81a7a
-
MS:CVE-2020-14351
-
MS:CVE-2020-25705
-
MS:CVE-2020-29661
-
openSUSE-SU-2020:1906-1
-
openSUSE-SU-2020:2034-1
-
openSUSE-SU-2020:2112-1
-
openSUSE-SU-2020:2161-1
-
openSUSE-SU-2021:0060-1
-
openSUSE-SU-2021:0075-1
-
openSUSE-SU-2021:0242-1
-
RHSA-2021:0537
-
RHSA-2021:0558
-
RHSA-2021:0856
-
RHSA-2021:0857
-
RHSA-2021:0862
-
SUSE-SU-2020:3122-1
-
SUSE-SU-2020:3272-1
-
SUSE-SU-2020:3273-1
-
SUSE-SU-2020:3281-1
-
SUSE-SU-2020:3326-1
-
SUSE-SU-2020:3484-1
-
SUSE-SU-2020:3491-1
-
SUSE-SU-2020:3501-1
-
SUSE-SU-2020:3503-1
-
SUSE-SU-2020:3507-1
-
SUSE-SU-2020:3512-1
-
SUSE-SU-2020:3513-1
-
SUSE-SU-2020:3522-1
-
SUSE-SU-2020:3532-1
-
SUSE-SU-2020:3544-1
-
SUSE-SU-2020:3651-1
-
SUSE-SU-2020:3670-1
-
SUSE-SU-2020:3690-1
-
SUSE-SU-2020:3717-1
-
SUSE-SU-2020:3764-1
-
SUSE-SU-2021:0094-1
-
SUSE-SU-2021:0095-1
-
SUSE-SU-2021:0096-1
-
SUSE-SU-2021:0097-1
-
SUSE-SU-2021:0098-1
-
SUSE-SU-2021:0108-1
-
SUSE-SU-2021:0117-1
-
SUSE-SU-2021:0118-1
-
SUSE-SU-2021:0133-1
-
SUSE-SU-2021:0362-1
-
SUSE-SU-2021:0367-1
-
SUSE-SU-2021:0377-1
-
SUSE-SU-2021:0408-1
-
SUSE-SU-2021:0434-1
-
SUSE-SU-2021:0437-1
-
SUSE-SU-2021:0438-1
-
SUSE-SU-2021:0452-1
-
USN-4657-1
-
USN-4658-1
-
USN-4659-1
-
USN-4660-1
-
USN-4680-1
-
USN-4748-1
-
USN-4749-1
-
USN-4750-1
-
USN-4751-1
-
USN-4752-1
-
USN-4912-1
-
USN-5130-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2021-0558 |
|
|
| CVE | CVE-2020-29661 |
|
|
| CVE | CVE-2020-14351 |
|
|
| CVE | CVE-2020-25705 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-8.3 | oraclelinux |
 python3-perf
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-8.3 | oraclelinux |
perf
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-8.3 | oraclelinux |
kernel
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-8.3 | oraclelinux |
kernel-tools
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-8.3 | oraclelinux |
kernel-tools-libs
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-8.3 | oraclelinux |
kernel-tools-libs-devel
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-8.3 | oraclelinux |
kernel-modules
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-8.3 | oraclelinux |
kernel-modules-extra
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-8.3 | oraclelinux |
kernel-headers
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-8.3 | oraclelinux |
kernel-doc
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-8.3 | oraclelinux |
kernel-devel
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-8.3 | oraclelinux |
kernel-debug
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-8.3 | oraclelinux |
kernel-debug-modules
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-8.3 | oraclelinux |
kernel-debug-modules-extra
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-8.3 | oraclelinux |
kernel-debug-devel
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-8.3 | oraclelinux |
kernel-debug-core
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-8.3 | oraclelinux |
kernel-cross-headers
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-8.3 | oraclelinux |
kernel-core
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-8.3 | oraclelinux |
kernel-abi-whitelists
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 | ||
| Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-8.3 | oraclelinux |
bpftool
|
< 4.18.0-240.15.1.el8_3 | oraclelinux-8.3 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |