[ELSA-2021-0856] kernel security and bug fix update
[3.10.0-1160.21.1.OL7]
- Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.3
[3.10.0-1160.21.1]
- [pinctrl] devicetree: Avoid taking direct reference to device name string (Aristeu Rozanski) [1922902] {CVE-2020-0427}
- [pinctrl] Delete an error message (Aristeu Rozanski) [1922902] {CVE-2020-0427}
- [tty] vt: keyboard, reorder user buffer handling in vt_do_kdgkb_ioctl (Aristeu Rozanski) [1896775] {CVE-2020-25656}
- [tty] vt: keyboard, rename i to kb_func in vt_do_kdgkb_ioctl (Aristeu Rozanski) [1896775] {CVE-2020-25656}
- [tty] vt: keyboard, extend func_buf_lock to readers (Aristeu Rozanski) [1896775] {CVE-2020-25656}
- [tty] vt: keyboard, simplify vt_kdgkbsent (Aristeu Rozanski) [1896775] {CVE-2020-25656}
- [tty] keyboard, do not speculate on func_table index (Aristeu Rozanski) [1896775] {CVE-2020-25656}
- [tty] vt: fix write/write race in ioctl(KDSKBSENT) handler (Aristeu Rozanski) [1896775] {CVE-2020-25656}
- [iommu] amd: return error on real irq alloc failure (Jerry Snitselaar) [1918273]
- [iommu] amd: Set DTE[IntTabLen] to represent 512 IRTEs (Jerry Snitselaar) [1921187]
- [iommu] amd: Increase interrupt remapping table limit to 512 entries (Jerry Snitselaar) [1921187]
- [scsi] lpfc: Fix LUN loss after cable pull (Dick Kennedy) [1875961]
- [scsi] lpfc: Fix NVMe rport deregister and registration during ADISC (Dick Kennedy) [1875961]
- [scsi] lpfc: Fix ADISC reception terminating login state if a NVME target (Dick Kennedy) [1875961]
- [netdrv] i40e: revert 'i40e: don't report link up for a VF who hasn't enabled queues' (Stefan Assmann) [1901064]
[3.10.0-1160.20.1]
- [md] Set prev_flush_start and flush_bio in an atomic way (Xiao Ni) [1889372]
- [md] improve variable names in md_flush_request() (Xiao Ni) [1889372]
- [kernel] timer: Fix potential bug in requeue_timers() (Waiman Long) [1914011]
- [x86] kvm: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits (Vitaly Kuznetsov) [1890669]
- [x86] kvm: avoid incorrect writes to host MSR_IA32_SPEC_CTRL (Vitaly Kuznetsov) [1890669]
- [md] dm-mirror: fix a crash if the underlying block device doesn't have merge_bvec_fn (Mikulas Patocka) [1916407]
- [gpu] drm/i915: Fix use-after-free when destroying GEM context (Dave Airlie) [1814731] {CVE-2020-7053}
[3.10.0-1160.19.1]
- [kernel] watchdog: use nmi registers snapshot in hardlockup handler (Prarit Bhargava) [1916589]
- [nvme] nvmet: allow Keep Alive for Discovery controller (Gopal Tiwari) [1910817]
- [net] netfilter: ctnetlink: add a range check for l3/l4 protonum (Florian Westphal) [1888296] {CVE-2020-25211}
- [net] icmp: randomize the global rate limiter (Antoine Tenart) [1896515] {CVE-2020-25705}
[3.10.0-1160.18.1]
- [fs] nfs: Fix security label length not being reset (Dave Wysochanski) [1917504]
- [target] scsi: Fix XCOPY NAA identifier lookup (Maurizio Lombardi) [1900469] {CVE-2020-28374}
- [ipc] sem.c: fully initialize sem_array before making it visible (Vladis Dronov) [1877264]
- [netdrv] geneve: add transport ports in route lookup for geneve (Sabrina Dubroca) [1885144] {CVE-2020-25645}
- [kernel] perf/core: Fix race in the perf_mmap_close() function (Michael Petlan) [1869936] {CVE-2020-14351}
[3.10.0-1160.17.1]
- [x86] kvm: svm: Initialize prev_ga_tag before use ('Dr. David Alan Gilbert') [1909036]
- [scsi] scsi_dh: fix scheduling while atomic and also missing unlock in error path (Mike Snitzer) [1619147]
- [video] hyperv_fb: Fix the cache type when mapping the VRAM (Mohammed Gamal) [1908896]
- [video] hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (Mohammed Gamal) [1908896]
- [scsi] target: iscsi: Fix cmd abort fabric stop race (Maurizio Lombardi) [1784540]
- [scsi] target/iscsi: Avoid iscsit_release_commands_from_conn() deadlock (Maurizio Lombardi) [1784540]
- [s390] kernel/uv: handle length extension properly (Claudio Imbrenda) [1899172]
[3.10.0-1160.16.1]
- [tty] Fix ->pgrp locking in tiocspgrp() (Chris von Recklinghausen) [1908193] {CVE-2020-29661}
- [net] fix struct pid memory leak (Jay Shin) [1901797]
- [hid] Fix assumption that devices have inputs (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
- [hid] microsoft: the driver now neeed MEMLESS_FF infrastructure (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
- [hid] microsoft: Add rumble support for Xbox One S controller (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
- [hid] microsoft: Convert private data to be a proper struct (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
- [hid] revert 'hid: microsoft: fix invalid rdesc for 3k kbd' (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
- [hid] input: ignore System Control application usages if not System Controls (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
- [hid] hid-microsoft: Do the check for the ms usage page per device (Chris von Recklinghausen) [1821870] {CVE-2019-19532}
- [net] net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc (Antoine Tenart) [1903819]
- [net] net-sysfs: take the rtnl lock when storing xps_cpus (Antoine Tenart) [1903819]
- ID
- ELSA-2021-0856
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2021-0856.html
- Published
-
2021-03-17T00:00:00
(3 years ago) - Modified
-
2021-03-17T00:00:00
(3 years ago) - Rights
- Copyright 2021 Oracle, Inc.
- Other Advisories
-
- ALAS-2020-1437
- ALAS-2020-1446
- ALAS-2021-1461
- ALAS-2021-1477
- ALAS-2021-1480
- ALAS2-2020-1495
- ALAS2-2020-1520
- ALAS2-2020-1556
- ALAS2-2020-1566
- ALAS2-2021-1588
- ALAS2-2021-1600
- ALSA-2021:0558
- ALSA-2021:1093
- ALSA-2021:4356
- ALSA-2024:3138
- ASA-202101-30
- ASA-202101-31
- ASA-202101-32
- ASA-202101-33
- ASB-A-174737972
- ASB-A-175451802
- DSA-4774-1
- DSA-4843-1
- ELSA-2020-5569
- ELSA-2020-5670
- ELSA-2020-5671
- ELSA-2020-5676
- ELSA-2020-5709
- ELSA-2020-5912
- ELSA-2020-5913
- ELSA-2020-5995
- ELSA-2020-5996
- ELSA-2021-0003
- ELSA-2021-0558
- ELSA-2021-1093
- ELSA-2021-4356
- ELSA-2021-9002
- ELSA-2021-9005
- ELSA-2021-9006
- ELSA-2021-9007
- ELSA-2021-9008
- ELSA-2021-9009
- ELSA-2021-9023
- ELSA-2021-9024
- ELSA-2021-9025
- ELSA-2021-9035
- ELSA-2021-9037
- ELSA-2021-9038
- ELSA-2021-9039
- ELSA-2021-9212
- ELSA-2021-9306
- ELSA-2021-9307
- ELSA-2024-3138
- FEDORA-2020-3c6fedeb83
- FEDORA-2020-5920a7a0b2
- FEDORA-2020-98ccae320c
- FEDORA-2020-b732958765
- FEDORA-2020-bc0cc81a7a
- FEDORA-2020-e211716d08
- FEDORA-2021-082e638d02
- FEDORA-2021-4a91649cf3
- FEDORA-2021-620fb40359
- MS:CVE-2020-14351
- MS:CVE-2020-25211
- MS:CVE-2020-25645
- MS:CVE-2020-25656
- MS:CVE-2020-25705
- MS:CVE-2020-28374
- MS:CVE-2020-29661
- openSUSE-SU-2020:0336-1
- openSUSE-SU-2020:1586-1
- openSUSE-SU-2020:1655-1
- openSUSE-SU-2020:1682-1
- openSUSE-SU-2020:1698-1
- openSUSE-SU-2020:1906-1
- openSUSE-SU-2020:2034-1
- openSUSE-SU-2020:2112-1
- openSUSE-SU-2020:2161-1
- openSUSE-SU-2021:0060-1
- openSUSE-SU-2021:0075-1
- openSUSE-SU-2021:0241-1
- openSUSE-SU-2021:0242-1
- RHSA-2020:1567
- RHSA-2020:1769
- RHSA-2021:0003
- RHSA-2021:0004
- RHSA-2021:0537
- RHSA-2021:0558
- RHSA-2021:0856
- RHSA-2021:0857
- RHSA-2021:0862
- RHSA-2021:1081
- RHSA-2021:1093
- RHSA-2021:4140
- RHSA-2021:4356
- RHSA-2024:2950
- RHSA-2024:3138
- RLSA-2024:3138
- SSA:2020-295-01
- SUSE-SU-2019:3316-1
- SUSE-SU-2019:3379-1
- SUSE-SU-2019:3381-1
- SUSE-SU-2019:3389-1
- SUSE-SU-2020:0093-1
- SUSE-SU-2020:0511-1
- SUSE-SU-2020:0558-1
- SUSE-SU-2020:0559-1
- SUSE-SU-2020:0560-1
- SUSE-SU-2020:0580-1
- SUSE-SU-2020:0584-1
- SUSE-SU-2020:0599-1
- SUSE-SU-2020:0605-1
- SUSE-SU-2020:0613-1
- SUSE-SU-2020:1255-1
- SUSE-SU-2020:1663-1
- SUSE-SU-2020:2879-1
- SUSE-SU-2020:2904-1
- SUSE-SU-2020:2905-1
- SUSE-SU-2020:2906-1
- SUSE-SU-2020:2907-1
- SUSE-SU-2020:2908-1
- SUSE-SU-2020:2972-1
- SUSE-SU-2020:2980-1
- SUSE-SU-2020:2981-1
- SUSE-SU-2020:2999-1
- SUSE-SU-2020:3014-1
- SUSE-SU-2020:3122-1
- SUSE-SU-2020:3230-1
- SUSE-SU-2020:3272-1
- SUSE-SU-2020:3273-1
- SUSE-SU-2020:3281-1
- SUSE-SU-2020:3326-1
- SUSE-SU-2020:3389-1
- SUSE-SU-2020:3400-1
- SUSE-SU-2020:3402-1
- SUSE-SU-2020:3433-1
- SUSE-SU-2020:3441-1
- SUSE-SU-2020:3449-1
- SUSE-SU-2020:3484-1
- SUSE-SU-2020:3491-1
- SUSE-SU-2020:3501-1
- SUSE-SU-2020:3503-1
- SUSE-SU-2020:3507-1
- SUSE-SU-2020:3512-1
- SUSE-SU-2020:3513-1
- SUSE-SU-2020:3522-1
- SUSE-SU-2020:3532-1
- SUSE-SU-2020:3544-1
- SUSE-SU-2020:3648-1
- SUSE-SU-2020:3651-1
- SUSE-SU-2020:3656-1
- SUSE-SU-2020:3670-1
- SUSE-SU-2020:3690-1
- SUSE-SU-2020:3717-1
- SUSE-SU-2020:3764-1
- SUSE-SU-2021:0094-1
- SUSE-SU-2021:0095-1
- SUSE-SU-2021:0096-1
- SUSE-SU-2021:0097-1
- SUSE-SU-2021:0098-1
- SUSE-SU-2021:0108-1
- SUSE-SU-2021:0117-1
- SUSE-SU-2021:0118-1
- SUSE-SU-2021:0133-1
- SUSE-SU-2021:0347-1
- SUSE-SU-2021:0348-1
- SUSE-SU-2021:0353-1
- SUSE-SU-2021:0354-1
- SUSE-SU-2021:0362-1
- SUSE-SU-2021:0367-1
- SUSE-SU-2021:0377-1
- SUSE-SU-2021:0408-1
- SUSE-SU-2021:0427-1
- SUSE-SU-2021:0433-1
- SUSE-SU-2021:0434-1
- SUSE-SU-2021:0437-1
- SUSE-SU-2021:0438-1
- SUSE-SU-2021:0452-1
- SUSE-SU-2021:0743-1
- SUSE-SU-2021:0744-1
- SUSE-SU-2021:0818-1
- SUSE-SU-2021:0823-1
- SUSE-SU-2021:0826-1
- SUSE-SU-2021:0835-1
- SUSE-SU-2021:0841-1
- SUSE-SU-2021:0842-1
- SUSE-SU-2021:0849-1
- SUSE-SU-2021:0853-1
- SUSE-SU-2021:0859-1
- SUSE-SU-2021:0868-1
- SUSE-SU-2021:0870-1
- SUSE-SU-2021:1074-1
- SUSE-SU-2021:1148-1
- SUSE-SU-2021:3929-1
- SUSE-SU-2021:3935-1
- USN-4226-1
- USN-4255-1
- USN-4255-2
- USN-4285-1
- USN-4287-1
- USN-4287-2
- USN-4657-1
- USN-4658-1
- USN-4659-1
- USN-4660-1
- USN-4679-1
- USN-4680-1
- USN-4681-1
- USN-4694-1
- USN-4709-1
- USN-4711-1
- USN-4713-1
- USN-4713-2
- USN-4748-1
- USN-4749-1
- USN-4750-1
- USN-4751-1
- USN-4752-1
- USN-4753-1
- USN-4901-1
- USN-4912-1
- USN-5130-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2021-0856 | https://linux.oracle.com/errata/ELSA-2021-0856.html | |
CVE | CVE-2020-7053 | https://linux.oracle.com/cve/CVE-2020-7053.html | |
CVE | CVE-2019-19532 | https://linux.oracle.com/cve/CVE-2019-19532.html | |
CVE | CVE-2020-25211 | https://linux.oracle.com/cve/CVE-2020-25211.html | |
CVE | CVE-2020-25645 | https://linux.oracle.com/cve/CVE-2020-25645.html | |
CVE | CVE-2020-25656 | https://linux.oracle.com/cve/CVE-2020-25656.html | |
CVE | CVE-2020-29661 | https://linux.oracle.com/cve/CVE-2020-29661.html | |
CVE | CVE-2020-0427 | https://linux.oracle.com/cve/CVE-2020-0427.html | |
CVE | CVE-2021-20265 | https://linux.oracle.com/cve/CVE-2021-20265.html | |
CVE | CVE-2020-14351 | https://linux.oracle.com/cve/CVE-2020-14351.html | |
CVE | CVE-2020-25705 | https://linux.oracle.com/cve/CVE-2020-25705.html | |
CVE | CVE-2020-28374 | https://linux.oracle.com/cve/CVE-2020-28374.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 3.10.0-1160.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 3.10.0-1160.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | oraclelinux | kernel | < 3.10.0-1160.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | oraclelinux | kernel-tools | < 3.10.0-1160.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs | < 3.10.0-1160.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-tools-libs-devel | < 3.10.0-1160.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | oraclelinux | kernel-headers | < 3.10.0-1160.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | oraclelinux | kernel-doc | < 3.10.0-1160.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | oraclelinux | kernel-devel | < 3.10.0-1160.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | oraclelinux | kernel-debug | < 3.10.0-1160.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-debug-devel | < 3.10.0-1160.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | oraclelinux | kernel-abi-whitelists | < 3.10.0-1160.21.1.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-7 | oraclelinux | bpftool | < 3.10.0-1160.21.1.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |