[ELSA-2021-4056] kernel security, bug fix, and enhancement update
[4.18.0-305.25.1_4.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5
[4.18.0-305.25.1_4]
- scsi: ibmvfc: Reinit target retries (Steve Best) [1993892 1965010]
- scsi: ibmvfc: Avoid move login if fast fail is enabled (Steve Best) [1993892 1965010]
- scsi: ibmvfc: Handle move login failure (Steve Best) [1993892 1965010]
- scsi: ibmvfc: Fix invalid state machine BUG_ON() (Steve Best) [1993892 1965010]
- tpm, tpm_tis: Reserve locality in tpm_tis_resume() (Jerry Snitselaar) [1998219 1920812]
- tpm, tpm_tis: Extend locality handling to TPM2 in tpm_tis_gen_interrupt() (Jerry Snitselaar) [1998219 1920812]
- tpm, tpm_tis: Decorate tpm_tis_gen_interrupt() with request_locality() (Jerry Snitselaar) [1998219 1920812]
- tpm, tpm_tis: Decorate tpm_get_timeouts() with request_locality() (Jerry Snitselaar) [1998219 1920812]
- tpm_tis: Clean up locality release (Jerry Snitselaar) [1998219 1920812]
- tpm_tis: Fix check_locality for correct locality acquisition (Jerry Snitselaar) [1998219 1920812]
- kthread: Fix PF_KTHREAD vs to_kthread() race (Waiman Long) [2010331 2001497]
- sched/fair: Ignore percpu threads for imbalance pulls (Waiman Long) [2010331 2001497]
- kthread: Extract KTHREAD_IS_PER_CPU (Waiman Long) [2010331 2001497]
- sched: Optimize finish_lock_switch() (Waiman Long) [2010331 2001497]
- sched/hotplug: Ensure only per-cpu kthreads run during hotplug (Waiman Long) [2010331 2001497]
- sched: Fix balance_callback() (Waiman Long) [2010331 2001497]
- net/sched: store the last executed chain also for clsact egress (Davide Caratti) [1992230 1980537]
[4.18.0-305.24.1_4]
- lockd: Fix invalid lockowner cast after vfs_test_lock (Benjamin Coddington) [2010820 1986138]
- e1000e: Do not take care about recovery NVM checksum (Ken Cox) [2002335 1984558]
- xfs: sync lazy sb accounting on quiesce of read-only mounts (Bill O'Donnell) [2011919 1917220]
- xfs: remove the unused return value from xfs_log_unmount_write (Bill O'Donnell) [2011919 1917220]
- powerpc: use stop_machine for partition migration (Frantisek Hrbata) [1993952 1979798]
[4.18.0-305.23.1_4]
- CI: handle RT branches in a single config (Veronika Kabatova)
- CI: Drop private CI config (Veronika Kabatova)
- CI: extend template use (Veronika Kabatova)
- xfs: drop unnecessary setfilesize helper (Brian Foster) [2007413 1942348]
- xfs: drop unused ioend private merge and setfilesize code (Brian Foster) [2007413 1942348]
- xfs: open code ioend needs workqueue helper (Brian Foster) [2007413 1942348]
- xfs: drop submit side trans alloc for append ioends (Brian Foster) [2007413 1942348]
[4.18.0-305.22.1_4]
- [s390] s390/ap: Fix hanging ioctl caused by wrong msg counter (Claudio Imbrenda) [2002635 1984762]
- cpuidle: pseries: Do not cap the CEDE0 latency in fixup_cede0_latency() (Diego Domingos) [1997431 1952809]
- cpuidle: pseries: Fixup CEDE0 latency only for POWER10 onwards (Diego Domingos) [1997431 1952809]
- EDAC/amd64: Fix PCI component registration (Aristeu Rozanski) [1982182 1918583]
- EDAC/mce_amd: Use struct cpuinfo_x86.cpu_die_id for AMD NodeId (Aristeu Rozanski) [1982182 1918583]
- x86/CPU/AMD: Remove amd_get_nb_id() (Aristeu Rozanski) [1982182 1918583]
- EDAC/mce_amd: Make fam_ops static global (Aristeu Rozanski) [1982182 1918583]
- x86/MCE/AMD: Allow Reserved types to be overwritten in smca_banks [1982182 1918583]
- x86/MCE/AMD: Do not use rdmsr_safe_on_cpu() in smca_configure() (Aristeu Rozanski) [1982182 1918583]
- EDAC/amd64: Get rid of the ECC disabled long message (Aristeu Rozanski) [1982182 1918583]
- EDAC/amd64: Check for memory before fully initializing an instance (Aristeu Rozanski) [1982182 1918583]
- EDAC/amd64: Use cached data when checking for ECC (Aristeu Rozanski) [1982182 1918583]
- x86/MCE: Make the number of MCA banks a per-CPU variable (Aristeu Rozanski) [1982182 1918583]
- x86/MCE/AMD: Don't cache block addresses on SMCA systems (Aristeu Rozanski) [1982182 1918583]
- x86/MCE: Make mce_banks a per-CPU array (Aristeu Rozanski) [1982182 1918583]
- x86/MCE: Make struct mce_banks[] static (Aristeu Rozanski) [1982182 1918583]
- x86/MCE/AMD: Don't report L1 BTB MCA errors on some family 17h models (Aristeu Rozanski) [1982182 1918583]
- EDAC/mce_amd: Decode MCA_STATUS in bit definition order (Aristeu Rozanski) [1982182 1918583]
- EDAC/mce_amd: Decode MCA_STATUS[Scrub] bit (Aristeu Rozanski) [1982182 1918583]
- EDAC, mce_amd: Match error descriptions to latest documentation (Aristeu Rozanski) [1982182 1918583]
- x86/MCE/AMD: Carve out the MC4_MISC thresholding quirk (Aristeu Rozanski) [1982182 1918583]
- x86/MCE/AMD: Turn off MC4_MISC thresholding on all family 0x15 models (Aristeu Rozanski) [1982182 1918583]
- net: Fix skb->csum update in inet_proto_csum_replace16(). (Balazs Nemeth) [2005980 1975193]
- RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy (Kamal Heib) [1982040 1931846] {CVE-2020-36385}
- RDMA/ucma: Fix locking for ctx->events_reported (Kamal Heib) [1982040 1931846] {CVE-2020-36385}
- RDMA/ucma: Fix the locking of ctx->file (Kamal Heib) [1982040 1931846] {CVE-2020-36385}
- RDMA/cma: Add missing locking to rdma_accept() (Kamal Heib) [1982040 1931846] {CVE-2020-36385}
[4.18.0-305.21.1_4]
- HID: make arrays usage and value to be the same (Benjamin Tissoires) [1974941 1974942] {CVE-2021-0512}
- y2038: remove CONFIG_64BIT_TIME (Waiman Long) [2003569 1965360]
[4.18.0-305.20.1_4]
- net/mlx5: E-Switch, Allow setting GUID for host PF vport (Alaa Hleihel) [1986837 1967488]
- net/mlx5: E-Switch, Read PF mac address (Alaa Hleihel) [1986837 1967488]
- ice: fix Tx queue iteration for Tx timestamp enablement (Ken Cox) [2000128 1999743]
- ice: restart periodic outputs around time changes (Ken Cox) [1997572 1992750]
- ice: Fix perout start time rounding (Ken Cox) [1997572 1992750]
- ice: add support for auxiliary input/output pins (Jonathan Toppins) [1998221 1956913]
- ice: enable transmit timestamps for E810 devices (Jonathan Toppins) [1998220 1944818]
- ice: enable receive hardware timestamping (Jonathan Toppins) [1998220 1944818]
- ice: report the PTP clock index in ethtool .get_ts_info (Jonathan Toppins) [1998220 1944818]
- ice: register 1588 PTP clock device object for E810 devices (Jonathan Toppins) [1998220 1944818]
- ice: add low level PTP clock access functions (Jonathan Toppins) [1998220 1944818]
- ice: add support for set/get of driver-stored firmware parameters (Jonathan Toppins) [1998220 1944818]
- ice: process 1588 PTP capabilities during initialization (Jonathan Toppins) [1998220 1944818]
- ice: add support for sideband messages (Jonathan Toppins) [1998220 1944818]
- ice: Prevent probing virtual functions (Ken Cox) [1997539 1952810]
- vfio/pci/nvlink2: Do not attempt NPU2 setup on POWER8NVL NPU (Gustavo Walbon) [2000602 1891589]
- powerpc/powernv/npu: Do not attempt NPU2 setup on POWER8NVL NPU (Gustavo Walbon) [2000602 1891589]
- ID
- ELSA-2021-4056
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2021-4056.html
- Published
-
2021-11-03T00:00:00
(2 years ago) - Modified
-
2021-11-03T00:00:00
(2 years ago) - Rights
- Copyright 2021 Oracle, Inc.
- Other Advisories
-
- ALAS2-2021-1704
- ALSA-2021:4056
- ASB-A-173843328
- DSA-4978-1
- ELSA-2021-3801
- ELSA-2021-4777
- ELSA-2021-9419
- ELSA-2021-9420
- ELSA-2021-9421
- ELSA-2021-9422
- ELSA-2021-9450
- ELSA-2021-9451
- ELSA-2021-9452
- ELSA-2021-9453
- ELSA-2021-9459
- ELSA-2021-9564
- ELSA-2021-9565
- ELSA-2022-9244
- ELSA-2022-9245
- ELSA-2022-9793
- FEDORA-2021-33819e6b09
- FEDORA-2021-a424256622
- MS:CVE-2021-3656
- openSUSE-SU-2021:1271-1
- openSUSE-SU-2021:2184-1
- openSUSE-SU-2021:2202-1
- openSUSE-SU-2021:2305-1
- openSUSE-SU-2021:2352-1
- openSUSE-SU-2021:2427-1
- openSUSE-SU-2021:3179-1
- openSUSE-SU-2021:3205-1
- openSUSE-SU-2021:3876-1
- RHSA-2021:3801
- RHSA-2021:3802
- RHSA-2021:4056
- RHSA-2021:4088
- RHSA-2021:4122
- RHSA-2021:4777
- RHSA-2021:4779
- RHSA-2021:4798
- RLSA-2021:4088
- SUSE-SU-2021:2184-1
- SUSE-SU-2021:2202-1
- SUSE-SU-2021:2303-1
- SUSE-SU-2021:2305-1
- SUSE-SU-2021:2321-1
- SUSE-SU-2021:2324-1
- SUSE-SU-2021:2325-1
- SUSE-SU-2021:2332-1
- SUSE-SU-2021:2344-1
- SUSE-SU-2021:2349-1
- SUSE-SU-2021:2352-1
- SUSE-SU-2021:2361-1
- SUSE-SU-2021:2367-1
- SUSE-SU-2021:2368-1
- SUSE-SU-2021:2372-1
- SUSE-SU-2021:2377-1
- SUSE-SU-2021:2387-1
- SUSE-SU-2021:2406-1
- SUSE-SU-2021:2407-1
- SUSE-SU-2021:2416-1
- SUSE-SU-2021:2421-1
- SUSE-SU-2021:2422-1
- SUSE-SU-2021:2426-1
- SUSE-SU-2021:2427-1
- SUSE-SU-2021:2433-1
- SUSE-SU-2021:2451-1
- SUSE-SU-2021:2453-1
- SUSE-SU-2021:2538-1
- SUSE-SU-2021:2542-1
- SUSE-SU-2021:2560-1
- SUSE-SU-2021:2577-1
- SUSE-SU-2021:2584-1
- SUSE-SU-2021:2643-1
- SUSE-SU-2021:3073-1
- SUSE-SU-2021:3177-1
- SUSE-SU-2021:3178-1
- SUSE-SU-2021:3179-1
- SUSE-SU-2021:3192-1
- SUSE-SU-2021:3205-1
- SUSE-SU-2021:3205-2
- SUSE-SU-2021:3206-1
- SUSE-SU-2021:3207-1
- SUSE-SU-2021:3217-1
- SUSE-SU-2021:3415-1
- SUSE-SU-2021:3876-1
- SUSE-SU-2021:3969-1
- SUSE-SU-2021:3972-1
- USN-5070-1
- USN-5071-1
- USN-5071-2
- USN-5072-1
- USN-5073-1
- USN-5073-2
- USN-5082-1
- USN-5136-1
- USN-5137-1
- USN-5137-2
- USN-5343-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2021-4056 | https://linux.oracle.com/errata/ELSA-2021-4056.html | |
CVE | CVE-2021-0512 | https://linux.oracle.com/cve/CVE-2021-0512.html | |
CVE | CVE-2020-36385 | https://linux.oracle.com/cve/CVE-2020-36385.html | |
CVE | CVE-2021-3656 | https://linux.oracle.com/cve/CVE-2021-3656.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-8.4 | oraclelinux | python3-perf | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-8.4 | oraclelinux | perf | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-8.4 | oraclelinux | kernel | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-8.4 | oraclelinux | kernel-tools | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-8.4 | oraclelinux | kernel-tools-libs | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-8.4 | oraclelinux | kernel-tools-libs-devel | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-8.4 | oraclelinux | kernel-modules | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-8.4 | oraclelinux | kernel-modules-extra | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-8.4 | oraclelinux | kernel-headers | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-8.4 | oraclelinux | kernel-doc | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-8.4 | oraclelinux | kernel-devel | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-8.4 | oraclelinux | kernel-debug | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-8.4 | oraclelinux | kernel-debug-modules | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-8.4 | oraclelinux | kernel-debug-modules-extra | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-8.4 | oraclelinux | kernel-debug-devel | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-8.4 | oraclelinux | kernel-debug-core | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-8.4 | oraclelinux | kernel-cross-headers | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-8.4 | oraclelinux | kernel-core | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-8.4 | oraclelinux | kernel-abi-stablelists | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 | ||
Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-8.4 | oraclelinux | bpftool | < 4.18.0-305.25.1.el8_4 | oraclelinux-8.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |