[ELSA-2021-9006] Unbreakable Enterprise kernel security update

Severity Important

Affected Packages 14

CVEs 6

[5.4.17-2036.102.0.2uek]
- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}
- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}

[5.4.17-2036.102.0.1uek]
- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}

[5.4.17-2036.102.0uek]
- futex: Fix inode life-time issue (Peter Zijlstra) [Orabug: 32233515] {CVE-2020-14381}
- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233352] {CVE-2020-14351}
- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32218858]
- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210418]
- vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32167069]
- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32167069]
- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32167069]
- vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32167069]
- vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32167069]
- vhost: Create accessors for virtqueues private_data (Eugenio Perez) [Orabug: 32167069]
- vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32167069]
- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32167069]
- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32167069]
- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Get sas_device objects using device's rphy (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Update hba_port's sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32242279]
- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227958] {CVE-2020-25705}
- perf/x86/intel/uncore: Add box_offsets for free-running counters (Kan Liang) [Orabug: 32020885]
- perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box (Kan Liang) [Orabug: 32020885]
- perf/x86/intel/uncore: Add Ice Lake server uncore support (Kan Liang) [Orabug: 32020885]

Package	Affected Version
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7	< 5.4.17-2036.102.0.2.el7uek
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7	< 5.4.17-2036.102.0.2.el7uek
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-8	< 5.4.17-2036.102.0.2.el8uek
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7	< 5.4.17-2036.102.0.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7	< 5.4.17-2036.102.0.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7	< 5.4.17-2036.102.0.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-8	< 5.4.17-2036.102.0.2.el8uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7	< 5.4.17-2036.102.0.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-8	< 5.4.17-2036.102.0.2.el8uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7	< 5.4.17-2036.102.0.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-8	< 5.4.17-2036.102.0.2.el8uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7	< 5.4.17-2036.102.0.2.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-8	< 5.4.17-2036.102.0.2.el8uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7	< 5.4.17-2036.102.0.2.el7uek

ID

ELSA-2021-9006

Severity

important

URL

https://linux.oracle.com/errata/ELSA-2021-9006.html

Published

2021-01-12T00:00:00
(3 years ago)

Modified

2021-01-12T00:00:00
(3 years ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2021-9006	https://linux.oracle.com/errata/ELSA-2021-9006.html
CVE	CVE-2020-14351	https://linux.oracle.com/cve/CVE-2020-14351.html
CVE	CVE-2020-25705	https://linux.oracle.com/cve/CVE-2020-25705.html
CVE	CVE-2020-14381	https://linux.oracle.com/cve/CVE-2020-14381.html
CVE	CVE-2020-29568	https://linux.oracle.com/cve/CVE-2020-29568.html
CVE	CVE-2020-29569	https://linux.oracle.com/cve/CVE-2020-29569.html
CVE	CVE-2020-28374	https://linux.oracle.com/cve/CVE-2020-28374.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform
Affected	pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7	oraclelinux	python-perf	< 5.4.17-2036.102.0.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/perf?distro=oraclelinux-7	oraclelinux	perf	< 5.4.17-2036.102.0.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-8	oraclelinux	kernel-uek	< 5.4.17-2036.102.0.2.el8uek	oraclelinux-8
Affected	pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7	oraclelinux	kernel-uek	< 5.4.17-2036.102.0.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7	oraclelinux	kernel-uek-tools	< 5.4.17-2036.102.0.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7	oraclelinux	kernel-uek-tools-libs	< 5.4.17-2036.102.0.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-8	oraclelinux	kernel-uek-doc	< 5.4.17-2036.102.0.2.el8uek	oraclelinux-8
Affected	pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7	oraclelinux	kernel-uek-doc	< 5.4.17-2036.102.0.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-8	oraclelinux	kernel-uek-devel	< 5.4.17-2036.102.0.2.el8uek	oraclelinux-8
Affected	pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7	oraclelinux	kernel-uek-devel	< 5.4.17-2036.102.0.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-8	oraclelinux	kernel-uek-debug	< 5.4.17-2036.102.0.2.el8uek	oraclelinux-8
Affected	pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7	oraclelinux	kernel-uek-debug	< 5.4.17-2036.102.0.2.el7uek	oraclelinux-7
Affected	pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-8	oraclelinux	kernel-uek-debug-devel	< 5.4.17-2036.102.0.2.el8uek	oraclelinux-8
Affected	pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7	oraclelinux	kernel-uek-debug-devel	< 5.4.17-2036.102.0.2.el7uek	oraclelinux-7

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date