[ELSA-2021-9038] Unbreakable Enterprise kernel-container security update
[5.4.17-2036.103.3.el7]
- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug:
32426610]
[5.4.17-2036.103.2.el7]
- A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380824]
- netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372530] {CVE-2021-20177}
- net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372158]
- uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380061]
- A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350974]
- uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32346419]
- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}
[5.4.17-2036.103.1.el7]
- mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349203] {CVE-2020-36158}
- x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32234812]
- add license checking to kABI checker (Dan Duval) [Orabug: 32355206]
[5.4.17-2036.103.0.el7]
- lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337715]
- tools: update header files in the tools directory (Thomas Tai) [Orabug: 32321484]
- perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32321484]
- perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32321484]
- perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32321484]
- perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32321484]
- perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32321484]
- perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32321484]
- perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32321484]
- perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32321484]
- perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32321484]
- perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32321484]
- perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32321484]
- perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32321484]
- perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32321484]
- perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32321484]
- perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32321484]
- perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32321484]
- perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32321484]
- partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302136]
- Revert 'cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug' (Daniel Jordan) [Orabug: 32295229]
- cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295229]
- uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290034]
- driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290034]
- perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290034]
- perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290034]
- perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290034]
- perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290034]
- perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290034]
- arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 32290034]
- ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290034]
- iommu/arm-smmu-v3: Don't reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290034]
- Revert 'BACKPORT: perf: Add Arm CMN-600 DT binding' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'BACKPORT: WIP: perf/arm-cmn: Add ACPI support' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf: Add ARM DMC-620 PMU driver.' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'Perf: arm-cmn: Allow irq to be shared.' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf: arm_cmn: improve and make it work on 2P.' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf: arm_dsu: Allow IRQ to be shared among devices.' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf: arm_dsu: Support ACPI mode.' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf: arm_dmc620: Update ACPI ID.' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf: avoid breaking KABI by reusing enum' (Dave Kleikamp) [Orabug: 32290034]
- Revert 'perf/smmuv3: Allow sharing MMIO registers with the SMMU driver' (Dave Kleikamp) [Orabug: 32290034]
- tty: Fix ->session locking (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}
- tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}
- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}
- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251910]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-8 | < 5.4.17-2036.103.3.el8 |
pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 | < 5.4.17-2036.103.3.el7 |
pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-8 | < 5.4.17-2036.103.3.el8 |
pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-7 | < 5.4.17-2036.103.3.el7 |
- ID
- ELSA-2021-9038
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2021-9038.html
- Published
-
2021-02-08T00:00:00
(3 years ago) - Modified
-
2021-02-08T00:00:00
(3 years ago) - Rights
- Copyright 2021 Oracle, Inc.
- Other Advisories
-
- ALAS-2021-1477
- ALAS-2021-1480
- ALAS2-2021-1588
- ALAS2-2021-1600
- ALPINE:CVE-2020-29568
- ALPINE:CVE-2020-29569
- ALSA-2021:1093
- ALSA-2021:4356
- ASA-202101-30
- ASA-202101-31
- ASA-202101-32
- ASA-202101-33
- ASB-A-175451844
- DSA-4843-1
- ELSA-2021-0856
- ELSA-2021-1093
- ELSA-2021-4356
- ELSA-2021-9005
- ELSA-2021-9006
- ELSA-2021-9007
- ELSA-2021-9008
- ELSA-2021-9009
- ELSA-2021-9023
- ELSA-2021-9024
- ELSA-2021-9025
- ELSA-2021-9030
- ELSA-2021-9035
- ELSA-2021-9037
- ELSA-2021-9039
- ELSA-2021-9040
- ELSA-2021-9041
- ELSA-2021-9043
- ELSA-2021-9306
- ELSA-2021-9307
- FEDORA-2020-b732958765
- FEDORA-2020-bc0cc81a7a
- FEDORA-2021-082e638d02
- FEDORA-2021-3465ada1ca
- FEDORA-2021-4a91649cf3
- FEDORA-2021-620fb40359
- FREEBSD:5D91370B-61FD-11EB-B87A-901B0EF719AB
- GLSA-202107-30
- MS:CVE-2020-28374
- MS:CVE-2020-29569
- MS:CVE-2020-29660
- MS:CVE-2020-36158
- openSUSE-SU-2021:0060-1
- openSUSE-SU-2021:0075-1
- openSUSE-SU-2021:0241-1
- openSUSE-SU-2021:0242-1
- RHSA-2021:0856
- RHSA-2021:0857
- RHSA-2021:0862
- RHSA-2021:1081
- RHSA-2021:1093
- RHSA-2021:4140
- RHSA-2021:4356
- SUSE-SU-2021:0094-1
- SUSE-SU-2021:0095-1
- SUSE-SU-2021:0096-1
- SUSE-SU-2021:0097-1
- SUSE-SU-2021:0098-1
- SUSE-SU-2021:0108-1
- SUSE-SU-2021:0117-1
- SUSE-SU-2021:0118-1
- SUSE-SU-2021:0133-1
- SUSE-SU-2021:0347-1
- SUSE-SU-2021:0348-1
- SUSE-SU-2021:0353-1
- SUSE-SU-2021:0354-1
- SUSE-SU-2021:0359-1
- SUSE-SU-2021:0362-1
- SUSE-SU-2021:0367-1
- SUSE-SU-2021:0377-1
- SUSE-SU-2021:0386-1
- SUSE-SU-2021:0408-1
- SUSE-SU-2021:0427-1
- SUSE-SU-2021:0433-1
- SUSE-SU-2021:0434-1
- SUSE-SU-2021:0437-1
- SUSE-SU-2021:0438-1
- SUSE-SU-2021:0452-1
- SUSE-SU-2021:0532-1
- SUSE-SU-2021:0743-1
- SUSE-SU-2021:0744-1
- SUSE-SU-2021:0818-1
- SUSE-SU-2021:0823-1
- SUSE-SU-2021:0826-1
- SUSE-SU-2021:0835-1
- SUSE-SU-2021:0841-1
- SUSE-SU-2021:0842-1
- SUSE-SU-2021:0849-1
- SUSE-SU-2021:0853-1
- SUSE-SU-2021:0859-1
- SUSE-SU-2021:0868-1
- SUSE-SU-2021:0870-1
- USN-4694-1
- USN-4709-1
- USN-4711-1
- USN-4713-1
- USN-4713-2
- USN-4748-1
- USN-4749-1
- USN-4750-1
- USN-4751-1
- USN-4752-1
- USN-4753-1
- USN-4876-1
- USN-4877-1
- USN-4878-1
- USN-4879-1
- USN-4901-1
- USN-4912-1
- USN-5130-1
- XSA-349
- XSA-350
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2021-9038 | https://linux.oracle.com/errata/ELSA-2021-9038.html | |
CVE | CVE-2020-29568 | https://linux.oracle.com/cve/CVE-2020-29568.html | |
CVE | CVE-2020-29569 | https://linux.oracle.com/cve/CVE-2020-29569.html | |
CVE | CVE-2020-28374 | https://linux.oracle.com/cve/CVE-2020-28374.html | |
CVE | CVE-2020-29660 | https://linux.oracle.com/cve/CVE-2020-29660.html | |
CVE | CVE-2020-36158 | https://linux.oracle.com/cve/CVE-2020-36158.html | |
CVE | CVE-2021-20177 | https://linux.oracle.com/cve/CVE-2021-20177.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-8 | oraclelinux | kernel-uek-container | < 5.4.17-2036.103.3.el8 | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 | oraclelinux | kernel-uek-container | < 5.4.17-2036.103.3.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-8 | oraclelinux | kernel-uek-container-debug | < 5.4.17-2036.103.3.el8 | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-container-debug | < 5.4.17-2036.103.3.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |