[ELSA-2021-9085] Unbreakable Enterprise kernel security update
[5.4.17-2036.104.4.el8uek]
- KVM: arm64: guest context in x18 instead of x29 (Mihai Carabas) [Orabug: 32545182]
[5.4.17-2036.104.3.el8uek]
- config: enable CONFIG_MLX5_MPFS (Brian Maly) [Orabug: 32249042]
- net: Fix bridge enslavement failure (Ido Schimmel) [Orabug: 32503298]
- inet: do not call sublist_rcv on empty list (Florian Westphal) [Orabug: 32512814]
- KVM: arm64: pmu: Dont mark a counter as chained if the odd one is disabled (Eric Auger) [Orabug: 32499188]
- random: wire /dev/random with a DRBG instance (Saeed Mirzamohammadi) [Orabug: 32522087]
- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) [Orabug: 32522087]
- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) [Orabug: 32522087]
- crypto: jitter - SP800-90B compliance (Stephan Muller) [Orabug: 32522087]
- crypto: jitter - add header to fix buildwarnings (Ben Dooks) [Orabug: 32522087]
- crypto: jitter - fix comments (Alexander E. Patrakov) [Orabug: 32522087]
- xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492109] {CVE-2021-26930}
- xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}
- xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}
- xen-blkback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}
- Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
- Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
- Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
- Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
[5.4.17-2036.104.2.el8uek]
- tcp: fix to update snd_wl1 in bulk receiver fast path (Neal Cardwell) [Orabug: 32498822]
- selinux: allow reading labels before policy is loaded (Jonathan Lebon) [Orabug: 32492277]
- selinux: allow labeling before policy is loaded (Jonathan Lebon) [Orabug: 32492277]
- KVM: SVM: Initialize prev_ga_tag before use (Suravee Suthikulpanit) [Orabug: 32478549]
- tools/power turbostat: Support additional CPU model numbers (Len Brown) [Orabug: 32422451]
- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) [Orabug: 32422451]
- x86/cpu: Add Sapphire Rapids CPU model number (Tony Luck) [Orabug: 32422451]
- tools/power turbostat: Support Tiger Lake (Chen Yu) [Orabug: 32422451]
- uek-rpm: config-aarch64: enable MEMORY HOTREMOVE (Mihai Carabas) [Orabug: 32353851]
- arm64/mm/hotplug: Ensure early memory sections are all online (Anshuman Khandual) [Orabug: 32353851]
- arm64/mm/hotplug: Enable MEM_OFFLINE event handling (Anshuman Khandual) [Orabug: 32353851]
- arm64/mm/hotplug: Register boot memory hot remove notifier earlier (Anshuman Khandual) [Orabug: 32353851]
- arm64/mm: Enable memory hot remove (Anshuman Khandual) [Orabug: 32353851]
- arm64/mm: Hold memory hotplug lock while walking for kernel page table dump (Anshuman Khandual) [Orabug: 32353851]
- KVM: arm64: Save/restore sp_el0 as part of __guest_enter (Marc Zyngier) [Orabug: 32171445]
- net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32492969]
- net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32492969]
[5.4.17-2036.104.1.el8uek]
- vhost scsi: alloc vhost_scsi with kvzalloc() to avoid delay (Dongli Zhang) [Orabug: 32471677]
- HID: hid-input: fix stylus battery reporting (Dmitry Torokhov) [Orabug: 32464784] {CVE-2020-0431}
- nbd: freeze the queue while were adding connections (Josef Bacik) [Orabug: 32447285] {CVE-2021-3348}
- futex: Handle faults correctly for PI futexes (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Simplify fixup_pi_state_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Dont enable IRQs unconditionally in put_pi_state() (Dan Carpenter) [Orabug: 32447187] {CVE-2021-3347}
- futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
- uek-rpm: Enable Oracle Pilot BMC module (Eric Snowberg) [Orabug: 32422662]
- hwmon: Add a new Oracle Pilot BMC driver (Eric Snowberg) [Orabug: 32422662]
- arm64: Reserve only 256M on RPi for crashkernel=auto (Vijay Kumar) [Orabug: 32301026]
[5.4.17-2036.104.0.el8uek]
- Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426610]
- thermal: intel_pch_thermal: Add PCI ids for Lewisburg PCH. (Andres Freund) [Orabug: 32424705]
- thermal: intel: intel_pch_thermal: Add Cannon Lake Low Power PCH support (Sumeet Pawnikar) [Orabug: 32424705]
- thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (Gayatri Kammela) [Orabug: 32424705]
- nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug: 32350989]
- ovl: check permission to open real file (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}
- ovl: verify permissions in ovl_path_open() (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}
- ovl: switch to mounter creds in XXXXXXX (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}
- ovl: pass correct flags for opening real directory (Miklos Szeredi) [Orabug: 32046372]
- A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381883]
- ID
- ELSA-2021-9085
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2021-9085.html
- Published
-
2021-03-11T00:00:00
(3 years ago) - Modified
-
2021-03-11T00:00:00
(3 years ago) - Rights
- Copyright 2021 Oracle, Inc.
- Other Advisories
-
-
ALAS-2021-1480
-
ALAS-2021-1487
-
ALAS2-2021-1600
-
ALAS2-2021-1616
-
ALSA-2021:1093
-
ALSA-2021:1578
-
ALSA-2021:4356
-
ASA-202102-23
-
ASB-A-171705902
-
DSA-4843-1
-
ELSA-2021-1093
-
ELSA-2021-1578
-
ELSA-2021-2314
-
ELSA-2021-4356
-
ELSA-2021-9051
-
ELSA-2021-9052
-
ELSA-2021-9053
-
ELSA-2021-9057
-
ELSA-2021-9058
-
ELSA-2021-9067
-
ELSA-2021-9068
-
ELSA-2021-9079
-
ELSA-2021-9084
-
ELSA-2021-9086
-
ELSA-2021-9087
-
ELSA-2021-9135
-
ELSA-2021-9136
-
ELSA-2021-9434
-
FEDORA-2021-6e805a5051
-
FEDORA-2021-7143aca8cb
-
FEDORA-2021-879c756377
-
FEDORA-2021-8d45d297c6
-
FREEBSD:5B8C6E1E-770F-11EB-B87A-901B0EF719AB
-
MS:CVE-2020-16120
-
MS:CVE-2021-26930
-
MS:CVE-2021-26931
-
MS:CVE-2021-26932
-
MS:CVE-2021-3347
-
MS:CVE-2021-3348
-
openSUSE-SU-2020:1586-1
-
openSUSE-SU-2020:1655-1
-
openSUSE-SU-2020:1906-1
-
openSUSE-SU-2020:2112-1
-
openSUSE-SU-2021:0241-1
-
openSUSE-SU-2021:0242-1
-
openSUSE-SU-2021:0393-1
-
RHSA-2021:1081
-
RHSA-2021:1093
-
RHSA-2021:1578
-
RHSA-2021:1739
-
RHSA-2021:2285
-
RHSA-2021:2314
-
RHSA-2021:2316
-
RHSA-2021:4140
-
RHSA-2021:4356
-
SUSE-SU-2020:2879-1
-
SUSE-SU-2020:2904-1
-
SUSE-SU-2020:2905-1
-
SUSE-SU-2020:2906-1
-
SUSE-SU-2020:2907-1
-
SUSE-SU-2020:2908-1
-
SUSE-SU-2020:2999-1
-
SUSE-SU-2020:3014-1
-
SUSE-SU-2020:3122-1
-
SUSE-SU-2020:3178-1
-
SUSE-SU-2020:3180-1
-
SUSE-SU-2020:3204-1
-
SUSE-SU-2020:3219-1
-
SUSE-SU-2020:3225-1
-
SUSE-SU-2020:3272-1
-
SUSE-SU-2020:3281-1
-
SUSE-SU-2020:3326-1
-
SUSE-SU-2020:3484-1
-
SUSE-SU-2020:3491-1
-
SUSE-SU-2020:3501-1
-
SUSE-SU-2020:3503-1
-
SUSE-SU-2020:3512-1
-
SUSE-SU-2020:3513-1
-
SUSE-SU-2020:3522-1
-
SUSE-SU-2020:3532-1
-
SUSE-SU-2020:3544-1
-
SUSE-SU-2021:0347-1
-
SUSE-SU-2021:0348-1
-
SUSE-SU-2021:0353-1
-
SUSE-SU-2021:0354-1
-
SUSE-SU-2021:0427-1
-
SUSE-SU-2021:0433-1
-
SUSE-SU-2021:0434-1
-
SUSE-SU-2021:0437-1
-
SUSE-SU-2021:0438-1
-
SUSE-SU-2021:0452-1
-
SUSE-SU-2021:0532-1
-
SUSE-SU-2021:0735-1
-
SUSE-SU-2021:0736-1
-
SUSE-SU-2021:0737-1
-
SUSE-SU-2021:0738-1
-
SUSE-SU-2021:0739-1
-
SUSE-SU-2021:0740-1
-
SUSE-SU-2021:0741-1
-
SUSE-SU-2021:0742-1
-
SUSE-SU-2021:0743-1
-
SUSE-SU-2021:0744-1
-
SUSE-SU-2021:0809-1
-
SUSE-SU-2021:0818-1
-
SUSE-SU-2021:0823-1
-
SUSE-SU-2021:0826-1
-
SUSE-SU-2021:0840-1
-
SUSE-SU-2021:0841-1
-
SUSE-SU-2021:0842-1
-
SUSE-SU-2021:0849-1
-
SUSE-SU-2021:0853-1
-
SUSE-SU-2021:0859-1
-
SUSE-SU-2021:0868-1
-
SUSE-SU-2021:0870-1
-
SUSE-SU-2021:1175-1
-
SUSE-SU-2021:1176-1
-
SUSE-SU-2021:1210-1
-
SUSE-SU-2021:1344-1
-
SUSE-SU-2021:1365-1
-
SUSE-SU-2021:1373-1
-
USN-4576-1
-
USN-4577-1
-
USN-4578-1
-
USN-4878-1
-
USN-4884-1
-
USN-4904-1
-
USN-4907-1
-
USN-4909-1
-
USN-4910-1
-
USN-4946-1
-
USN-4949-1
-
XSA-361
-
XSA-362
-
XSA-365
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2021-9085 |
|
|
| CVE | CVE-2021-26932 |
|
|
| CVE | CVE-2020-0431 |
|
|
| CVE | CVE-2020-16120 |
|
|
| CVE | CVE-2021-3347 |
|
|
| CVE | CVE-2021-3348 |
|
|
| CVE | CVE-2021-26930 |
|
|
| CVE | CVE-2021-26931 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux |
 python-perf
|
< 5.4.17-2036.104.4.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux |
perf
|
< 5.4.17-2036.104.4.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-8 | oraclelinux |
kernel-uek
|
< 5.4.17-2036.104.4.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux |
kernel-uek
|
< 5.4.17-2036.104.4.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux |
kernel-uek-tools
|
< 5.4.17-2036.104.4.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux |
kernel-uek-tools-libs
|
< 5.4.17-2036.104.4.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-8 | oraclelinux |
kernel-uek-doc
|
< 5.4.17-2036.104.4.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux |
kernel-uek-doc
|
< 5.4.17-2036.104.4.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-8 | oraclelinux |
kernel-uek-devel
|
< 5.4.17-2036.104.4.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-devel
|
< 5.4.17-2036.104.4.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-8 | oraclelinux |
kernel-uek-debug
|
< 5.4.17-2036.104.4.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug
|
< 5.4.17-2036.104.4.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-8 | oraclelinux |
kernel-uek-debug-devel
|
< 5.4.17-2036.104.4.el8uek | oraclelinux-8 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug-devel
|
< 5.4.17-2036.104.4.el7uek | oraclelinux-7 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |