[ELSA-2021-9141] Unbreakable Enterprise kernel-container security update
[5.4.17-2102.200.13.el7]
- bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}
- bpf: Add sanity check for upper ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}
- bpf: Simplify alu_limit masking for pointer arithmetic (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}
- bpf: Fix off-by-one for area size in creating mask to left (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}
- bpf: Prohibit alu ops for pointer types not defining ptr_limit (Piotr Krysiuk) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}
- selftests/bpf: Test access to bpf map pointer (Andrey Ignatov) [Orabug: 32656761] {CVE-2020-27170} {CVE-2020-27171}
- bpf: Fix truncation handling for mod32 dst reg wrt zero (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}
- bpf: Fix 32 bit src register truncation on div/mod (Daniel Borkmann) [Orabug: 32673813] {CVE-2021-3444}
[5.4.17-2102.200.12.el7]
- Revert 'x86/platform/uv: Update UV MMRs for UV5' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Add UV5 direct references' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Add and decode Arch Type in UVsystab' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Update MMIOH references based on new UV5 MMRs' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Adjust GAM MMR references affected by UV5 updates' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Update UV5 MMR references in UV GRU' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Update node present counting' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Update UV5 TSC checking' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Update for UV5 NMI MMR changes' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Update Copyrights to conform to HPE standards' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Fix missing OEM_TABLE_ID' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Remove spaces from OEM IDs' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Recognize UV5 hubless system identifier' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/tlb/uv: Add a forward declaration for struct flush_tlb_info' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Drop last traces of uv_flush_tlb_others' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Fix copied UV5 output archtype' (Jack Vogel) [Orabug: 32651197]
- Revert 'x86/platform/uv: Fix UV4 hub revision adjustment' (Jack Vogel) [Orabug: 32651197]
[5.4.17-2102.200.11.el7]
- mm/vmscan: fix infinite loop in drop_slab_node (Chunxin Zang) [Orabug: 32620155]
- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603378] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- drm/nouveau: bail out of nouveau_channel_new if channel init fails (Frantisek Hrbata) [Orabug: 32591559] {CVE-2020-25639}
- mm: support memblock alloc on the exact node for sparse_buffer_init() (Yunfeng Ye) [Orabug: 32613823]
- mm/sparse.c: do not waste pre allocated memmap space (Michal Hocko) [Orabug: 32613823]
- mm/sparse: consistently do not zero memmap (Vincent Whitchurch) [Orabug: 32613823]
[5.4.17-2102.200.10.el7]
- scsi: target: core: Make completion affinity configurable
[4.14.14-2.el7]
- BUILDINFO: commit=6bb6e206facd0c0277275ac8b9e82737380c9040
- Bump release to 4.14.14-2.
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-8 | < 5.4.17-2102.200.13.el8 |
pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 | < 5.4.17-2102.200.13.el7 |
pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-8 | < 5.4.17-2102.200.13.el8 |
pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-7 | < 5.4.17-2102.200.13.el7 |
- ID
- ELSA-2021-9141
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2021-9141.html
- Published
-
2021-03-31T00:00:00
(3 years ago) - Modified
-
2021-03-31T00:00:00
(3 years ago) - Rights
- Copyright 2021 Oracle, Inc.
- Other Advisories
-
- ALAS-2021-1487
- ALAS2-2021-1616
- ALAS2-2021-1627
- ALSA-2021:1093
- ELSA-2021-1071
- ELSA-2021-1093
- ELSA-2021-2314
- ELSA-2021-9112
- ELSA-2021-9113
- ELSA-2021-9114
- ELSA-2021-9115
- ELSA-2021-9116
- ELSA-2021-9140
- ELSA-2021-9164
- ELSA-2021-9172
- ELSA-2021-9175
- ELSA-2021-9212
- ELSA-2021-9222
- ELSA-2021-9223
- FEDORA-2021-1db4ab0a3d
- FEDORA-2021-9503fffad9
- FEDORA-2021-a2d3ad5dda
- FEDORA-2021-e49da8a226
- FEDORA-2021-f0181b8085
- MS:CVE-2020-25639
- MS:CVE-2020-27170
- MS:CVE-2020-27171
- MS:CVE-2021-27363
- MS:CVE-2021-27364
- MS:CVE-2021-27365
- MS:CVE-2021-3444
- openSUSE-SU-2021:0060-1
- openSUSE-SU-2021:0075-1
- openSUSE-SU-2021:0532-1
- openSUSE-SU-2021:0758-1
- openSUSE-SU-2021:1975-1
- openSUSE-SU-2021:1977-1
- RHSA-2021:1069
- RHSA-2021:1070
- RHSA-2021:1071
- RHSA-2021:1081
- RHSA-2021:1093
- RHSA-2021:2314
- RHSA-2021:2316
- SSA:2021-072-01
- SUSE-SU-2021:0347-1
- SUSE-SU-2021:0348-1
- SUSE-SU-2021:0353-1
- SUSE-SU-2021:0354-1
- SUSE-SU-2021:0427-1
- SUSE-SU-2021:0433-1
- SUSE-SU-2021:0434-1
- SUSE-SU-2021:0438-1
- SUSE-SU-2021:0532-1
- SUSE-SU-2021:1046-1
- SUSE-SU-2021:1074-1
- SUSE-SU-2021:1075-1
- SUSE-SU-2021:1145-1
- SUSE-SU-2021:1148-1
- SUSE-SU-2021:1175-1
- SUSE-SU-2021:1176-1
- SUSE-SU-2021:1177-1
- SUSE-SU-2021:1210-1
- SUSE-SU-2021:1211-1
- SUSE-SU-2021:1238-1
- SUSE-SU-2021:1344-1
- SUSE-SU-2021:1347-1
- SUSE-SU-2021:1365-1
- SUSE-SU-2021:1395-1
- SUSE-SU-2021:1573-1
- SUSE-SU-2021:1595-1
- SUSE-SU-2021:1596-1
- SUSE-SU-2021:1617-1
- SUSE-SU-2021:1623-1
- SUSE-SU-2021:1624-1
- SUSE-SU-2021:1625-1
- SUSE-SU-2021:1733-1
- SUSE-SU-2021:1975-1
- SUSE-SU-2021:1977-1
- SUSE-SU-2021:2577-1
- USN-4750-1
- USN-4751-1
- USN-4752-1
- USN-4883-1
- USN-4887-1
- USN-4889-1
- USN-4890-1
- USN-4901-1
- USN-4911-1
- USN-4945-1
- USN-4945-2
- USN-4949-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2021-9141 | https://linux.oracle.com/errata/ELSA-2021-9141.html | |
CVE | CVE-2020-25639 | https://linux.oracle.com/cve/CVE-2020-25639.html | |
CVE | CVE-2020-27170 | https://linux.oracle.com/cve/CVE-2020-27170.html | |
CVE | CVE-2020-27171 | https://linux.oracle.com/cve/CVE-2020-27171.html | |
CVE | CVE-2020-28588 | https://linux.oracle.com/cve/CVE-2020-28588.html | |
CVE | CVE-2021-3444 | https://linux.oracle.com/cve/CVE-2021-3444.html | |
CVE | CVE-2021-27363 | https://linux.oracle.com/cve/CVE-2021-27363.html | |
CVE | CVE-2021-27364 | https://linux.oracle.com/cve/CVE-2021-27364.html | |
CVE | CVE-2021-27365 | https://linux.oracle.com/cve/CVE-2021-27365.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-8 | oraclelinux | kernel-uek-container | < 5.4.17-2102.200.13.el8 | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 | oraclelinux | kernel-uek-container | < 5.4.17-2102.200.13.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-8 | oraclelinux | kernel-uek-container-debug | < 5.4.17-2102.200.13.el8 | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-container-debug | < 5.4.17-2102.200.13.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |