1. Home
  2. Security Advisories
  3. Oracle Linux
  4. ELSA-2021-9459

[ELSA-2021-9459] Unbreakable Enterprise kernel security update

Severity Important
Affected Packages 12
CVEs 21
Info Packages References Vulnerabilities

[4.1.12-124.54.6.1]
- fs/namespace.c: fix mountpoint reference counter race (Piotr Krysiuk) [Orabug: 33369433] {CVE-2020-12114} {CVE-2020-12114}
- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 33369414] {CVE-2019-19448} {CVE-2019-19448}
- cfg80211: wext: avoid copying malformed SSIDs (Will Deacon) [Orabug: 33369390] {CVE-2019-17133}
- vhost_net: fix possible infinite loop (Jason Wang) [Orabug: 33369374] {CVE-2019-3900} {CVE-2019-3900}
- vhost: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 33369374] {CVE-2019-3900}
- vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 33369374] {CVE-2019-3900}
- vhost_net: use packet weight for rx handler, too (Paolo Abeni) [Orabug: 33369374] {CVE-2019-3900}
- vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang) [Orabug: 33369374] {CVE-2019-3900}
- mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24586} {CVE-2020-24587}
- mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: check defrag PN against current frame (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: add fragment cache to sta_info (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: drop A-MSDUs on old ciphers (Johannes Berg) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588}
- cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588}
- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24587} {CVE-2020-24586}
- mac80211: assure all fragments are encrypted (Mathy Vanhoef) [Orabug: 33369361] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-26147}
- sctp: validate from_addr_param return (Marcelo Ricardo Leitner) [Orabug: 33369303] {CVE-2021-3655}
- virtio_console: Assure used length from device is limited (Xie Yongji) [Orabug: 33369276] {CVE-2021-38160}
- net_sched: cls_route: remove the right filter from hashtable (Cong Wang) [Orabug: 33369231] {CVE-2021-3715}
- HID: make arrays usage and value to be the same (Will McVicker) [Orabug: 33369121] {CVE-2021-0512}
- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o) [Orabug: 33369043] {CVE-2021-40490}

Package Affected Version
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 < 4.1.12-124.54.6.1.el7uek
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6 < 4.1.12-124.54.6.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-7 < 4.1.12-124.54.6.1.el7uek
pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6 < 4.1.12-124.54.6.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 < 4.1.12-124.54.6.1.el7uek
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6 < 4.1.12-124.54.6.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 < 4.1.12-124.54.6.1.el7uek
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6 < 4.1.12-124.54.6.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 < 4.1.12-124.54.6.1.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6 < 4.1.12-124.54.6.1.el6uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 < 4.1.12-124.54.6.1.el7uek
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6 < 4.1.12-124.54.6.1.el6uek
ID
ELSA-2021-9459
Severity
important
URL
https://linux.oracle.com/errata/ELSA-2021-9459.html
Published
2021-09-22T00:00:00
(3 years ago)
Modified
2021-09-22T00:00:00
(3 years ago)
Rights
Copyright 2021 Oracle, Inc.
Other Advisories
Source # ID Name URL
elsa ELSA-2021-9459 https://linux.oracle.com/errata/ELSA-2021-9459.html
CVE CVE-2019-3900 https://linux.oracle.com/cve/CVE-2019-3900.html
CVE CVE-2019-17133 https://linux.oracle.com/cve/CVE-2019-17133.html
CVE CVE-2020-12114 https://linux.oracle.com/cve/CVE-2020-12114.html
CVE CVE-2019-19448 https://linux.oracle.com/cve/CVE-2019-19448.html
CVE CVE-2021-3715 https://linux.oracle.com/cve/CVE-2021-3715.html
CVE CVE-2021-38160 https://linux.oracle.com/cve/CVE-2021-38160.html
CVE CVE-2021-3655 https://linux.oracle.com/cve/CVE-2021-3655.html
CVE CVE-2021-40490 https://linux.oracle.com/cve/CVE-2021-40490.html
CVE CVE-2020-26140 https://linux.oracle.com/cve/CVE-2020-26140.html
CVE CVE-2020-26143 https://linux.oracle.com/cve/CVE-2020-26143.html
CVE CVE-2020-26144 https://linux.oracle.com/cve/CVE-2020-26144.html
CVE CVE-2020-26139 https://linux.oracle.com/cve/CVE-2020-26139.html
CVE CVE-2020-26142 https://linux.oracle.com/cve/CVE-2020-26142.html
CVE CVE-2020-26146 https://linux.oracle.com/cve/CVE-2020-26146.html
CVE CVE-2021-0512 https://linux.oracle.com/cve/CVE-2021-0512.html
CVE CVE-2020-24586 https://linux.oracle.com/cve/CVE-2020-24586.html
CVE CVE-2020-26141 https://linux.oracle.com/cve/CVE-2020-26141.html
CVE CVE-2020-24587 https://linux.oracle.com/cve/CVE-2020-24587.html
CVE CVE-2020-24588 https://linux.oracle.com/cve/CVE-2020-24588.html
CVE CVE-2020-26145 https://linux.oracle.com/cve/CVE-2020-26145.html
CVE CVE-2020-26147 https://linux.oracle.com/cve/CVE-2020-26147.html
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 oraclelinux kernel-uek < 4.1.12-124.54.6.1.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6 oraclelinux kernel-uek < 4.1.12-124.54.6.1.el6uek oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-7 oraclelinux kernel-uek-firmware < 4.1.12-124.54.6.1.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6 oraclelinux kernel-uek-firmware < 4.1.12-124.54.6.1.el6uek oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 oraclelinux kernel-uek-doc < 4.1.12-124.54.6.1.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6 oraclelinux kernel-uek-doc < 4.1.12-124.54.6.1.el6uek oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 oraclelinux kernel-uek-devel < 4.1.12-124.54.6.1.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6 oraclelinux kernel-uek-devel < 4.1.12-124.54.6.1.el6uek oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 oraclelinux kernel-uek-debug < 4.1.12-124.54.6.1.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6 oraclelinux kernel-uek-debug < 4.1.12-124.54.6.1.el6uek oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 oraclelinux kernel-uek-debug-devel < 4.1.12-124.54.6.1.el7uek oraclelinux-7
Affected pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6 oraclelinux kernel-uek-debug-devel < 4.1.12-124.54.6.1.el6uek oraclelinux-6
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date