Basic search

K
oraclelinuxOracleLinuxELSA-2017-0386
HistoryMar 02, 2017 - 12:00 a.m.

kernel security, bug fix, and enhancement update

2017-03-0200:00:00
linux.oracle.com
40

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

7.9%

  • [3.10.0-514.10.2.OL7]
  • Oracle Linux certificates (Alexey Petrenko)
  • Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
  • Update x509.genkey [bug 24817676]
    [3.10.0-514.10.2]
  • [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1423462 1423463]
    [3.10.0-514.10.1]
  • [block] blk-mq: Fix NULL pointer updating nr_requests (David Milburn) [1416133 1384066]
  • [scsi] cxlflash: Fix crash in cxlflash_restore_luntable() (Gustavo Duarte) [1415146 1400524]
  • [scsi] cxlflash: Improve context_reset() logic (Gustavo Duarte) [1415146 1400524]
  • [scsi] cxlflash: Avoid command room violation (Gustavo Duarte) [1415146 1400524]
  • [x86] Mark Kaby Lake with Kaby Lake PCH as supported (David Arcari) [1415094 1391219]
  • [scsi] be2iscsi: Add checks to validate completions (Maurizio Lombardi) [1414687 1324918]
  • [scsi] be2iscsi: Fix bad WRB index error (Maurizio Lombardi) [1414687 1324918]
  • [scsi] be2iscsi: Add lock to protect WRB alloc and free (Maurizio Lombardi) [1414687 1324918]
  • [mm] meminit: initialise more memory for inode/dentry hash tables in early boot (Yasuaki Ishimatsu) [1413623 1404584]
  • [s390] mem_detect: Revert ‘add DAT sanity check’ (Hendrik Brueckner) [1413600 1391540]
  • [cpufreq] intel_pstate: Fix code ordering in intel_pstate_set_policy() (Prarit Bhargava) [1411818 1398072]
  • [scsi] cxlflash: Improve EEH recovery time (Steve Best) [1402442 1397588]
  • [scsi] cxlflash: Fix to avoid EEH and host reset collisions (Steve Best) [1402442 1397588]
  • [scsi] cxlflash: Remove the device cleanly in the system shutdown path (Steve Best) [1402442 1397588]
  • [scsi] cxlflash: Scan host only after the port is ready for I/O (Steve Best) [1402442 1397588]
  • [x86] kvm: x86: Check memopp before dereference (Mateusz Guzik) [1395805 1395806] {CVE-2016-8630}
  • [vfio] pci: Fix integer overflows, bitmask check (Mateusz Guzik) [1394627 1394991 1394628 1394992] {CVE-2016-9083 CVE-2016-9084}
  • [acpi] acpi / scan: use platform bus type by default for _HID enumeration (Tony Camuso) [1393727 1383505]
  • [acpi] acpi / scan: introduce platform_id device PNP type flag (Tony Camuso) [1393727 1383505]
  • [char] ipmi: Convert the IPMI SI ACPI handling to a platform device (Tony Camuso) [1393727 1383505]
  • [acpi] acpi / ipmi: Cleanup coding styles (David Arcari) [1393725 1373703]
  • [acpi] acpi / ipmi: Cleanup some inclusion codes (David Arcari) [1393725 1373703]
  • [acpi] acpi / ipmi: Cleanup some initialization codes (David Arcari) [1393725 1373703]
  • [acpi] acpi / ipmi: Cleanup several acpi_ipmi_device members (David Arcari) [1393725 1373703]
  • [acpi] acpi / ipmi: Add reference counting for ACPI IPMI transfers (David Arcari) [1393725 1373703]
  • [acpi] acpi / ipmi: Use global IPMI operation region handler (David Arcari) [1393725 1373703]
  • [acpi] acpi / ipmi: Fix race caused by the unprotected ACPI IPMI user (David Arcari) [1393725 1373703]
  • [acpi] acpi / ipmi: Fix race caused by the timed out ACPI IPMI transfers (David Arcari) [1393725 1373703]
  • [acpi] acpi / ipmi: Fix race caused by the unprotected ACPI IPMI transfers (David Arcari) [1393725 1373703]
  • [acpi] acpi / ipmi: Fix potential response buffer overflow (David Arcari) [1393725 1373703]
    [3.10.0-514.9.1]
  • [drm] i915/kbl: Remove preliminary_hw_support protection from KBL. (Rob Clark) [1413092 1305702]
  • [netdrv] slip: Fix deadlock in write_wakeup (Steve Best) [1412225 1403497]
  • [netdrv] slip: fix spinlock variant (Steve Best) [1412225 1403497]
  • [kernel] kmod: use system_unbound_wq instead of khelper (Luiz Capitulino) [1411816 1395860]
  • [nvme] switch abort to blk_execute_rq_nowait (David Milburn) [1411669 1392923]
  • [netdrv] ibmveth: calculate gso_segs for large packets (Gustavo Duarte) [1411382 1361958]
  • [netdrv] ibmveth: set correct gso_size and gso_type (Gustavo Duarte) [1411382 1361958]
  • [netdrv] allow macvlans to move to net namespace (Jarod Wilson) [1409829 1368830]
  • [pci] Set Read Completion Boundary to 128 iff Root Port supports it (_HPX) (Myron Stowe) [1406290 1387674]
  • [pci] Export pcie_find_root_port() (Myron Stowe) [1406290 1387674]
  • [rtc] cmos: Initialize hpet timer before irq is registered (Pratyush Anand) [1404184 1299001]
  • [x86] amd: Fix cpu_llc_id for AMD Fam17h systems (Suravee Suthikulpanit) [1402444 1395399]
  • [powerpc] powernv: Fix stale PE primary bus (Steve Best) [1402440 1395275]
  • [misc] cxl: Fix coredump generation when cxl_get_fd() is used (Gustavo Duarte) [1402439 1397943]
  • [pci] cxl: use pcibios_free_controller_deferred() when removing vPHBs (Gustavo Duarte) [1402438 1395323]
  • [scsi] qla2xxx: do not abort all commands in the adapter during EEH recovery (Gustavo Duarte) [1402436 1393254]
  • [scsi] qla2xxx: fix invalid DMA access after command aborts in PCI device remove (Gustavo Duarte) [1402436 1393254]
  • [scsi] qla2xxx: do not queue commands when unloading (Gustavo Duarte) [1402436 1393254]
  • [net] packet: fix race condition in packet_set_ring (Hangbin Liu) [1401852 1401853] {CVE-2016-8655}
    [3.10.0-514.8.1]
  • [netdrv] i40e: Fix corruption when transferring large files (Stefan Assmann) [1413101 1404060]
    [3.10.0-514.7.1]
  • [kernel] printk: avoid livelock if another CPU printks continuously (Denys Vlasenko) [1402314 1294066]

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

7.9%