Lucene search

K
oraclelinux
OracleLinuxELSA-2019-4820
HistoryOct 11, 2019 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2019-10-1100:00:00
linux.oracle.com
99

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

[4.14.35-1902.6.6]

  • RDMA/restrack: Protect from reentry to resource return path (Leon Romanovsky) [Orabug: 30388717]
    [4.14.35-1902.6.5]
  • hv_netvsc: fix vf serial matching with pci slot info (Haiyang Zhang) [Orabug: 30373111]
  • rds: Use correct conn when dropping connections due to cancel (Hakon Bugge) [Orabug: 30293898]
  • scsi: megaraid_sas: Introduce module parameter for default queue depth (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Fix a compilation warning (Qian Cai) [Orabug: 30317396]
  • scsi: megaraid_sas: Make a bunch of functions static (YueHaibing) [Orabug: 30317396]
  • scsi: megaraid_sas: Update driver version to 07.710.50.00 (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Add module parameter for FW Async event logging (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Enable msix_load_balance for Invader and later controllers (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Fix calculation of target ID (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Make some symbols static (YueHaibing) [Orabug: 30317396]
  • scsi: megaraid_sas: Update driver version to 07.710.06.00-rc1 (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Introduce various Aero performance modes (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Use high IOPS queues based on IO workload (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Set affinity for high IOPS reply queues (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Enable coalescing for high IOPS queues (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Add support for High IOPS queues (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Add support for MPI toolbox commands (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Offload Aero RAID5/6 division calculations to driver (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: RAID1 PCI bandwidth limit algorithm is applicable for only Ventura (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: megaraid_sas: Add check for count returned by HOST_DEVICE_LIST DCMD (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Handle sequence JBOD map failure at driver level (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Dont send FPIO to RL Bypass queue (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: In probe context, retry IOC INIT once if firmware is in fault (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Release Mutex lock before OCR in case of DCMD timeout (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Call disable_irq from process IRQ poll (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Remove few debug counters from IO path (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Add support for Non-secure Aero PCI IDs (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Add 32 bit atomic descriptor support to AERO adapters (Chandrakanth Patil) [Orabug: 30317396]
  • scsi: megaraid_sas: Use struct_size() helper (Gustavo A. R. Silva) [Orabug: 30317396]
    (YueHaibing) [Orabug: 30317396]
  • scsi: megaraid_sas: use DEVICE_ATTR_{RO, RW} (Tomas Henzl) [Orabug: 30317396]
  • scsi: megaraid_sas: use octal permissions instead of constants (Tomas Henzl) [Orabug: 30317396]
  • scsi: megaraid_sas: make max_sectors visible in sys (Tomas Henzl) [Orabug: 30317396]
  • scsi: megaraid_sas: remove set but not used variables ‘buff_addr’ and ‘ci_h’ (YueHaibing) [Orabug: 30317396]
  • scsi: megaraid_sas: remove set but not used variable ‘sge_sz’ (YueHaibing) [Orabug: 30317396]
  • scsi: megaraid_sas: remove set but not used variables ‘host’ and ‘wait_time’ (YueHaibing) [Orabug: 30317396]
  • scsi: megaraid_sas: remove set but not used variable ‘cur_state’ (YueHaibing) [Orabug: 30317396]
  • scsi: megaraid_sas: Update driver version to 07.708.03.00 (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Export RAID map through debugfs (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Fix MSI-X vector print (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Add debug prints for device list (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Add prints in suspend and resume path (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Print firmware interrupt status (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Print FW fault information (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Export RAID map id through sysfs (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Print BAR information from driver (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Dump system registers for debugging (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Dump system interface regs from sysfs (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Add formatting option for megasas_dump (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Enhance internal DCMD timeout prints (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Enhance prints in OCR and TM path (Sumit Saxena) [Orabug: 30317396]
  • scsi: megaraid_sas: Load balance completions across all MSI-X (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: IRQ poll to avoid CPU hard lockups (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Block PCI config space access from userspace during OCR (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Rework code around controller reset (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: fw_reset_no_pci_access required for MFI adapters only (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Remove unused variable target_index (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: fix spelling mistake ‘oustanding’ -> ‘outstanding’ (Colin Ian King) [Orabug: 30317396]
  • scsi: megaraid_sas: Make megasas_host_device_list_query() static (YueHaibing) [Orabug: 30317396]
  • scsi: megaraid_sas: reduce module load time (Steve Sistare) [Orabug: 30317396]
  • scsi: megaraid_sas: Remove a bunch of set but not used variables (YueHaibing) [Orabug: 30317396]
  • scsi: megaraid_sas: driver version update (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Update structures for HOST_DEVICE_LIST DCMD (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Add support for DEVICE_LIST DCMD in driver (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Rework device add code in AEN path (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Rework code to get PD and LD list (Shivasharan S) [Orabug: 30317396]
  • scsi: megaraid_sas: Retry reads of outbound_intr_status reg (Shivasharan S) [Orabug: 30317396]
  • rds: ib: Optimize rds_ib_laddr_check (Hakon Bugge) [Orabug: 30327669]
  • x86,sched: Allow topologies where NUMA nodes share an LLC (Mridula Shastry) [Orabug: 30068079]
    [4.14.35-1902.6.4]
  • net/rds: Use DMA memory pool allocation for rds_header (Ka-Cheong Poon) [Orabug: 30358057]
  • net/rds: Check laddr_check before calling it (Ka-Cheong Poon) [Orabug: 30319176]
  • x86/microcode/intel: Issue the revision updated message only on the BSP (Borislav Petkov) [Orabug: 30298021]
  • x86/microcode: Update late microcode in parallel (Ashok Raj) [Orabug: 30298021]
  • xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink (YueHaibing) [Orabug: 30322228] {CVE-2019-15666}
  • floppy: fix out-of-bounds read in copy_buffer (Denis Efremov) [Orabug: 30318218] {CVE-2019-14283}
  • ALSA: line6: Fix write on zero-sized buffer (Takashi Iwai) [Orabug: 30254322] {CVE-2019-15221}
    [4.14.35-1902.6.3]
  • KVM: coalesced_mmio: add bounds checking (Matt Delco) [Orabug: 30328863] {CVE-2019-14821} {CVE-2019-14821}
  • net/rds: Incorrect work request accouting (Ka-Cheong Poon) [Orabug: 30288715]
  • vhost: make sure log_num < in_num (yongduan) [Orabug: 30313999] {CVE-2019-14835}
  • vhost: block speculation of translated descriptors (Michael S. Tsirkin) [Orabug: 30313999] {CVE-2019-14835}
  • vhost: Fix Spectre V1 vulnerability (Jason Wang) [Orabug: 30313999]
  • RDMA/restrack: Release task struct which was hold by CM_ID object (Leon Romanovsky) [Orabug: 30307611]
  • x86/speculation: Re-initialize x86_spec_ctrl_base/priv during late microcode update (Boris Ostrovsky) [Orabug: 30312533]
  • x86/speculation: Properly initialize percpu variables (Boris Ostrovsky) [Orabug: 30312533]
  • nfsd4: catch some false session retries (J. Bruce Fields) [Orabug: 30172625]
  • nfsd4: fix cached replies to solo SEQUENCE compounds (J. Bruce Fields) [Orabug: 30172625]
  • net/rds: Fix info leak in rds6_inc_info_copy() (Ka-Cheong Poon) [Orabug: 30260894]
  • A/A Bonding: Log ip_config details if it fails to find a failover port (Sudhakar Dindukurti) [Orabug: 30313262]
  • A/A Bonding: X8-8 RoCE network re-connect stalls after loss of switch (Sudhakar Dindukurti) [Orabug: 30313262]
  • KVM: svm: svm_set_msr(MSR_IA32_SPEC_CTRL) should allow SPEC_CTRL_SSBD bit (Liam Merwick) [Orabug: 30257820]
  • rds: RDS/TCP does not initiate a connection (Ka-Cheong Poon) [Orabug: 30255694]
  • xen-netfront: do not assume sk_buff_head list is empty in error handling (Dongli Zhang) [Orabug: 30313831]
    [4.14.35-1902.6.2]
  • net/rds: An rds_sock is added too early to the hash table (Ka-Cheong Poon) [Orabug: 30304759]
  • route: set the deleted fnhe fnhe_daddr to 0 in ip_del_fnhe to fix a race (Xin Long) [Orabug: 30276919]
  • KVM: VMX: sync pending posted interrupts based on PIR (Luwei Kang) [Orabug: 30270374]
  • Revert ‘KVM: x86: Recompute PID.ON when clearing PID.SN’ (Joao Martins) [Orabug: 30270374]
  • x86/tsc: Make calibration refinement more robust (Daniel Vacek) [Orabug: 30260381]
  • xen/swiotlb: remember having called xen_create_contiguous_region() (Juergen Gross) [Orabug: 30255523]
  • xen/swiotlb: simplify range_straddles_page_boundary() (Juergen Gross) [Orabug: 30255523]
  • xen/swiotlb: fix condition for calling xen_destroy_contiguous_region() (Juergen Gross) [Orabug: 30255523]
  • xen-swiotlb: use actually allocated size on check physical continuous (Joe Jin) [Orabug: 30255523]
  • Bluetooth: hci_uart: check for missing tty operations (Vladis Dronov) [Orabug: 30244614] {CVE-2019-10207} {CVE-2019-10207}
  • IB/mlx5: Fix leaking stack memory to userspace (Jason Gunthorpe) [Orabug: 30244589] {CVE-2018-20855}
  • mm: memcontrol: drain stocks on resize limit (Shakeel Butt) [Orabug: 30229285]
  • mm/memcontrol.c: try harder to decrease [memory,memsw].limit_in_bytes (Andrey Ryabinin) [Orabug: 30229285]
  • memcg: refactor mem_cgroup_resize_limit() (Yu Zhao) [Orabug: 30229285]
  • cgroup/pids: turn cgroup_subsys->free() into cgroup_subsys->release() to fix the accounting (Oleg Nesterov) [Orabug: 30229262]
  • drivers: net: Remove unnecessary semicolon (YueHaibing) [Orabug: 29320005]
  • net: cisco: enic: Replace GFP_ATOMIC with GFP_KERNEL (Jia-Ju Bai) [Orabug: 29320005]
  • enic: fix UDP rss bits (Govindarajulu Varadarajan) [Orabug: 29320005]
  • enic: drop IP proto check for vxlan tunnel delete (Govindarajulu Varadarajan) [Orabug: 29320005]
  • enic: fix boolreturn.cocci warnings (Fengguang Wu) [Orabug: 29320005]
  • enic: set IG desc cache flag in open (Govindarajulu Varadarajan) [Orabug: 29320005]
  • enic: set UDP rss flag (Govindarajulu Varadarajan) [Orabug: 29320005]
  • enic: Check if hw supports multi wq with vxlan offload (Govindarajulu Varadarajan) [Orabug: 29320005]
  • enic: Add vxlan offload support for IPv6 pkts (Govindarajulu Varadarajan) [Orabug: 29320005]
  • enic: Check inner ip proto for pseudo header csum (Govindarajulu Varadarajan) [Orabug: 29320005]
  • enic: add wq clean up budget (Govindarajulu Varadarajan) [Orabug: 29320005]
  • enic: add sw timestamp support (Govindarajulu Varadarajan) [Orabug: 29320005]
  • enic: Add support for ‘ethtool -g/-G’ (Parvi Kaustubhi) [Orabug: 29320005]
  • enic: reset fetch index (Parvi Kaustubhi) [Orabug: 29320005]
  • cgroup: make code and documentation consistent for cgroup cpuset v2 (chris hyser) [Orabug: 29447566]
  • x86: cpu: update blacklist spec features for late loading (Mihai Carabas) [Orabug: 29336757]
  • x86: cpu: bugs.c: update cpu_smt_disable to support late loading (Mihai Carabas) [Orabug: 29336757]
  • x86: cpu: bugs.c: create microcode late loading logic (Mihai Carabas) [Orabug: 29336757]
  • x86: cpu: bugs.c: remove init attribute from functions and variables (Mihai Carabas) [Orabug: 29336757]
  • x86: kernel: cpu: bugs.c: modify static_has to boot_bas (Mihai Carabas) [Orabug: 29336757]
  • x86: cpu: modify boot_command_line to saved_command_line (Mihai Carabas) [Orabug: 29336757]
  • x86: cpu: microcode: update flags for all cpus (Mihai Carabas) [Orabug: 29336757]
    [4.14.35-1902.6.1]
  • rds: Bring loop-back peer down as well (Hakon Bugge) [Orabug: 30290065]
  • rds: ib: Avoid connect retry on loopback connections (Hakon Bugge) [Orabug: 30290065]
  • net/rds: Adding missing ‘dev_put’ to __flush_eth_arp_entry() (Gerd Rausch) [Orabug: 30290073]
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Related for ELSA-2019-4820