Lucene search

K
oraclelinuxOracleLinuxELSA-2020-1016
HistoryApr 06, 2020 - 12:00 a.m.

kernel security, bug fix, and enhancement update

2020-04-0600:00:00
linux.oracle.com
34

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.026 Low

EPSS

Percentile

90.3%

[3.10.0-1127.OL7]

  • Oracle Linux certificates (Alexey Petrenko)
  • Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected])
  • Update x509.genkey [Orabug: 24817676]
    [3.10.0-1127]
  • [fs] flexfiles: Dont tie up all the rpciod threads in resends (Benjamin Coddington) [1778963]
    [3.10.0-1126]
  • [scsi] scsi: qla2xxx: Fix unbound NVME response length (Himanshu Madhani) [1788669]
    [3.10.0-1125]
  • [fs] mark struct file that had write access grabbed by open() (Miklos Szeredi) [1679829]
  • [fs] fold __get_file_write_access() into its only caller (Miklos Szeredi) [1679829]
  • [powerpc] get rid of DEBUG_WRITECOUNT (Miklos Szeredi) [1679829]
  • [fs] dont bother with {get, put}_write_access() on non-regular files (Miklos Szeredi) [1679829]
  • [fs] gfs2: Use d_materialise_unique instead of d_splice_alias (2) (Andreas Grunbacher) [1784550]
  • [fs] gfs2: gfs2_create_inode(): dont bother with d_splice_alias() (Andreas Grunbacher) [1784550]
  • [fs] gfs2: bugger off early if O_CREAT open finds a directory (Andreas Grunbacher) [1784550]
  • [fs] libceph: fix PG split vs OSD (re)connect race (Ilya Dryomov) [1785656]
  • [scsi] Fix driver intialization failure for sli4 non nvme (Dick Kennedy) [1783899]
  • [netdrv] hv_netvsc: fix race that may miss tx queue wakeup (Mohammed Gamal) [1781322]
    [3.10.0-1124]
  • [s390] s390: wire up sys_renameat2 (Miklos Szeredi) [1773504]
  • [net] ipvs: do not use random local source address for tunnels (Xin Long) [1786676]
  • [misc] mei: me: add cannon point device ids for 4th device (Jerry Snitselaar) [1745139]
  • [misc] mei: me: add cannon point device ids (Jerry Snitselaar) [1745139]
  • [netdrv] bnxt_en: Support all variants of the 5750X chip family (Jonathan Toppins) [1789345]
    [3.10.0-1123]
  • [mm] mm: prevent get_user_pages() from overflowing page refcount (Aristeu Rozanski) [1705005] {CVE-2019-11487}
  • [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors (Aristeu Rozanski) [1705005] {CVE-2019-11487}
  • [fs] CIFS: avoid using MID 0xFFFF (Leif Sahlberg) [1771255]
  • [net] netfilter: xt_TRACE: add explicitly nf_logger_find_get call (Phil Sutter) [1774444]
  • [wireless] rtlwifi: Fix potential overflow on P2P code (Josef Oskera) [1775236] {CVE-2019-17666}
    [3.10.0-1122]
  • [drm] drm/amd/powerplay: use hardware fan control if no powerplay fan table (Lyude Paul) [1729286]
  • [nvme] nvme-fc: fix double-free scenarios on hw queues (Ewan Milne) [1731286]
  • [x86] kvm: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it (Paolo Bonzini) [1779768]
  • [x86] kvm: vmx: implement MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [1779768] {CVE-2019-19338}
  • [x86] kvm: x86: Mark expected switch fall-throughs (Paolo Bonzini) [1779768] {CVE-2019-19338}
  • [x86] kvm: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo Bonzini) [1779768] {CVE-2019-19338}
  • [x86] kvm: x86: do not modify masked bits of shared MSRs (Paolo Bonzini) [1779768] {CVE-2019-19338}
  • [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) [1779768] {CVE-2019-19338}
  • [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled (Paolo Bonzini) [1779768] {CVE-2019-19338}
  • [s390] s390/qeth: ensure linear access to packet headers (Philipp Rudo) [1782927]
  • [s390] s390/qeth: guard against runt packets (Philipp Rudo) [1782927]
  • [s390] s390/qeth: consolidate skb allocation (Philipp Rudo) [1782927]
  • [s390] s390/qeth: clean up page frag creation (Philipp Rudo) [1782927]
  • [netdrv] i40e: Fix for persistent lldp support (Stefan Assmann) [1782689]
    [3.10.0-1121]
  • [platform] thinkpad_acpi: Dont yell on unsupported brightness interfaces (Lyude Paul) [1305619]
  • [platform] thinkpad-acpi: fix handle locate for video and query of _BCL (Lyude Paul) [1305619]
  • [s390] kernel: avoid cpu yield in SMT environment (Philipp Rudo) [1777876]
  • [scsi] scsi: qla2xxx: Fix incorrect SFUB length used for Secure Flash Update MB Cmd (Himanshu Madhani) [1783016]
  • [scsi] scsi: qla2xxx: Added support for MPI and PEP regions for ISP28XX (Himanshu Madhani) [1783016]
  • [scsi] scsi: qla2xxx: Correctly retrieve and interpret active flash region (Himanshu Madhani) [1783016]
  • [powerpc] KVM: PPC: Book3S HV: Flush link stack on guest exit to host kernel (Gustavo Duarte) [1777710]
  • [powerpc] powerpc/book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1777710]
  • [powerpc] powerpc/64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1777710]
  • [net] openvswitch: fix flow command message size (Paolo Abeni) [1776578]
  • [block] brd: re-enable __GFP_HIGHMEM in brd_insert_page() (Jeff Moyer) [1781298]
  • [block] brd: remove dax support (Jeff Moyer) [1781298]
  • [nvme] nvme: dont access the inlined bio after nvmet request is completed (Ming Lei) [1631120]
  • [fs] epoll: fix race between ep_poll_callback(POLLFREE) and ep_free()/ep_remove() (Miklos Szeredi) [1780128]
  • [nvme] nvme: fix NULL pointer dereference in nvme_init_subsystem (Ewan Milne) [1781316]
  • [nvme] nvme-fabrics: allow duplicate connections to the discovery controller (Ewan Milne) [1781316]
  • [scsi] scsi: bnx2fc: timeout calculation invalid for bnx2fc_eh_abort() (Nilesh Javali) [1772966]
    [3.10.0-1120]
  • [md] raid5: need to set STRIPE_HANDLE for batch head (Xiao Ni) [1774330]
  • [drm] drm/radeon: fix si_enable_smc_cac() failed issue (Dave Airlie) [1780026]
  • [block] block: dont change REQ_NR_BITS (Ming Lei) [1779712]
    [3.10.0-1119]
  • [x86] mm: serialize against gup_fast in pmdp_splitting_flush() (Vitaly Kuznetsov) [1674266]
  • [vhost] vsock: split packets to send using multiple buffers (Stefano Garzarella) [1777349]
  • [md] md/raid10: prevent access of uninitialized resync_pages offset (Nigel Croxon) [1767935]
  • [x86] perf/x86: Modify error message in virtualized environment (Michael Petlan) [1759758]
  • [fs] cifs: Fix infinite loop when using hard mount option (Dave Wysochanski) [1770404]
  • [wireless] mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() (Stanislaw Gruszka) [1776157] {CVE-2019-14901}
    [3.10.0-1118]
  • [net] ipv6: support more tunnel interfaces for EUI64 link-local generation (Guillaume Nault) [1770686]
  • [net] netfilter: masquerade: dont flush all conntracks if only one address deleted on device (Patrick Talbert) [1771396]
  • [net] netfilter: conntrack: resched in nf_ct_iterate_cleanup (Patrick Talbert) [1771396]
  • [net] ipvs: fix buffer overflow with sync daemon and service (Davide Caratti) [1725440]
  • [net] ipvs: fix rtnl_lock lockups caused by start_sync_thread (Davide Caratti) [1725440]
  • [net] ipvs: Pass ipvs not net to make_receive_sock (Davide Caratti) [1725440]
  • [net] ipvs: Pass ipvs not net to make_send_sock (Davide Caratti) [1725440]
  • [net] ipvs: Pass ipvs not net to start_sync_thread (Davide Caratti) [1725440]
  • [net] ipvs: Pass ipvs not net to ip_vs_genl_new_daemon (Davide Caratti) [1725440]
  • [net] ipvs: add sync_maxlen parameter for the sync daemon (Davide Caratti) [1725440]
  • [net] ipvs: call rtnl_lock early (Davide Caratti) [1725440]
  • [net] netfilter: dont use mutex_lock_interruptible() (Davide Caratti) [1725440]
  • [net] ipvs: fix memory leak in ip_vs_ctl.c (Davide Caratti) [1725440]
  • [wireless] mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Stanislaw Gruszka) [1776206]
  • [scsi] Revert ‘qla2xxx: Mark NVMe/FC initiator mode usage as technology preview’ (Ewan Milne) [1642968]
    [3.10.0-1117]
  • [x86] x86/speculation: Remove unneeded STIBP code (Waiman Long) [1766540] {CVE-2019-11135}
  • [x86] x86/speculation: Fix redundant MDS mitigation message (Waiman Long) [1766540] {CVE-2019-11135}
  • [documentation] x86/speculation: Fix incorrect MDS/TAA mitigation status (Waiman Long) [1766540] {CVE-2019-11135}
  • [x86] x86/speculation/taa: Fix printing of TAA_MSG_SMT on IBRS_ALL CPUs (Waiman Long) [1766540] {CVE-2019-11135}
  • [x86] x86/tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766540] {CVE-2019-11135}
  • [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766540] {CVE-2019-11135}
  • [x86] x86/tsx: Add ‘auto’ option to the tsx= cmdline parameter (Waiman Long) [1766540] {CVE-2019-11135}
  • [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766540] {CVE-2019-11135}
  • [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766540] {CVE-2019-11135}
  • [x86] x86/cpu: Add a ‘tsx=’ cmdline option with TSX disabled by default (Waiman Long) [1766540] {CVE-2019-11135}
  • [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766540] {CVE-2019-11135}
  • [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766540] {CVE-2019-11135}
  • [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1690343] {CVE-2018-12207}
  • [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1690343] {CVE-2018-12207}
    [3.10.0-1116]
  • [netdrv] net/mlx5: Fix auto group size calculation (Alaa Hleihel) [1769309]
  • [mm] x86/io: add interface to reserve io memtype for a resource range. (v1.1) (Dave Airlie) [1739623]
  • [sound] alsa: emux: Fix potential Spectre v1 vulnerabilities (Jaroslav Kysela) [1672561]
  • [s390] s390/smt: Fix s390 SMT reporting (Josh Poimboeuf) [1764184]
  • [mm] mm: swap: clean up swap readahead (Rafael Aquini) [1725396]
  • [mm] mm: do_swap_page: clean up parameter list passing a pointer to struct vm_fault (Rafael Aquini) [1725396]
  • [mm] mm: __handle_mm_fault: introduce explicit barrier after orig_pte dereference (Rafael Aquini) [1725396]
  • [fs] cachefiles: Fix page leak in cachefiles_read_backing_file while vmscan is active (David Howells) [1765975]
    [3.10.0-1115]
  • [scsi] Fix stack tarce when lpfc driver is unloaded (Dick Kennedy) [1774744]
  • [scsi] qla2xxx: Update driver version (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Fix partial flash write of MBI (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Fix device connect issues in P2P configuration (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Fix a NULL pointer dereference (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Fix double scsi_done for abort path (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Make qla2x00_abort_srb() again decrease the sp reference count (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Fix driver unload hang (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Fix SRB leak on switch command timeout (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Fix premature timer expiration (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Uninline qla2x00_init_timer() (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Do command completion on abort timeout (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Retry PLOGI on FC-NVMe PRLI failure (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Add error handling for PLOGI ELS passthrough (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Inline the qla2x00_fcport_event_handler() function (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Dual FCP-NVMe target port support (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Use tabs instead of spaces for indentation (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Fix N2N link up fail (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Fix N2N link reset (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Fix a race condition between aborting and completing a SCSI command (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Introduce the function qla2xxx_init_sp() (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Really fix qla2xxx_eh_abort() (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Make qla24xx_async_abort_cmd() static (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Reduce the number of forward declarations (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Remove a superfluous forward declaration (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Fix stuck login session (Himanshu Madhani) [1731581]
  • [scsi] scsi: qla2xxx: Fix panic from use after free in qla2x00_async_tm_cmd (Himanshu Madhani) [1731581]
  • [media] cx24116: fix a buffer overflow when checking userspace params (Jarod Wilson) [1737279] {CVE-2015-9289}
  • [scsi] qedf: Initialize rport while creation of vport (Nilesh Javali) [1760746]
  • [fs] Fix the locking in dcache_readdir() and friends (Ondrej Mosnacek) [1510603]
  • [fs] much milder d_walk() race (Ondrej Mosnacek) [1510603]
  • [fs] libfs.c: new helper - next_positive() (Ondrej Mosnacek) [1510603]
  • [fs] dcache_{readdir, dir_lseek}(): dont bother with nested ->d_lock (Ondrej Mosnacek) [1510603]
  • [security] selinuxfs: dont open-code d_genocide() (Ondrej Mosnacek) [1510603]
  • [fs] fs/dcache: Enable automatic reclaim of excess negative dentries (Waiman Long) [1489573]
  • [fs] fs/dcache: Add sysctl parameter negative-dentry-limit as a soft limit on negative dentries (Waiman Long) [1489573]
  • [fs] fs/dcache: Move percpu count updates out of dcache_lru_lock (Waiman Long) [1489573]
  • [fs] fs/dcache: Dont set DCACHE_REFERENCED on dentries when first put into LRU (Waiman Long) [1489573]
    [3.10.0-1114]
  • [kernel] sched/numa: Fix a possible divide-by-zero (Vladis Dronov) [1765959]
  • [x86] x86/boot/64: Round memory hole size up to next PMD page (Frank Ramsay) [1773762]
  • [x86] x86/boot/64: Make level2_kernel_pgt pages invalid outside kernel area (Frank Ramsay) [1773762]
  • [kernel] seccomp: Fix tracer exit notifications during fatal signals (Vladis Dronov) [1770484]
  • [x86] x86/ptrace: run seccomp after ptrace (Vladis Dronov) [1770484]
  • [fs] cifs: Fix retry mid list corruption on reconnects (Dave Wysochanski) [1614201]
  • [fs] cifs: add a warning if we try to to dequeue a deleted mid (Dave Wysochanski) [1614201]
  • [fs] cifs: Fix use after free of a mid_q_entry (Dave Wysochanski) [1614201]
  • [fs] Dont log confusing message on reconnect by default (Dave Wysochanski) [1614201]
  • [fs] ceph: mark Fw cap dirty after splice write (Zheng Yan) [1710751]
  • [fs] cifs: Force reval dentry if LOOKUP_REVAL flag is set (Dave Wysochanski) [1771657]
  • [fs] cifs: Force revalidate inode when dentry is stale (Dave Wysochanski) [1771657]
  • [fs] cifs: Gracefully handle QueryInfo errors during open (Dave Wysochanski) [1771657]
    [3.10.0-1113]
  • [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Dave Airlie) [1756883] {CVE-2019-0155}
  • [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756816] {CVE-2019-0154}
  • [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756816] {CVE-2019-0154}
  • [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756883] {CVE-2019-0155}
  • [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756883] {CVE-2019-0155}
  • [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756883] {CVE-2019-0155}
  • [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756883] {CVE-2019-0155}
  • [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756883] {CVE-2019-0155}
  • [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756883] {CVE-2019-0155}
  • [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756883] {CVE-2019-0155}
  • [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756883] {CVE-2019-0155}
  • [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756883] {CVE-2019-0155}
  • [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756883] {CVE-2019-0155}
  • [fs] Fix error code in nfs_lookup_verify_inode() (Benjamin Coddington) [1761957]
  • [scsi] scsi: qla2xxx: Initialized mailbox to prevent driver load failure (Himanshu Madhani) [1770307]
  • [powerpc] powerpc/ptrace: run seccomp after ptrace (Vladis Dronov) [1760294]
  • [s390] s390/ptrace: run seccomp after ptrace (Vladis Dronov) [1760294]
  • [s390] s390/seccomp: fix error return for filtered system calls (Vladis Dronov) [1760294]
  • [netdrv] bnxt_en: flow_offload: offload tunnel decap rules via indirect callbacks (Davide Caratti) [1717422]
  • [x86] cpuidle-haltpoll: vcpu hotplug support (Marcelo Tosatti) [1771849]
  • [x86] kvm: x86: skip populating logical dest map if apic is not sw enabled (Bandan Das) [1738496]
  • [x86] kvm: x86: remove unnecessary recalculate_apic_map (Bandan Das) [1738496]
  • [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1750577]
  • [scsi] scsi: bnx2fc: remove set but not used variables ‘task’, ‘port’, ‘orig_task’ (Nilesh Javali) [1750577]
  • [scsi] scsi: bnx2fc: remove set but not used variables ‘lport’, ‘host’ (Nilesh Javali) [1750577]
  • [scsi] scsi: bnx2fc: remove set but not used variable ‘fh’ (Nilesh Javali) [1750577]
  • [scsi] scsi: qedi: Remove WARN_ON from clear task context (Nilesh Javali) [1461697]
  • [scsi] scsi: qedi: Remove WARN_ON for untracked cleanup (Nilesh Javali) [1461697]
    [3.10.0-1112]
  • [scsi] scsi: mpt3sas: change allocation option (Tomas Henzl) [1763796]
  • [md] md: improve handling of bio with REQ_PREFLUSH in md_flush_request() (Xiao Ni) [1752061]
  • [kvm] KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [1760668]
  • [net] mac80211: Reject malformed SSID elements (Stanislaw Gruszka) [1748266]
  • [net] cfg80211: wext: avoid copying malformed SSIDs (Stanislaw Gruszka) [1748266]
  • [wireless] iwlwifi: pcie: change qu with jf devices to use qu configuration (Stanislaw Gruszka) [1748266]
  • [net] mac80211: fix txq null pointer dereference (Stanislaw Gruszka) [1748266]
  • [net] nl80211: fix null pointer dereference (Stanislaw Gruszka) [1748266]
  • [net] cfg80211: initialize on-stack chandefs (Stanislaw Gruszka) [1748266]
  • [net] cfg80211: validate SSID/MBSSID element ordering assumption (Stanislaw Gruszka) [1748266]
  • [net] nl80211: validate beacon head (Stanislaw Gruszka) [1748266]
  • [net] mac80211: keep BHs disabled while calling drv_tx_wake_queue() (Stanislaw Gruszka) [1748266]
  • [net] cfg80211: Purge frame registrations on iftype change (Stanislaw Gruszka) [1748266]
  • [wireless] rtw88: pci: Use DMA sync instead of remapping in RX ISR (Stanislaw Gruszka) [1748266]
  • [wireless] rtw88: pci: Rearrange the memory usage for skb in RX ISR (Stanislaw Gruszka) [1748266]
  • [wireless] iwlwifi: fw: dont send GEO_TX_POWER_LIMIT command to FW version 36 (Stanislaw Gruszka) [1748266]
  • [net] nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (Stanislaw Gruszka) [1748266]
  • [net] mac80211: Do not send Layer 2 Update frame before authorization (Stanislaw Gruszka) [1748266]
  • [wireless] iwlwifi: assign directly to iwl_trans->cfg in QuZ detection (Stanislaw Gruszka) [1748266]
  • [wireless] mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Stanislaw Gruszka) [1748266]
  • [net] mac80211: Correctly set noencrypt for PAE frames (Stanislaw Gruszka) [1748266]
  • [net] mac80211: Dont memset RXCB prior to PAE intercept (Stanislaw Gruszka) [1748266]
  • [wireless] iwlwifi: pcie: handle switching killer Qu B0 NICs to C0 (Stanislaw Gruszka) [1748266]
  • [net] Revert ‘cfg80211: fix processing world regdomain when non modular’ (Stanislaw Gruszka) [1748266]
  • [net] mac80211: fix possible sta leak (Stanislaw Gruszka) [1748266]
  • [wireless] iwlwifi: pcie: fix recognition of QuZ devices (Stanislaw Gruszka) [1748266]
  • [wireless] iwlwifi: pcie: dont switch FW to qnj when ax201 is detected (Stanislaw Gruszka) [1748266]
  • [wireless] iwlwifi: pcie: fix the byte count table format for 22560 devices (Stanislaw Gruszka) [1748266]
  • [wireless] iwlwifi: mvm: Allow multicast data frames only when associated (Stanislaw Gruszka) [1748266]
  • [netdrv] i40e: initialize ITRN registers with correct values (Stefan Assmann) [1630307]
  • [net] tuntap: synchronize through tfiles array instead of tun->numqueues (Eugenio Perez) [1713616]
  • [net] tuntap: fix use after free during release (Eugenio Perez) [1713616]
  • [net] tun: fix use after free for ptr_array (Eugenio Perez) [1713616]
  • [net] tun/tap: sanitize TUNSETSNDBUF input (Eugenio Perez) [1713616]
  • [block] block: Dont merge requests if integrity flags differ (Ming Lei) [1767605]
  • [block] blk-mq: insert rq with DONTPREP to hctx dispatch list when requeue (Ming Lei) [1767605]
  • [x86] x86/atomic: Fix smp_mb__{before,after}_atomic() (Prarit Bhargava) [1769569]
  • [netdrv] qede: fix NULL pointer deref in __qede_remove() (Manish Chopra) [1766574]
  • [fs] xfs: only trace buffer items if they exist (Brian Foster) [1768722]
  • [nvme] nvme: make fabrics command run on a separate request queue (David Milburn) [1769900]
  • [nvme] nvme: Restart request timers in resetting state (David Milburn) [1769900]
  • [nvme] nvme-rdma: fix possible use-after-free in connect timeout (David Milburn) [1769900]
  • [netdrv] i40e: enable X710 support (Stefan Assmann) [1764987]
    [3.10.0-1111]
  • [md] md: support for queue flag QUEUE_FLAG_NO_SG_MERGE (Nigel Croxon) [1767472]
  • [net] ipv4: Return -ENETUNREACH if we cant create route but saddr is valid (Stefano Brivio) [1633140]
  • [net] ipv6: Rewind hlist offset on interrupted /proc/net/if_inet6 read (Stefano Brivio) [1753480]
  • [net] revert ‘[net] ipv6: Display all addresses in output of /proc/net/if_inet6’ (Stefano Brivio) [1753480]
  • [net] sock: fix lockdep annotation in release_sock (Paolo Abeni) [1753150]
  • [mm] mm-vmstat-reduce-zone-lock-holding-time-by-proc-pagetypeinfo-fix (Waiman Long) [1757943]
  • [mm] mm, vmstat: reduce zone->lock holding time by /proc/pagetypeinfo (Waiman Long) [1757943]
  • [mm] mm, vmstat: hide /proc/pagetypeinfo from normal users (Waiman Long) [1757943]
    [3.10.0-1110]
  • [nvme] nvme-pci: Fix controller freeze wait disabling (David Milburn) [1766279]
  • [net] mac80211: fix kfree() on stack memory in ieee80211_crypto_aes_gmac_decrypt() (Stanislaw Gruszka) [1764510]
  • [md] dm rq: fix handling underlying queue busy (Ming Lei) [1767482]
    [3.10.0-1109]
  • [netdrv] net/mlx5e: Initialize on stack link modes bitmap (Alaa Hleihel) [1764272]
  • [netdrv] net/mlx5e: Fix ethtool self test: link speed (Alaa Hleihel) [1764272]
  • [netdrv] net/mlx5e: ethtool, Avoid setting speed to 56GBASE when autoneg off (Alaa Hleihel) [1764272]
  • [fs] xfs: end sync buffer I/O properly on shutdown error (Brian Foster) [1750602]
  • [fs] xfs: kill __xfs_buf_submit_common() (Brian Foster) [1750602]
  • [fs] xfs: combinesync buffer submission apis (Brian Foster) [1750602]
  • [fs] xfs: lobotomise xfs_trans_read_buf_map() (Brian Foster) [1750602]
  • [fs] cifs: Fix use after free of file info structures (Dave Wysochanski) [1757872]
  • [fs] vfs: Fix EOVERFLOW testing in put_compat_statfs64 (Eric Sandeen) [1758001]
  • [mm] mm, compaction: avoid isolating pinned pages (Rafael Aquini) [1344862]
  • [scsi] scsi: smartpqi: change TMF timeout from 60 to 30 seconds (Don Brace) [1709620]
  • [scsi] scsi: smartpqi: fix LUN reset when fw bkgnd thread is hung (Don Brace) [1709620]
  • [scsi] scsi: smartpqi: add inquiry timeouts (Don Brace) [1709620]
  • [scsi] scsi: smartpqi: increase LUN reset timeout (Don Brace) [1709620]
  • [firmware] x86, efi: never relocate kernel below lowest acceptable address (Kairui Song) [1732737]
  • [powerpc] powerpc: dump kernel log before carrying out fadump or kdump (Desnes Augusto Nunes do Rosario) [1750250]
  • [s390] s390/cpumsf: Check for CPU Measurement sampling (Philipp Rudo) [1765124]
  • [s390] scsi: zfcp: fix reaction on bit error threshold notification (Philipp Rudo) [1765123]
  • [mm] s390/mm: Fix swiotlb for protected virtualization (Philipp Rudo) [1765122]
    [3.10.0-1108]
  • [powerpc] powerpc/pseries: Remove confusing warning message (Gustavo Duarte) [1748306]
  • [powerpc] powerpc/pseries: Call H_BLOCK_REMOVE when supported (Gustavo Duarte) [1748306]
  • [powerpc] powerpc/pseries: Read TLB Block Invalidate Characteristics (Gustavo Duarte) [1748306]
  • [scsi] hpsa: update driver version (Joseph Szczypek) [1761978]
  • [scsi] scsi: hpsa: add missing hunks in reset-patch (Joseph Szczypek) [1761978]
  • [tty] TTY: serial_core, add ->install (Kenneth Yin) [1443152]
  • [scsi] scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (Ewan Milne) [1734685]
  • [fs] scsi: sysfs: Introduce sysfs_{un, }break_active_protection() (Ewan Milne) [1734685]
    [3.10.0-1107]
  • [x86] x86/kdump: Reserve extra memory when SME or SEV is active (Kairui Song) [1724887]
  • [block] block: fix blk_recount_segments (Ming Lei) [1762459]
  • [nvme] nvme-pci: Fix a race in controller removal (Gopal Tiwari) [1761998]
  • [char] hpet: Fix output of hpet_mmap kernel parameter (Prarit Bhargava) [1764790]
  • [tools] perf tools: Apply new CPU topology sysfs attributes (Jiri Olsa) [1640900]
  • [tools] perf header: Rename ‘sibling cores’ to ‘sibling sockets’ (Jiri Olsa) [1640900]
  • [tools] perf stat: Support per-die aggregation (Jiri Olsa) [1640900]
  • [tools] perf stat: Support ‘percore’ event qualifier (Jiri Olsa) [1640900]
  • [tools] perf stat: Factor out aggregate counts printing (Jiri Olsa) [1640900]
  • [tools] perf tools: Add a ‘percore’ event qualifier (Jiri Olsa) [1640900]
  • [tools] perf header: Add die information in CPU topology (Jiri Olsa) [1640900]
  • [tools] perf cpumap: Retrieve die id information (Jiri Olsa) [1640900]
  • [tools] perf tools: Use sysfs__mountpoint() when reading cpu topology (Jiri Olsa) [1640900]
  • [tools] perf tools: Add numa_topology object (Jiri Olsa) [1640900]
  • [tools] perf header: Fix wrong node write in NUMA_TOPOLOGY feature (Jiri Olsa) [1640900]
  • [tools] perf tools: Add cpu_topology object (Jiri Olsa) [1640900]
  • [tools] perf header: Remove unused ‘cpu_nr’ field from ‘struct cpu_topo’ (Jiri Olsa) [1640900]
  • [acpi] ACPICA: Increase total number of possible Owner IDs (Frank Ramsay) [1756339]
  • [fs] SMB3: retry on STATUS_INSUFFICIENT_RESOURCES instead of failing write (Leif Sahlberg) [1764567]
  • [netdrv] mark the intel igc driver as tech preview (David Arcari) [1721615]
  • [netdrv] igc: Clean up unused shadow_vfta pointer (David Arcari) [1721615]
  • [netdrv] igc: Add Rx checksum support (David Arcari) [1721615]
  • [netdrv] igc: Add set_rx_mode support (David Arcari) [1721615]
  • [netdrv] igc: Add SCTP CRC checksumming functionality (David Arcari) [1721615]
  • [netdrv] igc: Add tx_csum offload functionality (David Arcari) [1721615]
  • [netdrv] igc: Remove unneeded PCI bus defines (David Arcari) [1721615]
  • [netdrv] igc: Add NVM checksum validation (David Arcari) [1721615]
  • [netdrv] igc: Remove useless forward declaration (David Arcari) [1721615]
  • [netdrv] ethernet: Delete unnecessary checks before the macro call ‘dev_kfree_skb’ (David Arcari) [1721615]
  • [netdrv] igc: Add more SKUs for i225 device (David Arcari) [1721615]
  • [netdrv] igc: Update the MAC reset flow (David Arcari) [1721615]
  • [netdrv] igc: Remove the unused field from a device specification structure (David Arcari) [1721615]
  • [netdrv] igc: Remove the polarity field from a PHY information structure (David Arcari) [1721615]
  • [netdrv] igc: Prefer pcie_capability_read_word() (David Arcari) [1721615]
  • [netdrv] igc: Cleanup the redundant code (David Arcari) [1721615]
  • [netdrv] igc: Add flow control support (David Arcari) [1721615]
  • [netdrv] igc: Remove the obsolete workaround (David Arcari) [1721615]
  • [netdrv] igc: Clean up unused pointers (David Arcari) [1721615]
  • [netdrv] igc: Fix double definitions (David Arcari) [1721615]
  • [netdrv] igb/igc: warn when fatal read failure happens (David Arcari) [1721615]
  • [netdrv] Revert ‘mark the intel igc driver as tech preview’ (David Arcari) [1721615]
  • [md] dm: Use kzalloc for all structs with embedded biosets/mempools (Mike Snitzer) [1766389]
    [3.10.0-1106]
  • [net] sysfs: Fix mem leak in netdev_register_kobject (Stefano Brivio) [1752690] {CVE-2019-15916}
  • [fs] revert [fs] cifs: use cifsInodeInfo->open_file_lock while iterating to avoid a panic (Dave Wysochanski) [1757872]
  • [fs] revert [fs] cifs: add spinlock for the openFileList to cifsInodeInfo (Dave Wysochanski) [1757872]
  • [fs] revert [fs] cifs: add more spinlocks to pretect against races (Dave Wysochanski) [1757872]
  • [fs] fix inode leaks on d_splice_alias() failure exits (Miklos Szeredi) [1749390]
  • [mm] percpu: remove spurious lock dependency between percpu and sched (Vladis Dronov) [1744633]
  • [mm] percpu: stop printing kernel addresses (Vladis Dronov) [1744633]
  • [mm] percpu: use chunk scan_hint to skip some scanning (Vladis Dronov) [1744633]
  • [mm] percpu: convert chunk hints to be based on pcpu_block_md (Vladis Dronov) [1744633]
  • [mm] percpu: make pcpu_block_md generic (Vladis Dronov) [1744633]
  • [mm] percpu: use block scan_hint to only scan forward (Vladis Dronov) [1744633]
  • [mm] percpu: remember largest area skipped during allocation (Vladis Dronov) [1744633]
  • [mm] percpu: add block level scan_hint (Vladis Dronov) [1744633]
  • [mm] percpu: set PCPU_BITMAP_BLOCK_SIZE to PAGE_SIZE (Vladis Dronov) [1744633]
  • [mm] percpu: relegate chunks unusable when failing small allocations (Vladis Dronov) [1744633]
  • [mm] percpu: manage chunks based on contig_bits instead of free_bytes (Vladis Dronov) [1744633]
  • [mm] percpu: introduce helper to determine if two regions overlap (Vladis Dronov) [1744633]
  • [mm] percpu: do not search past bitmap when allocating an area (Vladis Dronov) [1744633]
  • [mm] percpu: update free path with correct new free region (Vladis Dronov) [1744633]
  • [mm] mm/percpu: add checks for the return value of memblock_alloc*() (Vladis Dronov) [1744633]
  • [mm] percpu: km: no need to consider pcpu_group_offsets (Vladis Dronov) [1744633]
  • [mm] percpu: use nr_groups as check condition (Vladis Dronov) [1744633]
  • [mm] percpu: stop leaking bitmap metadata blocks (Vladis Dronov) [1744633]
  • [fs] /proc/meminfo: add percpu populated pages count (Vladis Dronov) [1744633]
  • [mm] mm: Allow to kill tasks doing pcpu_alloc() and waiting for pcpu_balance_workfn() (Vladis Dronov) [1744633]
  • [mm] percpu: include linux/sched.h for cond_resched() (Vladis Dronov) [1744633]
  • [mm] percpu: add a schedule point in pcpu_balance_workfn() (Vladis Dronov) [1744633]
  • [mm] percpu: fix iteration to prevent skipping over block (Vladis Dronov) [1744633]
  • [mm] percpu: fix starting offset for chunk statistics traversal (Vladis Dronov) [1744633]
  • [mm] percpu: update header to contain bitmap allocator explanation (Vladis Dronov) [1744633]
  • [mm] percpu: update pcpu_find_block_fit to use an iterator (Vladis Dronov) [1744633]
  • [mm] percpu: use metadata blocks to update the chunk contig hint (Vladis Dronov) [1744633]
  • [mm] percpu: update free path to take advantage of contig hints (Vladis Dronov) [1744633]
  • [mm] percpu: update alloc path to only scan if contig hints are broken (Vladis Dronov) [1744633]
  • [mm] percpu: keep track of the best offset for contig hints (Vladis Dronov) [1744633]
  • [mm] percpu: skip chunks if the alloc does not fit in the contig hint (Vladis Dronov) [1744633]
  • [mm] percpu: add first_bit to keep track of the first free in the bitmap (Vladis Dronov) [1744633]
  • [mm] percpu: introduce bitmap metadata blocks (Vladis Dronov) [1744633]
  • [mm] percpu: replace area map allocator with bitmap (Vladis Dronov) [1744633]
  • [mm] percpu: generalize bitmap (un)populated iterators (Vladis Dronov) [1744633]
  • [mm] percpu: increase minimum percpu allocation size and align first regions (Vladis Dronov) [1744633]
  • [mm] percpu: introduce nr_empty_pop_pages to help empty page accounting (Vladis Dronov) [1744633]
  • [mm] percpu: change the number of pages marked in the first_chunk pop bitmap (Vladis Dronov) [1744633]
  • [mm] percpu: combine percpu address checks (Vladis Dronov) [1744633]
  • [mm] percpu: modify base_addr to be region specific (Vladis Dronov) [1744633]
  • [mm] percpu: setup_first_chunk rename schunk/dchunk to chunk (Vladis Dronov) [1744633]
  • [mm] percpu: end chunk area maps page aligned for the populated bitmap (Vladis Dronov) [1744633]
  • [mm] percpu: unify allocation of schunk and dchunk (Vladis Dronov) [1744633]
  • [mm] percpu: setup_first_chunk remove dyn_size and consolidate logic (Vladis Dronov) [1744633]
  • [mm] percpu: remove has_reserved from pcpu_chunk (Vladis Dronov) [1744633]
  • [mm] percpu: introduce start_offset to pcpu_chunk (Vladis Dronov) [1744633]
  • [mm] percpu: setup_first_chunk enforce dynamic region must exist (Vladis Dronov) [1744633]
  • [mm] percpu: update the header comment and pcpu_build_alloc_info comments (Vladis Dronov) [1744633]
  • [mm] percpu: expose pcpu_nr_empty_pop_pages in pcpu_stats (Vladis Dronov) [1744633]
  • [mm] percpu: change the format for percpu_stats output (Vladis Dronov) [1744633]
  • [mm] percpu: pcpu-stats change void buffer to int buffer (Vladis Dronov) [1744633]
  • [mm] percpu: fix static checker warnings in pcpu_destroy_chunk (Vladis Dronov) [1744633]
  • [mm] percpu: fix early calls for spinlock in pcpu_stats (Vladis Dronov) [1744633]
  • [mm] percpu: resolve err may not be initialized in pcpu_alloc (Vladis Dronov) [1744633]
  • [mm] percpu: add tracepoint support for percpu memory (Vladis Dronov) [1744633]
  • [mm] percpu: expose statistics about percpu memory via debugfs (Vladis Dronov) [1744633]
  • [mm] percpu: migrate percpu data structures to internal header (Vladis Dronov) [1744633]
  • [mm] percpu: add missing lockdep_assert_held to func pcpu_free_area (Vladis Dronov) [1744633]
  • [mm] percpu: ensure the requested alignment is power of two (Vladis Dronov) [1744633]
  • [mm] tree wide: use kvfree() than conditional kfree()/vfree() (Vladis Dronov) [1744633]
  • [mm] mm/percpu: use offset_in_page macro (Vladis Dronov) [1744633]
  • [mm] percpu: clean up of schunk->mapassignment in pcpu_setup_first_chunk (Vladis Dronov) [1744633]
  • [mm] mm/percpu.c: fix panic triggered by BUG_ON() falsely (Vladis Dronov) [1744633]
  • [mm] mm/percpu.c: fix potential memory leakage for pcpu_embed_first_chunk() (Vladis Dronov) [1744633]
  • [mm] mm/percpu.c: correct max_distance calculation for pcpu_embed_first_chunk() (Vladis Dronov) [1744633]
  • [mm] mm: percpu: use pr_fmt to prefix output (Vladis Dronov) [1744633]
    (Vladis Dronov) [1744633]
  • [mm] mm: coalesce split strings (Vladis Dronov) [1744633]
  • [mm] mm: convert pr_warning to pr_warn (Vladis Dronov) [1744633]
  • [mm] percpu: use *pbto print bitmaps including cpumasks and nodemasks (Vladis Dronov) [1744633]
  • [mm] percpu: off by one in BUG_ON() (Vladis Dronov) [1744633]
  • [mm] mm/percpu.c: use memblock apis for early memory allocations (Vladis Dronov) [1744633]
  • [mm] percpu: use VMALLOC_TOTAL instead of VMALLOC_END - VMALLOC_START (Vladis Dronov) [1744633]
  • [mm] percpu: fix bootmem error handling in pcpu_page_first_chunk() (Vladis Dronov) [1744633]
    [3.10.0-1105]
  • [nvme] nvme: Treat discovery subsystems as unique subsystems (Ewan Milne) [1731579]
  • [scsi] scsi: core: Log SCSI command age with errors (Ewan Milne) [1751716]
  • [security] selinux: fix context string corruption in convert_context() (Ondrej Mosnacek) [1759803]
  • [usb] xhci: Prevent deadlock when xhci adapter breaks during init (Torez Smith) [1710090]
  • [scsi] scsi: core: add new RDAC LENOVO/DE_Series device (Ewan Milne) [1699439]
  • [wireless] Correct strange error in Makefiles for building modules in separate directories (Neil Horman) [1753927]
  • [md] dm snapshot: rework COW throttling to fix deadlock (Mike Snitzer) [1758603]
  • [md] dm snapshot: introduce account_start_copy() and account_end_copy() (Mike Snitzer) [1758603]
  • [drm] i915: Stop reconfiguring our shmemfs mountpoint (Vladis Dronov) [1759980]
  • [kernel] perf/core: Fix perf_event_open() vs. execve() race (Jiri Olsa) [1701620] {CVE-2019-3901}
    [3.10.0-1104]
  • [md] raid5: dont set STRIPE_HANDLE to stripe which is in batch list (Nigel Croxon) [1631765 1750287]
  • [kernel] alarmtimer: Use EOPNOTSUPP instead of ENOTSUPP (Vladis Dronov) [1760639]
  • [kernel] alarmtimer: Remove unused but set variable (Vladis Dronov) [1760639]
  • [x86] efi/x86: do not clean dummy variable in kexec path (Bhupesh Sharma) [1707669]
  • [cpuidle] cpuidle-haltpoll: return -ENODEV on modinit failure (Marcelo Tosatti) [1756843]
  • [x86] perf/x86/amd: Change/fix NMI latency mitigation to use a timestamp (David Arcari) [1730884]
  • [infiniband] RDMA/bnxt_re: Fix stack-out-of-bounds in bnxt_qplib_rcfw_send_message (Selvin Xavier) [1629037]
  • [infiniband] RDMA/bnxt_re: Increase depth of control path command queue (Selvin Xavier) [1629037]
  • [x86] x86/efi/pti: In __load_cr3(), EFI PGD has no shadow (Lenny Szubowicz) [1750767]
  • [char] hpet: Fix missing ‘=’ character in the __setup() code of hpet_mmap_enable (Prarit Bhargava) [1660800]

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.026 Low

EPSS

Percentile

90.3%