Lucene search

K
oraclelinux
OracleLinuxELSA-2020-5663
HistoryApr 27, 2020 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2020-04-2700:00:00
linux.oracle.com
43

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

[5.4.17-2011.1.2]

  • ctf: discard CTF from the vDSO (Nick Alcock) [Orabug: 31194036]
    [5.4.17-2011.1.1]
  • slcan: Don’t transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136750] {CVE-2020-11494}
  • blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123573] {CVE-2019-19768}
  • KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118688]
  • perf/x86/amd: Add support for Large Increment per Cycle Events (Kim Phillips) [Orabug: 31104924]
  • perf/x86/amd: Constrain Large Increment per Cycle events (Kim Phillips) [Orabug: 31104924]
  • kvm/svm: PKU not currently supported (John Allen) [Orabug: 31104924]
  • KVM: SVM: Override default MMIO mask if memory encryption is enabled (Tom Lendacky) [Orabug: 31104924]
  • EDAC/amd64: Drop some family checks for newer systems (Yazen Ghannam) [Orabug: 31104924]
  • x86/amd_nb: Add Family 19h PCI IDs (Yazen Ghannam) [Orabug: 31104924]
  • EDAC/mce_amd: Always load on SMCA systems (Yazen Ghannam) [Orabug: 31104924]
  • x86/MCE/AMD, EDAC/mce_amd: Add new Load Store unit McaType (Yazen Ghannam) [Orabug: 31104924]
  • EDAC/amd64: Add family ops for Family 19h Models 00h-0Fh (Yazen Ghannam) [Orabug: 31104924]
  • EDAC/amd64: Check for memory before fully initializing an instance (Yazen Ghannam) [Orabug: 31104924]
  • EDAC/amd64: Use cached data when checking for ECC (Yazen Ghannam) [Orabug: 31104924]
  • EDAC/amd64: Save max number of controllers to family type (Yazen Ghannam) [Orabug: 31104924]
  • EDAC/amd64: Gather hardware information early (Yazen Ghannam) [Orabug: 31104924]
  • EDAC/amd64: Make struct amd64_family_type global (Yazen Ghannam) [Orabug: 31104924]
  • floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067510] {CVE-2020-9383}
  • KVM: SVM: Guard against DEACTIVATE when performing WBINVD/DF_FLUSH (Tom Lendacky) [Orabug: 31012269]
  • KVM: SVM: Serialize access to the SEV ASID bitmap (Tom Lendacky) [Orabug: 31012269]
  • iommu/vt-d: Allow devices with RMRRs to use identity domain (Lu Baolu) [Orabug: 31127400]
    [5.4.17-2011.1.0]
  • vhost: Check docket sk_family instead of call getname (Eugenio Perez) [Orabug: 31085989] {CVE-2020-10942}
  • selftests/net: add definition for SOL_DCCP to fix compilation errors for old libc (Alan Maguire) [Orabug: 31078892]
  • kernel: cpu.c: fix print typo about SMT status (Mihai Carabas) [Orabug: 31053334]
  • nfs: optimise readdir cache page invalidation (Dai Ngo) [Orabug: 31044292]
  • NFS: Directory page cache pages need to be locked when read (Trond Myklebust) [Orabug: 31044292]
  • rds: transport module should be auto loaded when transport is set (Rao Shoaib) [Orabug: 31032126]
  • efi: Fix a race and a buffer overflow while reading efivars via sysfs (Vladis Dronov) [Orabug: 31020408]
  • net: Support GRO/GSO fraglist chaining. (Steffen Klassert) [Orabug: 30670829]
  • net: Add fraglist GRO/GSO feature flags (Steffen Klassert) [Orabug: 30670829]
  • udp: Support UDP fraglist GRO/GSO. (Steffen Klassert) [Orabug: 30670829]
  • net: remove the check argument from __skb_gro_checksum_convert (Li RongQing) [Orabug: 30670829]
  • Revert β€˜nvme_fc: add module to ops template to allow module references’ (John Donnelly) [Orabug: 31119387]
  • ext4: add cond_resched() to ext4_protect_reserved_inode (Shijie Luo) [Orabug: 31067112] {CVE-2020-8992}
  • dsa: disable module unloading for ARM64 (Allen Pais) [Orabug: 30456791]
  • bpf: Undo incorrect __reg_bound_offset32 handling (Daniel Borkmann) [Orabug: 31127385] {CVE-2020-8835}
  • bpf: Fix tnum constraints for 32-bit comparisons (Jann Horn) [Orabug: 31127385] {CVE-2020-8835}
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Related for ELSA-2020-5663