Lucene search

K
oraclelinuxOracleLinuxELSA-2020-5755
HistoryJul 10, 2020 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2020-07-1000:00:00
linux.oracle.com
46
unbreakable kernel
security update
bpf fix
acpi table
selftests
srbds mitigation
p54usb race
media memory leak
mremap issue
tcp queue
rds fix
cpu hotplug
rdma/cm
mpt3sas module

EPSS

0.008

Percentile

81.8%

[4.14.35-1902.304.6]

  • bpf: fix sanitation rewrite in case of non-pointers (Daniel Borkmann) [Orabug: 31552243]
    [4.14.35-1902.304.5]
  • acpi: disallow loading configfs acpi tables when locked down (Jason A. Donenfeld) [Orabug: 31493187]
  • selftests/bpf: do not run test_kmod.sh for UEK5 (Alan Maguire) [Orabug: 31540213]
  • bpf: do not allow root to mangle valid pointers (Alexei Starovoitov) [Orabug: 31540213]
  • x86/mitigations: reset default value for srbds_mitigation (Mihai Carabas) [Orabug: 31515075]
  • x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai Carabas) [Orabug: 31515075]
  • x86/mitigations: update MSRs on all CPUs for SRBDS (Mihai Carabas) [Orabug: 31515075]
  • p54usb: Fix race between disconnect and firmware loading (Alan Stern) [Orabug: 31351863] {CVE-2019-15220}
  • media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost) [Orabug: 31351671] {CVE-2019-19054}
  • mm: Fix mremap not considering huge pmd devmap (Fan Yang) [Orabug: 31452398] {CVE-2020-10757} {CVE-2020-10757}
  • tcp: implement coalescing on backlog queue (Eric Dumazet) [Orabug: 31517079]
  • tcp: drop dst in tcp_add_backlog() (Eric Dumazet) [Orabug: 31517079]
  • bpf: Fix up bpf_skb_adjust_room helper’s skb csum setting (Daniel Borkmann) [Orabug: 31517079]
    [4.14.35-1902.304.4]
  • rds: Fix potential use after free in rds_ib_inc_free (Hans Westgaard Ry) [Orabug: 31504054]
  • cpu/hotplug: Fix ‘SMT disabled by BIOS’ detection for KVM (Josh Poimboeuf) [Orabug: 31421904]
  • RDMA/cm: Spurious WARNING triggered in cm_destroy_id() (Ka-Cheong Poon) [Orabug: 31483289]
  • RDMA/cm: Make sure the cm_id is in the IB_CM_IDLE state in destroy (Jason Gunthorpe) [Orabug: 31483289]
  • RDMA/cm: Allow ib_send_cm_sidr_rep() to be done under lock (Jason Gunthorpe) [Orabug: 31483289]
  • RDMA/cm: Allow ib_send_cm_rej() to be done under lock (Jason Gunthorpe) [Orabug: 31483289]
  • RDMA/cm: Allow ib_send_cm_drep() to be done under lock (Jason Gunthorpe) [Orabug: 31483289]
  • RDMA/cm: Allow ib_send_cm_dreq() to be done under lock (Jason Gunthorpe) [Orabug: 31483289]
  • RDMA/cm: Add some lockdep assertions for cm_id_priv->lock (Jason Gunthorpe) [Orabug: 31483289]
  • RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (Jason Gunthorpe) [Orabug: 31483289]
  • RDMA/cm: Make the destroy_id flow more robust (Jason Gunthorpe) [Orabug: 31483289]
  • RDMA/cm: Remove a race freeing timewait_info (Jason Gunthorpe) [Orabug: 31483289]
  • RDMA/cm: Use refcount_t type for refcount variable (Danit Goldberg) [Orabug: 31483289]
  • net/rds: NULL pointer de-reference in rds_ib_add_one() (Ka-Cheong Poon) [Orabug: 31501438]
  • scsi: mpt3sas: Introduce module parameter to override queue depth (Sreekanth Reddy) [Orabug: 31486216]
  • scsi: mpt3sas: Fix memset() in non-RDPQ mode (Suganath Prabu S) [Orabug: 31486216]
  • scsi: mpt3sas: Fix reply queue count in non RDPQ mode (Suganath Prabu S) [Orabug: 31486216]
    (Samuel Zou) [Orabug: 31486216]
  • scsi: mpt3sas: Fix double free warnings (Suganath Prabu S) [Orabug: 31486216]
  • scsi: mpt3sas: Disable DIF when prot_mask set to zero (Sreekanth Reddy) [Orabug: 31486216]
  • scsi: mpt3sas: Capture IOC data for debugging purposes (Suganath Prabu) [Orabug: 31486216]
  • scsi: mpt3sas: Use true, false for ioc->use_32bit_dma (Jason Yan) [Orabug: 31486216]
  • scsi: mpt3sas: Remove NULL check before freeing function (Jason Yan) [Orabug: 31486216]
  • scsi: mpt3sas: Update mpt3sas version to 33.101.00.00 (Suganath Prabu) [Orabug: 31486216]
  • scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (Suganath Prabu) [Orabug: 31486216]
  • scsi: mpt3sas: Separate out RDPQ allocation to new function (Suganath Prabu) [Orabug: 31486216]
  • scsi: mpt3sas: Rename function name is_MSB_are_same (Suganath Prabu) [Orabug: 31486216]
  • scsi: mpt3sas: Don’t change the DMA coherent mask after allocations (Christoph Hellwig) [Orabug: 31486216]
  • scsi: mpt3sas: use true,false for bool variables (Jason Yan) [Orabug: 31486216]
  • scsi: mpt3sas: Update drive version to 33.100.00.00 (Sreekanth Reddy) [Orabug: 31486216]
  • scsi: mpt3sas: Remove usage of device_busy counter (Sreekanth Reddy) [Orabug: 31486216]
  • scsi: mpt3sas: Print function name in which cmd timed out (Sreekanth Reddy) [Orabug: 31486216]
  • scsi: mpt3sas: Optimize mpt3sas driver logging (Sreekanth Reddy) [Orabug: 31486216]
  • scsi: mpt3sas: print in which path firmware fault occurred (Sreekanth Reddy) [Orabug: 31486216]
  • scsi: mpt3sas: Handle CoreDump state from watchdog thread (Sreekanth Reddy) [Orabug: 31486216]
  • scsi: mpt3sas: Add support IOCs new state named COREDUMP (Sreekanth Reddy) [Orabug: 31486216]
  • scsi: mpt3sas: renamed _base_after_reset_handler function (Sreekanth Reddy) [Orabug: 31486216]
  • scsi: mpt3sas: Add support for NVMe shutdown (Sreekanth Reddy) [Orabug: 31486216]
  • scsi: mpt3sas: Update MPI Headers to v02.00.57 (Sreekanth Reddy) [Orabug: 31486216]
  • scsi: mpt3sas: Fix double free in attach error handling (Dan Carpenter) [Orabug: 31486216]
  • scsi: mpt3sas: change allocation option (Tomas Henzl) [Orabug: 31486216]
  • KVM: VMX: check descriptor table exits on instruction emulation (Oliver Upton) [Orabug: 31397358]
    [4.14.35-1902.304.3]
  • rebuild bumping release
    [4.14.35-1902.304.2]
  • bpf: fix sanitation of alu op with pointer / scalar type from different paths (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308}
  • bpf: prevent out of bounds speculation on pointer arithmetic (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308}
  • bpf: restrict unknown scalars of mixed signed bounds for unprivileged (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308}
  • bpf: move {prev_,}insn_idx into verifier env (Daniel Borkmann) [Orabug: 31350800] {CVE-2019-7308}
  • bpf: reduce verifier memory consumption (Alexei Starovoitov) [Orabug: 31350800] {CVE-2019-7308}
  • bpf: Prevent memory disambiguation attack (Alexei Starovoitov) [Orabug: 31350800] {CVE-2019-7308}
  • Revert ‘rds: Do not cancel RDMAs that have been posted to the HCA’ (Gerd Rausch) [Orabug: 31476562]
  • Revert ‘rds: Introduce rds_conn_to_path helper’ (Gerd Rausch) [Orabug: 31476562]
  • Revert ‘rds: Three cancel fixes’ (Gerd Rausch) [Orabug: 31476551]
  • scsi: megaraid_sas: Update driver version to 07.714.04.00-rc1 (Chandrakanth Patil) [Orabug: 31481643]
  • scsi: megaraid_sas: TM command refire leads to controller firmware crash (Sumit Saxena) [Orabug: 31481643]
  • scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (Shivasharan S) [Orabug: 31481643]
  • scsi: megaraid_sas: Remove IO buffer hole detection logic (Sumit Saxena) [Orabug: 31481643]
  • scsi: megaraid_sas: Limit device queue depth to controller queue depth (Kashyap Desai) [Orabug: 31481643]
  • scsi: megaraid: make two symbols static in megaraid_sas_base.c (Jason Yan) [Orabug: 31481643]
  • scsi: megaraid: make some symbols static in megaraid_sas_fusion.c (Jason Yan) [Orabug: 31481643]
  • scsi: megaraid_sas: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 31481643]
  • scsi: megaraid_sas: silence a warning (Tomas Henzl) [Orabug: 31481643]
  • scsi: megaraid_sas: fix indentation issue (Colin Ian King) [Orabug: 31481643]
  • scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Hannes Reinecke) [Orabug: 31481643]
  • scsi: megaraid_sas: Update driver version to 07.713.01.00-rc1 (Anand Lodnoor) [Orabug: 31481643]
  • scsi: megaraid_sas: Limit the number of retries for the IOCTLs causing firmware fault (Anand Lodnoor) [Orabug: 31481643]
  • scsi: megaraid_sas: Re-Define enum DCMD_RETURN_STATUS (Anand Lodnoor) [Orabug: 31481643]
  • scsi: megaraid_sas: Do not set HBA Operational if FW is not in operational state (Anand Lodnoor) [Orabug: 31481643]
  • scsi: megaraid_sas: Do not kill HBA if JBOD Seqence map or RAID map is disabled (Anand Lodnoor) [Orabug: 31481643]
  • scsi: megaraid_sas: Do not kill host bus adapter, if adapter is already dead (Anand Lodnoor) [Orabug: 31481643]
  • scsi: megaraid_sas: Update optimal queue depth for SAS and NVMe devices (Anand Lodnoor) [Orabug: 31481643]
  • scsi: megaraid_sas: Set no_write_same only for Virtual Disk (Anand Lodnoor) [Orabug: 31481643]
  • scsi: megaraid_sas: Reset adapter if FW is not in READY state after device resume (Anand Lodnoor) [Orabug: 31481643]
  • scsi: megaraid_sas: Make poll_aen_lock static (YueHaibing) [Orabug: 31481643]
  • scsi: megaraid_sas: remove unused variables ‘debugBlk’,‘fusion’ (zhengbin) [Orabug: 31481643]
  • scsi: megaraid_sas: Unique names for MSI-X vectors (Chandrakanth Patil) [Orabug: 31481643]
  • scsi: megaraid_sas: Make some functions static (YueHaibing) [Orabug: 31481643]
  • scsi: megaraid_sas: fix spelling mistake ‘megarid_sas’ -> ‘megaraid_sas’ (Colin Ian King) [Orabug: 31481643]
  • media: ttusb-dec: Fix info-leak in ttusb_dec_send_command() (Tomas Bortoli) [Orabug: 31351117] {CVE-2019-19533}
  • ALSA: core: Fix card races between register and disconnect (Takashi Iwai) [Orabug: 31351890] {CVE-2019-15214}
  • ALSA: info: Fix racy addition/deletion of nodes (Takashi Iwai) [Orabug: 31351890] {CVE-2019-15214}
  • rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31441472]
  • uek-rpm: disable CONFIG_IP_PNP (Anjali Kulkarni) [Orabug: 31454846]
  • x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31352781] {CVE-2020-0543}
  • x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31352781] {CVE-2020-0543}
  • x86/cpu: Add ‘table’ argument to cpu_matches() (Mark Gross) [Orabug: 31352781] {CVE-2020-0543}
  • x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31352781] {CVE-2020-0543}
  • netdev, octeon3-ethernet: move timecounter init to network driver probe() (Dave Aldridge) [Orabug: 31439190]
  • rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]
  • can: peak_usb: fix slab info leak (Johan Hovold) [Orabug: 31351139] {CVE-2019-19534}
  • uek-rpm: use expand macro with kernel_reqprovconf (Dave Kleikamp) [Orabug: 31454052]
  • can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351248] {CVE-2019-19536}
  • net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31410596]
  • xfs: fix freeze hung (Junxiao Bi) [Orabug: 31245660]
  • netlabel: cope with NULL catmap (Paolo Abeni) [Orabug: 31350492] {CVE-2020-10711}
  • mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Qing Xu) [Orabug: 31350516] {CVE-2020-12654}
  • scsi: sg: add sg_remove_request in sg_write (Wu Bo) [Orabug: 31350698] {CVE-2020-12770}
  • block, bfq: fix use-after-free in bfq_idle_slice_timer_body (Zhiqiang Liu) [Orabug: 31350912] {CVE-2020-12657}
  • mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350931] {CVE-2020-12653}
  • USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan Stern) [Orabug: 31350965] {CVE-2020-12464}
    [4.14.35-1902.304.1]
  • xfs: add agf freeblocks verify in xfs_agf_verify (Zheng Bin) [Orabug: 31350922] {CVE-2020-12655}
  • rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31396425]
  • rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31396425]
  • mwifiex: Abort at too short BSS descriptor element (Takashi Iwai) [Orabug: 31351915] {CVE-2019-3846}
  • mwifiex: Fix possible buffer overflows at parsing bss descriptor (Takashi Iwai) [Orabug: 31351915] {CVE-2019-3846} {CVE-2019-3846}
  • bnxt_en: Fix accumulation of bp->net_stats_prev. (Vijayendra Suman) [Orabug: 31390689]
  • nfs: initiate returning delegation when reclaiming one that’s been recalled (Jeff Layton) [Orabug: 31378792]
  • NFS: More excessive attribute revalidation in nfs_execute_ok() (Trond Myklebust) [Orabug: 31378792]
  • uek-rpm: Add support for building a kdump kernel on MIPS64 (Dave Kleikamp) [Orabug: 31373682]
  • uek-rpm: Add config-mips64-embedded-kdump (Henry Willard) [Orabug: 31373682]
  • uek-rpm: Don’t build kernel-uek-tools or perf packages for mips64 (Dave Kleikamp) [Orabug: 31373682]
  • scsi: mptfusion: Fix double fetch bug in ioctl (Dan Carpenter) [Orabug: 31350940] {CVE-2020-12652}
  • ptp: fix the race between the release of ptp_clock and cdev (Vladis Dronov) [Orabug: 31350706] {CVE-2020-10690}
  • net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31359419]
    [4.14.35-1902.304.0]
  • mips64/octeon: Initialize netdevice in octeon_pow struct (Vijay Kumar) [Orabug: 31388199]
  • uek-rpm/ol7/config-mips64: Disable IRQSOFF_TRACER (Henry Willard) [Orabug: 31386710]
  • xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31249146]