Lucene search

K
oraclelinux
OracleLinuxELSA-2020-5756
HistoryJul 14, 2020 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2020-07-1400:00:00
linux.oracle.com
73

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

[5.4.17-2011.4.4uek]

  • KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path (Sean Christopherson) [Orabug: 31536904]
    [5.4.17-2011.4.3uek]
  • NFS: replace cross device check in copy_file_range (Olga Kornievskaia) [Orabug: 31507615]
  • rds: Fix potential use after free in rds_ib_inc_free (Hans Westgaard Ry) [Orabug: 31504052]
  • perf/smmuv3: Allow sharing MMIO registers with the SMMU driver (Jean-Philippe Brucker) [Orabug: 31422283]
  • perf/smmuv3: use devm_platform_ioremap_resource() to simplify code (YueHaibing) [Orabug: 31422283]
  • ACPI/IORT: Fix PMCG node single ID mapping handling (Tuan Phan) [Orabug: 31422283]
  • uek-rpm: Increase CONFIG_NODES_SHIFT from 2 to 3 (Dave Kleikamp) [Orabug: 31422283]
  • perf: avoid breaking KABI by reusing enum (Dave Kleikamp) [Orabug: 31422283]
  • uek-rpm: update aarch64 configs for Ampere eMAG2 (Dave Kleikamp) [Orabug: 31422283]
  • perf: arm_dmc620: Update ACPI ID. (Tuan Phan) [Orabug: 31422283]
  • perf: arm_dsu: Support ACPI mode. (Tuan Phan) [Orabug: 31422283]
  • perf: arm_dsu: Allow IRQ to be shared among devices. (Tuan Phan) [Orabug: 31422283]
  • perf: arm_cmn: improve and make it work on 2P. (Tuan Phan) [Orabug: 31422283]
  • Perf: arm-cmn: Allow irq to be shared. (Tuan Phan) [Orabug: 31422283]
  • BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI’s irq work (James Morse) [Orabug: 31422283]
  • BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 31422283]
  • BACKPORT: mm/memory-failure: Add memory_failure_queue_kick() (James Morse) [Orabug: 31422283]
  • perf: Add ARM DMC-620 PMU driver. (Tuan Phan) [Orabug: 31422283]
  • BACKPORT: WIP: perf/arm-cmn: Add ACPI support (Robin Murphy) [Orabug: 31422283]
  • BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 31422283]
  • BACKPORT: perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 31422283]
  • net/rds: NULL pointer de-reference in rds_ib_add_one() (Ka-Cheong Poon) [Orabug: 30984983]
  • mm: Fix mremap not considering huge pmd devmap (Fan Yang) [Orabug: 31452396] {CVE-2020-10757} {CVE-2020-10757}
    [5.4.17-2011.4.2uek]
  • UEK6 compiler warning for /net/rds/ib.c (Sharath Srinivasan) [Orabug: 31489529]
  • UEK6 compiler warning for /net/rds/send.c (Sharath Srinivasan) [Orabug: 31489529]
  • Fix up two build warnings in the UEK6 GA tree (Jack Vogel) [Orabug: 31489333]
  • drivers/scsi/scsi_scan.c Fix the compiler warning. (Sudhakar Panneerselvam) [Orabug: 31489322]
  • x86/retpoline: Fix retpoline unwind (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320]
  • x86: Change {JMP,CALL}_NOSPEC argument (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320]
  • x86: Simplify retpoline declaration (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320]
  • x86/speculation: Change STUFF_RSB to work with objtool (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320]
  • x86/speculation: Change FILL_RETURN_BUFFER to work with objtool (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320]
  • x86/unwind: Introduce UNWIND_HINT_EMPTY_ASM (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320]
  • objtool: Add support for intra-function calls (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320]
  • objtool: Remove INSN_STACK (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320]
  • objtool: Make handle_insn_ops() unconditional (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320]
  • objtool: Rework allocating stack_ops on decode (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320]
  • objtool: UNWIND_HINT_RET_OFFSET should not check registers (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320]
  • objtool: is_fentry_call() crashes if call has no destination (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320]
  • objtool: Uniquely identify alternative instruction groups (Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320]
  • objtool: Remove check preventing branches within alternative (Julien Thierry) [Orabug: 31077463] [Orabug: 31489320]
  • objtool: Introduce HINT_RET_OFFSET (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320]
  • objtool: Support multiple stack_op per instruction (Julien Thierry) [Orabug: 31077463] [Orabug: 31489320]
    }
How to protect your server from attacks?

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

Related for ELSA-2020-5756