Lucene search

K
oraclelinux
OracleLinuxELSA-2020-5837
HistorySep 03, 2020 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2020-09-0300:00:00
linux.oracle.com
68

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

[4.1.12-124.42.3]

  • can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices (Tomas Bortoli) [Orabug: 31351221] {CVE-2019-19535}
  • media: hdpvr: Fix an error handling path in hdpvr_probe() (Arvind Yadav) [Orabug: 31352053] {CVE-2017-16644}
  • fs/binfmt_misc.c: do not allow offset overflow (Thadeu Lima de Souza Cascardo) [Orabug: 31588258]
  • clear inode and truncate pages before enqueuing for async inactivation (Gautham Ananthakrishna) [Orabug: 31744270]
    [4.1.12-124.42.2]
  • mm: create alloc_last_chance debugfs entries (Mike Kravetz) [Orabug: 31295499]
  • mm: perform ‘last chance’ reclaim efforts before allocation failure (Mike Kravetz) [Orabug: 31295499]
  • mm: let page allocation slowpath retry ‘order’ times (Mike Kravetz) [Orabug: 31295499]
  • fix kABI breakage from ‘netns: provide pure entropy for net_hash_mix()’ (Dan Duval) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639}
  • netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 31351904] {CVE-2019-10638} {CVE-2019-10639}
  • hrtimer: Annotate lockless access to timer->base (Eric Dumazet) [Orabug: 31380495]
  • rds: ib: Revert ‘net/rds: Avoid stalled connection due to CM REQ retries’ (Hakon Bugge) [Orabug: 31648141]
  • rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648141]
  • RDMA/netlink: Do not always generate an ACK for some netlink operations (Hakon Bugge) [Orabug: 31666975]
  • genirq/proc: Return proper error code when irq_set_affinity() fails (Wen Yaxng) [Orabug: 31723450]
    [4.1.12-124.42.1]
  • fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350639] {CVE-2020-10732}
  • crypto: user - fix memory leak in crypto_report (Navid Emamdoost) [Orabug: 31351640] {CVE-2019-19062}
  • of: unittest: fix memory leak in unittest_data_add (Navid Emamdoost) [Orabug: 31351702] {CVE-2019-19049}
  • IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi) [Orabug: 31656992]
  • net-sysfs: call dev_hold if kobject_init_and_add success (YueHaibing) [Orabug: 31687545] {CVE-2019-20811}
How to protect your server from attacks?

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

Related for ELSA-2020-5837