Unbreakable Enterprise kernel security update

2020-09-1400:00:00

linux.oracle.com

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

[5.4.17-2011.6.2]

Revert ‘aarch64/BM: config failed, hub doesnt have any ports’ (Thomas Tai) [Orabug: 31838351] [Orabug: 31844671]
kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini) [Orabug: 31839185] [Orabug: 31844556]
[5.4.17-2011.6.1]
nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31779884] {CVE-2020-24394}
arm64/elf: Disable automatic READ_IMPLIES_EXEC for 64-bit address spaces (Kees Cook) [Orabug: 31776626]
arm32/64/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK (Kees Cook) [Orabug: 31776626]
arm32/64/elf: Add tables to document READ_IMPLIES_EXEC (Kees Cook) [Orabug: 31776626]
x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit (Kees Cook) [Orabug: 31776626]
x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK (Kees Cook) [Orabug: 31776626]
x86/elf: Add table to document READ_IMPLIES_EXEC (Kees Cook) [Orabug: 31776626]
x86/mm: use max memory block size on bare metal (Daniel Jordan) [Orabug: 31771277]
drivers/base/memory.c: cache memory blocks in xarray to accelerate lookup (Scott Cheloha) [Orabug: 31771277]
net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31755752]
RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31688620]
arm64/dts: Serial console fix for RPi4 (Vijay Kumar) [Orabug: 31562971]
md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31682033]
md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31682033]
[5.4.17-2011.6.0]
RDMA/mlx5: Set MR cache limit for both PF and VF (Nikhil Krishna) [Orabug: 31358080]
rds: ib: Revert ‘net/rds: Avoid stalled connection due to CM REQ retries’ (Hakon Bugge) [Orabug: 31648138]
rds: Clear reconnect pending bit (Hakon Bugge) [Orabug: 31648138]
RDMA/cm: Spurious WARNING triggered in cm_destroy_id() (Ka-Cheong Poon) [Orabug: 31483278]
RDMA/cm: Make sure the cm_id is in the IB_CM_IDLE state in destroy (Jason Gunthorpe) [Orabug: 31483278]
RDMA/cm: Allow ib_send_cm_sidr_rep() to be done under lock (Jason Gunthorpe) [Orabug: 31483278]
RDMA/cm: Allow ib_send_cm_rej() to be done under lock (Jason Gunthorpe) [Orabug: 31483278]
RDMA/cm: Allow ib_send_cm_drep() to be done under lock (Jason Gunthorpe) [Orabug: 31483278]
RDMA/cm: Allow ib_send_cm_dreq() to be done under lock (Jason Gunthorpe) [Orabug: 31483278]
RDMA/cm: Add some lockdep assertions for cm_id_priv->lock (Jason Gunthorpe) [Orabug: 31483278]
RDMA/cm: Add missing locking around id.state in cm_dup_req_handler (Jason Gunthorpe) [Orabug: 31483278]
RDMA/cm: Make the destroy_id flow more robust (Jason Gunthorpe) [Orabug: 31483278]
RDMA/cm: Remove a race freeing timewait_info (Jason Gunthorpe) [Orabug: 31483278]
RDMA/cm: Use refcount_t type for refcount variable (Danit Goldberg) [Orabug: 31483278]
bnxt_en: allow firmware to disable VLAN offloads (Michael Chan)
bnxt_en: clean up VLAN feature bit handling (Michael Chan) [Orabug: 31663185]
bnxt_en: Fix VLAN acceleration handling in bnxt_fix_features(). (Michael Chan) [Orabug: 31663185]
bnxt_en: Implement ethtool -X to set indirection table. (Michael Chan) [Orabug: 31663185]
bnxt_en: Return correct RSS indirection table entries to ethtool -x. (Michael Chan) [Orabug: 31663185]
bnxt_en: Fill HW RSS table from the RSS logical indirection table. (Michael Chan) [Orabug: 31663185]
bnxt_en: Add helper function to return the number of RSS contexts. (Michael Chan) [Orabug: 31663185]
bnxt_en: Add logical RSS indirection table structure. (Michael Chan) [Orabug: 31663185]
bnxt_en: Fix up bnxt_get_rxfh_indir_size(). (Michael Chan) [Orabug: 31663185]
bnxt_en: Set up the chip specific RSS table size. (Michael Chan) [Orabug: 31663185]
bnxt_en: fix firmware message length endianness (Michael Chan) [Orabug: 31663185]
net: bnxt: Remove Comparison to bool in bnxt_ethtool.c (Jason Yan) [Orabug: 31663185]
bnxt_en: show only relevant ethtool stats for a TX or RX ring (Rajesh Ravi) [Orabug: 31663185]
bnxt_en: Split HW ring statistics strings into RX and TX parts. (Michael Chan) [Orabug: 31663185]
bnxt_en: Refactor the software ring counters. (Michael Chan) [Orabug: 31663185]
bnxt_en: Do not include ETH_FCS_LEN in the max packet length sent to fw. (Vasundhara Volam) [Orabug: 31663185]
bnxt_en: Improve TQM ring context memory sizing formulas. (Michael Chan) [Orabug: 31663185]
bnxt_en: Allocate TQM ring context memory according to fw specification. (Michael Chan) [Orabug: 31663185]
bnxt_en: Update firmware spec. to 1.10.1.33. (Michael Chan) [Orabug: 31663185]
bnxt_en: Return error when allocating zero size context memory. (Michael Chan) [Orabug: 31663185]
bnxt_en: Reset rings if ring reservation fails during open() (Vasundhara Volam) [Orabug: 31663185]
bnxt_en: Return error if bnxt_alloc_ctx_mem() fails. (Michael Chan) [Orabug: 31663185]
bnxt_en: Fix Priority Bytes and Packets counters in ethtool -S. (Michael Chan) [Orabug: 31663185]
bnxt_en: Process the NQ under NAPI continuous polling. (Michael Chan) [Orabug: 31663185]
bnxt_en: Simplify __bnxt_poll_cqs_done(). (Michael Chan) [Orabug: 31663185]
bnxt_en: Handle all NQ notifications in bnxt_poll_p5(). (Michael Chan) [Orabug: 31663185]
bnxt_en: Disable workaround for lost interrupts on 575XX B0 and newer chips. (Michael Chan) [Orabug: 31663185]
bnxt_en: Periodically check and remove aged-out ntuple filters (Michael Chan) [Orabug: 31663185]
bnxt_en: Do not accept fragments for aRFS flow steering. (Michael Chan) [Orabug: 31663185]
bnxt_en: Remove the setting of dev_port. (Michael Chan) [Orabug: 31663185]
bnxt_en: Improve link up detection. (Michael Chan) [Orabug: 31663185]
RDMA/nldev: Provide MR statistics (Erez Alfasi) [Orabug: 31079901]
RDMA/mlx5: Return ODP type per MR (Erez Alfasi) [Orabug: 31079901]
RDMA/nldev: Allow different fill function per resource (Erez Alfasi) [Orabug: 31079901]
IB/mlx5: Introduce ODP diagnostic counters (Erez Alfasi) [Orabug: 31079901]
x86/reboot: Move up iommu_shutdown() before stop_other_cpus() (Saeed Mirzamohammadi) [Orabug: 31542630]
bcache: fix potential deadlock problem in btree_gc_coalesce (Zhiqiang Liu) [Orabug: 31350643] {CVE-2020-12771}
selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore) [Orabug: 31439365] {CVE-2020-10751}
Revert ‘zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()’ (Wade Mealing) [Orabug: 31510722] {CVE-2020-10781}
Enable config option CONFIG_NFSD_V4_2_INTER_SSC (Dai Ngo) [Orabug: 31535947]
NFSD: Fix NFS server build errors (Chuck Lever) [Orabug: 31535947]
nfsd4: fix double free in nfsd4_do_async_copy() (Dan Carpenter) [Orabug: 31535947]
NFSD fixing possible null pointer derefering in copy offload (Olga Kornievskaia) [Orabug: 31535947]
NFSD fix nfserro errno mismatch (Olga Kornievskaia) [Orabug: 31535947]
NFSD: fix seqid in copy stateid (Olga Kornievskaia) [Orabug: 31535947]
NFSv4.2 fix memory leak in nfs42_ssc_open (Olga Kornievskaia) [Orabug: 31535947]
NFSv4: Make _nfs42_proc_copy_notify() static (YueHaibing) [Orabug: 31535947]
nfsv4: Move NFSPROC4_CLNT_COPY_NOTIFY to end of list (Trond Myklebust) [Orabug: 31535947]
NFSD: allow inter server COPY to have a STALE source server fh (Olga Kornievskaia) [Orabug: 31535947]
NFSD add nfs4 inter ssc to nfsd4_copy (Olga Kornievskaia) [Orabug: 31535947]
NFSD check stateids against copy stateids (Olga Kornievskaia) [Orabug: 31535947]
NFSD fix mismatching type in nfsd4_set_netaddr (Olga Kornievskaia) [Orabug: 31535947]
NFSD fill-in netloc4 structure (Olga Kornievskaia) [Orabug: 31535947]
NFSD add COPY_NOTIFY operation (Olga Kornievskaia) [Orabug: 31535947]
to COPY (Olga Kornievskaia) [Orabug: 31535947]
NFSD COPY_NOTIFY xdr (Olga Kornievskaia) [Orabug: 31535947]
NFSv4.2 fix kfree in __nfs42_copy_file_range (Olga Kornievskaia) [Orabug: 31535947]
NFS based on file size issue sync copy or fallback to generic copy offload (Olga Kornievskaia) [Orabug: 31535947]
NFS: handle source server reboot (Olga Kornievskaia) [Orabug: 31535947]
NFS: skip recovery of copy open on dest server (Olga Kornievskaia) [Orabug: 31535947]
NFS: inter ssc open (Olga Kornievskaia) [Orabug: 31535947]
to COPY (Olga Kornievskaia) [Orabug: 31535947]
NFS: add COPY_NOTIFY operation (Olga Kornievskaia) [Orabug: 31535947]
NFS NFSD: defining nl4_servers structure needed by both (Olga Kornievskaia) [Orabug: 31535947]
kvm: svm: Introduce GA Log tracepoint for AVIC (Suravee Suthikulpanit) [Orabug: 31631367]
KVM: SVM: Inhibit APIC virtualization for X2APIC guest (Oliver Upton) [Orabug: 31631367]
KVM: SVM: allocate AVIC data structures based on kvm_amd module parameter (Paolo Bonzini) [Orabug: 31631367]
kvm: x86: svm: Fix NULL pointer dereference when AVIC not enabled (Suravee Suthikulpanit) [Orabug: 31631367]
KVM: SVM: allow AVIC without split irqchip (Paolo Bonzini) [Orabug: 31631367]
kvm: ioapic: Lazy update IOAPIC EOI (Suravee Suthikulpanit) [Orabug: 31631367]
kvm: ioapic: Refactor kvm_ioapic_update_eoi() (Suravee Suthikulpanit) [Orabug: 31631367]
kvm: i8254: Deactivate APICv when using in-kernel PIT re-injection mode. (Suravee Suthikulpanit) [Orabug: 31631367]
svm: Temporarily deactivate AVIC during ExtINT handling (Suravee Suthikulpanit) [Orabug: 31631367]
svm: Deactivate AVIC when launching guest with nested SVM support (Suravee Suthikulpanit) [Orabug: 31631367]
kvm: x86: hyperv: Use APICv update request interface (Suravee Suthikulpanit) [Orabug: 31631367]
svm: Add support for dynamic APICv (Suravee Suthikulpanit) [Orabug: 31631367]
kvm: x86: Introduce x86 ops hook for pre-update APICv (Suravee Suthikulpanit) [Orabug: 31631367]
kvm: x86: Introduce APICv x86 ops for checking APIC inhibit reasons (Suravee Suthikulpanit) [Orabug: 31631367]
KVM: svm: avic: Add support for dynamic setup/teardown of virtual APIC backing page (Suravee Suthikulpanit) [Orabug: 31631367]
kvm: x86: svm: Add support to (de)activate posted interrupts (Suravee Suthikulpanit) [Orabug: 31631367]
kvm: x86: Add APICv (de)activate request trace points (Suravee Suthikulpanit) [Orabug: 31631367]
kvm: x86: Add support for dynamic APICv activation (Suravee Suthikulpanit) [Orabug: 31631367]
KVM: x86: remove get_enable_apicv from kvm_x86_ops (Paolo Bonzini) [Orabug: 31631367]
kvm: x86: Introduce APICv inhibit reason bits (Suravee Suthikulpanit) [Orabug: 31631367]
kvm: lapic: Introduce APICv update helper function (Suravee Suthikulpanit) [Orabug: 31631367]
KVM: X86: Drop KVM_APIC_SHORT_MASK and KVM_APIC_DEST_MASK (Peter Xu) [Orabug: 31631367]
KVM: SVM: Remove check if APICv enabled in SVM update_cr8_intercept() handler (Liran Alon) [Orabug: 31631367]
kvm: x86: Modify kvm_x86_ops.get_enable_apicv() to use struct kvm parameter (Suthikulpanit, Suravee) [Orabug: 31631367]
kvm: Increase KVM_USER_MEM_SLOTS for dense memory hotplug (Eric DeVolder) [Orabug: 31694365]
random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698078] {CVE-2020-16166}
vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705117] {CVE-2020-14331} {CVE-2020-14331}
net/rds: Incorrect WARN_ON() (Ka-Cheong Poon) [Orabug: 31718014]

OSVersionArchitecturePackageVersionFilename
oracle linux7srckernel-uek< 5.4.17-2011.6.2.el7uekkernel-uek-5.4.17-2011.6.2.el7uek.src.rpm
oracle linux7aarch64kernel-uek< 5.4.17-2011.6.2.el7uekkernel-uek-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux7aarch64kernel-uek-debug< 5.4.17-2011.6.2.el7uekkernel-uek-debug-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux7aarch64kernel-uek-debug-devel< 5.4.17-2011.6.2.el7uekkernel-uek-debug-devel-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux7aarch64kernel-uek-devel< 5.4.17-2011.6.2.el7uekkernel-uek-devel-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux7noarchkernel-uek-doc< 5.4.17-2011.6.2.el7uekkernel-uek-doc-5.4.17-2011.6.2.el7uek.noarch.rpm
oracle linux7aarch64kernel-uek-tools< 5.4.17-2011.6.2.el7uekkernel-uek-tools-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux7aarch64kernel-uek-tools-libs< 5.4.17-2011.6.2.el7uekkernel-uek-tools-libs-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux7aarch64perf< 5.4.17-2011.6.2.el7uekperf-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux7aarch64python-perf< 5.4.17-2011.6.2.el7uekpython-perf-5.4.17-2011.6.2.el7uek.aarch64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	7	src	kernel-uek	< 5.4.17-2011.6.2.el7uek	kernel-uek-5.4.17-2011.6.2.el7uek.src.rpm
oracle linux	7	aarch64	kernel-uek	< 5.4.17-2011.6.2.el7uek	kernel-uek-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux	7	aarch64	kernel-uek-debug	< 5.4.17-2011.6.2.el7uek	kernel-uek-debug-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux	7	aarch64	kernel-uek-debug-devel	< 5.4.17-2011.6.2.el7uek	kernel-uek-debug-devel-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux	7	aarch64	kernel-uek-devel	< 5.4.17-2011.6.2.el7uek	kernel-uek-devel-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux	7	noarch	kernel-uek-doc	< 5.4.17-2011.6.2.el7uek	kernel-uek-doc-5.4.17-2011.6.2.el7uek.noarch.rpm
oracle linux	7	aarch64	kernel-uek-tools	< 5.4.17-2011.6.2.el7uek	kernel-uek-tools-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux	7	aarch64	kernel-uek-tools-libs	< 5.4.17-2011.6.2.el7uek	kernel-uek-tools-libs-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux	7	aarch64	perf	< 5.4.17-2011.6.2.el7uek	perf-5.4.17-2011.6.2.el7uek.aarch64.rpm
oracle linux	7	aarch64	python-perf	< 5.4.17-2011.6.2.el7uek	python-perf-5.4.17-2011.6.2.el7uek.aarch64.rpm