Lucene search

K
oraclelinuxOracleLinuxELSA-2020-5914
HistoryNov 10, 2020 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2020-11-1000:00:00
linux.oracle.com
33

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:P/I:P/A:C

[5.4.17-2036.100.6.1.el8uek]

  • powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695}
  • KVM: ioapic: break infinite recursion on lazy EOI (Vitaly Kuznetsov) [Orabug: 32066585] {CVE-2020-27152} {CVE-2020-27152}
  • x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999339]
  • x86/jump_label: Patch one site at a time (Boris Ostrovsky) [Orabug: 31999339]
    [5.4.17-2036.100.5.el8uek]
  • uek-rpm: Fix integer test for 4k page size module signing (Dave Kleikamp) [Orabug: 32021114]
  • uek-rpm/kernel-uek.spec: Sign modules for 4k kernel (Vijay Kumar) [Orabug: 32021114]
  • hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989185] {CVE-2020-25643}
  • dm crypt: add flags to optionally bypass kcryptd workqueues (Ignat Korchagin) [Orabug: 31998688]
  • uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010302]
  • geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32013938] {CVE-2020-25645}
  • nvmet: Disable keep-alive timer when kato is cleared to 0h (Amit Engel) [Orabug: 31997181]
  • KVM: nVMX: stop abusing need_vmcs12_to_shadow_sync for eVMCS mapping (Vitaly Kuznetsov) [Orabug: 31986433]
  • cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug (Daniel Jordan) [Orabug: 31985221]
  • uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979626]
  • uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961115]
  • certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961115]
  • certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961115]
  • certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961115] {CVE-2020-26541}
  • bcache: stop setting ->queuedata (Christoph Hellwig) [Orabug: 30210051]
  • bcache: pr_info() format clean up in bcache_device_init() (Coly Li) [Orabug: 30210051]
  • bcache: use delayed kworker fo asynchronous devices registration (Coly Li) [Orabug: 30210051]
  • bcache: check and adjust logical block size for backing devices (Mauricio Faria de Oliveira) [Orabug: 30210051]
  • bcache: configure the asynchronous registertion to be experimental (Coly Li) [Orabug: 30210051]
  • bcache: asynchronous devices registration (Coly Li) [Orabug: 30210051]
    uses to a more typical style (Joe Perches) [Orabug: 30210051]
  • bcache: remove redundant variables i and n (Colin Ian King) [Orabug: 30210051]
  • bcache: remove a duplicate ->make_request_fn assignment (Christoph Hellwig) [Orabug: 30210051]
  • bcache: pass the make_request methods to blk_queue_make_request (Christoph Hellwig) [Orabug: 30210051]
  • bcache: remove dupplicated declaration from btree.h (Coly Li) [Orabug: 30210051]
  • bcache: optimize barrier usage for atomic operations (Coly Li) [Orabug: 30210051]
  • bcache: optimize barrier usage for Rmw atomic bitops (Davidlohr Bueso) [Orabug: 30210051]
  • bcache: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 30210051]
  • bcache: make bch_sectors_dirty_init() to be multithreaded (Coly Li) [Orabug: 30210051]
  • bcache: make bch_btree_check() to be multithreaded (Coly Li) [Orabug: 30210051]
  • bcache: add bcache_ prefix to btree_root() and btree() macros (Coly Li) [Orabug: 30210051]
  • bcache: move macro btree() and btree_root() into btree.h (Coly Li) [Orabug: 30210051]
  • bcache: remove macro nr_to_fifo_front() (Coly Li) [Orabug: 30210051]
  • bcache: Revert ‘bcache: shrink btree node cache after bch_btree_check()’ (Coly Li) [Orabug: 30210051]
  • bcache: check return value of prio_read() (Coly Li) [Orabug: 30210051]
  • bcache: reap from tail of c->btree_cache in bch_mca_scan() (Coly Li) [Orabug: 30210051]
  • bcache: reap c->btree_cache_freeable from the tail in bch_mca_scan() (Coly Li) [Orabug: 30210051]
  • bcache: remove member accessed from struct btree (Coly Li) [Orabug: 30210051]
  • bcache: add code comments for state->pool in __btree_sort() (Coly Li) [Orabug: 30210051]
  • bcache: use read_cache_page_gfp to read the superblock (Christoph Hellwig) [Orabug: 30210051]
  • bcache: store a pointer to the on-disk sb in the cache and cached_dev structures (Christoph Hellwig) [Orabug: 30210051]
  • bcache: return a pointer to the on-disk sb from read_super (Christoph Hellwig) [Orabug: 30210051]
  • bcache: transfer the sb_page reference to register_{bdev,cache} (Christoph Hellwig) [Orabug: 30210051]
  • bcache: use a separate data structure for the on-disk super block (Christoph Hellwig) [Orabug: 30210051]
  • bcache: don’t export symbols (Christoph Hellwig) [Orabug: 30210051]
  • bcache: remove the extra cflags for request.o (Christoph Hellwig) [Orabug: 30210051]
  • bcache: add idle_max_writeback_rate sysfs interface (Coly Li) [Orabug: 30210051]
  • bcache: add code comments in bch_btree_leaf_dirty() (Coly Li) [Orabug: 30210051]
  • bcache: add code comment bch_keylist_pop() and bch_keylist_pop_front() (Coly Li) [Orabug: 30210051]
  • bcache: deleted code comments for dead code in bch_data_insert_keys() (Coly Li) [Orabug: 30210051]
  • bcache: add more accurate error messages in read_super() (Coly Li) [Orabug: 30210051]
  • bcache: fix a lost wake-up problem caused by mca_cannibalize_lock (Guoju Fang) [Orabug: 30210051]
  • mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31965669]
  • rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31933715]
  • panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 31916337]
  • nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31972480] {CVE-2019-16089}
  • vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}
  • fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914650] {CVE-2020-14390}
  • net: ethernet: mlx4: Fix memory allocation in mlx4_buddy_init() (Shung-Hsi Yu) [Orabug: 31907969]
  • PCI: pciehp: Reduce noisiness on hot removal (Lukas Wunner) [Orabug: 30512596]
  • kdump: update Documentation about crashkernel (Chen Zhou) [Orabug: 31554906]
  • arm64: kdump: add memory for devices by DT property linux, usable-memory-range (Chen Zhou) [Orabug: 31554906]
  • kdump: add threshold for the required memory (Chen Zhou) [Orabug: 31554906]
  • arm64: kdump: reimplement crashkernel=X (Chen Zhou) [Orabug: 31554906]
  • arm64: kdump: introduce some macroes for crash kernel reservation (Chen Zhou) [Orabug: 31554906]
  • x86: kdump: move reserve_crashkernel_low into crash_core.c (Chen Zhou) [Orabug: 31554906]
  • x86: kdump: use macro CRASH_ADDR_LOW_MAX in functions reserve_crashkernel_low (Chen Zhou) [Orabug: 31554906]
  • x86: kdump: make the lower bound of crash kernel reservation consistent (Chen Zhou) [Orabug: 31554906]
  • x86: kdump: move CRASH_ALIGN to 2M (Chen Zhou) [Orabug: 31554906]
  • block: allow ‘chunk_sectors’ to be non-power-of-2 (Mike Snitzer) [Orabug: 31827023]
  • block: use lcm_not_zero() when stacking chunk_sectors (Mike Snitzer) [Orabug: 31827023]
  • dm: fix comment in dm_process_bio() (Mike Snitzer) [Orabug: 31827023]
  • dm: fix bio splitting and its bio completion order for regular IO (Mike Snitzer) [Orabug: 31827023]
  • block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955136] {CVE-2020-25641}
    [5.4.17-2036.100.4.el8uek]
  • xfs: force writes to delalloc regions to unwritten (Darrick J. Wong) [Orabug: 30787888]
  • xfs: properly serialise fallocate against AIO+DIO (Dave Chinner) [Orabug: 31366104]
  • perf/x86/rapl: Add Ice Lake RAPL support (Thomas Tai) [Orabug: 31766610]
  • xfs: attach dquots and reserve quota blocks during unwritten conversion (Darrick J. Wong) [Orabug: 31785972]
  • netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872853] {CVE-2020-25211}
  • net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880140]
  • uek-rpm: streamline 4konly build (Dave Kleikamp) [Orabug: 31891770]
  • bnxt: correct warning: unused variable: ‘rc’ (John Donnelly) [Orabug: 31907548]
  • i40e: Correct warning: ‘aq_ret’ may be used uninitialized, (John Donnelly) [Orabug: 31907631]
  • uek-rpm: Add ovmapi.ko to uek6 nano_modules (Joe Jin) [Orabug: 31908852]
  • uek-rpm: config: Enable OVM API (Joe Jin) [Orabug: 31908852]
  • uek-rpm: Fix kernel-ueknano depmod warnings vhost_iotlb regmap-i2c (Vijayendra Suman) [Orabug: 31916879]
  • kprobes: Fix compiler warning for !CONFIG_KPROBES_ON_FTRACE (Muchun Song) [Orabug: 31920526]
  • scsi: page warning: ‘page’ may be used uninitialized. (John Donnelly) [Orabug: 31920671]
  • x86/speculation/taa: Add TAA_MITIGATION_IDLE mode (Patrick Colp) [Orabug: 31921884]
  • oracleasm: Access d_bdev before dropping inode (Stephen Brennan) [Orabug: 31927355]
  • iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit) [Orabug: 31931368]
  • iommu/amd: Fix potential @entry null deref (Joao Martins) [Orabug: 31931368]
  • iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit) [Orabug: 31931368]

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:P/I:P/A:C