Lucene search

K
oraclelinuxOracleLinuxELSA-2020-5924
HistoryNov 12, 2020 - 12:00 a.m.

Unbreakable Enterprise kernel-container security update

2020-11-1200:00:00
linux.oracle.com
62

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:P/I:P/A:C

[4.14.35-2025.402.2.1.el7]

  • powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug:
    32040805] {CVE-2020-8694} {CVE-2020-8695}
    [4.14.35-2025.402.2.el7]
  • ocfs2: fix remounting needed after setfacl command (Gang He)
  • Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770]
  • drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349]
  • i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050]
  • bnxt: Corrects warning: ‘struct tc_cls_flower_offload’ (John Donnelly) [Orabug: 32041757]
  • SCSI: Corrects ‘ret’ not used warning (John Donnelly) [Orabug: 32041763]
  • IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520]
  • qed: Corrects warning: ‘qed_iwarp_ll2_slowpath’ defined but not used (John Donnelly) [Orabug: 32052276]
    [4.14.35-2025.402.1.el7]
  • configfs: make ci_type field, some pointers and function arguments const (Bhumika Goyal) [Orabug: 32022427]
  • IB/ipoib: Arm ‘send_cq’ to process completions in due time (Gerd Rausch) [Orabug: 31596798]
  • hdlc_ppp: add range checks in ppp_cp_parse_cr() (Dan Carpenter) [Orabug: 31989189] {CVE-2020-25643}
  • uek-rpm: Create initramfs at postinstall stage also. (Somasundaram Krishnasamy) [Orabug: 32010303]
  • SUNRPC: Remove xprt_connect_status() again (John Donnelly) [Orabug: 32010341]
  • geneve: add transport ports in route lookup for geneve (Mark Gray) [Orabug: 32014099] {CVE-2020-25645}
  • nvme-fc: fix double-free scenarios on hw queues (James Smart) [Orabug: 32019898]
  • xfs: fix warning: unused variable ‘sb’ (John Donnelly) [Orabug: 32010343]
  • nvme-pci: remove queue_count_ops for write_queues and poll_queues (Minwoo Im) [Orabug: 32010357]
  • nvme: Corrects warning: unused variable ‘startka’ (John Donnelly) [Orabug: 32010357]
  • uek-rpm: config-aarch64-embedded add fast_kexec (Henry Willard) [Orabug: 32010273]
  • arm64: kexec: Add optional fast shutdown for kexec (Henry Willard) [Orabug: 32010273]
  • ocfs2: remove unused ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 32007790]
  • rds: fixes warning: unused variable ‘cache_sz_k’ (John Donnelly) [Orabug: 32008320]
  • panic: move disabling iommu to after dump_stack() (John Donnelly) [Orabug: 32009003]
  • uek-rpm: Add old OL keys to the default .blacklist keyring (Eric Snowberg) [Orabug: 31961118]
  • certs: Add ability to preload revocation certs (Eric Snowberg) [Orabug: 31961118]
  • certs: Move load_system_certificate_list to a common function (Eric Snowberg) [Orabug: 31961118]
  • certs: Add EFI_CERT_X509_GUID support for dbx entries (Eric Snowberg) [Orabug: 31961118] {CVE-2020-26541}
  • Revert ‘l2tp: initialise PPP sessions before registering them’ (George Kennedy) [Orabug: 31906205]
  • btrfs: Don’t submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 31265337] {CVE-2019-19377}
  • btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351023] {CVE-2019-19448}
  • xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen) [Orabug: 31895824] {CVE-2020-14385}
  • net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31907603]
  • mm, page_alloc: double zone’s batchsize (Aaron Lu) [Orabug: 31907603]
  • mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aaron Lu) [Orabug: 31907603]
  • mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aaron Lu) [Orabug: 31907603]
  • ghes: Corrects: warning: unused variable ‘vaddr’ [-Wunused-variable] (John Donnelly) [Orabug: 31995830]
  • ACPI: properties: Implement get_match_data() callback (Sinan Kaya) [Orabug: 31995830]
  • blk-mq: warning: unused variable ‘ctx’ (John Donnelly) [Orabug: 31996284]
  • x86/mitigations: Restore paranoid checks for int3 handling (Boris Ostrovsky) [Orabug: 31999336]
    [4.14.35-2025.402.0.el7]
  • nbd_genl_status: null check for nla_nest_start (Navid Emamdoost) [Orabug: 31351789] {CVE-2019-16089}
  • efi/x86/Add missing error handling to old_memmap 1:1 mapping code (Gen Zhang) [Orabug: 31351924] {CVE-2019-12380}
  • RDS: add module parameter to allow module unload or not (Hans Westgaard Ry) [Orabug: 31503865]
  • rds: Revert ‘Disable module unload by default’ (Hans Westgaard Ry) [Orabug: 31503865]
  • rds/tcp: Enhance stats maintained by rds (Rao Shoaib) [Orabug: 31521372]
  • EDAC/i10nm: Update driver to support different bus number config register offsets (Qiuxu Zhuo) [Orabug: 31645136]
  • EDAC, {skx,i10nm}: Make some configurations CPU model specific (Qiuxu Zhuo) [Orabug: 31645136]
  • mstflint_access: Update driver code to v4.15.0-1 from Github (Itay Avraham) [Orabug: 31682346]
  • KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722765]
  • KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722765]
  • KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722765]
  • KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722765]
  • cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang) [Orabug: 31779798] {CVE-2020-14356}
  • bpf: ensure helper ids match between UEK5, UEK6 and upstream (Alan Maguire) [Orabug: 31860453]
  • netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872862] {CVE-2020-25211}
  • vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}
  • fbcon: remove soft scrollback code (Linus Torvalds) [Orabug: 31914690] {CVE-2020-14390}
  • KVM: nVMX: do not use dangling shadow VMCS after guest reset (Paolo Bonzini) [Orabug: 31941096]
  • Revert ‘usb: xhci: do not create and register shared_hcd when USB3.0 is disabled’ (Thomas Tai) [Orabug: 31943628]
  • uek-rpm: Use oracle-armset-1 to build uekemb2 (Dave Kleikamp) [Orabug: 31950869]
  • block: allow for_each_bvec to support zero len bvec (Ming Lei) [Orabug: 31955141] {CVE-2020-25641}
  • uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31979628]

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:P/I:P/A:C

Related for ELSA-2020-5924