Lucene search

K
oraclelinuxOracleLinuxELSA-2020-5995
HistoryDec 14, 2020 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2020-12-1400:00:00
linux.oracle.com
68

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

[4.14.35-2025.403.3]

  • RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 32005117]
  • lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 32005117]
  • lib/scatterlist: Add SG_CHAIN and SG_END macros for LSB encodings (Anshuman Khandual) [Orabug: 32005117]
  • lib/scatterlist: Avoid potential scatterlist entry overflow (Tvrtko Ursulin) [Orabug: 32005117]
  • lib/scatterlist: Fix offset type in sg_alloc_table_from_pages (Tvrtko Ursulin) [Orabug: 32005117]
  • uek-rpm: Don’t build emb2 kernel for mips (Dave Kleikamp) [Orabug: 32176889]
  • vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187748] {CVE-2020-28974}
  • page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32201999]
  • xen/events: block rogue events for some time (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
  • xen/events: defer eoi in case of excessive number of events (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
  • xen/events: use a common cpu hotplug hook for event channels (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
  • xen/events: switch user event channels to lateeoi model (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
  • xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
  • xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
  • xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
  • xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
  • xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
  • xen/events: add a new ‘late EOI’ evtchn framework (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
  • xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
  • xen/events: add a proper barrier to 2-level uevent unmasking (Juergen Gross) [Orabug: 32177538] {CVE-2020-27673}
  • xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 32177548]
    [4.14.35-2025.403.2]
  • tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122729] {CVE-2020-25668}
  • vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656} {CVE-2020-25656}
  • vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122952] {CVE-2020-25656}
  • perf/core: Fix a memory leak in perf_event_parse_addr_filter() (kiyin) [Orabug: 32131175] {CVE-2020-25704}
  • perf/core: Fix bad use of igrab() (Song Liu) [Orabug: 32131175] {CVE-2020-25704}
  • IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136898]
  • IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136898]
  • IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136898]
  • IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136898]
  • IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136898]
  • IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136898]
  • xen/gntdev: fix up blockable calls to mn_invl_range_start (Michal Hocko) [Orabug: 32139244]
    [4.14.35-2025.403.1]
  • lockdown: By default run in integrity mode. (Konrad Rzeszutek Wilk) [Orabug: 32131561]
  • Revert ‘iomap: Fix pipe page leakage during splicing’ (George Kennedy) [Orabug: 32136519]
  • kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138016]
  • Revert ‘pci: hardcode enumeration’ (Dave Aldridge) [Orabug: 32152249]
  • hv_utils: drain the timesync packets on onchannelcallback (Vineeth Pillai) [Orabug: 32152144]
  • hv_utils: return error if host timesysnc update is stale (Vineeth Pillai) [Orabug: 32152144]
    [4.14.35-2025.403.0]
  • powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32138487] {CVE-2020-8694} {CVE-2020-8695}
  • Btrfs: fix selftests failure due to uninitialized i_mode in test inodes (Filipe Manana) [Orabug: 31864726]
  • btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864726]
  • btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864726] {CVE-2019-19816}
  • x86/apic: Get rid of multi CPU affinity (Thomas Gleixner) [Orabug: 31975320]
  • hv_netvsc: Set probe mode to sync (Haiyang Zhang) [Orabug: 32132413]
  • net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113843]
  • perf symbols: Check if we read regular file in dso__load() (Jiri Olsa) [Orabug: 30696035]
  • rds: Restore MR use-once semantics (Hakon Bugge) [Orabug: 31990092] [Orabug: 31990095]
  • rds: Fix incorrect cmsg status and use-after-free (Hakon Bugge) [Orabug: 32003078] [Orabug: 32003081]
  • dm cache: remove all obsolete writethrough-specific code (Mike Snitzer) [Orabug: 32010352]
  • dm cache: pass cache structure to mode functions (Mike Snitzer) [Orabug: 32010352]
  • dm rq: don’t call blk_mq_queue_stopped() in dm_stop_queue() (Ming Lei) [Orabug: 32010352]
  • bcache: allocate meta data pages as compound pages (Coly Li) [Orabug: 32010352]
  • md/raid5: Fix Force reconstruct-write io stuck in degraded raid5 (ChangSyun Peng) [Orabug: 32010352]
  • bcache: fix super block seq numbers comparision in register_cache_set() (Coly Li) [Orabug: 32010352]
  • md-cluster: fix wild pointer of unlock_all_bitmaps() (Zhao Heming) [Orabug: 32010352]
  • dm: use noio when sending kobject event (Mikulas Patocka) [Orabug: 32010352]
  • dm zoned: assign max_io_len correctly (Hou Tao) [Orabug: 32010352]
  • md: add feature flag MD_FEATURE_RAID0_LAYOUT (NeilBrown) [Orabug: 32010352]
  • dm zoned: return NULL if dmz_get_zone_for_reclaim() fails to find a zone (Hannes Reinecke) [Orabug: 32010352]
  • dm mpath: switch paths in dm_blk_ioctl() code path (Martin Wilck) [Orabug: 32010352]
  • dm crypt: avoid truncating the logical block size (Eric Biggers) [Orabug: 32010352]
  • md: don’t flush workqueue unconditionally in md_open (Guoqing Jiang) [Orabug: 32010352]
  • x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Thomas Gleixner) [Orabug: 32010658]
  • x86/mce/therm_throt: Do not access uninitialized therm_work (Chuansheng Liu) [Orabug: 32010658]
  • x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Arnd Bergmann) [Orabug: 32010658]
  • x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Srinivas Pandruvada) [Orabug: 32010658]
  • x86/mce/therm_throt: Optimize notifications of thermal throttle (Srinivas Pandruvada) [Orabug: 32010658]
  • jiffies: add utility function to calculate delta in ms (Matteo Croce) [Orabug: 32010658]
  • rds: Force ordering of {set,clear}_bit operating on m_flags (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
  • rds: Do not send canceled operations to the transport layer (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
  • rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
  • Revert ‘RDS: Drop the connection as part of cancel to avoid hangs’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
  • Revert ‘rds: fix warning in rds_send_drop_to()’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
  • Revert ‘rds: Use correct conn when dropping connections due to cancel’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
  • Revert ‘rds: prevent use-after-free of rds conn in rds_send_drop_to()’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
  • Revert ‘rds: Use bitmap to designate dropped connections’ (Hakon Bugge) [Orabug: 31505749] [Orabug: 32014809]
  • Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von Dentz) [Orabug: 32021288] {CVE-2020-12352}
  • x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021855]
  • arm64: Corrects warning: ISO C90 forbids mixed declarations and code (John Donnelly) [Orabug: 32040061]
  • hwrng: cavium: Corrects warning: unused variable ‘dev_id’ (John Donnelly) [Orabug: 32040066]
  • Lock down /proc/kcore (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127]
  • lockdown: Lock down perf when in confidentiality mode (David Howells) [Orabug: 32053127]
  • Lock down kprobes (redux!) (Konrad Rzeszutek Wilk) [Orabug: 32053127]
  • debugfs: whitelist spectre mitigation when locked down (Eric Snowberg) [Orabug: 32053127]
  • debugfs: Return -EPERM when locked down (Eric Snowberg) [Orabug: 32053127]
  • debugfs: Restrict debugfs when the kernel is locked down (David Howells) [Orabug: 32053127]
  • lockdown: Add __kernel_is_confidentiality_mode to figure out whether … (Konrad Rzeszutek Wilk) [Orabug: 32053127]
  • dtrace: Restrict access when the kernel is locked down in confidentiality mode (Konrad Rzeszutek Wilk) [Orabug: 32053127]
  • bpf: Restrict bpf when kernel lockdown is in confidentiality mode (David Howells) [Orabug: 32053127]
  • security: Add a static lockdown policy LSM [diet-version] (Matthew Garrett) [Orabug: 32053127]
  • net/rds: Check for NULL rid_dev_rem_complete (Ka-Cheong Poon) [Orabug: 32058618]
  • scsi: Corrects warning: passing argument 1 of ‘wwn_to_u64’ mismatch (John Donnelly) [Orabug: 32059622]
  • ipvlan: Corrects warning: label ‘unregister_netdev’ defined but not used (John Donnelly) [Orabug: 32059740]
  • mm, compaction: raise compaction priority after it withdrawns (Vlastimil Babka) [Orabug: 32065218]
  • mm, reclaim: cleanup should_continue_reclaim() (Vlastimil Babka) [Orabug: 32065218]
  • mm, reclaim: make should_continue_reclaim perform dryrun detection (Hillf Danton) [Orabug: 32065218]
  • KVM: Drop ‘const’ attribute from old memslot in commit_memory_region() (Sean Christopherson) [Orabug: 32068898]
  • octeontx2-pf: Return proper RSS indirection table size always (Sunil Goutham) [Orabug: 32095651]
  • octeontx2-af: Free RVU REE irq properly (Smadar Fuks) [Orabug: 32095651]
  • octeontx2-af: Free RVU NIX IRQs properly. (Rakesh Babu) [Orabug: 32095651]
  • octeontx2-af: Fix the BPID mask (Subbaraya Sundeep) [Orabug: 32095651]
  • octeontx2-pf: Fix receive buffer size calculation (Sunil Goutham) [Orabug: 32095651]
  • octeontx2-af: Fix updating wrong multicast list index in NIX_RX_ACTION (Naveen Mamindlapalli) [Orabug: 32095651]
  • octeontx2-af: Ratelimit prints from AF error interrupt handlers (Naveen Mamindlapalli) [Orabug: 32095651]
  • octeontx2-pf: Avoid null pointer dereference (Subbaraya Sundeep) [Orabug: 32095651]
  • octeontx2-af: Check the msix offset return value (Subbaraya Sundeep) [Orabug: 32095651]
  • octeontx2-af: make tx nibble fixup is always apply (Stanislaw Kardach) [Orabug: 32095651]
  • octeontx2-af: Stop kpu parsing at layer3 for ipv6 fragmented packets. (Abhijit Ayarekar) [Orabug: 32095651]
  • octeontx2-pf: Call mbox_reset before incrementing ack (Hariprasad Kelam) [Orabug: 32095651]
  • octeontx2-af: Simplify otx2_mbox_reset call (Hariprasad Kelam) [Orabug: 32095651]
  • A/A Bonding: Increase number and interval of GARPs sent by rdmaip (Sharath Srinivasan) [Orabug: 32095768]
  • net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) [Orabug: 32095962]
  • rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath Patil) [Orabug: 32113532]
    [4.14.35-2025.402.2]
  • ocfs2: fix remounting needed after setfacl command (Gang He)
  • Fix multiple variable definition with syzkaller (Hans Westgaard Ry) [Orabug: 32008770]
  • drm/vmwgfx: Use the dma scatter-gather iterator to get dma addresses (Thomas Hellstrom) [Orabug: 32010349]
  • i40e: Corrects i40e_setup_tc and i40e_xdp defined but not used warnings (John Donnelly) [Orabug: 32034050]
  • bnxt: Corrects warning: ‘struct tc_cls_flower_offload’ (John Donnelly) [Orabug: 32041757]
  • SCSI: Corrects ‘ret’ not used warning (John Donnelly) [Orabug: 32041763]
  • IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042520]
  • qed: Corrects warning: ‘qed_iwarp_ll2_slowpath’ defined but not used (John Donnelly) [Orabug: 32052276]
  • ipv6: fix possible use-after-free in ip6_xmit() (Eric Dumazet)

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C