Lucene search

K
oraclelinuxOracleLinuxELSA-2021-9038
HistoryFeb 08, 2021 - 12:00 a.m.

Unbreakable Enterprise kernel-container security update

2021-02-0800:00:00
linux.oracle.com
101

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.3%

[5.4.17-2036.103.3.el7]

  • Revert ‘rds: Deregister all FRWR mr with free_mr’ (aru kolappan) [Orabug:
    32426610]
    [5.4.17-2036.103.2.el7]
  • A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380824]
  • netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372530] {CVE-2021-20177}
  • net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372158]
  • uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380061]
  • A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350974]
  • uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32346419]
  • target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}
    [5.4.17-2036.103.1.el7]
  • mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349203] {CVE-2020-36158}
  • x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32234812]
  • add license checking to kABI checker (Dan Duval) [Orabug: 32355206]
    [5.4.17-2036.103.0.el7]
  • lockd: don’t use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337715]
  • tools: update header files in the tools directory (Thomas Tai) [Orabug: 32321484]
  • perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32321484]
  • perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32321484]
  • perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32321484]
  • perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32321484]
  • perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32321484]
  • perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32321484]
  • perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32321484]
  • perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32321484]
  • perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32321484]
  • perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32321484]
  • perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32321484]
  • perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32321484]
  • perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32321484]
  • perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32321484]
  • perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32321484]
  • perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32321484]
  • perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32321484]
  • perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32321484]
  • perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32321484]
  • perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32321484]
  • perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32321484]
  • perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32321484]
  • partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302136]
  • Revert ‘cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug’ (Daniel Jordan) [Orabug: 32295229]
  • cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295229]
  • uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290034]
  • driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290034]
  • perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290034]
  • perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290034]
  • perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290034]
  • perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290034]
  • perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290034]
  • arm64: acpi: Make apei_claim_sea() synchronise with APEI’s irq work (James Morse) [Orabug: 32290034]
  • ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290034]
  • iommu/arm-smmu-v3: Don’t reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290034]
  • Revert ‘BACKPORT: perf: Add Arm CMN-600 DT binding’ (Dave Kleikamp) [Orabug: 32290034]
  • Revert ‘BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver’ (Dave Kleikamp) [Orabug: 32290034]
  • Revert ‘BACKPORT: WIP: perf/arm-cmn: Add ACPI support’ (Dave Kleikamp) [Orabug: 32290034]
  • Revert ‘perf: Add ARM DMC-620 PMU driver.’ (Dave Kleikamp) [Orabug: 32290034]
  • Revert ‘BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors’ (Dave Kleikamp) [Orabug: 32290034]
  • Revert ‘BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI’s irq work’ (Dave Kleikamp) [Orabug: 32290034]
  • Revert ‘Perf: arm-cmn: Allow irq to be shared.’ (Dave Kleikamp) [Orabug: 32290034]
  • Revert ‘perf: arm_cmn: improve and make it work on 2P.’ (Dave Kleikamp) [Orabug: 32290034]
  • Revert ‘perf: arm_dsu: Allow IRQ to be shared among devices.’ (Dave Kleikamp) [Orabug: 32290034]
  • Revert ‘perf: arm_dsu: Support ACPI mode.’ (Dave Kleikamp) [Orabug: 32290034]
  • Revert ‘perf: arm_dmc620: Update ACPI ID.’ (Dave Kleikamp) [Orabug: 32290034]
  • Revert ‘perf: avoid breaking KABI by reusing enum’ (Dave Kleikamp) [Orabug: 32290034]
  • Revert ‘perf/smmuv3: Allow sharing MMIO registers with the SMMU driver’ (Dave Kleikamp) [Orabug: 32290034]
  • tty: Fix ->session locking (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}
  • tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266677] {CVE-2020-29660}
  • xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}
  • xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
  • xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
  • xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
  • xen/xenbus: Add ‘will_handle’ callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
  • xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
  • KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251910]

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.004 Low

EPSS

Percentile

73.3%