Lucene search

K
oraclelinux
OracleLinuxELSA-2021-9087
HistoryMar 09, 2021 - 12:00 a.m.

Unbreakable Enterprise kernel-container security update

2021-03-0900:00:00
linux.oracle.com
50

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

[4.14.35-2047.501.0.el7]

  • block/diskstats: accumulate all per-cpu counters in one pass (Konstantin Khlebnikov) [Orabug: 32531559]
  • uek-rpm: config-aarch-embedded2 update for Jan 2021 Elba patches (Dave Kleikamp) [Orabug: 32532588]
  • dts/pensando: Fix compatile -> compatible typeo. (David Clear) [Orabug: 32532588]
  • Interrupt domain controllers for Elba ASIC. (David Clear) [Orabug: 32532588]
  • elba_defconfig: CONFIG_PTP_1588_CLOCK=y (David Clear) [Orabug: 32532588]
  • soc/pensando: pcie driver (David Clear) [Orabug: 32532588]
  • pcie: control access to pcie clock domain registers (David Clear) [Orabug: 32532588]
  • mmc: sdhci-cadence-elba ADMA and HS200 tuning support (David Clear) [Orabug: 32532588]
  • enable rcu callback offloading & adaptive tick mode to reduce jitter (David Clear) [Orabug: 32532588]
  • uek-rpm: Enable perf trace support for OL7 kernel builds. (Mridula Shastry) [Orabug: 32528194]
  • uek-rpm: update config-aarch-embedded2 for Elba (Dave Kleikamp) [Orabug: 32361844]
  • elba: u-boot environment partitions in the device-tree (David Clear) [Orabug: 32361844]
  • i2c: Add Elba Ortano Lattice RD1173 I2C controller driver. (David Clear) [Orabug: 32361844]
  • elba: one more mnet for elba.dtsi (David Clear) [Orabug: 32361844]
  • elba: Add IPv6 support to elba_defconfig (David Clear) [Orabug: 32361844]
  • mmc: sdhci-cadence-elba sdhci driver cleanup (David Clear) [Orabug: 32361844]
  • spi-dw: custom chip-select handler for elba (David Clear) [Orabug: 32361844]
  • arch/arm64: Pensando elba dts and config files (David Clear) [Orabug: 32361844]
  • drivers/soc/pensando: crash dump driver. (David Clear) [Orabug: 32361844]
  • drivers/pensando/soc: Boot State Machine (BSM) integration. (David Clear) [Orabug: 32361844]
  • drivers/soc/pensando: /dev/capmem driver. (David Clear) [Orabug: 32361844]
  • drivers/mmc/host: Pensando Elba support in the Cadence EMMC host controller (David Clear) [Orabug: 32361844]
  • drivers/gpio: support the Elba SPI chip-selects. (David Clear) [Orabug: 32361844]
  • arch/arm64: Pensando Elba SoC declaration. (David Clear) [Orabug: 32361844]
  • mmc: sdhci-cadence: fix PHY write (Vladimir Kondratiev) [Orabug: 32361844]
  • mmc: sdhci-cadence: set SDHCI_QUIRK2_PRESET_VALUE_BROKEN for UniPhier (Masahiro Yamada) [Orabug: 32361844]
  • mmc: sdhci-cadence: remove unneeded ‘inline’ marker (Masahiro Yamada) [Orabug: 32361844]
  • mmc: sdhci-cadence: use struct_size() helper (Gustavo A. R. Silva) [Orabug: 32361844]
  • mmc: sdhci-cadence: fix logically and structurally dead code (Gustavo A. R. Silva) [Orabug: 32361844]
  • mmc: sdhci-cadence: send tune request twice to work around errata (Masahiro Yamada) [Orabug: 32361844]
  • mmc: sdhci-cadence: use bitfield access macros for cleanup (Masahiro Yamada) [Orabug: 32361844]
  • Revert ‘Support the reset pulse width from the device-tree.’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Initial Pensando Capri SoC declaration’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Add Capri EMMC phy and instantiate the driver in the dts’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Capri SPI driver’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Interrupt domain controllers for Capri ASIC.’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Add uio support for Capri PCIE and Link interrupts’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Pensando/Capri PCIE panic handler.’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Pensando crash dump driver’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Pensando Boot State Machine (BSM) integration.’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Add mnic nodes to the Pensando devicetree’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘mtd/spi-nor/cadence-quadspi.c: Speed up reads.’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Add /proc/xmaps’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Add Pensando Capri board .dts files and default configs’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Provide for precise control of pgprot for Pensando’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Kconfig option to disable outer-cache-allocate for Pensando’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Add /dev/capmem driver for Pensando’ (Dave Kleikamp) [Orabug: 32361844]
  • Revert ‘Make low-speed APB bus accesses single threaded’ (Dave Kleikamp) [Orabug: 32361844]
  • sched/topology: Assert non-NUMA topology masks don’t (partially) overlap (Valentin Schneider) [Orabug: 32485794]
  • x86/msr: Add a pointer to an URL which contains further details (Borislav Petkov) [Orabug: 32409137]
  • x86/msr: Downgrade unrecognized MSR message (Borislav Petkov) [Orabug: 32409137]
  • x86/msr: Do not allow writes to MSR_IA32_ENERGY_PERF_BIAS (Borislav Petkov) [Orabug: 32409137]
  • x86/msr: Prevent userspace MSR access from dominating the console (Chris Down) [Orabug: 32409137]
  • x86/msr: Filter MSR writes (Borislav Petkov) [Orabug: 32409137]
  • tools/power/x86_energy_perf_policy: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32409137]
  • tools/power/turbostat: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32409137]
  • tools/power/cpupower: Read energy_perf_bias from sysfs (Borislav Petkov) [Orabug: 32409137]
  • uek-rpm: Enable Oracle Pilot BMC module (Eric Snowberg) [Orabug: 32422664]
  • hwmon: Add a new Oracle Pilot BMC driver (Eric Snowberg) [Orabug: 32422664]
  • ovl: verify permissions in ovl_path_open() (Miklos Szeredi) [Orabug: 32435220] {CVE-2020-16120}
  • ovl: switch to mounter creds in readdir (Miklos Szeredi) [Orabug: 32435220] {CVE-2020-16120}
  • ovl: pass correct flags for opening real directory (Miklos Szeredi) [Orabug: 32435220]
  • l2tp: fix race in pppol2tp_release with session object destroy (James Chapman) [Orabug: 32435324]
  • l2tp: fix races with tunnel socket close (James Chapman) [Orabug: 32435324]
  • l2tp: don’t use inet_shutdown on ppp session destroy (James Chapman) [Orabug: 32435324]
  • l2tp: don’t use inet_shutdown on tunnel destroy (James Chapman) [Orabug: 32435324]
  • l2tp: exit_net cleanup check added (Vasily Averin) [Orabug: 32435324]
  • l2tp: remove the .tunnel_sock field from struct pppol2tp_session (Guillaume Nault) [Orabug: 32435324]
  • l2tp: avoid using ->tunnel_sock for getting session’s parent tunnel (Guillaume Nault) [Orabug: 32435324]
  • l2tp: remove .tunnel_sock from struct l2tp_eth (Guillaume Nault) [Orabug: 32435324]
  • l2tp: don’t close sessions in l2tp_tunnel_destruct() (Guillaume Nault) [Orabug: 32435324]
  • l2tp: remove field ‘dev’ from struct l2tp_eth (Guillaume Nault) [Orabug: 32435324]
  • l2tp: remove l2tp_tunnel_count and l2tp_session_count (Guillaume Nault) [Orabug: 32435324]
  • l2tp: remove ->ref() and ->deref() (Guillaume Nault) [Orabug: 32435324]
  • net: l2tp: mark expected switch fall-through (Gustavo A. R. Silva) [Orabug: 32435324]
  • rds: CONFIG_RDS_DEBUG + tracepoints breaks rds build (Alan Maguire) [Orabug: 32442506]
  • futex: Handle faults correctly for PI futexes (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
  • futex: Simplify fixup_pi_state_owner() (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
  • futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
  • rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
  • futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
  • futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
  • futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [Orabug: 32447189] {CVE-2021-3347}
  • futex: Don’t enable IRQs unconditionally in put_pi_state() (Dan Carpenter) [Orabug: 32447189] {CVE-2021-3347}
  • nbd: freeze the queue while we’re adding connections (Josef Bacik) [Orabug: 32447287] {CVE-2021-3348}
  • rds: avoid crash on IB conn path shutdown prepare (Alan Maguire) [Orabug: 32457375]
  • net/rds: WARNING in rds_conn_drop (Ka-Cheong Poon) [Orabug: 32481707]
  • rds: tracepoints incorrectly reporting valid rds ping as drop (Alan Maguire) [Orabug: 32490010]
  • rds: tracepoint-related KASAN: use-after-free Read in rds_send_xmit (Alan Maguire) [Orabug: 32490032]
  • selinux: allow reading labels before policy is loaded (Jonathan Lebon) [Orabug: 32492279]
  • selinux: allow labeling before policy is loaded (Jonathan Lebon) [Orabug: 32492279]
How to protect your server from attacks?

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

Related for ELSA-2021-9087