Lucene search

K
oraclelinuxOracleLinuxELSA-2021-9221
HistoryJun 01, 2021 - 12:00 a.m.

Unbreakable Enterprise kernel-container security update

2021-06-0100:00:00
linux.oracle.com
194

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

[5.4.17-2102.201.3.el8]

  • locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (Ali Saidi)
    [Orabug: 32805544]
    [5.4.17-2102.201.2.el8]
  • md/bitmap: wait for external bitmap writes to complete during tear down (Sudhakar Panneerselvam) [Orabug: 32764237]
  • ocfs2: fix deadlock between setattr and dio_end_io_write (Wengang Wang) [Orabug: 32763849]
  • tcp: do not mess with cloned skbs in tcp_add_backlog() (Eric Dumazet) [Orabug: 32760314]
  • Revert ‘x86/vmlinux: Use INT3 instead of NOP for linker fill bytes’ (John Donnelly) [Orabug: 32576398] {CVE-2021-3411}
  • iommu/vt-d: Fix agaw for a supported 48 bit guest address width (Saeed Mirzamohammadi) [Orabug: 32734148]
  • LTS tag: v5.4.85 (Jack Vogel)
  • x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (Xiaochen Shen)
  • x86/resctrl: Remove unused struct mbm_state::chunks_bw (James Morse)
  • membarrier: Explicitly sync remote cores when SYNC_CORE is requested (Andy Lutomirski)
  • Revert ‘selftests/ftrace: check for do_sys_openat2 in user-memory test’ (Kamal Mostafa)
  • KVM: mmu: Fix SPTE encoding of MMIO generation upper half (Maciej S. Szmigiero)
  • serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (Alexander Sverdlin)
  • ALSA: pcm: oss: Fix potential out-of-bounds shift (Takashi Iwai)
  • USB: sisusbvga: Make console support depend on BROKEN (Thomas Gleixner)
  • USB: UAS: introduce a quirk to set no_write_same (Oliver Neukum)
  • xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (Hans de Goede)
  • xhci: Give USB2 ports time to enter U3 in bus suspend (Li Jun)
  • ALSA: usb-audio: Fix control ‘access overflow’ errors from chmap (Takashi Iwai)
  • ALSA: usb-audio: Fix potential out-of-bounds shift (Takashi Iwai)
  • USB: add RESET_RESUME quirk for Snapscan 1212 (Oliver Neukum)
  • USB: dummy-hcd: Fix uninitialized array use in init() (Bui Quang Minh)
  • ktest.pl: If size of log is too big to email, email error message (Steven Rostedt (VMware))
  • net: stmmac: delete the eee_ctrl_timer after napi disabled (Fugang Duan)
  • net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux (Martin Blumenstingl)
  • net: ll_temac: Fix potential NULL dereference in temac_probe() (Zhang Changzhong)
  • lan743x: fix for potential NULL pointer dereference with bare card (Sergej Bauer)
  • tcp: fix cwnd-limited bug for TSO deferral where we send nothing (Neal Cardwell)
  • tcp: select sane initial rcvq_space.space for big MSS (Eric Dumazet)
  • net: stmmac: free tx skb buffer in stmmac_resume() (Fugang Duan)
  • bridge: Fix a deadlock when enabling multicast snooping (Joseph Huang)
  • enetc: Fix reporting of h/w packet counters (Claudiu Manoil)
  • udp: fix the proto value passed to ip_protocol_deliver_rcu for the segments (Xin Long)
  • net: hns3: remove a misused pragma packed (Huazhong Tan)
  • vrf: packets with lladdr src needs dst at input with orig_iif when needs strict (Stephen Suryaputra)
  • net: bridge: vlan: fix error return code in __vlan_add() (Zhang Changzhong)
  • mac80211: mesh: fix mesh_pathtbl_init() error path (Eric Dumazet)
  • ipv4: fix error return code in rtm_to_fib_config() (Zhang Changzhong)
  • ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info() (Peilin Ye)
  • LTS tag: v5.4.84 (Jack Vogel)
  • compiler.h: fix barrier_data() on clang (Arvind Sankar)
  • mm/zsmalloc.c: drop ZSMALLOC_PGTABLE_MAPPING (Minchan Kim)
  • x86/apic/vector: Fix ordering in vector assignment (Thomas Gleixner)
  • x86/membarrier: Get rid of a dubious optimization (Andy Lutomirski)
  • x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (Arvind Sankar)
  • scsi: be2iscsi: Revert ‘Fix a theoretical leak in beiscsi_create_eqs()’ (Dan Carpenter)
  • proc: use untagged_addr() for pagemap_read addresses (Miles Chen)
  • kbuild: avoid static_assert for genksyms (Arnd Bergmann)
  • drm/i915/display/dp: Compute the correct slice count for VDSC on DP (Manasi Navare)
  • mmc: block: Fixup condition for CMD13 polling for RPMB requests (Bean Huo)
  • pinctrl: amd: remove debounce filter setting in IRQ type setting (Coiby Xu)
  • Input: i8042 - add Acer laptops to the i8042 reset list (Chris Chiu)
  • Input: cm109 - do not stomp on control URB (Dmitry Torokhov)
  • ktest.pl: Fix incorrect reboot for grub2bls (Libo Chen)
  • can: m_can: m_can_dev_setup(): add support for bosch mcan version 3.3.0 (Pankaj Sharma)
  • platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (Hans de Goede)
  • platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (Max Verevkin)
  • platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (Timo Witte)
  • platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (Hans de Goede)
  • platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (Hans de Goede)
  • arm64: tegra: Disable the ACONNECT for Jetson TX2 (Jon Hunter)
  • soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (Hao Si)
  • spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (Ran Wang)
  • irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend (Xu Qiang)
  • ibmvnic: skip tx timeout reset while in resetting (Lijun Pan)
  • interconnect: qcom: qcs404: Remove GPU and display RPM IDs (Georgi Djakov)
  • scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (Can Guo)
  • ARC: stack unwinding: don’t assume non-current task is sleeping (Vineet Gupta)
  • arm64: dts: broadcom: clear the warnings caused by empty dma-ranges (Zhen Lei)
  • powerpc: Drop -me200 addition to build flags (Michael Ellerman)
  • iwlwifi: mvm: fix kernel panic in case of assert during CSA (Sara Sharon)
  • iwlwifi: pcie: set LTR to avoid completion timeout (Johannes Berg)
  • arm64: dts: rockchip: Assign a fixed index to mmc devices on rk3399 boards. (Markus Reichl)
  • iwlwifi: pcie: limit memory read spin time (Johannes Berg)
  • x86/lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S (Fangrui Song)
  • Kbuild: do not emit debug info for assembly with LLVM_IAS=1 (Nick Desaulniers)
    [5.4.17-2102.201.1.el8]
  • IB/mlx5: Reduce max order of memory allocated for xlt update (Praveen Kumar Kannoju) [Orabug: 32751624]
  • netfilter: x_tables: Use correct memory barriers. (Mark Tomlinson) [Orabug: 32709120] {CVE-2021-29650}
  • perf/x86/intel: Fix a crash caused by zero PEBS status (Kan Liang) [Orabug: 32669468] {CVE-2021-28971}
  • btrfs: fix race when cloning extent buffer during rewind of an old root (Filipe Manana) [Orabug: 32669450] {CVE-2021-28964}
  • uek-rpm: Update SecureBoot Digicert 2021 certificates (Jack Vogel) [Orabug: 32532663]
  • RDMA/rxe: ipc_bench fails on SoftRoCE with shpd (Rao Shoaib) [Orabug: 32716155]
  • vhost-vdpa: set v->config_ctx to NULL if eventfd_ctx_fdget() fails (Stefano Garzarella) [Orabug: 32696005] {CVE-2021-29266}
  • vhost-vdpa: fix use-after-free of v->config_ctx (Stefano Garzarella) [Orabug: 32696005] {CVE-2021-29266}
  • fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 32669269] {CVE-2021-28950}
  • fuse: fix bad inode (Miklos Szeredi) [Orabug: 32669269] {CVE-2021-28950}
  • RDMA/core: Fix corrupted SL on passive side (Hakon Bugge) [Orabug: 32662965]
  • Xen/gnttab: handle p2m update errors on a per-slot basis (Jan Beulich) [Orabug: 32651473] {CVE-2021-28038}
  • RDMA/rxe: Compute the maximum sges and inline size based on the WQE size (Rao Shoaib) [Orabug: 32648060]
  • KVM: kvmclock: Fix vCPUs > 64 can’t be online/hotpluged (Wanpeng Li) [Orabug: 32641672]
  • xen/netback: avoid race in xenvif_rx_ring_slots_available() (Juergen Gross) [Orabug: 32640116]
  • uek-rpm: ol7: aarch64: add CONFIG_ACPI_HOTPLUG_MEMORY (Mihai Carabas) [Orabug: 32638660]
  • KVM: SVM: Disable AVIC before setting V_IRQ (Suravee Suthikulpanit) [Orabug: 32603569]
  • KVM: Introduce kvm_make_all_cpus_request_except() (Suravee Suthikulpanit) [Orabug: 32603569]
  • KVM: X86: correct meaningless kvm_apicv_activated() check (Paolo Bonzini) [Orabug: 32603569]
  • KVM: Disable preemption in kvm_get_running_vcpu() (Marc Zyngier) [Orabug: 32603569]
  • KVM: Move running VCPU from ARM to common code (Paolo Bonzini) [Orabug: 32603569]
  • xen-blkback: don’t leak persistent grants from xen_blkbk_map() (Jan Beulich) [Orabug: 32697850] {CVE-2021-28688}
  • video: hyperv_fb: Fix the mmap() regression for v5.4.y and older (Dexuan Cui) [Orabug: 32651461]

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C