Lucene search

K
oraclelinuxOracleLinuxELSA-2021-9308
HistoryJun 15, 2021 - 12:00 a.m.

Unbreakable Enterprise kernel-container security update

2021-06-1500:00:00
linux.oracle.com
191

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.1 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:P/A:C

0.0004 Low

EPSS

Percentile

14.2%

[4.14.35-2047.504.2.el7]

  • md/raid1: properly indicate failure when ending a failed write request (Paul Clements) [Orabug: 32887159]
  • video: hyperv_fb: Add ratelimit on error message (Michael Kelley) [Orabug: 32856879]
  • Drivers: hv: vmbus: Initialize unload_event statically (Andrea Parri (Microsoft)) [Orabug: 32856879]
  • Drivers: hv: vmbus: Increase wait time for VMbus unload (Michael Kelley) [Orabug: 32856879]
  • dm ioctl: fix out of bounds array access when no devices (Mikulas Patocka) [Orabug: 32860493] {CVE-2021-31916}
  • net/mlx4: Treat VFs fair when handling comm_channel_events (Hans Westgaard Ry) [Orabug: 32559464]
  • Linux 4.14.210 (Greg Kroah-Hartman)
  • USB: core: Fix regression in Hercules audio card (Alan Stern)
  • USB: core: add endpoint-blacklist quirk (Johan Hovold)
  • x86/resctrl: Add necessary kernfs_put() calls to prevent refcount leak (Xiaochen Shen)
  • x86/resctrl: Remove superfluous kernfs_get() calls to prevent refcount leak (Xiaochen Shen)
  • usb: gadget: Fix memleak in gadgetfs_fill_super (Zhang Qilong)
  • usb: gadget: f_midi: Fix memleak in f_midi_alloc (Zhang Qilong)
  • USB: core: Change %pK for __user pointers to %px (Alan Stern)
  • perf probe: Fix to die_entrypc() returns error correctly (Masami Hiramatsu)
  • can: m_can: fix nominal bitiming tseg2 min for version >= 3.1 (Marc Kleine-Budde)
  • platform/x86: toshiba_acpi: Fix the wrong variable assignment (Kaixu Xia)
  • can: gs_usb: fix endianess problem with candleLight firmware (Marc Kleine-Budde)
  • efivarfs: revert ‘fix memory leak in efivarfs_create()’ (Ard Biesheuvel)
  • ibmvnic: fix NULL pointer dereference in ibmvic_reset_crq (Lijun Pan)
  • ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues (Lijun Pan)
  • net: ena: set initial DMA width to avoid intel iommu issue (Shay Agroskin)
  • nfc: s3fwrn5: use signed integer for parsing GPIO numbers (Krzysztof Kozlowski)
  • IB/mthca: fix return value of error branch in mthca_init_cq() (Xiongfeng Wang)
  • scsi: ufs: Fix race between shutdown and runtime resume flow (Stanley Chu)
  • batman-adv: set .owner to THIS_MODULE (Taehee Yoo)
  • phy: tegra: xusb: Fix dangling pointer on probe failure (Marc Zyngier)
  • perf/x86: fix sysfs type mismatches (Sami Tolvanen)
  • scsi: target: iscsi: Fix cmd abort fabric stop race (Mike Christie)
  • scsi: libiscsi: Fix NOP race condition (Lee Duncan)
  • dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size (Sugar Zhang)
  • nvme: free sq/cq dbbuf pointers when dbbuf set fails (Minwoo Im)
  • proc: don’t allow async path resolution of /proc/self components (Jens Axboe)
  • HID: Add Logitech Dinovo Edge battery quirk (Hans de Goede)
  • x86/xen: don’t unbind uninitialized lock_kicker_irq (Brian Masney)
  • dmaengine: xilinx_dma: use readl_poll_timeout_atomic variant (Marc Ferland)
  • HID: hid-sensor-hub: Fix issue with devices with no report ID (Pablo Ceballos)
  • Input: i8042 - allow insmod to succeed on devices without an i8042 controller (Hans de Goede)
  • HID: cypress: Support Varmilo Keyboards’ media hotkeys (Frank Yang)
  • ALSA: hda/hdmi: fix incorrect locking in hdmi_pcm_close (Kai Vehmanen)
  • ALSA: hda/hdmi: Use single mutex unlock in error paths (Takashi Iwai)
  • arm64: pgtable: Ensure dirty bit is preserved across pte_wrprotect() (Will Deacon)
  • arm64: pgtable: Fix pte_accessible() (Will Deacon)
  • btrfs: adjust return values of btrfs_inode_by_name (Su Yue)
  • btrfs: tree-checker: Enhance chunk checker to validate chunk profile (Qu Wenruo)
  • PCI: Add device even if driver attach failed (Rajat Jain)
  • wireless: Use linux/stddef.h instead of stddef.h (Hauke Mehrtens)
  • btrfs: fix lockdep splat when reading qgroup config on mount (Filipe Manana)
  • mm/userfaultfd: do not access vma->vm_mm after calling handle_userfault() (Gerald Schaefer)
  • perf event: Check ref_reloc_sym before using it (Igor Lubashev)
  • Linux 4.14.209 (Greg Kroah-Hartman)
  • x86/microcode/intel: Check patch signature before saving microcode for early loading (Chen Yu)
  • s390/dasd: fix null pointer dereference for ERP requests (Stefan Haberland)
  • s390/cpum_sf.c: fix file permission for cpum_sfb_size (Thomas Richter)
  • mac80211: free sta in sta_info_insert_finish() on errors (Johannes Berg)
  • mac80211: minstrel: fix tx status processing corner case (Felix Fietkau)
  • mac80211: minstrel: remove deferred sampling code (Felix Fietkau)
  • xtensa: disable preemption around cache alias management calls (Max Filippov)
  • regulator: workaround self-referent regulators (Michal Miroslaw)
  • regulator: avoid resolve_supply() infinite recursion (Michal Miroslaw)
  • regulator: fix memory leak with repeated set_machine_constraints() (Michal Miroslaw)
  • iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode (Hans de Goede)
  • iio: accel: kxcjk1013: Replace is_smo8500_device with an acpi_type enum (Hans de Goede)
  • ext4: fix bogus warning in ext4_update_dx_flag() (Jan Kara)
  • staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids (Brian O’Keefe)
  • efivarfs: fix memory leak in efivarfs_create() (Vamshi K Sthambamkadi)
  • tty: serial: imx: keep console clocks always on (Fugang Duan)
  • ALSA: mixart: Fix mutex deadlock (Takashi Iwai)
  • ALSA: ctl: fix error path at adding user-defined element set (Takashi Sakamoto)
  • speakup: Do not let the line discipline be used several times (Samuel Thibault)
  • powerpc/uaccess-flush: fix missing includes in kup-radix.h (Daniel Axtens)
  • libfs: fix error cast of negative value in simple_attr_write() (Yicong Yang)
  • xfs: revert ‘xfs: fix rmap key and record comparison functions’ (Darrick J. Wong)
  • regulator: ti-abb: Fix array out of bound read access on the first transition (Nishanth Menon)
  • MIPS: Alchemy: Fix memleak in alchemy_clk_setup_cpu (Zhang Qilong)
  • ASoC: qcom: lpass-platform: Fix memory leak (Srinivasa Rao Mandadapu)
  • can: m_can: m_can_handle_state_change(): fix state change (Wu Bo)
  • can: peak_usb: fix potential integer overflow on shift of a int (Colin Ian King)
  • can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (Marc Kleine-Budde)
  • can: ti_hecc: Fix memleak in ti_hecc_probe (Zhang Qilong)
  • can: dev: can_restart(): post buffer from the right context (Alejandro Concepcion Rodriguez)
  • can: af_can: prevent potential access of uninitialized member in canfd_rcv() (Anant Thazhemadam)
  • can: af_can: prevent potential access of uninitialized member in can_rcv() (Anant Thazhemadam)
  • perf lock: Don’t free ‘lock_seq_stat’ if read_count isn’t zero (Leo Yan)
  • ARM: dts: imx50-evk: Fix the chip select 1 IOMUX (Fabio Estevam)
  • arm: dts: imx6qdl-udoo: fix rgmii phy-mode for ksz9031 phy (Sergey Matyukevich)
  • MIPS: export has_transparent_hugepage() for modules (Randy Dunlap)
  • Input: adxl34x - clean up a data type in adxl34x_probe() (Dan Carpenter)
  • vfs: remove lockdep bogosity in __sb_start_write (Darrick J. Wong)
  • arm64: psci: Avoid printing in cpu_psci_cpu_die() (Will Deacon)
  • pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq (Jianqun Xu)
  • net: ftgmac100: Fix crash when removing driver (Joel Stanley)
  • tcp: only postpone PROBE_RTT if RTT is < current min_rtt estimate (Ryan Sharpelletti)
  • net: usb: qmi_wwan: Set DTR quirk for MR400 (Filip Moc)
  • net/mlx5: Disable QoS when min_rates on all VFs are zero (Vladyslav Tarasiuk)
  • sctp: change to hold/put transport for proto_unreach_timer (Xin Long)
  • qlcnic: fix error return code in qlcnic_83xx_restart_hw() (Zhang Changzhong)
  • net: x25: Increase refcnt of ‘struct x25_neigh’ in x25_rx_call_request (Xie He)
  • net/mlx4_core: Fix init_hca fields offset (Aya Levin)
  • netlabel: fix an uninitialized warning in netlbl_unlabel_staticlist() (Paul Moore)
  • netlabel: fix our progress tracking in netlbl_unlabel_staticlist() (Paul Moore)
  • net: Have netpoll bring-up DSA management interface (Florian Fainelli)
  • net: dsa: mv88e6xxx: Avoid VTU corruption on 6097 (Tobias Waldekranz)
  • net: bridge: add missing counters to ndo_get_stats64 callback (Heiner Kallweit)
  • net: b44: fix error return code in b44_init_one() (Zhang Changzhong)
  • mlxsw: core: Use variable timeout for EMAD retries (Ido Schimmel)
  • inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (Wang Hai)
  • devlink: Add missing genlmsg_cancel() in devlink_nl_sb_port_pool_fill() (Wang Hai)
  • atm: nicstar: Unmap DMA on send error (Sebastian Andrzej Siewior)
  • ah6: fix error return code in ah6_input() (Zhang Changzhong)
    [4.14.35-2047.504.1.el7]
  • Linux 4.14.208 (Greg Kroah-Hartman)
  • ACPI: GED: fix -Wformat (Nick Desaulniers)
  • can: proc: can_remove_proc(): silence remove_proc_entry warning (Zhang Changzhong)
  • mac80211: always wind down STA state (Johannes Berg)
  • Input: sunkbd - avoid use-after-free in teardown paths (Dmitry Torokhov)
  • powerpc/8xx: Always fault when _PAGE_ACCESSED is not set (Christophe Leroy)
  • gpio: mockup: fix resource leak in error path (Bartosz Golaszewski)
  • i2c: imx: Fix external abort on interrupt in exit paths (Krzysztof Kozlowski)
  • i2c: imx: use clk notifier for rate changes (Lucas Stach)
  • powerpc/64s: flush L1D after user accesses (Nicholas Piggin) {CVE-2020-4788}
  • powerpc/uaccess: Evaluate macro arguments once, before user access is allowed (Nicholas Piggin)
  • powerpc: Fix __clear_user() with KUAP enabled (Andrew Donnellan)
  • powerpc: Implement user_access_begin and friends (Christophe Leroy)
  • powerpc: Add a framework for user access tracking (Christophe Leroy)
  • powerpc/64s: flush L1D on kernel entry (Nicholas Piggin) {CVE-2020-4788}
  • powerpc/64s: move some exception handlers out of line (Daniel Axtens)
  • powerpc/64s: Define MASKABLE_RELON_EXCEPTION_PSERIES_OOL (Daniel Axtens)
  • Linux 4.14.207 (Greg Kroah-Hartman)
  • mm: fix exec activate_mm vs TLB shootdown and lazy tlb switching race (Nicholas Piggin)
  • Convert trailing spaces and periods in path components (Boris Protopopov)
  • reboot: fix overflow parsing reboot cpu number (Matteo Croce)
  • Revert ‘kernel/reboot.c: convert simple_strtoul to kstrtoint’ (Matteo Croce)
  • perf/core: Fix crash when using HW tracing kernel filters (Mathieu Poirier)
  • x86/speculation: Allow IBPB to be conditionally enabled on CPUs with always-on STIBP (Anand K Mistry)
  • random32: make prandom_u32() output unpredictable (George Spelvin)
  • net: Update window_clamp if SOCK_RCVBUF is set (Mao Wenan)
  • r8169: fix potential skb double free in an error path (Heiner Kallweit)
  • vrf: Fix fast path output packet handling with async Netfilter rules (Martin Willi)
  • net/x25: Fix null-ptr-deref in x25_connect (Martin Schiller)
  • net/af_iucv: fix null pointer dereference on shutdown (Ursula Braun)
  • IPv6: Set SIT tunnel hard_header_len to zero (Oliver Herms)
  • swiotlb: fix ‘x86: Don’t panic if can not alloc buffer for swiotlb’ (Stefano Stabellini)
  • pinctrl: amd: fix incorrect way to disable debounce filter (Coiby Xu)
  • pinctrl: amd: use higher precision for 512 RtcClk (Coiby Xu)
  • drm/gma500: Fix out-of-bounds access to struct drm_device.vblank[] (Thomas Zimmermann)
  • don’t dump the threads that had been already exiting when zapped. (Al Viro)
  • selinux: Fix error return code in sel_ib_pkey_sid_slow() (Chen Zhou)
  • mei: protect mei_cl_mtu from null dereference (Alexander Usyskin)
  • usb: cdc-acm: Add DISABLE_ECHO for Renesas USB Download mode (Chris Brandt)
  • uio: Fix use-after-free in uio_unregister_device() (Shin’ichiro Kawasaki)
  • thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (Jing Xiangfeng)
  • ext4: unlock xattr_sem properly in ext4_inline_data_truncate() (Joseph Qi)
  • ext4: correctly report ‘not supported’ for {usr,grp}jquota when !CONFIG_QUOTA (Kaixu Xia)
  • perf: Fix get_recursion_context() (Peter Zijlstra)
  • cosa: Add missing kfree in error path of cosa_write (Wang Hai)
  • of/address: Fix of_node memory leak in of_dma_is_coherent (Evan Nimmo)
  • xfs: fix a missing unlock on error in xfs_fs_map_blocks (Christoph Hellwig)
  • xfs: fix rmap key and record comparison functions (Darrick J. Wong)
  • xfs: fix flags argument to rmap lookup when converting shared file rmaps (Darrick J. Wong)
  • nbd: fix a block_device refcount leak in nbd_release (Christoph Hellwig)
  • pinctrl: aspeed: Fix GPI only function problem. (Billy Tsai)
  • ARM: 9019/1: kprobes: Avoid fortify_panic() when copying optprobe template (Andrew Jeffery)
  • pinctrl: intel: Set default bias in case no particular value given (Andy Shevchenko)
  • scsi: scsi_dh_alua: Avoid crash during alua_bus_detach() (Hannes Reinecke)
  • cfg80211: regulatory: Fix inconsistent format argument (Ye Bin)
  • mac80211: fix use of skb payload instead of header (Johannes Berg)
  • drm/amdgpu: perform srbm soft reset always on SDMA resume (Evan Quan)
  • scsi: hpsa: Fix memory leak in hpsa_init_one() (Keita Suzuki)
  • gfs2: check for live vs. read-only file system in gfs2_fitrim (Bob Peterson)
  • gfs2: Add missing truncate_inode_pages_final for sd_aspace (Bob Peterson)
  • gfs2: Free rd_bits later in gfs2_clear_rgrpd to fix use-after-free (Bob Peterson)
  • usb: gadget: goku_udc: fix potential crashes in probe (Evgeny Novikov)
  • ath9k_htc: Use appropriate rs_datalen type (Masashi Honma)
  • Btrfs: fix missing error return if writeback for extent buffer never started (Filipe Manana)
  • xfs: flush new eof page on truncate to avoid post-eof corruption (Brian Foster)
  • can: peak_canfd: pucan_handle_can_rx(): fix echo management when loopback is on (Stephane Grosjean)
  • can: peak_usb: peak_usb_get_ts_time(): fix timestamp wrapping (Stephane Grosjean)
  • can: peak_usb: add range checking in decode operations (Dan Carpenter)
  • can: can_create_echo_skb(): fix echo skb generation: always use skb_clone() (Oleksij Rempel)
  • can: dev: __can_get_echo_skb(): fix real payload length return value for RTR frames (Oliver Hartkopp)
  • can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context (Vincent Mailhol)
  • can: rx-offload: don’t call kfree_skb() from IRQ context (Marc Kleine-Budde)
  • ALSA: hda: prevent undefined shift in snd_hdac_ext_bus_get_link() (Dan Carpenter)
  • perf tools: Add missing swap for ino_generation (Jiri Olsa)
  • net: xfrm: fix a race condition during allocing spi (zhuoliang zhang)
  • hv_balloon: disable warning when floor reached (Olaf Hering)
  • genirq: Let GENERIC_IRQ_IPI select IRQ_DOMAIN_HIERARCHY (Marc Zyngier)
  • btrfs: reschedule when cloning lots of extents (Johannes Thumshirn)
  • btrfs: sysfs: init devices outside of the chunk_mutex (Josef Bacik)
  • nbd: don’t update block size after device is started (Ming Lei)
  • time: Prevent undefined behaviour in timespec64_to_ns() (Zeng Tao)
  • mm: mempolicy: fix potential pte_unmap_unlock pte error (Shijie Luo)
  • ring-buffer: Fix recursion protection transitions between interrupt context (Steven Rostedt (VMware))
  • regulator: defer probe when trying to get voltage from unresolved supply (Michal Miroslaw)
  • rds: Change return code from rds_send_xmit() when lock is taken (Hakon Bugge) [Orabug: 32852117]
  • rds: Fix unintended fall-through in rds_send_worker (Hakon Bugge) [Orabug: 32852117]
  • tcp: send in-queue bytes in cmsg upon read (Soheil Hassas Yeganeh) [Orabug: 32871463]
    [4.14.35-2047.504.0.el7]
  • IB/ipoib: Improve latency in ipoib/cm connection formation (Manjunath Patil) [Orabug: 32853000]
  • x86/amd: Disable IBS on Rome processors due to erratum 1215 (Boris Ostrovsky) [Orabug: 32817187]
  • net/mlx5e: Rx, Fix checksum calculation for new hardware (Saeed Mahameed) [Orabug: 32553186]
  • net/mlx5e: Rx, Fixup skb checksum for packets with tail padding (Saeed Mahameed) [Orabug: 32553186]
  • net/mlx5e: Force CHECKSUM_UNNECESSARY for short ethernet frames (Cong Wang) [Orabug: 32553186]
  • mlx5: fix get_ip_proto() (Cong Wang) [Orabug: 32553186]
  • net/mlx5e: Set ECN for received packets using CQE indication (Natali Shechtman) [Orabug: 32553186]
  • net/mlx5e: CHECKSUM_COMPLETE offload for VLAN/QinQ packets (Gal Pressman) [Orabug: 32553186]

6.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

6.1 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:P/I:P/A:C

0.0004 Low

EPSS

Percentile

14.2%