Lucene search

K
oraclelinuxOracleLinuxELSA-2021-9442
HistorySep 08, 2021 - 12:00 a.m.

Unbreakable Enterprise kernel security update

2021-09-0800:00:00
linux.oracle.com
20

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

[4.1.12-124.54.6]

  • xen-netback: do not kfree_skb() when irq is disabled (Dongli Zhang) [Orabug: 33282046]
    [4.1.12-124.54.5]
  • l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall() (Guillaume Nault) [Orabug: 33113975] {CVE-2020-0429}
  • l2tp: ensure sessions are freed after their PPPOL2TP socket (Guillaume Nault) [Orabug: 33113975] {CVE-2020-0429}
  • l2tp: Refactor the codes with existing macros instead of literal number (Gao Feng) [Orabug: 33113975] {CVE-2020-0429}
  • l2tp: fix duplicate session creation (Guillaume Nault) [Orabug: 33113975] {CVE-2020-0429}
  • l2tp: ensure session can’t get removed during pppol2tp_session_ioctl() (Guillaume Nault) [Orabug: 33113975] {CVE-2020-0429}
  • l2tp: fix race in l2tp_recv_common() (Guillaume Nault) [Orabug: 33113975] {CVE-2020-0429}
  • net: l2tp: Make l2tp_ip6 namespace aware (Shmulik Ladkani) [Orabug: 33113975] {CVE-2020-0429}
  • l2tp: Correctly return -EBADF from pppol2tp_getname. ([email protected]) [Orabug: 33113975] {CVE-2020-0429}
    [4.1.12-124.54.4]
  • USB: mon: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai) [Orabug: 33113260] {CVE-2019-9456}
  • usb: usbmon: Read text within supplied buffer size (Pete Zaitcev) [Orabug: 33113260] {CVE-2019-9456}
    [4.1.12-124.54.3]
  • uek-rpm: mark /etc/ld.so.conf.d/ files as %config (Stephen Brennan) [Orabug: 32060376]
  • config: remove CONFIG_VGACON_SOFT_SCROLLBACK from kernel configs (Brian Maly) [Orabug: 33047770] {CVE-2020-28097} {CVE-2020-28097}
  • vgacon: remove software scrollback support (Linus Torvalds) [Orabug: 33047770] {CVE-2020-28097}
  • can: bcm: delay release of struct bcm_op after synchronize_rcu() (Thadeu Lima de Souza Cascardo) [Orabug: 33114649] {CVE-2021-3609}
  • iommu/vt-d: Use plain writeq() for dmar_writeq() where available (David Woodhouse) [Orabug: 33199774]
    [4.1.12-124.54.2]
  • qla2xxx: update version to 9.00.00.00.42.0-k1-v6 (Quinn Tran) [Orabug: 33196002]
  • qla2xxx: add heartbeat check (Quinn Tran) [Orabug: 33196002]
    [4.1.12-124.54.1]
  • can: bcm: fix infoleak in struct bcm_msg_head (Norbert Slusarek) [Orabug: 33030701] {CVE-2021-34693}
  • CIFS: 511c54a2f691 adds a check for session expiry (Aruna Ramakrishna) [Orabug: 33063858]
  • CIFS: Reconnect expired SMB sessions (Pavel Shilovsky) [Orabug: 33063858]
  • media: v4l: event: Add subscription to list before calling ‘add’ operation (Sakari Ailus) [Orabug: 33113344] {CVE-2019-9458}
  • media: v4l: event: Prevent freeing event subscriptions while accessed (Sakari Ailus) [Orabug: 33113344] {CVE-2019-9458}
  • chardev: Avoid potential use-after-free in ‘chrdev_open()’ (Will Deacon) [Orabug: 33113412] {CVE-2020-0305}
  • kobject: Export kobject_get_unless_zero() (Jan Kara) [Orabug: 33113412] {CVE-2020-0305}
  • cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE (Sergey Matyukevich) [Orabug: 33114443] {CVE-2020-27068}

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C