Unbreakable Enterprise kernel-container security update

2021-10-1400:00:00

linux.oracle.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

[5.4.17-2136.300.7.el7]

KVM: SVM: Fix mismerge in svm_update_pi_irte() (Liam Merwick) [Orabug: 33446526]
Revert KVM: x86: hyperv: Remove duplicate definitions of Reference TSC Page (Liam Merwick) [Orabug: 33450675]
[5.4.17-2136.300.6]
Revert scsi: core: Cap scsi_host cmd_per_lun at can_queue (Jack Vogel) [Orabug: 33441404]
[5.4.17-2136.300.5]
dccp: dont duplicate ccid when cloning dccp sock (Lin, Zhenpeng) [Orabug: 33408808] {CVE-2017-6074} {CVE-2020-16119} {CVE-2020-16119}
block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33396355]
uek-rpm: add ofb.ko and crypto_user.ko modules to nano kernel (Somasundaram Krishnasamy) [Orabug: 31895743]
[5.4.17-2136.300.4]
Reintroduce: certs: Add EFI_CERT_X509_GUID support for dbx entries (Konrad Rzeszutek Wilk) [Orabug: 33382994]
bnxt_en: Update the driver version string (Jack Vogel) [Orabug: 33392416]
[5.4.17-2136.300.3]
net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug: 33379543]
KVM: X86: MMU: Use the correct inherited permissions to get shadow page (Lai Jiangshan) [Orabug: 33359297] {CVE-2021-38198}
KVM: x86: adjust SEV for commit 7e8e6eed75e (Paolo Bonzini) [Orabug: 33375655]
net/mlx5: Implement Oracle-only solution for mlx device names (Mikhael Goikhman) [Orabug: 33247746]
[5.4.17-2136.300.2]
btrfs: fix NULL pointer dereference when deleting device by invalid id (Qu Wenruo) [Orabug: 33365609] {CVE-2021-3739}
Revert uek-rpm: mark /etc/ld.so.conf.d/ files as %config (aloktiw) [Orabug: 33359669]
bpf: provide BPF Type Format (BTF) info for kernel (Alan Maguire) [Orabug: 33331233]
perf/x86/amd: Dont touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (Like Xu) [Orabug: 33194216]
IB/core: Read subnet_prefix in ib_query_port via cache. (Anand Khoje) [Orabug: 33283556]
IB/core: Shifting initialization of device->cache_lock (Anand Khoje) [Orabug: 33283556]
IB/core: Updating cache for subnet_prefix in config_non_roce_gid_cache() (Anand Khoje) [Orabug: 33283556]
IB/core: Shuffle locks in ib_port_data to save memory (Anand Khoje) [Orabug: 33283556]
IB/core: Removed port validity check from ib_get_cached_subnet_prefix (Anand Khoje) [Orabug: 33283556]
xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (Dongli Zhang) [Orabug: 33106728]
[5.4.17-2136.300.1]
net: qrtr: fix another OOB Read in qrtr_endpoint_post (Xiaolong Huang) [Orabug: 33336805] {CVE-2021-3743}
ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Tso) [Orabug: 33336785] {CVE-2021-40490}
net/mlx5: E-Switch, Fix vlan or qos setting in legacy mode (Vu Pham) [Orabug: 33291040]
rds: ib: Set SEND_SIGNALED on the last WR posted (Hakon Bugge) [Orabug: 33331710]
RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33331640]
usb: hso: fix error handling code of hso_create_net_device (Dongliang Mu) [Orabug: 33329086] {CVE-2021-37159}
hso: fix bailout in error case of probe (Oliver Neukum) [Orabug: 33329086] {CVE-2021-37159}
uek-rpm: Set DEFAULTKERNEL in /etc/sysconfig/kernel correctly (Dave Kleikamp) [Orabug: 33219604]
RDMA/mlx5: Fix crash when unbind multiport slave (Maor Gottlieb) [Orabug: 33303425]
net/mlx5: Dont overwrite HCA capabilities when setting MSI-X count (Leon Romanovsky) [Orabug: 33220810]
net/mlx5: Implement sriov_get_vf_total_msix/count() callbacks (Leon Romanovsky) [Orabug: 33220810]
net/mlx5: Dynamically assign MSI-X vectors count (Leon Romanovsky) [Orabug: 33220810]
net/mlx5: Add dynamic MSI-X capabilities bits (Leon Romanovsky) [Orabug: 33220810]
PCI/IOV: Add sysfs MSI-X vector assignment interface (Leon Romanovsky) [Orabug: 33220810]
net/mlx5: Check that driver was probed prior attaching the device (Leon Romanovsky) [Orabug: 33286656]
[5.4.17-2136.300.0]
misc/pvpanic: fix set driver data (Mihai Carabas) [Orabug: 33290806]
btrfs: fix race between marking inode needs to be logged and log syncing (Filipe Manana) [Orabug: 33265208]
vdpa/mlx5: fix feature negotiation across device reset (Si-Wei Liu) [Orabug: 33247045]
net/mlx5: E-switch, When eswitch is unsupported, return -EOPNOTSUPP (Parav Pandit) [Orabug: 33241452]
xen-acpi-processor: fix coordination type mismatch (Elena Ufimtseva)
net/mlx5: E-switch, Use eswitch total_vports (Parav Pandit) [Orabug: 33213269]
net/mlx5: E-switch, Reuse total_vports and avoid duplicate nvports (Parav Pandit) [Orabug: 33213269]
net/mlx5: E-switch, Consider maximum vf vports for steering init (Parav Pandit) [Orabug: 33213269]
RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (Maor Gottlieb) [Orabug: 33303297]
rds: fix statistics counters and check for memory leak (Hans Westgaard Ry) [Orabug: 31372378]
KVM: X86: Micro-optimize IPI fastpath delay (Wanpeng Li) [Orabug: 33119431]
net/mlx5_core: Restore driver version (Roy Novich) [Orabug: 33112151]
RDMA/umem: Use ib_dma_max_seg_size instead of dma_get_max_seg_size (Christoph Hellwig) [Orabug: 33107202]
lib/scatterlist: Do not limit max_segment to PAGE_ALIGNED values (Jason Gunthorpe) [Orabug: 33107202]
RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) [Orabug: 33107202]
lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb) [Orabug: 33107202]
uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33246580]
rdmaip: trace message buffer size too small for rdmaip debug tracepoints (Alan Maguire) [Orabug: 33267573]
driver core: auxiliary bus: Fix memory leak when driver_register() fail (Peter Ujfalusi) [Orabug: 32461425]
driver core: auxiliary bus: Remove unneeded module bits (Dave Jiang) [Orabug: 32461425]
driver core: auxiliary bus: Fix calling stage for auxiliary bus init (Dave Jiang) [Orabug: 32461425]
driver core: auxiliary bus: Fix auxiliary bus shutdown null auxdrv ptr (Dave Jiang) [Orabug: 32461425]
bnxt_en: Use register window 6 instead of 5 to read the PHC (Michael Chan) [Orabug: 33181761]
bnxt_en: Update firmware call to retrieve TX PTP timestamp (Michael Chan) [Orabug: 33181761]
bnxt_en: Update firmware interface to 1.10.2.52 (Michael Chan) [Orabug: 33181761]
[5.4.17-2122.305.7]
ice: implement device flash update via devlink (Jacob Keller) [Orabug: 33236075]
ice: add board identifier info to devlink .info_get (Jacob Keller) [Orabug: 33236075]
ice: add basic handler for devlink .info_get (Jacob Keller) [Orabug: 33236075]
ice: enable initial devlink support (Jacob Keller) [Orabug: 33236075]
bitops: introduce the for_each_set_clump8 macro (William Breathitt Gray) [Orabug: 33236075]
Add pldmfw library for PLDM firmware update (Jacob Keller) [Orabug: 33236075]
devlink: expand the devlink-info documentation (Jakub Kicinski) [Orabug: 33236075]
devlink: promote fw.bundle_id to a generic info version (Jacob Keller) [Orabug: 33236075]
devlink: remove trigger command from devlink-region.rst (Jacob Keller) [Orabug: 33236075]
devlink: add trap metadata type for cookie (Jiri Pirko) [Orabug: 33236075]
devlink: add ACL generic packet traps (Jiri Pirko) [Orabug: 33236075]
devlink: Force enclosing array on binary fmsg data (Aya Levin) [Orabug: 33236075]
devlink: document devlink info versions reported by bnxt_en driver (Vasundhara Volam) [Orabug: 33236075]
devlink: add macro for fw.roce (Vasundhara Volam) [Orabug: 33236075]
devlink: Add health recover notifications on devlink flows (Moshe Shemesh) [Orabug: 33236075]
devlink: Add overlay source MAC is multicast trap (Amit Cohen) [Orabug: 33236075]
devlink: Add tunnel generic packet traps (Amit Cohen) [Orabug: 33236075]
devlink: Add non-routable packet trap (Amit Cohen) [Orabug: 33236075]
devlink: fix typos in qed documentation (Jacob Keller) [Orabug: 33236075]
devlink: correct misspelling of snapshot (Jacob Keller) [Orabug: 33236075]
devlink: document region snapshot triggering from userspace (Jacob Keller) [Orabug: 33236075]
devlink: introduce devlink-dpipe.rst documentation file (Jacob Keller) [Orabug: 33236075]
devlink: add a devlink-resource.rst documentation file (Jacob Keller) [Orabug: 33236075]
devlink: rename and expand devlink-trap-netdevsim.rst (Jacob Keller) [Orabug: 33236075]
devlink: add documentation for ionic device driver (Jacob Keller) [Orabug: 33236075]
devlink: add a file documenting devlink regions (Jacob Keller) [Orabug: 33236075]
devlink: add a driver-specific file for the qed driver (Jacob Keller) [Orabug: 33236075]
devlink: add parameter documentation for the mlx4 driver (Jacob Keller) [Orabug: 33236075]
devlink: document info versions for each driver (Jacob Keller) [Orabug: 33236075]
devlink: convert driver-specific files to reStructuredText (Jacob Keller) [Orabug: 33236075]
devlink: mention reloading in devlink-params.rst (Jacob Keller) [Orabug: 33236075]
devlink: add documentation for generic devlink parameters (Jacob Keller) [Orabug: 33236075]
devlink: convert devlink-params.txt to reStructuredText (Jacob Keller) [Orabug: 33236075]
devlink: rename devlink-info-versions.rst and add a header (Jacob Keller) [Orabug: 33236075]
devlink: convert devlink-health.txt to rst format (Jacob Keller) [Orabug: 33236075]
devlink: move devlink documentation to subfolder (Jacob Keller) [Orabug: 33236075]
devlink: add macro for fw.psid (Jacob Keller) [Orabug: 33236075]
devlink: add devink notification when reporter update health state (Vikas Gupta) [Orabug: 33236075]
rds_rdma: add missing rds_ib_cm_handle_connect tracepoint (Alan Maguire) [Orabug: 33243559]
[5.4.17-2122.305.6]
fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950}
fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 33396682] {CVE-2021-28950}
block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi) [Orabug: 33392821]
net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug: 33352735]

OSVersionArchitecturePackageVersionFilename
oracle linux7srckernel-uek-container< 5.4.17-2136.300.7.el7kernel-uek-container-5.4.17-2136.300.7.el7.src.rpm
oracle linux7x86_64kernel-uek-container< 5.4.17-2136.300.7.el7kernel-uek-container-5.4.17-2136.300.7.el7.x86_64.rpm
oracle linux7x86_64kernel-uek-container-debug< 5.4.17-2136.300.7.el7kernel-uek-container-debug-5.4.17-2136.300.7.el7.x86_64.rpm
oracle linux8srckernel-uek-container< 5.4.17-2136.300.7.el8kernel-uek-container-5.4.17-2136.300.7.el8.src.rpm
oracle linux8x86_64kernel-uek-container< 5.4.17-2136.300.7.el8kernel-uek-container-5.4.17-2136.300.7.el8.x86_64.rpm
oracle linux8x86_64kernel-uek-container-debug< 5.4.17-2136.300.7.el8kernel-uek-container-debug-5.4.17-2136.300.7.el8.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	7	src	kernel-uek-container	< 5.4.17-2136.300.7.el7	kernel-uek-container-5.4.17-2136.300.7.el7.src.rpm
oracle linux	7	x86_64	kernel-uek-container	< 5.4.17-2136.300.7.el7	kernel-uek-container-5.4.17-2136.300.7.el7.x86_64.rpm
oracle linux	7	x86_64	kernel-uek-container-debug	< 5.4.17-2136.300.7.el7	kernel-uek-container-debug-5.4.17-2136.300.7.el7.x86_64.rpm
oracle linux	8	src	kernel-uek-container	< 5.4.17-2136.300.7.el8	kernel-uek-container-5.4.17-2136.300.7.el8.src.rpm
oracle linux	8	x86_64	kernel-uek-container	< 5.4.17-2136.300.7.el8	kernel-uek-container-5.4.17-2136.300.7.el8.x86_64.rpm
oracle linux	8	x86_64	kernel-uek-container-debug	< 5.4.17-2136.300.7.el8	kernel-uek-container-debug-5.4.17-2136.300.7.el8.x86_64.rpm