Oracle alert ELSA-2021-9220 (kernel)
| From: | Errata Announcements for Oracle Linux <el-errata@oss.oracle.com> | |
| To: | el-errata@oss.oracle.com | |
| Subject: | [El-errata] ELSA-2021-9220 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update | |
| Date: | Mon, 10 May 2021 10:22:04 -0700 | |
| Message-ID: | <60996bbc.fVVUt1dgbHQTOWph%keshav.sharma@oracle.com> |
Oracle Linux Security Advisory ELSA-2021-9220 http://linux.oracle.com/errata/ELSA-2021-9220.html The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network: x86_64: kernel-uek-5.4.17-2102.201.3.el7uek.x86_64.rpm kernel-uek-debug-5.4.17-2102.201.3.el7uek.x86_64.rpm kernel-uek-debug-devel-5.4.17-2102.201.3.el7uek.x86_64.rpm kernel-uek-devel-5.4.17-2102.201.3.el7uek.x86_64.rpm kernel-uek-doc-5.4.17-2102.201.3.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2102.201.3.el7uek.x86_64.rpm aarch64: kernel-uek-5.4.17-2102.201.3.el7uek.aarch64.rpm kernel-uek-debug-5.4.17-2102.201.3.el7uek.aarch64.rpm kernel-uek-debug-devel-5.4.17-2102.201.3.el7uek.aarch64.rpm kernel-uek-devel-5.4.17-2102.201.3.el7uek.aarch64.rpm kernel-uek-doc-5.4.17-2102.201.3.el7uek.noarch.rpm kernel-uek-tools-5.4.17-2102.201.3.el7uek.aarch64.rpm kernel-uek-tools-libs-5.4.17-2102.201.3.el7uek.aarch64.rpm perf-5.4.17-2102.201.3.el7uek.aarch64.rpm python-perf-5.4.17-2102.201.3.el7uek.aarch64.rpm SRPMS: http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-5.4.17... Related CVEs: CVE-2021-28038 CVE-2021-28688 CVE-2021-28950 CVE-2021-28964 CVE-2021-28971 CVE-2021-29266 CVE-2021-29650 CVE-2021-3411 Description of changes: [5.4.17-2102.201.3.el7uek] - locking/qrwlock: Fix ordering in queued_write_lock_slowpath() (Ali Saidi) [Orabug: 32805544] [5.4.17-2102.201.2.el7uek] - md/bitmap: wait for external bitmap writes to complete during tear down (Sudhakar Panneerselvam) [Orabug: 32764237] - ocfs2: fix deadlock between setattr and dio_end_io_write (Wengang Wang) [Orabug: 32763849] - tcp: do not mess with cloned skbs in tcp_add_backlog() (Eric Dumazet) [Orabug: 32760314] - Revert "x86/vmlinux: Use INT3 instead of NOP for linker fill bytes" (John Donnelly) [Orabug: 32576398] {CVE-2021-3411} - iommu/vt-d: Fix agaw for a supported 48 bit guest address width (Saeed Mirzamohammadi) [Orabug: 32734148] - LTS tag: v5.4.85 (Jack Vogel) - x86/resctrl: Fix incorrect local bandwidth when mba_sc is enabled (Xiaochen Shen) - x86/resctrl: Remove unused struct mbm_state::chunks_bw (James Morse) - membarrier: Explicitly sync remote cores when SYNC_CORE is requested (Andy Lutomirski) - Revert "selftests/ftrace: check for do_sys_openat2 in user-memory test" (Kamal Mostafa) - KVM: mmu: Fix SPTE encoding of MMIO generation upper half (Maciej S. Szmigiero) - serial: 8250_omap: Avoid FIFO corruption caused by MDR1 access (Alexander Sverdlin) - ALSA: pcm: oss: Fix potential out-of-bounds shift (Takashi Iwai) - USB: sisusbvga: Make console support depend on BROKEN (Thomas Gleixner) - USB: UAS: introduce a quirk to set no_write_same (Oliver Neukum) - xhci-pci: Allow host runtime PM as default for Intel Alpine Ridge LP (Hans de Goede) - xhci: Give USB2 ports time to enter U3 in bus suspend (Li Jun) - ALSA: usb-audio: Fix control 'access overflow' errors from chmap (Takashi Iwai) - ALSA: usb-audio: Fix potential out-of-bounds shift (Takashi Iwai) - USB: add RESET_RESUME quirk for Snapscan 1212 (Oliver Neukum) - USB: dummy-hcd: Fix uninitialized array use in init() (Bui Quang Minh) - ktest.pl: If size of log is too big to email, email error message (Steven Rostedt (VMware)) - net: stmmac: delete the eee_ctrl_timer after napi disabled (Fugang Duan) - net: stmmac: dwmac-meson8b: fix mask definition of the m250_sel mux (Martin Blumenstingl) - net: ll_temac: Fix potential NULL dereference in temac_probe() (Zhang Changzhong) - lan743x: fix for potential NULL pointer dereference with bare card (Sergej Bauer) - tcp: fix cwnd-limited bug for TSO deferral where we send nothing (Neal Cardwell) - tcp: select sane initial rcvq_space.space for big MSS (Eric Dumazet) - net: stmmac: free tx skb buffer in stmmac_resume() (Fugang Duan) - bridge: Fix a deadlock when enabling multicast snooping (Joseph Huang) - enetc: Fix reporting of h/w packet counters (Claudiu Manoil) - udp: fix the proto value passed to ip_protocol_deliver_rcu for the segments (Xin Long) - net: hns3: remove a misused pragma packed (Huazhong Tan) - vrf: packets with lladdr src needs dst at input with orig_iif when needs strict (Stephen Suryaputra) - net: bridge: vlan: fix error return code in __vlan_add() (Zhang Changzhong) - mac80211: mesh: fix mesh_pathtbl_init() error path (Eric Dumazet) - ipv4: fix error return code in rtm_to_fib_config() (Zhang Changzhong) - ptrace: Prevent kernel-infoleak in ptrace_get_syscall_info() (Peilin Ye) - LTS tag: v5.4.84 (Jack Vogel) - compiler.h: fix barrier_data() on clang (Arvind Sankar) - mm/zsmalloc.c: drop ZSMALLOC_PGTABLE_MAPPING (Minchan Kim) - x86/apic/vector: Fix ordering in vector assignment (Thomas Gleixner) - x86/membarrier: Get rid of a dubious optimization (Andy Lutomirski) - x86/mm/mem_encrypt: Fix definition of PMD_FLAGS_DEC_WP (Arvind Sankar) - scsi: be2iscsi: Revert "Fix a theoretical leak in beiscsi_create_eqs()" (Dan Carpenter) - proc: use untagged_addr() for pagemap_read addresses (Miles Chen) - kbuild: avoid static_assert for genksyms (Arnd Bergmann) - drm/i915/display/dp: Compute the correct slice count for VDSC on DP (Manasi Navare) - mmc: block: Fixup condition for CMD13 polling for RPMB requests (Bean Huo) - pinctrl: amd: remove debounce filter setting in IRQ type setting (Coiby Xu) - Input: i8042 - add Acer laptops to the i8042 reset list (Chris Chiu) - Input: cm109 - do not stomp on control URB (Dmitry Torokhov) - ktest.pl: Fix incorrect reboot for grub2bls (Libo Chen) - can: m_can: m_can_dev_setup(): add support for bosch mcan version 3.3.0 (Pankaj Sharma) - platform/x86: touchscreen_dmi: Add info for the Irbis TW118 tablet (Hans de Goede) - platform/x86: intel-vbtn: Support for tablet mode on HP Pavilion 13 x360 PC (Max Verevkin) - platform/x86: acer-wmi: add automatic keyboard background light toggle key as KEY_LIGHTS_TOGGLE (Timo Witte) - platform/x86: thinkpad_acpi: Add BAT1 is primary battery quirk for Thinkpad Yoga 11e 4th gen (Hans de Goede) - platform/x86: thinkpad_acpi: Do not report SW_TABLET_MODE on Yoga 11e (Hans de Goede) - arm64: tegra: Disable the ACONNECT for Jetson TX2 (Jon Hunter) - soc: fsl: dpio: Get the cpumask through cpumask_of(cpu) (Hao Si) - spi: spi-nxp-fspi: fix fspi panic by unexpected interrupts (Ran Wang) - irqchip/gic-v3-its: Unconditionally save/restore the ITS state on suspend (Xu Qiang) - ibmvnic: skip tx timeout reset while in resetting (Lijun Pan) - interconnect: qcom: qcs404: Remove GPU and display RPM IDs (Georgi Djakov) - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (Can Guo) - ARC: stack unwinding: don't assume non-current task is sleeping (Vineet Gupta) - arm64: dts: broadcom: clear the warnings caused by empty dma-ranges (Zhen Lei) - powerpc: Drop -me200 addition to build flags (Michael Ellerman) - iwlwifi: mvm: fix kernel panic in case of assert during CSA (Sara Sharon) - iwlwifi: pcie: set LTR to avoid completion timeout (Johannes Berg) - arm64: dts: rockchip: Assign a fixed index to mmc devices on rk3399 boards. (Markus Reichl) - iwlwifi: pcie: limit memory read spin time (Johannes Berg) - x86/lib: Change .weak to SYM_FUNC_START_WEAK for arch/x86/lib/mem*_64.S (Fangrui Song) - Kbuild: do not emit debug info for assembly with LLVM_IAS=1 (Nick Desaulniers) [5.4.17-2102.201.1.el7uek] - IB/mlx5: Reduce max order of memory allocated for xlt update (Praveen Kumar Kannoju) [Orabug: 32751624] - netfilter: x_tables: Use correct memory barriers. (Mark Tomlinson) [Orabug: 32709120] {CVE-2021-29650} - perf/x86/intel: Fix a crash caused by zero PEBS status (Kan Liang) [Orabug: 32669468] {CVE-2021-28971} - btrfs: fix race when cloning extent buffer during rewind of an old root (Filipe Manana) [Orabug: 32669450] {CVE-2021-28964} [5.4.17-2102.201.0.el7uek] - uek-rpm: Update SecureBoot Digicert 2021 certificates (Jack Vogel) [Orabug: 32532663] - RDMA/rxe: ipc_bench fails on SoftRoCE with shpd (Rao Shoaib) [Orabug: 32716155] - vhost-vdpa: set v->config_ctx to NULL if eventfd_ctx_fdget() fails (Stefano Garzarella) [Orabug: 32696005] {CVE-2021-29266} - vhost-vdpa: fix use-after-free of v->config_ctx (Stefano Garzarella) [Orabug: 32696005] {CVE-2021-29266} - fuse: fix live lock in fuse_iget() (Amir Goldstein) [Orabug: 32669269] {CVE-2021-28950} - fuse: fix bad inode (Miklos Szeredi) [Orabug: 32669269] {CVE-2021-28950} - RDMA/core: Fix corrupted SL on passive side (HÃ¥kon Bugge) [Orabug: 32662965] - Xen/gnttab: handle p2m update errors on a per-slot basis (Jan Beulich) [Orabug: 32651473] {CVE-2021-28038} - RDMA/rxe: Compute the maximum sges and inline size based on the WQE size (Rao Shoaib) [Orabug: 32648060] - KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (Wanpeng Li) [Orabug: 32641672] - xen/netback: avoid race in xenvif_rx_ring_slots_available() (Juergen Gross) [Orabug: 32640116] - uek-rpm: ol7: aarch64: add CONFIG_ACPI_HOTPLUG_MEMORY (Mihai Carabas) [Orabug: 32638660] - KVM: SVM: Disable AVIC before setting V_IRQ (Suravee Suthikulpanit) [Orabug: 32603569] - KVM: Introduce kvm_make_all_cpus_request_except() (Suravee Suthikulpanit) [Orabug: 32603569] - KVM: X86: correct meaningless kvm_apicv_activated() check (Paolo Bonzini) [Orabug: 32603569] - KVM: Disable preemption in kvm_get_running_vcpu() (Marc Zyngier) [Orabug: 32603569] - KVM: Move running VCPU from ARM to common code (Paolo Bonzini) [Orabug: 32603569] - xen-blkback: don't leak persistent grants from xen_blkbk_map() (Jan Beulich) [Orabug: 32697850] {CVE-2021-28688} - video: hyperv_fb: Fix the mmap() regression for v5.4.y and older (Dexuan Cui) [Orabug: 32651461] _______________________________________________ El-errata mailing list El-errata@oss.oracle.com https://oss.oracle.com/mailman/listinfo/el-errata