[El-errata] ELSA-2020-5805 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Mon Aug 10 16:39:51 PDT 2020
Oracle Linux Security Advisory ELSA-2020-5805
http://linux.oracle.com/errata/ELSA-2020-5805.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-5.4.17-2011.5.3.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2011.5.3.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2011.5.3.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2011.5.3.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2011.5.3.el8uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2011.5.3.el8uek.src.rpm
Description of changes:
[5.4.17-2011.5.3.el8uek]
- misc: pvpanic: add crash loaded event (zhenwei pi) [Orabug: 31677096]
- misc: pvpanic: move bit definition to uapi header file (zhenwei pi)
[Orabug: 31677096]
- RDMA/netlink: Do not always generate an ACK for some netlink
operations (Håkon Bugge) [Orabug: 31666971]
- bnxt_en: Fix statistics counters issue during ifdown with older
firmware. (Michael Chan) [Orabug: 31660919]
- bnxt_en: Do not enable legacy TX push on older firmware. (Michael
Chan) [Orabug: 31660919]
- bnxt_en: Store the running firmware version code. (Michael Chan)
[Orabug: 31660919]
- uek-rpm: Disable secureboot signing for OL7 aarch64 (Somasundaram
Krishnasamy) [Orabug: 31645596]
- PCI: pciehp: Fix indefinite wait on sysfs requests (Lukas Wunner)
[Orabug: 31580249]
- x86/speculation: Avoid force-disabling IBPB based on STIBP and
enhanced IBRS. (Anthony Steinhauser) [Orabug: 31557802] {CVE-2020-10767}
- fs/binfmt_elf.c: allocate initialized memory in
fill_thread_core_info() (Alexander Potapenko) [Orabug: 31350635]
{CVE-2020-10732}
- rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry)
[Orabug: 31648239]
- uek-rpm: disable CONFIG_CRYPTO_DEV_CAVIUM_ZIP (Dave Kleikamp) [Orabug:
31667368]
- vfio-pci: protect remap_pfn_range() from simultaneous calls (Ankur
Arora) [Orabug: 31663628] {CVE-2020-12888} {CVE-2020-12888}
- uek-rpm: drivers: enable VMD PCIe controller (Todd Vierling) [Orabug:
31636283]
- Revert "uek-rpm: Move grub boot menu update to posttrans stage."
(Somasundaram Krishnasamy) [Orabug: 31689621]
- IB/sa: Resolv use-after-free in ib_nl_make_request() (Divya Indi)
[Orabug: 31689703]
- certs: Remove Oracle cert compiled into the kernel (Eric Snowberg)
[Orabug: 31689566]
[5.4.17-2011.5.2.el8uek]
- drm/i915/gt: Correct mistake in cherry-pick (Jack Vogel) [Orabug:
31211659]
- efi/x86: Add TPM related EFI tables to unencrypted mapping checks (Tom
Lendacky) [Orabug: 31627285]
- ocfs2: change slot number type s16 to u16 (Junxiao Bi) [Orabug: 31480603]
- ocfs2: fix value of OCFS2_INVALID_SLOT (Junxiao Bi) [Orabug: 31480603]
- ocfs2: fix panic on nfs server over ocfs2 (Junxiao Bi) [Orabug: 31480603]
- ocfs2: load global_inode_alloc (Junxiao Bi) [Orabug: 31480603]
- ocfs2: avoid inode removal while nfsd is accessing it (Junxiao Bi)
[Orabug: 31480603]
- scsi: qla2xxx: Fix a condition in qla2x00_find_all_fabric_devs() (Dan
Carpenter) [Orabug: 31610239]
- scsi: qla2xxx: Keep initiator ports after RSCN (Roman Bolshakov)
[Orabug: 31610239]
- scsi: qla2xxx: Set NVMe status code for failed NVMe FCP request
(Daniel Wagner) [Orabug: 31610239]
- scsi: qla2xxx: Remove return value from qla_nvme_ls() (Daniel Wagner)
[Orabug: 31610239]
- scsi: qla2xxx: Remove an unused function (Bart Van Assche) [Orabug:
31610239]
- scsi: qla2xxx: Fix endianness annotations in source files (Bart Van
Assche) [Orabug: 31610239]
- scsi: qla2xxx: Fix endianness annotations in header files (Bart Van
Assche) [Orabug: 31610239]
- scsi: qla2xxx: Use make_handle() instead of open-coding it (Bart Van
Assche) [Orabug: 31610239]
- scsi: qla2xxx: Cast explicitly to uint16_t / uint32_t (Bart Van
Assche) [Orabug: 31610239]
- scsi: qla2xxx: Change {RD,WRT}_REG_*() function names from upper case
into lower case (Bart Van Assche) [Orabug: 31610239]
- scsi: qla2xxx: Fix the code that reads from mailbox registers (Bart
Van Assche) [Orabug: 31610239]
- scsi: qla2xxx: Use register names instead of register offsets (Bart
Van Assche) [Orabug: 31610239]
- scsi: qla2xxx: Change two hardcoded constants into offsetof() /
sizeof() expressions (Bart Van Assche) [Orabug: 31610239]
- scsi: qla2xxx: Increase the size of struct qla_fcp_prio_cfg to
FCP_PRIO_CFG_SIZE (Bart Van Assche) [Orabug: 31610239]
- scsi: qla2xxx: Make a gap in struct qla2xxx_offld_chain explicit (Bart
Van Assche) [Orabug: 31610239]
- scsi: qla2xxx: Add more BUILD_BUG_ON() statements (Bart Van Assche)
[Orabug: 31610239]
- scsi: qla2xxx: Sort BUILD_BUG_ON() statements alphabetically (Bart Van
Assche) [Orabug: 31610239]
- scsi: qla2xxx: Simplify the functions for dumping firmware (Bart Van
Assche) [Orabug: 31610239]
- scsi: qla2xxx: Fix spelling of a variable name (Bart Van Assche)
[Orabug: 31610239]
- scsi: qla2xxx: Make qlafx00_process_aen() return void (Jason Yan)
[Orabug: 31610239]
- scsi: qla2xxx: Use true, false for ha->fw_dumped (Jason Yan) [Orabug:
31610239]
- scsi: qla2xxx: Use true, false for need_mpi_reset (Jason Yan) [Orabug:
31610239]
- scsi: qla2xxx: Make qla_set_ini_mode() return void (Jason Yan)
[Orabug: 31610239]
- scsi: qla2xxx: Fix failure message in qlt_disable_vha() (Viacheslav
Dubeyko) [Orabug: 31610239]
- scsi: qla2xxx: make 1-bit bit-fields unsigned int (Colin Ian King)
[Orabug: 31610239]
- scsi: qla2xxx: Fix MPI failure AEN (8200) handling (Arun Easi)
[Orabug: 31610239]
- scsi: qla2xxx: Use ARRAY_SIZE() instead of open-coding it (Bart Van
Assche) [Orabug: 31610239]
- scsi: qla2xxx: Split qla2x00_configure_local_loop() (Bart Van Assche)
[Orabug: 31610239]
- scsi: qla2xxx: Fix regression warnings (Nilesh Javali) [Orabug: 31610239]
- scsi: qla2xxx: Remove non functional code (Daniel Wagner) [Orabug:
31610239]
- scsi: qla2xxx: Fix I/Os being passed down when FC device is being
deleted (Arun Easi) [Orabug: 31610239]
- scsi: qla2xxx: add ring buffer for tracing debug logs (Rajan
Shanmugavelu) [Orabug: 31610239]
- scsi: qla2xxx: Update driver version to 10.01.00.25-k (Himanshu
Madhani) [Orabug: 31610239]
- scsi: qla2xxx: Set Nport ID for N2N (Quinn Tran) [Orabug: 31610239]
- scsi: qla2xxx: Handle NVME status iocb correctly (Arun Easi) [Orabug:
31610239]
- scsi: qla2xxx: Remove restriction of FC T10-PI and FC-NVMe (Quinn
Tran) [Orabug: 31610239]
- scsi: qla2xxx: Serialize fc_port alloc in N2N (Quinn Tran) [Orabug:
31610239]
- scsi: qla2xxx: Fix NPIV instantiation after FW dump (Quinn Tran)
[Orabug: 31610239]
- scsi: qla2xxx: Fix RDP respond data format (Quinn Tran) [Orabug: 31610239]
- scsi: qla2xxx: Force semaphore on flash validation failure (Quinn
Tran) [Orabug: 31610239]
- scsi: qla2xxx: add more FW debug information (Quinn Tran) [Orabug:
31610239]
- scsi: qla2xxx: Update BPM enablement semantics. (Andrew Vasquez)
[Orabug: 31610239]
- scsi: qla2xxx: fix FW resource count values (Quinn Tran) [Orabug:
31610239]
- scsi: qla2xxx: Use a dedicated interrupt handler for
'handshake-required' ISPs (Andrew Vasquez) [Orabug: 31610239]
- scsi: qla2xxx: Return appropriate failure through BSG Interface
(Michael Hernandez) [Orabug: 31610239]
- scsi: qla2xxx: Improved secure flash support messages (Michael
Hernandez) [Orabug: 31610239]
- scsi: qla2xxx: Fix FCP-SCSI FC4 flag passing error (Quinn Tran)
[Orabug: 31610239]
- scsi: qla2xxx: Use FC generic update firmware options routine for
ISP27xx (Giridhar Malavali) [Orabug: 31610239]
- scsi: qla2xxx: Avoid setting firmware options twice in
24xx_update_fw_options. (Giridhar Malavali) [Orabug: 31610239]
- scsi: qla2xxx: Add 16.0GT for PCI String (Himanshu Madhani) [Orabug:
31610239]
- scsi: qla2xxx: Convert MAKE_HANDLE() from a define into an inline
function (Bart Van Assche) [Orabug: 31610239]
- scsi: qla2xxx: Fix sparse warnings triggered by the PCI state checking
code (Bart Van Assche) [Orabug: 31610239]
- scsi: qla2xxx: Suppress endianness complaints in
qla2x00_configure_local_loop() (Bart Van Assche) [Orabug: 31610239]
- scsi: qla2xxx: Simplify the code for aborting SCSI commands (Bart Van
Assche) [Orabug: 31610239]
- scsi: qla2xxx: Fix sparse warning reported by kbuild bot (Himanshu
Madhani) [Orabug: 31610239]
- scsi: qla2xxx: Update driver version to 10.01.00.24-k (Himanshu
Madhani) [Orabug: 31610239]
- scsi: qla2xxx: Use QLA_FW_STOPPED macro to propagate flag (Himanshu
Madhani) [Orabug: 31610239]
- scsi: qla2xxx: Add fixes for mailbox command (Himanshu Madhani)
[Orabug: 31610239]
- scsi: qla2xxx: Fix control flags for login/logout IOCB (Himanshu
Madhani) [Orabug: 31610239]
- scsi: qla2xxx: Save rscn_gen for new fcport (Himanshu Madhani)
[Orabug: 31610239]
- scsi: qla2xxx: Use correct ISP28xx active FW region (Quinn Tran)
[Orabug: 31610239]
- scsi: qla2xxx: Print portname for logging in qla24xx_logio_entry()
(Joe Carnuccio) [Orabug: 31610239]
- scsi: qla2xxx: Fix qla2x00_echo_test() based on ISP type (Joe
Carnuccio) [Orabug: 31610239]
- scsi: qla2xxx: Correction to selection of loopback/echo test (Joe
Carnuccio) [Orabug: 31610239]
- scsi: qla2xxx: Use endian macros to assign static fields in fwdump
header (Joe Carnuccio) [Orabug: 31610239]
- scsi: qla2xxx: Fix RDP response size (Himanshu Madhani) [Orabug: 31610239]
- scsi: qla2xxx: Handle cases for limiting RDP response payload length
(Joe Carnuccio) [Orabug: 31610239]
- scsi: qla2xxx: Add deferred queue for processing ABTS and RDP (Joe
Carnuccio) [Orabug: 31610239]
- scsi: qla2xxx: Cleanup ELS/PUREX iocb fields (Joe Carnuccio) [Orabug:
31610239]
- scsi: qla2xxx: Show correct port speed capabilities for RDP command
(Himanshu Madhani) [Orabug: 31610239]
- scsi: qla2xxx: Display message for FCE enabled (Himanshu Madhani)
[Orabug: 31610239]
- scsi: qla2xxx: Add vendor extended FDMI commands (Joe Carnuccio)
[Orabug: 31610239]
- scsi: qla2xxx: Add ql2xrdpenable module parameter for RDP (Joe
Carnuccio) [Orabug: 31610239]
- scsi: qla2xxx: Add vendor extended RDP additions and amendments (Joe
Carnuccio) [Orabug: 31610239]
- scsi: qla2xxx: Add changes in preparation for vendor extended FDMI/RDP
(Joe Carnuccio) [Orabug: 31610239]
- scsi: qla2xxx: Add endianizer macro calls to fc host stats (Joe
Carnuccio) [Orabug: 31610239]
- scsi: qla2xxx: Add sysfs node for D-Port Diagnostics AEN data (Joe
Carnuccio) [Orabug: 31610239]
- scsi: qla2xxx: Add beacon LED config sysfs interface (Joe Carnuccio)
[Orabug: 31610239]
- scsi: qla2xxx: Check locking assumptions at runtime in
qla2x00_abort_srb() (Bart Van Assche) [Orabug: 31610239]
- scsi: qla2xxx: Fix a NULL pointer dereference in an error path (Bart
Van Assche) [Orabug: 31610239]
- scsi: qla2xxx: Fix warning after FC target reset (Viacheslav Dubeyko)
[Orabug: 31610239]
- scsi: qla2xxx: Fix issue with adapter's stopping state (Viacheslav
Dubeyko) [Orabug: 31610239]
- scsi: qla2xxx: Do not log message when reading port speed via sysfs
(Ewan D. Milne) [Orabug: 31610239]
- scsi: qla2xxx: Delete all sessions before unregister local nvme port
(Quinn Tran) [Orabug: 31610239]
- scsi: qla2xxx: check UNLOADING before posting async work (Martin
Wilck) [Orabug: 31610239]
- scsi: qla2xxx: set UNLOADING before waiting for session deletion
(Martin Wilck) [Orabug: 31610239]
- x86/{mce,mm}: Unmap the entire page if the whole page is affected and
poisoned (Tony Luck) [Orabug: 31601130]
- uek-rpm: aarch64: Streamline building 4K pages size kernel (Dave
Kleikamp) [Orabug: 31500678]
- kernel/relay.c: handle alloc_percpu returning NULL in relay_open
(Daniel Axtens) [Orabug: 31183397] {CVE-2019-19462}
[5.4.17-2011.5.1.el8uek]
- x86/microcode: do not modify sibling mask during late update (Mihai
Carabas) [Orabug: 31605044]
- x86/speculation: Prevent rogue cross-process SSBD shutdown (Anthony
Steinhauser) [Orabug: 31557900] {CVE-2020-10768}
- x86/kvm/hyper-v: move VMX controls sanitization out of
nested_enable_evmcs() (Vitaly Kuznetsov) [Orabug: 31553477]
- x86/kvm/hyper-v: remove stale evmcs_already_enabled check from
nested_enable_evmcs() (Vitaly Kuznetsov) [Orabug: 31553477]
- USB: pci-quirks: Add Raspberry Pi 4 quirk (Nicolas Saenz Julienne)
[Orabug: 31527659]
- PCI: brcmstb: Wait for Raspberry Pi's firmware when present (Nicolas
Saenz Julienne) [Orabug: 31527659]
- firmware: raspberrypi: Introduce vl805 init routine (Nicolas Saenz
Julienne) [Orabug: 31527659]
- soc: bcm2835: Add notify xHCI reset property (Nicolas Saenz Julienne)
[Orabug: 31527659]
- PCI: brcmstb: Disable L0s component of ASPM if requested (Jim Quinlan)
[Orabug: 31527659]
- PCI: brcmstb: Fix window register offset from 4 to 8 (Jim Quinlan)
[Orabug: 31527659]
- PCI: brcmstb: Don't clk_put() a managed clock (Jim Quinlan) [Orabug:
31527659]
- PCI: brcmstb: Assert fundamental reset on initialization (Nicolas
Saenz Julienne) [Orabug: 31527659]
- i2c: brcmstb: Fix handling of optional interrupt (Dave Stevenson)
[Orabug: 31527659]
- ARM: dts: bcm283x: Disable dsi0 node (Nicolas Saenz Julienne) [Orabug:
31527659]
- pwm: bcm2835: Dynamically allocate base (Florian Fainelli) [Orabug:
31527659]
- ARM: bcm2835_defconfig: Enable fixed-regulator (Nicolas Saenz
Julienne) [Orabug: 31527659]
- ARM: dts: bcm2711: Add vmmc regulator in emmc2 (Nicolas Saenz
Julienne) [Orabug: 31527659]
- ARM: dts: bcm2711: Update expgpio's GPIO labels (Nicolas Saenz
Julienne) [Orabug: 31527659]
- i2c: drivers: Use generic definitions for bus frequencies (Andy
Shevchenko) [Orabug: 31527659]
- i2c: core: Provide generic definitions for bus frequencies (Andy
Shevchenko) [Orabug: 31527659]
- mmc: sdhci: iproc: Add custom set_power() callback for bcm2711
(Nicolas Saenz Julienne) [Orabug: 31527659]
- mmc: sdhci: am654: Use sdhci_set_power_and_voltage() (Nicolas Saenz
Julienne) [Orabug: 31527659]
- mmc: sdhci: at91: Use sdhci_set_power_and_voltage() (Nicolas Saenz
Julienne) [Orabug: 31527659]
- mmc: sdhci: arasan: Use sdhci_set_power_and_voltage() (Nicolas Saenz
Julienne) [Orabug: 31527659]
- mmc: sdhci: Introduce sdhci_set_power_and_bus_voltage() (Nicolas Saenz
Julienne) [Orabug: 31527659]
- irqchip/bcm2835: Quiesce IRQs left enabled by bootloader (Lukas
Wunner) [Orabug: 31527659]
- usb: xhci: Enable LPM for VIA LABS VL805 (Nicolas Saenz Julienne)
[Orabug: 31527659]
- arm64: bcm2835: Drop select of nonexistent HAVE_ARM_ARCH_TIMER (Geert
Uytterhoeven) [Orabug: 31527659]
- ARM: dts: bcm2711: Move emmc2 into its own bus (Nicolas Saenz
Julienne) [Orabug: 31527659]
- ARM: dts: bcm2711-rpi-4-b: Add SoC GPIO labels (Stefan Wahren)
[Orabug: 31527659]
- ARM: bcm2835_defconfig: add support for Raspberry Pi4 (Marek
Szyprowski) [Orabug: 31527659]
- ARM: bcm2835_defconfig: Explicitly restore CONFIG_DEBUG_FS (Stefan
Wahren) [Orabug: 31527659]
- ARM: dts: bcm2711: Add pcie0 alias (Nicolas Saenz Julienne) [Orabug:
31527659]
- ARM: dts: bcm283x: Add missing properties to the PWR LED (Stefan
Wahren) [Orabug: 31527659]
- PCI: brcmstb: Fix build on 32bit ARM platforms with older compilers
(Marek Szyprowski) [Orabug: 31527659]
- net: bcmgenet: Clear ID_MODE_DIS in EXT_RGMII_OOB_CTRL when not needed
(Nicolas Saenz Julienne) [Orabug: 31527659]
- net: bcmgenet: reduce severity of missing clock warnings (Jeremy
Linton) [Orabug: 31527659]
- pinctrl: bcm2835: Add support for all GPIOs on BCM2711 (Stefan Wahren)
[Orabug: 31527659]
- pinctrl: bcm2835: Refactor platform data (Stefan Wahren) [Orabug:
31527659]
- pinctrl: bcm2835: Drop unused define (Stefan Wahren) [Orabug: 31527659]
- dma-contiguous: CMA: give precedence to cmdline (Nicolas Saenz
Julienne) [Orabug: 31527659]
- dt-bindings: brcm,avs-ro-thermal: Fix binding check issues (Stefan
Wahren) [Orabug: 31527659]
- dt-bindings: Add Broadcom AVS RO thermal (Stefan Wahren) [Orabug:
31527659]
- serial: 8250_bcm2835aux: Document struct bcm2835aux_data (Lukas
Wunner) [Orabug: 31527659]
- serial: 8250_bcm2835aux: Use generic remapping code (Lukas Wunner)
[Orabug: 31527659]
- serial: 8250_bcm2835aux: Allocate uart_8250_port on stack (Lukas
Wunner) [Orabug: 31527659]
- serial: 8250_bcm2835aux: Suppress register_port error on -EPROBE_DEFER
(Lukas Wunner) [Orabug: 31527659]
- serial: 8250_bcm2835aux: Suppress clk_get error on -EPROBE_DEFER (Phil
Elwell) [Orabug: 31527659]
- spi: bcm2835: Raise maximum number of slaves to 4 (Lukas Wunner)
[Orabug: 31527659]
- Bluetooth: hci_bcm: Drive RTS only for BCM43438 (Stefan Wahren)
[Orabug: 31527659]
- Bluetooth: hci_bcm: Add device-tree compatible for BCM4329 (Dmitry
Osipenko) [Orabug: 31527659]
- iommu/dma: Rationalise types for DMA masks (Robin Murphy) [Orabug:
31527659]
- hwrng: iproc-rng200 - Add support for BCM2711 (Stefan Wahren) [Orabug:
31527659]
- dt-bindings: rng: add BCM2711 RNG compatible (Stefan Wahren) [Orabug:
31527659]
- Bluetooth: hci_bcm: Support pcm params in dts (Abhishek Pandit-Subedi)
[Orabug: 31527659]
- Bluetooth: btbcm: Support pcm configuration (Abhishek Pandit-Subedi)
[Orabug: 31527659]
- Bluetooth: hci_bcm: Disallow set_baudrate for BCM4354 (Abhishek
Pandit-Subedi) [Orabug: 31527659]
- Bluetooth: btbcm: Add entry for BCM4335A0 UART bluetooth (Mohammad
Rasim) [Orabug: 31527659]
- Bluetooth: hci_bcm: Add compatible string for BCM43540 (Abhishek
Pandit-Subedi) [Orabug: 31527659]
- iommu/dma-iommu: Use the dev->coherent_dma_mask (Tom Murphy) [Orabug:
31527659]
- KEYS: Increase system_extra_certificate size to 8192 bytes (Stephen
Brennan) [Orabug: 31512725]
- vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson)
[Orabug: 31439668] {CVE-2020-12888}
- vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
(Alex Williamson) [Orabug: 31439668] {CVE-2020-12888} {CVE-2020-12888}
- vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson)
[Orabug: 31439668] {CVE-2020-12888}
- vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [Orabug:
31439668] {CVE-2020-12888}
- vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn()
(Sean Christopherson) [Orabug: 31439668] {CVE-2020-12888}
- scsi: smartpqi: Use scnprintf() for avoiding potential buffer overflow
(Takashi Iwai) [Orabug: 31595670]
[5.4.17-2011.5.0.el8uek]
- ctf: support ld --ctf-variables, if available (Nick Alcock) [Orabug:
31535069]
- ctf: adjust to upcoming binutils ctf_link_add_ctf API change (Nick
Alcock) [Orabug: 31535069]
- bpf: Fix up bpf_skb_adjust_room helper's skb csum setting (Daniel
Borkmann) [Orabug: 31519461]
- aarch64: Enable thermal config for RPi4 (Vijay Kumar) [Orabug: 31518062]
- thermal: Add BCM2711 thermal driver (Stefan Wahren) [Orabug: 31518062]
- x86/mitigations: reset default value for srbds_mitigation (Mihai
Carabas) [Orabug: 31515046]
- x86/cpu: clear X86_BUG_SRBDS before late loading (Mihai Carabas)
[Orabug: 31515046]
- x86/mitigations: update MSRs on all CPUs for SRBDS (Mihai Carabas)
[Orabug: 31515046]
- acpi: disallow loading configfs acpi tables when locked down (Jason A.
Donenfeld) [Orabug: 31493185]
- media: rc: prevent memory leak in cx23888_ir_probe (Navid Emamdoost)
[Orabug: 31351669] {CVE-2019-19054}
More information about the El-errata
mailing list