[El-errata] ELSA-2020-5996 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Dec 14 18:48:35 PST 2020

Oracle Linux Security Advisory ELSA-2020-5996


The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:




Description of changes:

- vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187738] 
- page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177966]
- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) 
[Orabug: 32176254] {CVE-2020-28915}
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h 
(Peilin Ye) [Orabug: 32176254] {CVE-2020-28915}
- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159053]
- net/rds: rds_ib_remove_one() accesses freed memory (Ka-Cheong Poon) 
[Orabug: 32213896]
- hv_netvsc: make recording RSS hash depend on feature flag (Stephen 
Hemminger) [Orabug: 32159973]
- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug: 
- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb) 
[Orabug: 32005752]
- lib/scatterlist: Add support in dynamic allocation of SG table from 
pages (Maor Gottlieb) [Orabug: 32005752]
- arm64:uek/config: Enable ZONE_DMA config (Vijay Kumar) [Orabug: 31970521]
- Revert "arm64/dts: Serial console fix for RPi4" (Vijay Kumar) [Orabug: 
- uek-rpm: aarch64: enable CONFIG_ACPI_APEI_EINJ (Dave Kleikamp) 
[Orabug: 32182237]
- NFSD: fix missing refcount in nfsd4_copy by nfsd4_do_async_copy (Dai 
Ngo) [Orabug: 32177992]
- NFSD: Fix use-after-free warning when doing inter-server copy (Dai 
Ngo) [Orabug: 32177992]
- xen/events: block rogue events for some time (Juergen Gross) [Orabug: 
32177535] {CVE-2020-27673}
- xen/events: defer eoi in case of excessive number of events (Juergen 
Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: use a common cpu hotplug hook for event channels (Juergen 
Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: switch user event channels to lateeoi model (Juergen 
Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/pciback: use lateeoi irq binding (Juergen Gross) [Orabug: 
32177535] {CVE-2020-27673}
- xen/pvcallsback: use lateeoi irq binding (Juergen Gross) [Orabug: 
32177535] {CVE-2020-27673}
- xen/scsiback: use lateeoi irq binding (Juergen Gross) [Orabug: 
32177535] {CVE-2020-27673}
- xen/netback: use lateeoi irq binding (Juergen Gross) [Orabug: 
32177535] {CVE-2020-27673}
- xen/blkback: use lateeoi irq binding (Juergen Gross) [Orabug: 
32177535] {CVE-2020-27673}
- xen/events: add a new "late EOI" evtchn framework (Juergen Gross) 
[Orabug: 32177535] {CVE-2020-27673}
- xen/events: fix race in evtchn_fifo_unmask() (Juergen Gross) [Orabug: 
32177535] {CVE-2020-27673}
- xen/events: add a proper barrier to 2-level uevent unmasking (Juergen 
Gross) [Orabug: 32177535] {CVE-2020-27673}
- xen/events: avoid removing an event channel while handling it (Juergen 
Gross) [Orabug: 32177543]

- uek-rpm: Enable Intel Speed Select Technology interface support 
(Somasundaram Krishnasamy) [Orabug: 32161425]
- platform/x86: ISST: Increase timeout (Srinivas Pandruvada) [Orabug: 
- platform/x86: ISST: Fix wrong unregister type (Srinivas Pandruvada) 
[Orabug: 32161425]
- platform/x86: ISST: Allow additional core-power mailbox commands 
(Srinivas Pandruvada) [Orabug: 32161425]
- IB/mlx4: Convert rej_tmout radix-tree to XArray (Håkon Bugge) [Orabug: 
- IB/mlx4: Adjust delayed work when a dup is observed (Håkon Bugge) 
[Orabug: 32136895]
- IB/mlx4: Add support for REJ due to timeout (Håkon Bugge) [Orabug: 
- IB/mlx4: Fix starvation in paravirt mux/demux (Håkon Bugge) [Orabug: 
- IB/mlx4: Separate tunnel and wire bufs parameters (Håkon Bugge) 
[Orabug: 32136895]
- IB/mlx4: Add support for MRA (Håkon Bugge) [Orabug: 32136895]
- IB/mlx4: Add and improve logging (Håkon Bugge) [Orabug: 32136895]
- perf/core: Fix a memory leak in perf_event_parse_addr_filter() 
(kiyin(尹亮)) [Orabug: 32131172] {CVE-2020-25704}
- vt: keyboard, extend func_buf_lock to readers (Jiri Slaby) [Orabug: 
32122948] {CVE-2020-25656} {CVE-2020-25656}
- vt: keyboard, simplify vt_kdgkbsent (Jiri Slaby) [Orabug: 32122948] 
- tty: make FONTX ioctl use the tty pointer they were actually passed 
(Linus Torvalds) [Orabug: 32122725] {CVE-2020-25668}
- NFSv4.2: Fix NFS4ERR_STALE error when doing inter server copy (Dai 
Ngo) [Orabug: 31879682]

- hv_utils: drain the timesync packets on onchannelcallback (Vineeth 
Pillai) [Orabug: 32152142]
- hv_utils: return error if host timesysnc update is stale (Vineeth 
Pillai) [Orabug: 32152142]
- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Icelakex (Ankur 
Arora) [Orabug: 32143850]
- x86/cpu/amd: enable X86_FEATURE_NT_GOOD on AMD Zen (Ankur Arora) 
[Orabug: 32143850]
- x86/cpu/intel: enable X86_FEATURE_NT_GOOD on Intel Broadwellx (Ankur 
Arora) [Orabug: 32143850]
- mm, clear_huge_page: use clear_page_uncached() for gigantic pages 
(Ankur Arora) [Orabug: 32143850]
- x86/clear_page: add clear_page_uncached() (Ankur Arora) [Orabug: 32143850]
- x86/asm: add clear_page_nt() (Ankur Arora) [Orabug: 32143850]
- perf bench: add memset_movnti() (Ankur Arora) [Orabug: 32143850]
- x86/asm: add memset_movnti() (Ankur Arora) [Orabug: 32143850]
- x86/cpuid: add X86_FEATURE_NT_GOOD (Ankur Arora) [Orabug: 32143850]
- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32137996]
- cifs: handle empty list of targets in cifs_reconnect() (Paulo 
Alcantara) [Orabug: 32124750]
- cifs: get rid of unused parameter in reconn_setup_dfs_targets() (Paulo 
Alcantara) [Orabug: 32124750]
- rds/ib: Fix: (rds: Deregister all FRWR mr with free_mr) (Manjunath 
Patil) [Orabug: 32113472]
- net/rds: Force ARP flush upon RDMA_CM_EVENT_ADDR_CHANGE (Gerd Rausch) 
[Orabug: 32095959]
- uek-rpm: aarch64: increase CONFIG_NODES_SHIFT from 3 to 6 (Dave 
Kleikamp) [Orabug: 32075923]
- rds: Restore MR use-once semantics (Håkon Bugge) [Orabug: 31990092] 
[Orabug: 32072247]
- rds: Fix incorrect cmsg status and use-after-free (Håkon Bugge) 
[Orabug: 32003078] [Orabug: 32072245]
- rds: Force ordering of {set,clear}_bit operating on m_flags (Håkon 
Bugge) [Orabug: 31505749] [Orabug: 32072228]
- rds: Do not send canceled operations to the transport layer (Håkon 
Bugge) [Orabug: 31505749] [Orabug: 32072228]
- rds: Introduce rds_conn_to_path helper (Håkon Bugge) [Orabug: 
31505749] [Orabug: 32072228]
- Revert "RDS: Drop the connection as part of cancel to avoid hangs" 
(Håkon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert "rds: fix warning in rds_send_drop_to()" (Håkon Bugge) [Orabug: 
31505749] [Orabug: 32072228]
- Revert "rds: Use correct conn when dropping connections due to cancel" 
(Håkon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert "rds: prevent use-after-free of rds conn in rds_send_drop_to()" 
(Håkon Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert "rds: Use bitmap to designate dropped connections" (Håkon 
Bugge) [Orabug: 31505749] [Orabug: 32072228]
- Revert "UEK6 compiler warning for /net/rds/send.c" (Håkon Bugge) 
[Orabug: 31505749] [Orabug: 32072228]
- x86/mce/therm_throt: Undo thermal polling properly on CPU offline 
(Thomas Gleixner) [Orabug: 32048971]
- x86/mce/therm_throt: Do not access uninitialized therm_work 
(Chuansheng Liu) [Orabug: 32048971]
- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused 
(Arnd Bergmann) [Orabug: 32048971]
- x86/mce/therm_throt: Mask out read-only and reserved MSR bits 
(Srinivas Pandruvada) [Orabug: 32048971]
- x86/mce/therm_throt: Optimize notifications of thermal throttle 
(Srinivas Pandruvada) [Orabug: 32048971]
- ocfs2: fix remounting needed after setfacl command (Gang He) [Orabug: 
- IB/mlx4: disable CQ time stamping (aru kolappan) [Orabug: 32042517]
- net/rds: Refactor sendmsg ancillary data processing (Ka-Cheong Poon) 
[Orabug: 32027845]
- Bluetooth: A2MP: Fix not initializing all members (Luiz Augusto von 
Dentz) [Orabug: 32021285] {CVE-2020-12352}
- ima: Use ima_hash_algo for collision detection in the measurement list 
(Roberto Sassu) [Orabug: 31973040]
- ima: Calculate and extend PCR with digests in ima_template_entry 
(Roberto Sassu) [Orabug: 31973040]
- ima: Allocate and initialize tfm for each PCR bank (Roberto Sassu) 
[Orabug: 31973040]
- ima: Switch to dynamically allocated buffer for template digests 
(Roberto Sassu) [Orabug: 31973040]
- ima: Store template digest directly in ima_template_entry (Roberto 
Sassu) [Orabug: 31973040]
- scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported 
(James Smart) [Orabug: 31598148]
- net/rds: Check for NULL rds_ibdev in rds_ib_rx() only if 
rds_ib_srq_enabled (Sharath Srinivasan) [Orabug: 32113840]
- A/A Bonding: Increase number and interval of GARPs sent by rdmaip 
(Sharath Srinivasan) [Orabug: 32095766]
- powercap: restrict energy meter to root access (Kanth Ghatraju) 
[Orabug: 32040802] {CVE-2020-8694} {CVE-2020-8695}

More information about the El-errata mailing list