[El-errata] ELSA-2020-5756 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Jul 14 10:22:32 PDT 2020 

Oracle Linux Security Advisory ELSA-2020-5756

http://linux.oracle.com/errata/ELSA-2020-5756.html

The following updated rpms for Oracle Linux 8 have been uploaded to the 
Unbreakable Linux Network:

x86_64:

aarch64:
kernel-uek-5.4.17-2011.4.4.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2011.4.4.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2011.4.4.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2011.4.4.el8uek.aarch64.rpm
kernel-uek-headers-5.4.17-2011.4.4.el8uek.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2011.4.4.el8uek.src.rpm



Description of changes:

[5.4.17-2011.4.4.el8uek]
- KVM: VMX: Explicitly clear RFLAGS.CF and RFLAGS.ZF in VM-Exit RSB path 
(Sean Christopherson) [Orabug: 31536904]

[5.4.17-2011.4.3.el8uek]
- NFS: replace cross device check in copy_file_range (Olga Kornievskaia) 
[Orabug: 31507615] - rds: Fix potential use after free in 
rds_ib_inc_free (Hans Westgaard Ry) [Orabug: 31504052] - perf/smmuv3: 
Allow sharing MMIO registers with the SMMU driver (Jean-Philippe 
Brucker) [Orabug: 31422283] - perf/smmuv3: use 
devm_platform_ioremap_resource() to simplify code (YueHaibing) [Orabug: 
31422283] - ACPI/IORT: Fix PMCG node single ID mapping handling (Tuan 
Phan) [Orabug: 31422283] - uek-rpm: Increase CONFIG_NODES_SHIFT from 2 
to 3 (Dave Kleikamp) [Orabug: 31422283] - perf: avoid breaking KABI by 
reusing enum (Dave Kleikamp) [Orabug: 31422283] - uek-rpm: update 
aarch64 configs for Ampere eMAG2 (Dave Kleikamp) [Orabug: 31422283] - 
perf: arm_dmc620: Update ACPI ID. (Tuan Phan) [Orabug: 31422283] - perf: 
arm_dsu: Support ACPI mode. (Tuan Phan) [Orabug: 31422283] - perf: 
arm_dsu: Allow IRQ to be shared among devices. (Tuan Phan) [Orabug: 
31422283] - perf: arm_cmn: improve and make it work on 2P. (Tuan Phan) 
[Orabug: 31422283] - Perf: arm-cmn: Allow irq to be shared. (Tuan Phan) 
[Orabug: 31422283] - BACKPORT: arm64: acpi: Make apei_claim_sea() 
synchronise with APEI's irq work (James Morse) [Orabug: 31422283] - 
BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous 
errors (James Morse) [Orabug: 31422283] - BACKPORT: mm/memory-failure: 
Add memory_failure_queue_kick() (James Morse) [Orabug: 31422283] - perf: 
Add ARM DMC-620 PMU driver. (Tuan Phan) [Orabug: 31422283] - BACKPORT: 
WIP: perf/arm-cmn: Add ACPI support (Robin Murphy) [Orabug: 31422283] - 
BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 
31422283] - BACKPORT: perf: Add Arm CMN-600 DT binding (Robin Murphy) 
[Orabug: 31422283] - net/rds: NULL pointer de-reference in 
rds_ib_add_one() (Ka-Cheong Poon) [Orabug: 30984983] - mm: Fix mremap 
not considering huge pmd devmap (Fan Yang) [Orabug: 31452396] 
{CVE-2020-10757} {CVE-2020-10757}

[5.4.17-2011.4.2.el8uek]
- UEK6 compiler warning for /net/rds/ib.c (Sharath Srinivasan) [Orabug: 
31489529] - UEK6 compiler warning for /net/rds/send.c (Sharath 
Srinivasan) [Orabug: 31489529] - Fix up two build warnings in the UEK6 
GA tree (Jack Vogel) [Orabug: 31489333] - drivers/scsi/scsi_scan.c Fix 
the compiler warning. (Sudhakar Panneerselvam) [Orabug: 31489322] - 
x86/retpoline: Fix retpoline unwind (Peter Zijlstra) [Orabug: 31077463] 
[Orabug: 31489320] - x86: Change {JMP,CALL}_NOSPEC argument (Peter 
Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86: Simplify 
retpoline declaration (Peter Zijlstra) [Orabug: 31077463] [Orabug: 
31489320] - x86/speculation: Change STUFF_RSB to work with objtool 
(Alexandre Chartre) [Orabug: 31077463] [Orabug: 31489320] - 
x86/speculation: Change FILL_RETURN_BUFFER to work with objtool (Peter 
Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - x86/unwind: Introduce 
UNWIND_HINT_EMPTY_ASM (Alexandre Chartre) [Orabug: 31077463] [Orabug: 
31489320] - objtool: Add support for intra-function calls (Alexandre 
Chartre) [Orabug: 31077463] [Orabug: 31489320] - objtool: Remove 
INSN_STACK (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - 
objtool: Make handle_insn_ops() unconditional (Peter Zijlstra) [Orabug: 
31077463] [Orabug: 31489320] - objtool: Rework allocating stack_ops on 
decode (Peter Zijlstra) [Orabug: 31077463] [Orabug: 31489320] - objtool: 
UNWIND_HINT_RET_OFFSET should not check registers (Alexandre Chartre) 
[Orabug: 31077463] [Orabug: 31489320] - objtool: is_fentry_call() 
crashes if call has no destination (Alexandre Chartre) [Orabug: 
31077463] [Orabug: 31489320] - objtool: Uniquely identify alternative 
instruction groups (Alexandre Chartre) [Orabug: 31077463] [Orabug: 
31489320] - objtool: Remove check preventing branches within alternative 
(Julien Thierry) [Orabug: 31077463] [Orabug: 31489320] - objtool: 
Introduce HINT_RET_OFFSET (Peter Zijlstra) [Orabug: 31077463] [Orabug: 
31489320] - objtool: Support multiple stack_op per instruction (Julien 
Thierry) [Orabug: 31077463] [Orabug: 31489320]

[5.4.17-2011.4.1.el8uek]
- uek-rpm: disable CONFIG_IP_PNP (Anjali Kulkarni) [Orabug: 31454844] - 
netfilter: ipset: Fix forceadd evaluation path (Jozsef Kadlecsik) 
[Orabug: 31104176] - scsi: megaraid_sas: Update driver version to 
07.714.04.00-rc1 (Chandrakanth Patil) [Orabug: 31481642] - scsi: 
megaraid_sas: TM command refire leads to controller firmware crash 
(Sumit Saxena) [Orabug: 31481642] - scsi: megaraid_sas: Replace 
undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro 
(Shivasharan S) [Orabug: 31481642] - scsi: megaraid_sas: Remove IO 
buffer hole detection logic (Sumit Saxena) [Orabug: 31481642] - scsi: 
megaraid_sas: Limit device queue depth to controller queue depth 
(Kashyap Desai) [Orabug: 31481642] - scsi: megaraid: make two symbols 
static in megaraid_sas_base.c (Jason Yan) [Orabug: 31481642] - scsi: 
megaraid: make some symbols static in megaraid_sas_fusion.c (Jason Yan) 
[Orabug: 31481642] - scsi: megaraid_sas: Use scnprintf() for avoiding 
potential buffer overflow (Takashi Iwai) [Orabug: 31481642] - scsi: 
megaraid_sas: fix indentation issue (Colin Ian King) [Orabug: 31481642] 
- scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Hannes 
Reinecke) [Orabug: 31481642] - scsi: megaraid_sas: Update driver version 
to 07.713.01.00-rc1 (Anand Lodnoor) [Orabug: 31481642] - scsi: 
megaraid_sas: Limit the number of retries for the IOCTLs causing 
firmware fault (Anand Lodnoor) [Orabug: 31481642] - scsi: megaraid_sas: 
Re-Define enum DCMD_RETURN_STATUS (Anand Lodnoor) [Orabug: 31481642] - 
scsi: megaraid_sas: Do not set HBA Operational if FW is not in 
operational state (Anand Lodnoor) [Orabug: 31481642] - scsi: 
megaraid_sas: Do not kill HBA if JBOD Seqence map or RAID map is 
disabled (Anand Lodnoor) [Orabug: 31481642] - scsi: megaraid_sas: Do not 
kill host bus adapter, if adapter is already dead (Anand Lodnoor) 
[Orabug: 31481642] - scsi: megaraid_sas: Update optimal queue depth for 
SAS and NVMe devices (Anand Lodnoor) [Orabug: 31481642] - scsi: 
megaraid_sas: Set no_write_same only for Virtual Disk (Anand Lodnoor) 
[Orabug: 31481642] - scsi: megaraid_sas: Reset adapter if FW is not in 
READY state after device resume (Anand Lodnoor) [Orabug: 31481642] - 
scsi: megaraid_sas: Make poll_aen_lock static (YueHaibing) [Orabug: 
31481642] - scsi: megaraid_sas: remove unused variables 
'debugBlk','fusion' (zhengbin) [Orabug: 31481642] - scsi: megaraid_sas: 
Unique names for MSI-X vectors (Chandrakanth Patil) [Orabug: 31481642] - 
x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) 
[Orabug: 31352779] {CVE-2020-0543}
- x86/speculation: Add SRBDS vulnerability and mitigation documentation 
(Mark Gross) [Orabug: 31352779] {CVE-2020-0543}
- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) 
mitigation (Mark Gross) [Orabug: 31352779] {CVE-2020-0543}
- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 
31352779] {CVE-2020-0543}
- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) 
[Orabug: 31352779] {CVE-2020-0543}
- x86/speculation/spectre_v2: Exclude Zhaoxin CPUs from SPECTRE_V2 (Tony 
W Wang-oc) [Orabug: 31352779] {CVE-2020-0543}
- netlabel: cope with NULL catmap (Paolo Abeni) [Orabug: 31350489] 
{CVE-2020-10711}
- xfs: fix freeze hung (Junxiao Bi) [Orabug: 31430850]

[5.4.17-2011.4.0.el8uek]
- bnxt_en: Fix accumulation of bp->net_stats_prev. (Vijayendra Suman) 
[Orabug: 31390687] - xfs: add agf freeblocks verify in xfs_agf_verify 
(Zheng Bin) [Orabug: 31350920] {CVE-2020-12655}
- scsi: sg: add sg_remove_request in sg_write (Wu Bo) [Orabug: 31350695] 
{CVE-2020-12770}
- PCI/AER: Enable reporting for ports enumerated after AER driver 
registration (Thomas Tai) [Orabug: 31401801] - A/A Bonding: No need to 
call flush rdmaip_wq in rdmaip_cleanup() (Ka-Cheong Poon) [Orabug: 
31378706] - net/rds: suppress memory allocation failure reports 
(Manjunath Patil) [Orabug: 31398437] - locks: reinstate 
locks_delete_block optimization (Linus Torvalds) [Orabug: 31356246] 
{CVE-2019-19769}
- locks: fix a potential use-after-free problem when wakeup a waiter 
(yangerkun) [Orabug: 31356246] {CVE-2019-19769} {CVE-2019-19769}

[5.4.17-2011.3.2.el8uek]
- USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan 
Stern) [Orabug: 31350962] {CVE-2020-12464}
- mt76: fix array overflow on receiving too many fragments for a packet 
(Felix Fietkau) [Orabug: 31350952] {CVE-2020-12465}
- mwifiex: Fix possible buffer overflows in 
mwifiex_cmd_append_vsie_tlv() (Qing Xu) [Orabug: 31350929] {CVE-2020-12653}
- block, bfq: fix use-after-free in bfq_idle_slice_timer_body (Zhiqiang 
Liu) [Orabug: 31350910] {CVE-2020-12657}
- xsk: Add missing check on user supplied headroom size (Magnus 
Karlsson) [Orabug: 31350732] {CVE-2020-12659}
- mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() 
(Qing Xu) [Orabug: 31350513] {CVE-2020-12654}
- xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 
31387411] - KVM: x86: Fixes posted interrupt check for IRQs delivery 
modes (Suravee Suthikulpanit) [Orabug: 31316437] - Revert "Revert 
"nvme_fc: add module to ops template to allow module references"" (James 
Smart) [Orabug: 31377552] - uek-rpm: Move grub boot menu update to 
posttrans stage. (Somasundaram Krishnasamy) [Orabug: 31358097] - KVM: 
SVM: Fix potential memory leak in svm_cpu_init() (Miaohe Lin) [Orabug: 
31350455] {CVE-2020-12768}

[5.4.17-2011.3.1.el8uek]
- intel_idle: Use ACPI _CST for processor models without C-state tables 
(Rafael J. Wysocki) [Orabug: 31332120] - ACPI: processor: Export 
acpi_processor_evaluate_cst() (Rafael J. Wysocki) [Orabug: 31332120] - 
ACPI: processor: Clean up acpi_processor_evaluate_cst() (Rafael J. 
Wysocki) [Orabug: 31332120] - ACPI: processor: Introduce 
acpi_processor_evaluate_cst() (Rafael J. Wysocki) [Orabug: 31332120] - 
ACPI: processor: Export function to claim _CST control (Rafael J. 
Wysocki) [Orabug: 31332120] - rds: ib: Fix dysfunctional long address 
resolve timeout (Håkon Bugge) [Orabug: 31302704] - KVM: x86: Revert 
"KVM: X86: Fix fpu state crash in kvm guest" (Sean Christopherson) 
[Orabug: 31333676] - KVM: x86: Ensure guest's FPU state is loaded when 
accessing for emulation (Sean Christopherson) [Orabug: 31333676] - KVM: 
x86: Handle TIF_NEED_FPU_LOAD in kvm_{load,put}_guest_fpu() (Sean 
Christopherson) [Orabug: 31333676] - net: dsa: Do not leave DSA master 
with NULL netdev_ops (Florian Fainelli) [Orabug: 30456791] - Revert 
"dsa: disable module unloading for ARM64" (Allen Pais) [Orabug: 30456791]

[5.4.17-2011.3.0.el8uek]
- NFSv4.0: nfs4_do_fsinfo() should not do implicit lease renewals 
(Robert Milkowski) [Orabug: 31304406] - NFSv4: try lease recovery on 
NFS4ERR_EXPIRED (Robert Milkowski) [Orabug: 31304406] - btrfs: Don't 
submit any btree write bio if the fs has errors (Qu Wenruo) [Orabug: 
31265336] {CVE-2019-19377} {CVE-2019-19377}

More information about the El-errata mailing list