[El-errata] ELSA-2020-5569 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Mon Mar 16 11:25:58 PDT 2020

Oracle Linux Security Advisory ELSA-2020-5569

http://linux.oracle.com/errata/ELSA-2020-5569.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-1902.11.3.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1902.11.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1902.11.3.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1902.11.3.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1902.11.3.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1902.11.3.el7uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.11.3.el7uek.src.rpm

Description of changes:

[4.14.35-1902.11.3.el7uek]
- xfs: do async inactivation only when fs freezed (Junxiao Bi) [Orabug: 
31013775]

[4.14.35-1902.11.2.el7uek]
- ib/core: Cancel fmr delayed_worker when in shutdown phase of reboot 
system (Hans Westgaard Ry) [Orabug: 30967501] - Revert "printk: Default 
console logging level should be set to 4" (Cesar Roque) [Orabug: 
30833249] - cgroup: psi: fix memory leak when freeing a cgroup work 
function (Tom Hromatka) [Orabug: 30903264]

[4.14.35-1902.11.1.el7uek]
- xfs: fix deadlock between shrinker and fs freeze (Junxiao Bi) [Orabug: 
30657780] - xfs: increase the default parallelism levels of pwork 
clients (Darrick J. Wong) [Orabug: 30657780] - xfs: decide if inode 
needs inactivation (Darrick J. Wong) [Orabug: 30657780] - xfs: refactor 
the predicate part of xfs_free_eofblocks (Darrick J. Wong) [Orabug: 
30657780] - mwifiex: fix unbalanced locking in 
mwifiex_process_country_ie() (Brian Norris) [Orabug: 30781858] 
{CVE-2019-14895}
- mwifiex: fix possible heap overflow in mwifiex_process_country_ie() 
(Ganapathi Bhat) [Orabug: 30781858] {CVE-2019-14895} {CVE-2019-14895}
- ipmi_ssif: avoid registering duplicate ssif interface (Kamlakant 
Patel) [Orabug: 30916684] - ipmi: Fix NULL pointer dereference in 
ssif_probe (Gustavo A. R. Silva) [Orabug: 30916684] - uio: Fix an Oops 
on load (Dan Carpenter) [Orabug: 30897832] - drm/i915: Fix 
use-after-free when destroying GEM context (Tyler Hicks) [Orabug: 
30860457] {CVE-2020-7053}
- xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to 
EDQUOT (Darrick J. Wong) [Orabug: 30788113] - slub: extend slub debug to 
handle multiple slabs (Aaron Tomlin) [Orabug: 30903135] - RAS/CEC: Fix 
binary search function (Borislav Petkov) [Orabug: 30897849] - CIFS: fix 
POSIX lock leak and invalid ptr deref (Aurelien Aptel) [Orabug: 
30809456] - rds: Avoid flushing MRs in rds_rdma_drop_keys (aru kolappan) 
[Orabug: 30681066]

[4.14.35-1902.11.0.el7uek]
- rds: Avoid qp overflow when posting invalidate/register mr with frwr 
(Hans Westgaard Ry) [Orabug: 30888677] - rds: Use bitmap to designate 
dropped connections (Håkon Bugge) [Orabug: 30852643] - rds: prevent 
use-after-free of rds conn in rds_send_drop_to() (Sharath Srinivasan) 
[Orabug: 30865079] - media: b2c2-flexcop-usb: add sanity checking 
(Oliver Neukum) [Orabug: 30864532] {CVE-2019-15291}
- KVM: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack 
it (Paolo Bonzini) [Orabug: 30846856] - KVM: vmx: implement 
MSR_IA32_TSX_CTRL disable RTM functionality (Paolo Bonzini) [Orabug: 
30846856] - KVM: x86: implement MSR_IA32_TSX_CTRL effect on CPUID (Paolo 
Bonzini) [Orabug: 30846856] - KVM: x86: do not modify masked bits of 
shared MSRs (Paolo Bonzini) [Orabug: 30846856] - KVM: x86: fix 
presentation of TSX feature in ARCH_CAPABILITIES (Paolo Bonzini) 
[Orabug: 30846856] - xen/ovmapi: whitelist more caches (Boris Ostrovsky) 
[Orabug: 30837856] - mwifiex: Fix heap overflow in 
mmwifiex_process_tdls_action_frame() (qize wang) [Orabug: 30819438] 
{CVE-2019-14901}
- drm/i915/gen9: Clear residual context state on context switch (Akeem G 
Abodunrin) [Orabug: 30773852] {CVE-2019-14615} {CVE-2019-14615}
- rds: unlock rs_snd_lock before calling rhashtable_insert_fast (aru 
kolappan) [Orabug: 30734590]