[El-errata] ELSA-2020-5676 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon May 11 15:20:44 PDT 2020 

Oracle Linux Security Advisory ELSA-2020-5676

http://linux.oracle.com/errata/ELSA-2020-5676.html

The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-1902.302.2.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1902.302.2.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1902.302.2.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1902.302.2.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1902.302.2.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1902.302.2.el7uek.noarch.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.302.2.el7uek.src.rpm



Description of changes:

[4.14.35-1902.302.2.el7uek]
- KVM: x86: Protect pmu_intel.c from Spectre-v1/L1TF attacks (Marios 
Pomonis) [Orabug: 31191092] - KVM: x86: Protect MSR-based index 
computations in fixed_msr_to_seg_unit() from Spectre-v1/L1TF attacks 
(Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect x86_decode_insn 
from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: 
x86: Protect MSR-based index computations from Spectre-v1/L1TF attacks 
in x86.c (Marios Pomonis) [Orabug: 31191092] - KVM: x86: Protect 
ioapic_read_indirect() from Spectre-v1/L1TF attacks (Marios Pomonis) 
[Orabug: 31191092] {CVE-2013-1798}
- KVM: x86: Protect MSR-based index computations in pmu.h from 
Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: x86: 
Protect ioapic_write_indirect() from Spectre-v1/L1TF attacks (Marios 
Pomonis) [Orabug: 31191092] - KVM: x86: Protect 
kvm_hv_msr_[get|set]_crash_data() from Spectre-v1/L1TF attacks (Marios 
Pomonis) [Orabug: 31191092] - KVM: x86: Protect kvm_lapic_reg_write() 
from Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - KVM: 
x86: Protect DR-based index computations from Spectre-v1/L1TF attacks 
(Marios Pomonis) [Orabug: 31191092] - KVM: x86: Refactor prefix decoding 
to prevent Spectre-v1/L1TF attacks (Marios Pomonis) [Orabug: 31191092] - 
KVM: x86: Refactor picdev_write() to prevent Spectre-v1/L1TF attacks 
(Marios Pomonis) [Orabug: 31191092] - x86/microcode/AMD: Increase 
microcode PATCH_MAX_SIZE (John Allen) [Orabug: 31213449] - HID: hiddev: 
do cleanup in failure of opening a device (Hillf Danton) [Orabug: 
31206359] {CVE-2019-19527}
- HID: hiddev: avoid opening a disconnected device (Hillf Danton) 
[Orabug: 31206359] {CVE-2019-19527}
- net/ethernet/octeon: Add ptp_dbg_group module param in 
octeon-pow-ethernet (Vijay Kumar) [Orabug: 31198851] - net/rds: Fix MR 
reference counting problem (Ka-Cheong Poon) [Orabug: 31130197] - 
net/rds: Replace struct rds_mr's r_refcount with struct kref (Ka-Cheong 
Poon) [Orabug: 31130197] - rds: Fix use-after-free in rds_ib_free_caches 
(Hans Westgaard Ry) [Orabug: 31200770] - include/linux/relay.h: fix 
percpu annotation in struct rchan (Luc Van Oostenryck) [Orabug: 
31183399] {CVE-2019-19462}
- uek-rpm: fix dts rpmbuild when using cross-compiler (Tom Saeger) 
[Orabug: 30896439] - HID: Fix assumption that devices have inputs (Alan 
Stern) [Orabug: 30622561] {CVE-2019-19532}
- net/ethernet/octeon: Set max/min mtu of pow equivalent to Octeon eth 
device (Vijay Kumar) [Orabug: 31191751] - vgacon: Fix a UAF in 
vgacon_invert_region (Zhang Xiaoxu) [Orabug: 31143946] {CVE-2020-8649} 
{CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8647} 
{CVE-2020-8649}
- crypto: ecdh - fix big endian bug in ECC library (Ard Biesheuvel) 
[Orabug: 31203429] - KVM: x86: fix nested guest live migration with PML 
(Paolo Bonzini) [Orabug: 31202733] - KVM: x86: assign two bits to track 
SPTE kinds (Paolo Bonzini) [Orabug: 31202733] - x86/kvm/mmu: introduce 
guest_mmu (Vitaly Kuznetsov) [Orabug: 31202733] - x86/kvm/mmu.c: add 
kvm_mmu parameter to kvm_mmu_free_roots() (Vitaly Kuznetsov) [Orabug: 
31202733] - x86/kvm/mmu.c: set get_pdptr hook in 
kvm_init_shadow_ept_mmu() (Vitaly Kuznetsov) [Orabug: 31202733] - 
x86/kvm/mmu: make vcpu->mmu a pointer to the current MMU (Vitaly 
Kuznetsov) [Orabug: 31202733] - x86/kvm/nVMX: allow bare VMXON state 
migration (Vitaly Kuznetsov) [Orabug: 31202164] - sched/fair: Prevent a 
division by 0 in scale_rt_capacity() (John Sobecki) [Orabug: 31124463] - 
blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123575] 
{CVE-2019-19768}
- blktrace: fix unlocked access to init/start-stop/teardown (Jens Axboe) 
[Orabug: 31123575] {CVE-2019-19768}

[4.14.35-1902.302.1.el7uek]
- xfs: revert commit c6314bc8055a (Darrick J. Wong) [Orabug: 31180825] - 
vt: selection, push sel_lock up (Jiri Slaby) [Orabug: 30923296] 
{CVE-2020-8648}
- vt: selection, push console lock down (Jiri Slaby) [Orabug: 30923296] 
{CVE-2020-8648}
- vt: selection, close sel_buffer race (Jiri Slaby) [Orabug: 30923296] 
{CVE-2020-8648} {CVE-2020-8648}
- net_sched: fix an OOB access in cls_tcindex (Cong Wang) [Orabug: 
31181100] - mips64: Fix X.509 certificates parsing (Eric Saint-Etienne) 
[Orabug: 31178433] - efi: Fix a race and a buffer overflow while reading 
efivars via sysfs (Vladis Dronov) [Orabug: 30990726] - genhd: Fix use 
after free in __blkdev_get() (Jan Kara) [Orabug: 31161462] - blockdev: 
Fix livelocks on loop device (Jan Kara) [Orabug: 31161462] - net: 
validate untrusted gso packets without csum offload (Willem de Bruijn) 
[Orabug: 31161828] - slcan: Don't transmit uninitialized stack data in 
padding (Richard Palethorpe) [Orabug: 31136752] {CVE-2020-11494}
- crypto: user - fix leaking uninitialized memory to userspace (Eric 
Biggers) [Orabug: 31081816] {CVE-2018-19854}
- scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) 
[Orabug: 30770911] {CVE-2019-19965}
- dccp: Fix memleak in __feat_register_sp (YueHaibing) [Orabug: 
30755059] {CVE-2019-20096}
- ovl: relax WARN_ON() on rename to self (Amir Goldstein) [Orabug: 
30451796] - bnx2x: Fix VF's VLAN reconfiguration in reload. (Manish 
Chopra) - bnx2x: Remove configured vlans as part of unload sequence. 
(Sudarsana Reddy Kalluru) - sch_dsmark: fix potential NULL deref in 
dsmark_init() (Eric Dumazet) [Orabug: 30453287]

[4.14.35-1902.302.0.el7uek]
- mips64:uek-rpm/ol7/config-mips: Enable IP_SET configs (Vijay Kumar) 
[Orabug: 31123145] - IB/ipoib: Avoid race from waking up the 
transmission queue (Praveen Kumar Kannoju) [Orabug: 31118993] - KVM: 
x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) 
[Orabug: 31118690] - mwifiex: Fix three heap overflow at parsing element 
in cfg80211_ap_settings (Wen Huang) [Orabug: 31104480] {CVE-2019-14814} 
{CVE-2019-14815} {CVE-2019-14816} {CVE-2019-14814} {CVE-2019-14815} 
{CVE-2019-14816}
- arch/mips: Discard the contents of the PCI console if the buffer is 
full for more than 10 milliseconds (Victor Michel) [Orabug: 31097950] - 
Add in-kernel X.509 certificate on mips64 (Eric Saint-Etienne) [Orabug: 
31090468] - floppy: check FDC index for errors before assigning it 
(Linus Torvalds) [Orabug: 31067513] {CVE-2020-9383}
- KVM: X86: Fix NULL deref in vcpu_scan_ioapic (Wanpeng Li) [Orabug: 
31004914] - rds: Add debugfs for inc/frag cache statistics (Hans 
Westgaard Ry) [Orabug: 30827415] - rds: Add inc/frag cache statistics 
(Hans Westgaard Ry) [Orabug: 30827415] - rds: Control the CPU 
(de)allocating fragments (Hans Westgaard Ry) [Orabug: 30827415] - rds: 
Change caching strategy for receive buffers (Hans Westgaard Ry) [Orabug: 
30827415] - rds: Add lockfree stack routines (Hans Westgaard Ry) 
[Orabug: 30827415]

[4.14.35-1902.301.2.el7uek]
- xfs: ratelimit inode flush on buffered write ENOSPC (Darrick J. Wong) 
[Orabug: 31056429]

More information about the El-errata mailing list