[El-errata] ELSA-2020-5884 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Oct 13 02:52:55 PDT 2020

Oracle Linux Security Advisory ELSA-2020-5884


The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:




Description of changes:

- iommu/amd: Restore IRTE.RemapEn bit for amd_iommu_activate_guest_mode (Suravee Suthikulpanit)  [Orabug: 31931369]
- iommu/amd: Fix potential @entry null deref (Joao Martins)  [Orabug: 31931369]
- iommu/amd: Restore IRTE.RemapEn bit after programming IRTE (Suravee Suthikulpanit)  [Orabug: 31931369]

- xfs: fix boundary test in xfs_attr_shortform_verify (Eric Sandeen)  [Orabug: 31895365]  {CVE-2020-14385}
- ext4: fix potential negative array index in do_split() (Eric Sandeen)  [Orabug: 31895327]  {CVE-2020-14314}
- mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song)  [Orabug: 31884234]  {CVE-2020-25285}
- rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov)  [Orabug: 31884154]  {CVE-2020-25284}
- nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell)  [Orabug: 31872895]  {CVE-2020-25212}
- libnvdimm/security: ensure sysfs poll thread woke up and fetch updated attr (Jane Chu)  [Orabug: 31861296]
- libnvdimm/security: the 'security' attr never (Jane Chu)  [Orabug: 31861296]
- libnvdimm/security: fix a typo (Jane Chu)  [Orabug: 31861296]
- mmc: sdhci: Silence MMC warnings (Maxime Ripard)  [Orabug: 31746382]
- bcm2835-dma: Add support for per-channel flags (Phil Elwell)  [Orabug: 31746382]
- mmc: sdhci-iproc: Fix vmmc regulators on iProc (Phil Elwell)  [Orabug: 31746382]
- KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga)  [Orabug: 31722763]
- KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga)  [Orabug: 31722763]
- KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga)  [Orabug: 31722763]

- net/packet: fix overflow in tpacket_rcv (Or Cohen)  [Orabug: 31866487]  {CVE-2020-14386} {CVE-2020-14386}
- block: better deal with the delayed not supported case in blk_cloned_rq_check_limits (Ritika Srivastava)  [Orabug: 31850341]
- block: Return blk_status_t instead of errno codes (Ritika Srivastava)  [Orabug: 31850341]
- iommu/amd: Use cmpxchg_double() when updating 128-bit IRTE (Suravee Suthikulpanit)  [Orabug: 31849530]
- uek-rpm: ol8: config-aarch64: add *_MEMORY_HOTPLUG (Mihai Carabas)  [Orabug: 31848696]

- IB/mlx5: Expose RoCE accelerator counters (Avihai Horon)  [Orabug: 31621895]
- net/mlx5: Add RoCE accelerator counters (Leon Romanovsky)  [Orabug: 31621895]
- cgroup: Fix sock_cgroup_data on big-endian. (Cong Wang)  [Orabug: 31779795]  {CVE-2020-14356}
- cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (Cong Wang)  [Orabug: 31779795]  {CVE-2020-14356}
- Revert "aarch64/BM: config failed, hub doesn't have any ports" (Thomas Tai)  [Orabug: 31838351]
- kvm: ioapic: Restrict lazy EOI update to edge-triggered interrupts (Paolo Bonzini)  [Orabug: 31839185]
- iavf: use generic power management (Vaibhav Gupta)  [Orabug: 31700015]
- iavf: Fix updating statistics (Tony Nguyen)  [Orabug: 31700015]
- iavf: fix error return code in iavf_init_get_resources() (Wei Yongjun)  [Orabug: 31700015]
- iavf: increase reset complete wait time (Paul Greenwalt)  [Orabug: 31700015]
- iavf: Fix reporting 2.5 Gb and 5Gb speeds (Brett Creeley)  [Orabug: 31700015]
- iavf: use appropriate enum for comparison (Aleksandr Loktionov)  [Orabug: 31700015]
- iavf: Enable support for up to 16 queues (Mitch Williams)  [Orabug: 31700015]
- iavf: fix speed reporting over virtchnl (Brett Creeley)  [Orabug: 31700015]
- iavf: remove current MAC address filter on VF reset (Stefan Assmann)  [Orabug: 31700015]
- i40e: Fix crash during removing i40e driver (Grzegorz Szczurek)  [Orabug: 31700015]
- i40e: Set RX_ONLY mode for unicast promiscuous on VLAN (Przemyslaw Patynowski)  [Orabug: 31700015]
- i40e: introduce new dump desc XDP command (Ciara Loftus)  [Orabug: 31700015]
- i40e: add XDP ring statistics to dump VSI debug output (Ciara Loftus)  [Orabug: 31700015]
- i40e: add XDP ring statistics to VSI stats (Ciara Loftus)  [Orabug: 31700015]
- i40e: move check of full Tx ring to outside of send loop (Magnus Karlsson)  [Orabug: 31700015]
- i40e: eliminate division in napi_poll data path (Magnus Karlsson)  [Orabug: 31700015]
- i40e: optimize AF_XDP Tx completion path (Magnus Karlsson)  [Orabug: 31700015]
- i40e: Add support for a new feature Total Port Shutdown (Arkadiusz Kubalewski)  [Orabug: 31700015]
- i40e: Remove scheduling while atomic possibility (Aleksandr Loktionov)  [Orabug: 31700015]
- i40e: Add support for 5Gbps cards (Aleksandr Loktionov)  [Orabug: 31700015]
- i40e: Add a check to see if MFS is set (Todd Fujinaka)  [Orabug: 31700015]
- i40e: detect and log info about pre-recovery mode (Piotr Kwapulinski)  [Orabug: 31700015]
- i40e: make PF wait reset loop reliable (Piotr Kwapulinski)  [Orabug: 31700015]
- i40e: remove unused defines (Jesse Brandeburg)  [Orabug: 31700015]
- i40e: Move client header location (Shiraz Saleem)  [Orabug: 31700015]
- i40e: fix crash when Rx descriptor count is changed (Björn Töpel)  [Orabug: 31700015]
- i40e: Make i40e_shutdown_adminq() return void (Jason Yan)  [Orabug: 31700015]
- i40e: Use scnprintf() for avoiding potential buffer overflow (Takashi Iwai)  [Orabug: 31700015]
- i40e: Separate kernel allocated rx_bi rings from AF_XDP rings (Björn Töpel)  [Orabug: 31700015]
- i40e: Refactor rx_bi accesses (Björn Töpel)  [Orabug: 31700015]
- i40e: Remove unneeded conversion to bool (Jason Yan)  [Orabug: 31700015]
- i40e: fix spelling mistake "to" -> "too" (Colin Ian King)  [Orabug: 31700015]
- i40e: Set PHY Access flag on X722 (Adam Ludkiewicz)  [Orabug: 31700015]
- i40e: implement VF stats NDO (Jesse Brandeburg)  [Orabug: 31700015]
- i40e: enable X710 support (Alice Michael)  [Orabug: 31700015]
- i40e: Add UDP segmentation offload support (Josh Hunt)  [Orabug: 31700015]
- i40e: Refactoring VF MAC filters counting to make more reliable (Aleksandr Loktionov)  [Orabug: 31700015]
- i40e: Fix LED blinking flow for X710T*L devices (Damian Milosek)  [Orabug: 31700015]
- i40e: allow ethtool to report SW and FW versions in recovery mode (Piotr Kwapulinski)  [Orabug: 31700015]
- i40e: Extend PHY access with page change flag (Piotr Azarewicz)  [Orabug: 31700015]
- i40e: Extract detection of HW flags into a function (Piotr Azarewicz)  [Orabug: 31700015]
- i40e: Fix for persistent lldp support (Sylwia Wnuczko)  [Orabug: 31700015]
- i40e: protect ring accesses with READ- and WRITE_ONCE (Ciara Loftus)  [Orabug: 31700015]
- i40e: Fix the conditional for i40e_vc_validate_vqs_bitmaps (Brett Creeley)  [Orabug: 31700015]
- i40e: Relax i40e_xsk_wakeup's return value when PF is busy (Maciej Fijalkowski)  [Orabug: 31700015]
- i40e: Fix virtchnl_queue_select bitmap validation (Brett Creeley)  [Orabug: 31700015]

- sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang)  [Orabug: 31543029]
- sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang)  [Orabug: 31543029]
- tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi)  [Orabug: 31543029]
- tracing: Adding new functions for kernel access to Ftrace instances (Divya Indi)  [Orabug: 31543029]
- tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi)  [Orabug: 31543029]
- tracing: Verify if trace array exists before destroying it. (Divya Indi)  [Orabug: 31543029]
- tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi)  [Orabug: 31543029]
- RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky)  [Orabug: 31784656]
- RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb)  [Orabug: 31784889]
- rename kABI whitelists to lockedlists (Dan Duval)  [Orabug: 31783146]

More information about the El-errata mailing list