[El-errata] ELSA-2020-5845 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Sep 11 12:55:18 PDT 2020

Oracle Linux Security Advisory ELSA-2020-5845


The following updated rpms for Oracle Linux 7 have been uploaded to the 
Unbreakable Linux Network:



Description of changes:

- rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783150] - 
sched/fair: Fix low cpu usage with high throttling by removing 
expiration of cpu-local slices (Dave Chiluk) [Orabug: 31350999] 
- sched/fair: Fix throttle_list starvation with low CFS quota (Phil 
Auld) [Orabug: 31350999] {CVE-2019-19922}
- sched/fair: Fix bandwidth timer clock drift condition (Xunlei Pang) 
[Orabug: 31350999] {CVE-2019-19922}
- btrfs: tree-checker: Verify block_group_item (Qu Wenruo) [Orabug: 
31351986] {CVE-2018-14613}
- btrfs: tree-check: reduce stack consumption in check_dir_item (David 
Sterba) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: use %zu format string for size_t (Arnd Bergmann) 
[Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: Add checker for dir item (Qu Wenruo) [Orabug: 
31351986] {CVE-2018-14613}
- btrfs: tree-checker: Fix false panic for sanity test (Qu Wenruo) 
[Orabug: 31351986] {CVE-2018-14613}
- btrfs: tree-checker: Enhance btrfs_check_node output (Qu Wenruo) 
[Orabug: 31351986] {CVE-2018-14613}
- btrfs: Move leaf and node validation checker to tree-checker.c (Qu 
Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Add checker for EXTENT_CSUM (Qu Wenruo) [Orabug: 31351986] 
- btrfs: Add sanity check for EXTENT_DATA when reading out leaf (Qu 
Wenruo) [Orabug: 31351986] {CVE-2018-14613}
- btrfs: Check if item pointer overlaps with the item itself (Qu Wenruo) 
[Orabug: 31351986] {CVE-2018-14613}
- btrfs: Refactor check_leaf function for later expansion (Qu Wenruo) 
[Orabug: 31351986] {CVE-2018-14613}
- RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ 
message (Leon Romanovsky) [Orabug: 31784659] - nfsd: apply umask on fs 
without ACL support (J. Bruce Fields) [Orabug: 31779888] {CVE-2020-24394}
- Reverts "rds: avoid unnecessary cong_update in loop transport" 
(Iraimani Pavadai) [Orabug: 31741325] - sctp: implement memory 
accounting on tx path (Xin Long) [Orabug: 31351959] {CVE-2019-3874}
- vhost_net: fix possible infinite loop (Jason Wang) [Orabug: 31351949] 
{CVE-2019-3900} {CVE-2019-3900}
- vhost: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 
31351949] {CVE-2019-3900}
- vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 
31351949] {CVE-2019-3900}
- vhost_net: use packet weight for rx handler, too (Paolo Abeni) 
[Orabug: 31351949] {CVE-2019-3900}
- vhost-net: set packet weight of tx polling to 2 * vq size 
(haibinzhang(张海斌)) [Orabug: 31351949] {CVE-2019-3900}
- repair kABI breakage from "fs: prevent page refcount overflow in 
pipe_buf_get" (Dan Duval) [Orabug: 31351940] {CVE-2019-11487}
- fs: prevent page refcount overflow in pipe_buf_get (Matthew Wilcox) 
[Orabug: 31351940] {CVE-2019-11487}
- mm: add 'try_get_page()' helper function (Linus Torvalds) [Orabug: 
31351940] {CVE-2019-11487}
- mm: prevent get_user_pages() from overflowing page refcount (Linus 
Torvalds) [Orabug: 31351940] {CVE-2019-11487}
- mm: make page ref count overflow check tighter and more explicit 
(Linus Torvalds) [Orabug: 31351940] {CVE-2019-11487}
- tracing: Fix buffer_ref pipe ops (Jann Horn) [Orabug: 31351940] 
- RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 
31784892] - net/rds: rds_ib_remove_one() needs to wait (Ka-Cheong Poon) 
[Orabug: 31794612] - uek-rpm: Disable secureboot signing for OL7 aarch64 
(Somasundaram Krishnasamy) [Orabug: 31793663]

- net/mlx5e: Poll event queue upon TX timeout before performing full 
channels recovery (Eran Ben Elisha) [Orabug: 31753102] - crypto: authenc 
- fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 
31535528] {CVE-2020-10769}
- mac80211: Do not send Layer 2 Update frame before authorization (Jouni 
Malinen) [Orabug: 31473651] {CVE-2019-5108}
- cfg80211/mac80211: make ieee80211_send_layer2_update a public function 
(Dedy Lansky) [Orabug: 31473651] {CVE-2019-5108}
- sunrpc: use-after-free in svc_process_common() (Vasily Averin) 
[Orabug: 31351994] {CVE-2018-16884}
- sunrpc: use SVC_NET() in svcauth_gss_* functions (Vasily Averin) 
[Orabug: 31351994] {CVE-2018-16884}
- RDMA/cxgb4: Do not dma memory off of the stack (Greg KH) [Orabug: 
31351782] {CVE-2019-17075}
- btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 
31351745] {CVE-2019-18885}
- fs/namespace.c: fix mountpoint reference counter race (Piotr Krysiuk) 
[Orabug: 31350975] {CVE-2020-12114} {CVE-2020-12114}
- kernel/sysctl.c: fix out-of-bounds access when setting file-max (Will 
Deacon) [Orabug: 31350719] {CVE-2019-14898}
- sysctl: handle overflow for file-max (Christian Brauner) [Orabug: 
31350719] {CVE-2019-14898}
- nl80211: validate beacon head (Johannes Berg) [Orabug: 30785180] 
- cfg80211: Use const more consistently in for_each_element macros 
(Jouni Malinen) [Orabug: 30785180] {CVE-2019-16746}
- cfg80211: add and use strongly typed element iteration macros 
(Johannes Berg) [Orabug: 30785180] {CVE-2019-16746}
- net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) 
[Orabug: 31755755]

- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) 
[Orabug: 31688622] - can: peak_usb: pcan_usb_fd: Fix info-leaks to USB 
devices (Tomas Bortoli) [Orabug: 31351220] {CVE-2019-19535}
- rds: Test parameter in rds_ib_recv_cache_put (Hans Westgaard Ry) 
[Orabug: 31737044] - vgacon: Fix for missing check in scrollback 
handling (Yunhai Zhang) [Orabug: 31705120] {CVE-2020-14331} {CVE-2020-14331}
- md: get sysfs entry after redundancy attr group create (Junxiao Bi) 
[Orabug: 31602420] - md: fix deadlock causing by sysfs_notify (Junxiao 
Bi) [Orabug: 31602420] - random32: update the net random state on 
interrupt and activity (Willy Tarreau) [Orabug: 31698084] {CVE-2020-16166}
- x86/speculation: Avoid force-disabling IBPB based on STIBP and 
enhanced IBRS. (Anthony Steinhauser) [Orabug: 31557804] {CVE-2020-10767}
- Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" (Wade 
Mealing) [Orabug: 31510724] {CVE-2020-10781}
- genirq/proc: Return proper error code when irq_set_affinity() fails 
(Wen Yaxng) [Orabug: 31723449] - bonding: Force slave speed check after 
link state recovery for 802.3ad (Thomas Falcon) [Orabug: 31730609] - 
bonding/802.3ad: fix slave link initialization transition states (Jarod 
Wilson) [Orabug: 31730609] - bonding/802.3ad: fix link_failure_count 
tracking (Jarod Wilson) [Orabug: 31730609] - bonding: speed/duplex 
update at NETDEV_UP event (Mahesh Bandewar) [Orabug: 31730609] - 
net/rds: Incorrect WARN_ON() (Ka-Cheong Poon) [Orabug: 31718164] - 
net/rds: rds_ib_remove_one() should not call rds_ib_dev_free_dev() 
(Ka-Cheong Poon) [Orabug: 31718164] - KVM: nVMX: include conditional 
controls in /dev/kvm KVM_GET_MSRS (Paolo Bonzini) [Orabug: 31699256] - 
KVM: x86: introduce is_pae_paging (Paolo Bonzini) [Orabug: 31699256] - 
selinux: properly handle multiple messages in selinux_netlink_send() 
(Paul Moore) [Orabug: 31439368] {CVE-2020-10751}
- af_packet: set defaule value for tmo (Mao Wenan) [Orabug: 31439106] 
- hrtimer: Annotate lockless access to timer->base (Eric Dumazet) 
[Orabug: 31380494] - fix kABI breakage from "netns: provide pure entropy 
for net_hash_mix()" (Dan Duval) [Orabug: 31351903] {CVE-2019-10638} 
- netns: provide pure entropy for net_hash_mix() (Eric Dumazet) [Orabug: 
31351903] {CVE-2019-10638} {CVE-2019-10639}
- media: usb: siano: Fix general protection fault in smsusb (Alan Stern) 
[Orabug: 31351873] {CVE-2019-15218}
- cfg80211: wext: avoid copying malformed SSIDs (Will Deacon) [Orabug: 
31351799] {CVE-2019-17133}
- can: gs_usb: gs_can_open(): prevent memory leak (Navid Emamdoost) 
[Orabug: 31351681] {CVE-2019-19052}
- rtlwifi: prevent memory leak in rtl_usb_probe (Navid Emamdoost) 
[Orabug: 31351625] {CVE-2019-19063}
- scsi: bfa: release allocated memory in case of error (Navid Emamdoost) 
[Orabug: 31351613] {CVE-2019-19066}
- ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) 
[Orabug: 31351571] {CVE-2019-19073}
- ath9k: release allocated buffer if timed out (Navid Emamdoost) 
[Orabug: 31351558] {CVE-2019-19074}
- ath10k: fix memory leak (Navid Emamdoost) [Orabug: 31351531] 
- bcache: fix potential deadlock problem in btree_gc_coalesce (Zhiqiang 
Liu) [Orabug: 31350645] {CVE-2020-12771}
- rds: ib: Revert "net/rds: Avoid stalled connection due to CM REQ 
retries" (Håkon Bugge) [Orabug: 31513037] - rds: Clear reconnect pending 
bit (Håkon Bugge) [Orabug: 31513037]

More information about the El-errata mailing list