[El-errata] ELSA-2021-9487 Important: Oracle Linux 7 Unbreakable Enterprise kernel-container security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Oct 14 15:16:35 PDT 2021


Oracle Linux Security Advisory ELSA-2021-9487

http://linux.oracle.com/errata/ELSA-2021-9487.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-container-5.4.17-2136.300.7.el7.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.300.7.el7.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-container-5.4.17-2136.300.7.el7.src.rpm

Related CVEs:

CVE-2017-6074
CVE-2020-16119




Description of changes:

[5.4.17-2136.300.7.el7]
- KVM: SVM: Fix mismerge in svm_update_pi_irte() (Liam Merwick)  [Orabug: 33446526]
- Revert "KVM: x86: hyperv: Remove duplicate definitions of Reference TSC Page" (Liam Merwick)  [Orabug: 33450675]
- Revert "scsi: core: Cap scsi_host cmd_per_lun at can_queue" (Jack Vogel)  [Orabug: 33441404]

[5.4.17-2136.300.5.el7]
- dccp: don't duplicate ccid when cloning dccp sock (Lin, Zhenpeng)  [Orabug: 33408808]  {CVE-2017-6074} {CVE-2020-16119}
- block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi)  [Orabug: 33396355]
- uek-rpm: add ofb.ko and crypto_user.ko modules to nano kernel (Somasundaram Krishnasamy)  [Orabug: 31895743]

[5.4.17-2136.300.4.el7]
- Reintroduce: certs: Add EFI_CERT_X509_GUID support for dbx entries (Konrad Rzeszutek Wilk)  [Orabug: 33382994]
- bnxt_en: Update the driver version string (Jack Vogel)  [Orabug: 33392416]

[5.4.17-2136.300.3.el7]
- net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra)  [Orabug: 33379543]
- KVM: X86: MMU: Use the correct inherited permissions to get shadow page (Lai Jiangshan)  [Orabug: 33359297]  {CVE-2021-38198}
- KVM: x86: adjust SEV for commit 7e8e6eed75e (Paolo Bonzini)  [Orabug: 33375655]
- net/mlx5: Implement Oracle-only solution for mlx device names (Mikhael Goikhman)  [Orabug: 33247746]

[5.4.17-2136.300.2.el7]
- btrfs: fix NULL pointer dereference when deleting device by invalid id (Qu Wenruo)  [Orabug: 33365609]  {CVE-2021-3739}
- Revert "uek-rpm: mark /etc/ld.so.conf.d/ files as %config" (aloktiw)  [Orabug: 33359669]
- bpf: provide BPF Type Format (BTF) info for kernel (Alan Maguire)  [Orabug: 33331233]
- perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (Like Xu)  [Orabug: 33194216]
- IB/core: Read subnet_prefix in ib_query_port via cache. (Anand Khoje)  [Orabug: 33283556]
- IB/core: Shifting initialization of device->cache_lock (Anand Khoje)  [Orabug: 33283556]
- IB/core: Updating cache for subnet_prefix in config_non_roce_gid_cache() (Anand Khoje)  [Orabug: 33283556]
- IB/core: Shuffle locks in ib_port_data to save memory (Anand Khoje)  [Orabug: 33283556]
- IB/core: Removed port validity check from ib_get_cached_subnet_prefix (Anand Khoje)  [Orabug: 33283556]
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (Dongli Zhang)  [Orabug: 33106728]

[5.4.17-2136.300.1.el7]
- net: qrtr: fix another OOB Read in qrtr_endpoint_post (Xiaolong Huang)  [Orabug: 33336805]  {CVE-2021-3743}
- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o)  [Orabug: 33336785]  {CVE-2021-40490}
- net/mlx5: E-Switch, Fix vlan or qos setting in legacy mode (Vu Pham)  [Orabug: 33291040]
- rds: ib: Set SEND_SIGNALED on the last WR posted (Håkon Bugge)  [Orabug: 33331710]
- RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn)  [Orabug: 33331640]
- usb: hso: fix error handling code of hso_create_net_device (Dongliang Mu)  [Orabug: 33329086]  {CVE-2021-37159}
- hso: fix bailout in error case of probe (Oliver Neukum)  [Orabug: 33329086]  {CVE-2021-37159}
- uek-rpm: Set DEFAULTKERNEL in /etc/sysconfig/kernel correctly (Dave Kleikamp)  [Orabug: 33219604]
- RDMA/mlx5: Fix crash when unbind multiport slave (Maor Gottlieb)  [Orabug: 33303425]
- net/mlx5: Don't overwrite HCA capabilities when setting MSI-X count (Leon Romanovsky)  [Orabug: 33220810]
- net/mlx5: Implement sriov_get_vf_total_msix/count() callbacks (Leon Romanovsky)  [Orabug: 33220810]
- net/mlx5: Dynamically assign MSI-X vectors count (Leon Romanovsky)  [Orabug: 33220810]
- net/mlx5: Add dynamic MSI-X capabilities bits (Leon Romanovsky)  [Orabug: 33220810]
- PCI/IOV: Add sysfs MSI-X vector assignment interface (Leon Romanovsky)  [Orabug: 33220810]
- net/mlx5: Check that driver was probed prior attaching the device (Leon Romanovsky)  [Orabug: 33286656]

[5.4.17-2136.300.0.el7]
- misc/pvpanic: fix set driver data (Mihai Carabas)  [Orabug: 33290806]
- btrfs: fix race between marking inode needs to be logged and log syncing (Filipe Manana)  [Orabug: 33265208]
- vdpa/mlx5: fix feature negotiation across device reset (Si-Wei Liu)  [Orabug: 33247045]
- net/mlx5: E-switch, When eswitch is unsupported, return -EOPNOTSUPP (Parav Pandit)  [Orabug: 33241452]
- xen-acpi-processor: fix coordination type mismatch (Elena Ufimtseva)  [Orabug: 33214673]
- net/mlx5: E-switch, Use eswitch total_vports (Parav Pandit)  [Orabug: 33213269]
- net/mlx5: E-switch, Reuse total_vports and avoid duplicate nvports (Parav Pandit)  [Orabug: 33213269]
- net/mlx5: E-switch, Consider maximum vf vports for steering init (Parav Pandit)  [Orabug: 33213269]
- RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (Maor Gottlieb)  [Orabug: 33303297]
- rds: fix statistics counters and check for memory leak (Hans Westgaard Ry)  [Orabug: 31372378]
- KVM: X86: Micro-optimize IPI fastpath delay (Wanpeng Li)  [Orabug: 33119431]
- net/mlx5_core: Restore driver version (Roy Novich)  [Orabug: 33112151]
- RDMA/umem: Use ib_dma_max_seg_size instead of dma_get_max_seg_size (Christoph Hellwig)  [Orabug: 33107202]
- lib/scatterlist: Do not limit max_segment to PAGE_ALIGNED values (Jason Gunthorpe)  [Orabug: 33107202]
- RDMA/umem: Move to allocate SG table from pages (Maor Gottlieb)  [Orabug: 33107202]
- lib/scatterlist: Add support in dynamic allocation of SG table from pages (Maor Gottlieb)  [Orabug: 33107202]
- uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi)  [Orabug: 33246580]
- rdmaip: trace message buffer size too small for rdmaip debug tracepoints (Alan Maguire)  [Orabug: 33267573]
- driver core: auxiliary bus: Fix memory leak when driver_register() fail (Peter Ujfalusi)  [Orabug: 32461425]
- driver core: auxiliary bus: Remove unneeded module bits (Dave Jiang)  [Orabug: 32461425]
- driver core: auxiliary bus: Fix calling stage for auxiliary bus init (Dave Jiang)  [Orabug: 32461425]
- driver core: auxiliary bus: Fix auxiliary bus shutdown null auxdrv ptr (Dave Jiang)  [Orabug: 32461425]
- bnxt_en: Use register window 6 instead of 5 to read the PHC (Michael Chan)  [Orabug: 33181761]
- bnxt_en: Update firmware call to retrieve TX PTP timestamp (Michael Chan)  [Orabug: 33181761]
- bnxt_en: Update firmware interface to 1.10.2.52 (Michael Chan)  [Orabug: 33181761]

[5.4.17-2122.305.7.el7]
- ice: implement device flash update via devlink (Jacob Keller)  [Orabug: 33236075]
- ice: add board identifier info to devlink .info_get (Jacob Keller)  [Orabug: 33236075]
- ice: add basic handler for devlink .info_get (Jacob Keller)  [Orabug: 33236075]
- ice: enable initial devlink support (Jacob Keller)  [Orabug: 33236075]
- bitops: introduce the for_each_set_clump8 macro (William Breathitt Gray)  [Orabug: 33236075]
- Add pldmfw library for PLDM firmware update (Jacob Keller)  [Orabug: 33236075]
- devlink: expand the devlink-info documentation (Jakub Kicinski)  [Orabug: 33236075]
- devlink: promote "fw.bundle_id" to a generic info version (Jacob Keller)  [Orabug: 33236075]
- devlink: remove trigger command from devlink-region.rst (Jacob Keller)  [Orabug: 33236075]
- devlink: add trap metadata type for cookie (Jiri Pirko)  [Orabug: 33236075]
- devlink: add ACL generic packet traps (Jiri Pirko)  [Orabug: 33236075]
- devlink: Force enclosing array on binary fmsg data (Aya Levin)  [Orabug: 33236075]
- devlink: document devlink info versions reported by bnxt_en driver (Vasundhara Volam)  [Orabug: 33236075]
- devlink: add macro for "fw.roce" (Vasundhara Volam)  [Orabug: 33236075]
- devlink: Add health recover notifications on devlink flows (Moshe Shemesh)  [Orabug: 33236075]
- devlink: Add overlay source MAC is multicast trap (Amit Cohen)  [Orabug: 33236075]
- devlink: Add tunnel generic packet traps (Amit Cohen)  [Orabug: 33236075]
- devlink: Add non-routable packet trap (Amit Cohen)  [Orabug: 33236075]
- devlink: fix typos in qed documentation (Jacob Keller)  [Orabug: 33236075]
- devlink: correct misspelling of snapshot (Jacob Keller)  [Orabug: 33236075]
- devlink: document region snapshot triggering from userspace (Jacob Keller)  [Orabug: 33236075]
- devlink: introduce devlink-dpipe.rst documentation file (Jacob Keller)  [Orabug: 33236075]
- devlink: add a devlink-resource.rst documentation file (Jacob Keller)  [Orabug: 33236075]
- devlink: rename and expand devlink-trap-netdevsim.rst (Jacob Keller)  [Orabug: 33236075]
- devlink: add documentation for ionic device driver (Jacob Keller)  [Orabug: 33236075]
- devlink: add a file documenting devlink regions (Jacob Keller)  [Orabug: 33236075]
- devlink: add a driver-specific file for the qed driver (Jacob Keller)  [Orabug: 33236075]
- devlink: add parameter documentation for the mlx4 driver (Jacob Keller)  [Orabug: 33236075]
- devlink: document info versions for each driver (Jacob Keller)  [Orabug: 33236075]
- devlink: convert driver-specific files to reStructuredText (Jacob Keller)  [Orabug: 33236075]
- devlink: mention reloading in devlink-params.rst (Jacob Keller)  [Orabug: 33236075]
- devlink: add documentation for generic devlink parameters (Jacob Keller)  [Orabug: 33236075]
- devlink: convert devlink-params.txt to reStructuredText (Jacob Keller)  [Orabug: 33236075]
- devlink: rename devlink-info-versions.rst and add a header (Jacob Keller)  [Orabug: 33236075]
- devlink: convert devlink-health.txt to rst format (Jacob Keller)  [Orabug: 33236075]
- devlink: move devlink documentation to subfolder (Jacob Keller)  [Orabug: 33236075]
- devlink: add macro for "fw.psid" (Jacob Keller)  [Orabug: 33236075]
- devlink: add devink notification when reporter update health state (Vikas Gupta)  [Orabug: 33236075]
- rds_rdma: add missing rds_ib_cm_handle_connect tracepoint (Alan Maguire)  [Orabug: 33243559]



More information about the El-errata mailing list