[Oraclevm-errata] OVMSA-2020-0019 Important: Oracle VM 3.4 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle VM oraclevm-errata at oss.oracle.com
Wed Jun 3 14:15:32 PDT 2020


Oracle VM Security Advisory OVMSA-2020-0019

The following updated rpms for Oracle VM 3.4 have been uploaded to the 
Unbreakable Linux Network:

x86_64:
kernel-uek-4.1.12-124.39.2.1.el6uek.x86_64.rpm
kernel-uek-firmware-4.1.12-124.39.2.1.el6uek.noarch.rpm


SRPMS:
http://oss.oracle.com/oraclevm/server/3.4/SRPMS-updates/kernel-uek-4.1.12-124.39.2.1.el6uek.src.rpm



Description of changes:

[4.1.12-124.39.2.1.el6uek]
- KVM: x86: Remove spurious semicolon (Joao Martins)  [Orabug: 31413782]

[4.1.12-124.39.2.el6uek]
- genirq: Use rcu in kstat_irqs_usr() (Eric Dumazet)
- genirq: Make sparse_irq_lock protect what it should protect (Thomas Gleixner)  [Orabug: 30953676]
- genirq: Free irq_desc with rcu (Thomas Gleixner)  [Orabug: 30953676]

[4.1.12-124.39.1.el6uek]
- qla2xxx: Update driver version to 9.00.00.00.42.0-k1-v2 (Arun Easi)  [Orabug: 30372266]
- qla2xxx: Fix device discovery when FCP2 device is lost. (Arun Easi)  [Orabug: 30372266]
- brcmfmac: add subtype check for event handling in data path (John Donnelly)  [Orabug: 30776354]  {CVE-2019-9503}
- percpu-refcount: fix reference leak during percpu-atomic transition (Douglas Miller)  [Orabug: 30867060]
- blk-mq: Allow timeouts to run while queue is freezing (Gabriel Krisman Bertazi)  [Orabug: 30867060]
- fs/dcache.c: fix spin lockup issue on nlru->lock (Junxiao Bi)  [Orabug: 30953290]
- jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi)  [Orabug: 31234664]
- mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost)  [Orabug: 31246302]  {CVE-2019-19056}
- drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() (Vladis Dronov)  [Orabug: 31262557]  {CVE-2017-7346}

[4.1.12-124.38.5.el6uek]
- i40e: Increment the driver version for FW API update (Jack Vogel)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: Update FW API version to 1.9 (Piotr Azarewicz)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: Changed maximum supported FW API version to 1.8 (Adam Ludkiewicz)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (Scott Peterson)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: fix reading LLDP configuration (Mariusz Stachura)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: Add capability flag for stopping FW LLDP (Krzysztof Galazka)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: refactor FW version checking (Mitch Williams)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: shutdown all IRQs and disable MSI-X when suspended (Jacob Keller)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: prevent service task from running while we're suspended (Jacob Keller)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: don't clear suspended state until we finish resuming (Jacob Keller)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: use newer generic PM support instead of legacy PM callbacks (Jacob Keller)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: use separate state bit for miscellaneous IRQ setup (Jacob Keller)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: fix for flow director counters not wrapping as expected (Mariusz Stachura)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: relax warning message in case of version mismatch (Mariusz Stachura)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: simplify member variable accesses (Sudheer Mogilappagari)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: Fix link down message when interface is brought up (Sudheer Mogilappagari)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: Fix unqualified module message while bringing link up (Sudheer Mogilappagari)  [Orabug: 31051191]  {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}

[4.1.12-124.38.4.el6uek]
- HID: Fix assumption that devices have inputs (Alan Stern)  [Orabug: 31208622]  {CVE-2019-19532}
- qla2xxx: DBG: disable 3D mailbox. (Quinn Tran)  [Orabug: 30890687]
- scsi: qla2xxx: Fix mtcp dump collection failure (Quinn Tran)  [Orabug: 30890687]
- scsi: qla2xxx: Add Serdes support for ISP27XX (Joe Carnuccio)  [Orabug: 30890687]
- vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu)  [Orabug: 31143947]  {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8649} {CVE-2020-8647}
- HID: hiddev: do cleanup in failure of opening a device (Hillf Danton)  [Orabug: 31206360]  {CVE-2019-19527}
- HID: hiddev: avoid opening a disconnected device (Hillf Danton)  [Orabug: 31206360]  {CVE-2019-19527}
- USB: adutux: fix use-after-free on disconnect (Johan Hovold)  [Orabug: 31233769]  {CVE-2019-19523}

[4.1.12-124.38.3.el6uek]
- ipv4: implement support for NOPREFIXROUTE ifa flag for ipv4 address (Paolo Abeni)  [Orabug: 30292825]
- vt: selection, push sel_lock up (Jiri Slaby)  [Orabug: 30923298]  {CVE-2020-8648}
- vt: selection, push console lock down (Jiri Slaby)  [Orabug: 30923298]  {CVE-2020-8648}
- vt: selection, close sel_buffer race (Jiri Slaby)  [Orabug: 30923298]  {CVE-2020-8648} {CVE-2020-8648}
- xfs: stop searching for free slots in an inode chunk when there are none (Carlos Maiolino)  [Orabug: 31030659]
- xfs: fix up xfs_swap_extent_forks inline extent handling (Eric Sandeen)  [Orabug: 31032831]
- xfs: validate sb_logsunit is a multiple of the fs blocksize (Darrick J. Wong)  [Orabug: 31034071]
- mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Wen Huang)  [Orabug: 31104481]  {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816}

[4.1.12-124.38.2.el6uek]
- rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu)  [Orabug: 30770962]  {CVE-2016-5244}
- xfs: do async inactivation only when fs freezed (Junxiao Bi)  [Orabug: 30944736]
- xfs: fix deadlock between shrinker and fs freeze (Junxiao Bi)  [Orabug: 30944736]
- xfs: increase the default parallelism levels of pwork clients (Junxiao Bi)  [Orabug: 30944736]
- xfs: decide if inode needs inactivation (Junxiao Bi)  [Orabug: 30944736]
- xfs: refactor the predicate part of xfs_free_eofblocks (Junxiao Bi)  [Orabug: 30944736]
- floppy: check FDC index for errors before assigning it (Linus Torvalds)  [Orabug: 31067516]  {CVE-2020-9383}
- KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov)  [Orabug: 31118691]
- slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe)  [Orabug: 31136753]  {CVE-2020-11494}

[4.1.12-124.38.1.el6uek]
- rds: transport module should be auto loaded when transport is set (Rao Shoaib)  [Orabug: 31031928]
- KVM: X86: Fix NULL deref in vcpu_scan_ioapic (Wanpeng Li)  [Orabug: 31078882]
- vhost: Check docket sk_family instead of call getname (Eugenio Pérez)  [Orabug: 31085993]  {CVE-2020-10942}
- Revert "oled: give panic handler chance to run before kexec" (Wengang Wang)  [Orabug: 31098797]

[4.1.12-124.37.3.el6uek]
- kernel: cpu.c: fix return in void function cpu_smt_disable (Mihai Carabas)  [Orabug: 31047871]
- net: qlogic: Fix memory leak in ql_alloc_large_buffers (Navid Emamdoost)  [Orabug: 31055327]  {CVE-2019-18806}
- swiotlb: clean up reporting (Kees Cook)  [Orabug: 31085017]  {CVE-2018-5953}
- KVM: x86: Expose more Intel AVX512 feature to guest (Luwei Kang)  [Orabug: 31085086]
- x86/cpufeature: Enable new AVX-512 features (Fenghua Yu)  [Orabug: 31085086]

[4.1.12-124.37.2.el6uek]
- xenbus: req->err should be updated before req->state (Dongli Zhang)  [Orabug: 30705030]
- xenbus: req->body should be updated before req->state (Dongli Zhang)  [Orabug: 30705030]




More information about the Oraclevm-errata mailing list