Описание
ELSA-2020-5844: Unbreakable Enterprise kernel security update (IMPORTANT)
[4.14.35-2025.400.9]
- btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31867382] {CVE-2019-18885}
- sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31867387] {CVE-2019-3874}
- Revert 'zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()' (Wade Mealing) [Orabug: 31867403] {CVE-2020-10781}
- x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (Anthony Steinhauser) [Orabug: 31867441] {CVE-2020-10767}
- md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31867436]
- md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31867436]
- random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31867433] {CVE-2020-16166}
- vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31867431] {CVE-2020-14331} {CVE-2020-14331}
- Reverts 'rds: avoid unnecessary cong_update in loop transport' (Iraimani Pavadai) [Orabug: 31867423]
- net/mlx5e: Poll event queue upon TX timeout before performing full channels recovery (Eran Ben Elisha) [Orabug: 31867421]
- net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31867418]
- nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31867417] {CVE-2020-24394}
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31867413]
- rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31867411]
[4.14.35-2025.400.8]
- rds: Test parameter in rds_ib_recv_cache_put (Hans Westgaard Ry) [Orabug: 31737041]
- net/rds: rds_ib_remove_one() needs to wait (Ka-Cheong Poon) [Orabug: 31777364]
- RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784658]
- RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784891]
- tcp: add sanity tests in tcp_add_backlog() (Eric Dumazet) [Orabug: 31780103]
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
kernel-uek
4.14.35-2025.400.9.el7uek
kernel-uek-debug
4.14.35-2025.400.9.el7uek
kernel-uek-debug-devel
4.14.35-2025.400.9.el7uek
kernel-uek-devel
4.14.35-2025.400.9.el7uek
kernel-uek-headers
4.14.35-2025.400.9.el7uek
kernel-uek-tools
4.14.35-2025.400.9.el7uek
kernel-uek-tools-libs
4.14.35-2025.400.9.el7uek
kernel-uek-tools-libs-devel
4.14.35-2025.400.9.el7uek
perf
4.14.35-2025.400.9.el7uek
python-perf
4.14.35-2025.400.9.el7uek
Oracle Linux x86_64
kernel-uek
4.14.35-2025.400.9.el7uek
kernel-uek-debug
4.14.35-2025.400.9.el7uek
kernel-uek-debug-devel
4.14.35-2025.400.9.el7uek
kernel-uek-devel
4.14.35-2025.400.9.el7uek
kernel-uek-doc
4.14.35-2025.400.9.el7uek
kernel-uek-tools
4.14.35-2025.400.9.el7uek
Ссылки на источники
Связанные уязвимости
ELSA-2020-5885: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2020-5845: Unbreakable Enterprise kernel security update (IMPORTANT)
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.
A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.