Описание
ELSA-2020-5912: Unbreakable Enterprise kernel security update (IMPORTANT)
[4.1.12-124.44.4]
- scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS (himanshu.madhani@cavium.com) [Orabug: 32020790]
[4.1.12-124.44.3]
- qed: Reduce verbosity of unimplemented MFW messages (Mintz, Yuval) [Orabug: 31959299]
- kexec: validate pe files against the system_blacklist_keyring (Eric Snowberg) [Orabug: 31961119] {CVE-2020-26541}
[4.1.12-124.44.2]
- usb: cdc-acm: make sure a refcount is taken early enough (Oliver Neukum) [Orabug: 31351088] {CVE-2019-19530}
- net/rds: migration of a delayed initialized port present in down state (Praveen Kumar Kannoju) [Orabug: 31729995]
- net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31835223]
- mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31835223]
- mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aruna Ramakrishna) [Orabug: 31835223]
- mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aruna Ramakrishna) [Orabug: 31835223]
- mm, page_alloc: remove unnecessary variable from free_pcppages_bulk (Mel Gorman) [Orabug: 31835223]
- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872865] {CVE-2020-25211}
- net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880144]
- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31974559]
[4.1.12-124.44.1]
- oracleasm: Retrieve d_bdev before dropping inode (Stephen Brennan) [Orabug: 31832592]
- KVM: VMX: fixes for vmentry_l1d_flush module parameter (Paolo Bonzini) [Orabug: 31962487]
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
4.1.12-124.44.4.el6uek
kernel-uek-debug
4.1.12-124.44.4.el6uek
kernel-uek-debug-devel
4.1.12-124.44.4.el6uek
kernel-uek-devel
4.1.12-124.44.4.el6uek
kernel-uek-doc
4.1.12-124.44.4.el6uek
kernel-uek-firmware
4.1.12-124.44.4.el6uek
Oracle Linux 7
Oracle Linux x86_64
kernel-uek
4.1.12-124.44.4.el7uek
kernel-uek-debug
4.1.12-124.44.4.el7uek
kernel-uek-debug-devel
4.1.12-124.44.4.el7uek
kernel-uek-devel
4.1.12-124.44.4.el7uek
kernel-uek-doc
4.1.12-124.44.4.el7uek
kernel-uek-firmware
4.1.12-124.44.4.el7uek
Ссылки на источники
Связанные уязвимости
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability.
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability.
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability.
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the L ...
The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability.