Описание
ELSA-2020-5962: Unbreakable Enterprise kernel security update (IMPORTANT)
[4.1.12-124.45.6]
- qla2xxx: disable target reset during link reset and update version (Quinn Tran) [Orabug: 32095664]
- scsi: qla2xxx: Fix early srb free on abort (Quinn Tran) [Orabug: 32095664]
- scsi: qla2xxx: Fix comment in MODULE_PARM_DESC in qla2xxx (Masanari Iida) [Orabug: 32095664]
- scsi: qla2xxx: Enable Async TMF processing (himanshu.madhani@cavium.com) [Orabug: 32095664]
- qla2xxx: tweak debug message for task management path (Quinn Tran) [Orabug: 32095664]
- scsi: qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (Arun Easi) [Orabug: 32095664]
- scsi: qla2xxx: Fix fabric scan hang (Quinn Tran) [Orabug: 32095664]
- scsi: qla2xxx: Do command completion on abort timeout (Quinn Tran) [Orabug: 32095664]
- scsi: qla2xxx: Fix abort timeout race condition. (Quinn Tran) [Orabug: 32095664]
- scsi: qla2xxx: Fix race between switch cmd completion and timeout (Quinn Tran) [Orabug: 32095664]
- scsi: qla2xxx: Add IOCB resource tracking (Quinn Tran) [Orabug: 32095664]
- scsi: qla2xxx:v2: Fix double scsi_done for abort path (Quinn Tran) [Orabug: 32095664]
- scsi: qla2xxx: v2 Fix a race condition between aborting and completing a SCSI command (Bart Van Assche) [Orabug: 32095664]
- scsi: qla2xxx: Really fix qla2xxx_eh_abort() (Bart Van Assche) [Orabug: 32095664]
- scsi: qla2xxx: v2 Reject EH_{abort|device_reset|target_request} (Quinn Tran) [Orabug: 32095664]
- scsi: qla2xxx: v2: Fix race conditions in the code for aborting SCSI commands (Bart Van Assche) [Orabug: 32095664]
[4.1.12-124.45.5]
- IB/ipoib: Arm 'send_cq' to process completions in due time (Gerd Rausch) [Orabug: 31512608]
[4.1.12-124.45.4]
- block: Move part of bdi_destory() to del_gendisk() as bdi_unregister(). (Jan Kara) [Orabug: 32124131]
- kernel: add panic_on_taint (Rafael Aquini) [Orabug: 32138039]
[4.1.12-124.45.3]
- drm/vmwgfx: Make sure backup_handle is always valid (Sinclair Yeh) [Orabug: 31352076] {CVE-2017-9605}
- random32: move the pseudo-random 32-bit definitions to prandom.h (Linus Torvalds) [Orabug: 31698086] {CVE-2020-16166}
- random32: remove net_rand_state from the latent entropy gcc plugin (Linus Torvalds) [Orabug: 31698086] {CVE-2020-16166}
- random: fix circular include dependency on arm64 after addition of percpu.h (Willy Tarreau) [Orabug: 31698086] {CVE-2020-16166}
- random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31698086] {CVE-2020-16166}
- x86/kvm: move kvm_load/put_guest_xcr0 into atomic context (WANG Chao) [Orabug: 32021856]
- kvm: x86: do not leak guest xcr0 into host interrupt handlers (David Matlack) [Orabug: 32021856]
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
4.1.12-124.45.6.el6uek
kernel-uek-debug
4.1.12-124.45.6.el6uek
kernel-uek-debug-devel
4.1.12-124.45.6.el6uek
kernel-uek-devel
4.1.12-124.45.6.el6uek
kernel-uek-doc
4.1.12-124.45.6.el6uek
kernel-uek-firmware
4.1.12-124.45.6.el6uek
Oracle Linux 7
Oracle Linux x86_64
kernel-uek
4.1.12-124.45.6.el7uek
kernel-uek-debug
4.1.12-124.45.6.el7uek
kernel-uek-debug-devel
4.1.12-124.45.6.el7uek
kernel-uek-devel
4.1.12-124.45.6.el7uek
kernel-uek-doc
4.1.12-124.45.6.el7uek
kernel-uek-firmware
4.1.12-124.45.6.el7uek
Связанные CVE
Связанные уязвимости
The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.
The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.
The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.
The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW ...
The Linux kernel through 5.7.11 allows remote attackers to make observations that help to obtain sensitive information about the internal state of the network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and kernel/time/timer.c.