Описание
ELSA-2021-9006: Unbreakable Enterprise kernel security update (IMPORTANT)
[5.4.17-2036.102.0.2uek]
- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569}
- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
- xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568}
[5.4.17-2036.102.0.1uek]
- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374}
[5.4.17-2036.102.0uek]
- futex: Fix inode life-time issue (Peter Zijlstra) [Orabug: 32233515] {CVE-2020-14381}
- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233352] {CVE-2020-14351}
- intel_idle: Customize IceLake server support (Chen Yu) [Orabug: 32218858]
- dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32210418]
- vhost scsi: fix lun reset completion handling (Mike Christie) [Orabug: 32167069]
- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32167069]
- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32167069]
- vhost scsi: fix cmd completion race (Mike Christie) [Orabug: 32167069]
- vhost scsi: alloc cmds per vq instead of session (Mike Christie) [Orabug: 32167069]
- vhost: Create accessors for virtqueues private_data (Eugenio Perez) [Orabug: 32167069]
- vhost: add helper to check if a vq has been setup (Mike Christie) [Orabug: 32167069]
- scsi: sd: Allow user to configure command retries (Mike Christie) [Orabug: 32167069]
- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug: 32167069]
- scsi: mpt3sas: Update driver version to 36.100.00.00 (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Handle trigger page after firmware update (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Add persistent MPI trigger page (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Add persistent SCSI sense trigger page (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Add persistent Event trigger page (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Add persistent Master trigger page (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Add persistent trigger pages support (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Sync time periodically between driver and firmware (Suganath Prabu S) [Orabug: 32242279]
- scsi: mpt3sas: Bump driver version to 35.101.00.00 (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Add module parameter multipath_on_hba (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Handle vSES vphy object during HBA reset (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Add bypass_dirty_port_flag parameter (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Handling HBA vSES device (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Set valid PhysicalPort in SMPPassThrough (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Update hba_port objects after host reset (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Get sas_device objects using device's rphy (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Rename transport_del_phy_from_an_existing_port() (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Get device objects using sas_address & portID (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Update hba_port's sas_address & phy_mask (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Rearrange _scsih_mark_responding_sas_device() (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Allocate memory for hba_port objects (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Define hba_port structure (Sreekanth Reddy) [Orabug: 32242279]
- scsi: mpt3sas: Fix ioctl timeout (Suganath Prabu S) [Orabug: 32242279]
- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227958] {CVE-2020-25705}
- perf/x86/intel/uncore: Add box_offsets for free-running counters (Kan Liang) [Orabug: 32020885]
- perf/x86/intel/uncore: Factor out __snr_uncore_mmio_init_box (Kan Liang) [Orabug: 32020885]
- perf/x86/intel/uncore: Add Ice Lake server uncore support (Kan Liang) [Orabug: 32020885]
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
kernel-uek
5.4.17-2036.102.0.2.el7uek
kernel-uek-debug
5.4.17-2036.102.0.2.el7uek
kernel-uek-debug-devel
5.4.17-2036.102.0.2.el7uek
kernel-uek-devel
5.4.17-2036.102.0.2.el7uek
kernel-uek-doc
5.4.17-2036.102.0.2.el7uek
kernel-uek-tools
5.4.17-2036.102.0.2.el7uek
kernel-uek-tools-libs
5.4.17-2036.102.0.2.el7uek
perf
5.4.17-2036.102.0.2.el7uek
python-perf
5.4.17-2036.102.0.2.el7uek
Oracle Linux x86_64
kernel-uek
5.4.17-2036.102.0.2.el7uek
kernel-uek-debug
5.4.17-2036.102.0.2.el7uek
kernel-uek-debug-devel
5.4.17-2036.102.0.2.el7uek
kernel-uek-devel
5.4.17-2036.102.0.2.el7uek
kernel-uek-doc
5.4.17-2036.102.0.2.el7uek
kernel-uek-tools
5.4.17-2036.102.0.2.el7uek
Oracle Linux 8
Oracle Linux aarch64
kernel-uek
5.4.17-2036.102.0.2.el8uek
kernel-uek-debug
5.4.17-2036.102.0.2.el8uek
kernel-uek-debug-devel
5.4.17-2036.102.0.2.el8uek
kernel-uek-devel
5.4.17-2036.102.0.2.el8uek
kernel-uek-doc
5.4.17-2036.102.0.2.el8uek
Oracle Linux x86_64
kernel-uek
5.4.17-2036.102.0.2.el8uek
kernel-uek-debug
5.4.17-2036.102.0.2.el8uek
kernel-uek-debug-devel
5.4.17-2036.102.0.2.el8uek
kernel-uek-devel
5.4.17-2036.102.0.2.el8uek
kernel-uek-doc
5.4.17-2036.102.0.2.el8uek
Ссылки на источники
Связанные уязвимости
ELSA-2021-9007: Unbreakable Enterprise kernel-container security update (IMPORTANT)
ELSA-2021-0558: kernel security, bug fix, and enhancement update (IMPORTANT)
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.