Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2021-9085

Опубликовано: 11 мар. 2021
Источник: oracle-oval
Платформа: Oracle Linux 7
Платформа: Oracle Linux 8

Описание

ELSA-2021-9085: Unbreakable Enterprise kernel security update (IMPORTANT)

[5.4.17-2036.104.4.el8uek]

  • KVM: arm64: guest context in x18 instead of x29 (Mihai Carabas) [Orabug: 32545182]

[5.4.17-2036.104.3.el8uek]

  • config: enable CONFIG_MLX5_MPFS (Brian Maly) [Orabug: 32249042]
  • net: Fix bridge enslavement failure (Ido Schimmel) [Orabug: 32503298]
  • inet: do not call sublist_rcv on empty list (Florian Westphal) [Orabug: 32512814]
  • KVM: arm64: pmu: Dont mark a counter as chained if the odd one is disabled (Eric Auger) [Orabug: 32499188]
  • random: wire /dev/random with a DRBG instance (Saeed Mirzamohammadi) [Orabug: 32522087]
  • crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) [Orabug: 32522087]
  • crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) [Orabug: 32522087]
  • crypto: jitter - SP800-90B compliance (Stephan Muller) [Orabug: 32522087]
  • crypto: jitter - add header to fix buildwarnings (Ben Dooks) [Orabug: 32522087]
  • crypto: jitter - fix comments (Alexander E. Patrakov) [Orabug: 32522087]
  • xen-blkback: fix error handling in xen_blkbk_map() (Jan Beulich) [Orabug: 32492109] {CVE-2021-26930}
  • xen-scsiback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}
  • xen-netback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}
  • xen-blkback: dont 'handle' error by BUG() (Jan Beulich) [Orabug: 32492101] {CVE-2021-26931}
  • Xen/gntdev: correct error checking in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
  • Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
  • Xen/x86: also check kernel mapping in set_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}
  • Xen/x86: dont bail early from clear_foreign_p2m_mapping() (Jan Beulich) [Orabug: 32492093] {CVE-2021-26932}

[5.4.17-2036.104.2.el8uek]

  • tcp: fix to update snd_wl1 in bulk receiver fast path (Neal Cardwell) [Orabug: 32498822]
  • selinux: allow reading labels before policy is loaded (Jonathan Lebon) [Orabug: 32492277]
  • selinux: allow labeling before policy is loaded (Jonathan Lebon) [Orabug: 32492277]
  • KVM: SVM: Initialize prev_ga_tag before use (Suravee Suthikulpanit) [Orabug: 32478549]
  • tools/power turbostat: Support additional CPU model numbers (Len Brown) [Orabug: 32422451]
  • x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) [Orabug: 32422451]
  • x86/cpu: Add Sapphire Rapids CPU model number (Tony Luck) [Orabug: 32422451]
  • tools/power turbostat: Support Tiger Lake (Chen Yu) [Orabug: 32422451]
  • uek-rpm: config-aarch64: enable MEMORY HOTREMOVE (Mihai Carabas) [Orabug: 32353851]
  • arm64/mm/hotplug: Ensure early memory sections are all online (Anshuman Khandual) [Orabug: 32353851]
  • arm64/mm/hotplug: Enable MEM_OFFLINE event handling (Anshuman Khandual) [Orabug: 32353851]
  • arm64/mm/hotplug: Register boot memory hot remove notifier earlier (Anshuman Khandual) [Orabug: 32353851]
  • arm64/mm: Enable memory hot remove (Anshuman Khandual) [Orabug: 32353851]
  • arm64/mm: Hold memory hotplug lock while walking for kernel page table dump (Anshuman Khandual) [Orabug: 32353851]
  • KVM: arm64: Save/restore sp_el0 as part of __guest_enter (Marc Zyngier) [Orabug: 32171445]
  • net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32492969]
  • net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32492969]

[5.4.17-2036.104.1.el8uek]

  • vhost scsi: alloc vhost_scsi with kvzalloc() to avoid delay (Dongli Zhang) [Orabug: 32471677]
  • HID: hid-input: fix stylus battery reporting (Dmitry Torokhov) [Orabug: 32464784] {CVE-2020-0431}
  • nbd: freeze the queue while were adding connections (Josef Bacik) [Orabug: 32447285] {CVE-2021-3348}
  • futex: Handle faults correctly for PI futexes (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
  • futex: Simplify fixup_pi_state_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
  • futex: Use pi_state_update_owner() in put_pi_state() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
  • rtmutex: Remove unused argument from rt_mutex_proxy_unlock() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
  • futex: Dont enable IRQs unconditionally in put_pi_state() (Dan Carpenter) [Orabug: 32447187] {CVE-2021-3347}
  • futex: Provide and use pi_state_update_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
  • futex: Replace pointless printk in fixup_owner() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
  • futex: Ensure the correct return value from futex_lock_pi() (Thomas Gleixner) [Orabug: 32447187] {CVE-2021-3347}
  • uek-rpm: Enable Oracle Pilot BMC module (Eric Snowberg) [Orabug: 32422662]
  • hwmon: Add a new Oracle Pilot BMC driver (Eric Snowberg) [Orabug: 32422662]
  • arm64: Reserve only 256M on RPi for crashkernel=auto (Vijay Kumar) [Orabug: 32301026]

[5.4.17-2036.104.0.el8uek]

  • Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426610]
  • thermal: intel_pch_thermal: Add PCI ids for Lewisburg PCH. (Andres Freund) [Orabug: 32424705]
  • thermal: intel: intel_pch_thermal: Add Cannon Lake Low Power PCH support (Sumeet Pawnikar) [Orabug: 32424705]
  • thermal: intel: intel_pch_thermal: Add Comet Lake (CML) platform support (Gayatri Kammela) [Orabug: 32424705]
  • nfs: Fix security label length not being reset (Jeffrey Mitchell) [Orabug: 32350989]
  • ovl: check permission to open real file (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}
  • ovl: verify permissions in ovl_path_open() (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}
  • ovl: switch to mounter creds in readdir (Miklos Szeredi) [Orabug: 32046372] {CVE-2020-16120}
  • ovl: pass correct flags for opening real directory (Miklos Szeredi) [Orabug: 32046372]
  • A/A Bonding: Add synchronized bundle failback (Gerd Rausch) [Orabug: 32381883]

Обновленные пакеты

Oracle Linux 7

Oracle Linux aarch64

kernel-uek

5.4.17-2036.104.4.el7uek

kernel-uek-debug

5.4.17-2036.104.4.el7uek

kernel-uek-debug-devel

5.4.17-2036.104.4.el7uek

kernel-uek-devel

5.4.17-2036.104.4.el7uek

kernel-uek-doc

5.4.17-2036.104.4.el7uek

kernel-uek-tools

5.4.17-2036.104.4.el7uek

kernel-uek-tools-libs

5.4.17-2036.104.4.el7uek

perf

5.4.17-2036.104.4.el7uek

python-perf

5.4.17-2036.104.4.el7uek

Oracle Linux x86_64

kernel-uek

5.4.17-2036.104.4.el7uek

kernel-uek-debug

5.4.17-2036.104.4.el7uek

kernel-uek-debug-devel

5.4.17-2036.104.4.el7uek

kernel-uek-devel

5.4.17-2036.104.4.el7uek

kernel-uek-doc

5.4.17-2036.104.4.el7uek

kernel-uek-tools

5.4.17-2036.104.4.el7uek

Oracle Linux 8

Oracle Linux aarch64

kernel-uek

5.4.17-2036.104.4.el8uek

kernel-uek-debug

5.4.17-2036.104.4.el8uek

kernel-uek-debug-devel

5.4.17-2036.104.4.el8uek

kernel-uek-devel

5.4.17-2036.104.4.el8uek

kernel-uek-doc

5.4.17-2036.104.4.el8uek

Oracle Linux x86_64

kernel-uek

5.4.17-2036.104.4.el8uek

kernel-uek-debug

5.4.17-2036.104.4.el8uek

kernel-uek-debug-devel

5.4.17-2036.104.4.el8uek

kernel-uek-devel

5.4.17-2036.104.4.el8uek

kernel-uek-doc

5.4.17-2036.104.4.el8uek

Связанные CVE

CVE-2020-16120
CVE-2021-26931
CVE-2020-0431
CVE-2021-26930
CVE-2021-3347
CVE-2021-3348
CVE-2021-26932

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2021-9086

oracle-oval
больше 4 лет назад

ELSA-2021-9086: Unbreakable Enterprise kernel-container security update (IMPORTANT)

oracle-oval логотип

ELSA-2021-9079

oracle-oval
больше 4 лет назад

ELSA-2021-9079: Unbreakable Enterprise kernel security update (IMPORTANT)

oracle-oval логотип

ELSA-2021-9087

oracle-oval
больше 4 лет назад

ELSA-2021-9087: Unbreakable Enterprise kernel-container security update (IMPORTANT)

oracle-oval логотип

ELSA-2021-9084

oracle-oval
больше 4 лет назад

ELSA-2021-9084: Unbreakable Enterprise kernel security update (IMPORTANT)

ubuntu логотип

CVE-2020-16120

CVSS3: 5.1
ubuntu
больше 4 лет назад

Overlayfs did not properly perform permission checking when copying up files in an overlayfs and could be exploited from within a user namespace, if, for example, unprivileged user namespaces were allowed. It was possible to have a file not readable by an unprivileged user to be copied to a mountpoint controlled by the user, like a removable device. This was introduced in kernel version 4.19 by commit d1d04ef ("ovl: stack file ops"). This was fixed in kernel version 5.8 by commits 56230d9 ("ovl: verify permissions in ovl_path_open()"), 48bd024 ("ovl: switch to mounter creds in readdir") and 05acefb ("ovl: check permission to open real file"). Additionally, commits 130fdbc ("ovl: pass correct flags for opening real directory") and 292f902 ("ovl: call secutiry hook in ovl_real_ioctl()") in kernel 5.8 might also be desired or necessary. These additional commits introduced a regression in overlay mounts within user namespaces which prevented access to files with ownership outside of the...