OUTSOURCED CYBERSECURITY SUPPORT AND MANAGED SERVICES

Vulnerability & Exploit Database

Vulnerabilities and exploits collected over reliable resources for security professionals and researchers to review

Oracle Linux: (CVE-2021-20177) (Multiple Advisories): Unbreakable Enterprise kernel-container security update

Severity:
4
CVSS:
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published:
02/06/2020
Created:
02/11/2020
Added:
02/09/2020
Modified:
02/09/2020

Description:

[5.4.17-2036.103.3.el7] - Revert 'rds: Deregister all FRWR mr with free_mr' (aru kolappan) [Orabug: 32426610] [5.4.17-2036.103.2.el7] - A/A Bonding: Fix a one-byte-off kmalloc (Hakon Bugge) [Orabug: 32380824] - netfilter: add and use nf_hook_slow_list() (Florian Westphal) [Orabug: 32372530] {CVE-2021-20177} - net/rds: Fix gfp_t parameter (Hans Westgaard Ry) [Orabug: 32372158] - uek-rpm: Report removed symbols also during kabi check (Somasundaram Krishnasamy) [Orabug: 32380061] - A/A Bonding: Introduce selective interface name inclusion (Hakon Bugge) [Orabug: 32350974] - uek-rpm: add nfs_ssc to nano_modules (Calum Mackay) [Orabug: 32346419] - target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug: 32248035] {CVE-2020-28374} [5.4.17-2036.103.1.el7] - mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start (Zhang Xiaohui) [Orabug: 32349203] {CVE-2020-36158} - x86/process: Mark cpu inactive before offlining (Mridula Shastry) [Orabug: 32234812] - add license checking to kABI checker (Dan Duval) [Orabug: 32355206] [5.4.17-2036.103.0.el7] - lockd: don't use interval-based rebinding over TCP (Calum Mackay) [Orabug: 32337715] - tools: update header files in the tools directory (Thomas Tai) [Orabug: 32321484] - perf: Fix a kABI breakage in perf_event.h (Thomas Tai) [Orabug: 32321484] - perf/x86: Fix n_metric for cancelled txn (Peter Zijlstra) [Orabug: 32321484] - perf/x86: Fix n_pair for cancelled txn (Peter Zijlstra) [Orabug: 32321484] - perf/x86/intel: Check perf metrics feature for each CPU (Kan Liang) [Orabug: 32321484] - perf/x86/intel: Support per-thread RDPMC TopDown metrics (Kan Liang) [Orabug: 32321484] - perf/x86/intel: Support TopDown metrics on Ice Lake (Kan Liang) [Orabug: 32321484] - perf/x86: Use event_base_rdpmc for the RDPMC userspace support (Kan Liang) [Orabug: 32321484] - perf/x86: Add a macro for RDPMC offset of fixed counters (Kan Liang) [Orabug: 32321484] - perf/x86/intel: Generic support for hardware TopDown metrics (Kan Liang) [Orabug: 32321484] - perf/core: Add a new PERF_EV_CAP_SIBLING event capability (Kan Liang) [Orabug: 32321484] - perf/core: Unify {pinned,flexible}_sched_in() (Peter Zijlstra) [Orabug: 32321484] - perf/x86/intel: Use switch in intel_pmu_disable/enable_event (Kan Liang) [Orabug: 32321484] - perf/x86: Keep LBR records unchanged in host context for guest usage (Like Xu) [Orabug: 32321484] - perf/x86/intel: Fix the name of perf METRICS (Kan Liang) [Orabug: 32321484] - perf/x86/intel: Move BTS index to 47 (Kan Liang) [Orabug: 32321484] - perf/x86/intel: Introduce the fourth fixed counter (Kan Liang) [Orabug: 32321484] - perf/x86/intel: Name the global status bit in NMI handler (Kan Liang) [Orabug: 32321484] - perf/x86: Add constraint to create guest LBR event without hw counter (Like Xu) [Orabug: 32321484] - perf/x86/lbr: Add interface to get LBR information (Like Xu) [Orabug: 32321484] - perf/x86/core: Refactor hw->idx checks and cleanup (Like Xu) [Orabug: 32321484] - perf/x86/intel: Avoid unnecessary PEBS_ENABLE MSR access in PMI (Kan Liang) [Orabug: 32321484] - perf/x86: Provide stubs of KVM helpers for non-Intel CPUs (Sean Christopherson) [Orabug: 32321484] - partitions/efi: Enable no warning option for the GPT warnings related to alternative header (Saeed Mirzamohammadi) [Orabug: 32302136] - Revert 'cpu/hotplug: avoid race between cpuset_hotplug_workfn and later hotplug' (Daniel Jordan) [Orabug: 32295229] - cpuset: fix race between hotplug work and later CPU offline (Daniel Jordan) [Orabug: 32295229] - uek-rpm: aarch64: update PMU configs for Altra (Dave Kleikamp) [Orabug: 32290034] - driver/perf: Add PMU driver for the ARM DMC-620 memory controller (Tuan Phan) [Orabug: 32290034] - perf: arm-cmn: Fix conversion specifiers for node type (Will Deacon) [Orabug: 32290034] - perf: arm-cmn: Fix unsigned comparison to less than zero (Will Deacon) [Orabug: 32290034] - perf: Add Arm CMN-600 PMU driver (Robin Murphy) [Orabug: 32290034] - perf: Add Arm CMN-600 DT binding (Robin Murphy) [Orabug: 32290034] - perf: arm_dsu: Support DSU ACPI devices (Tuan Phan) [Orabug: 32290034] - arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work (James Morse) [Orabug: 32290034] - ACPI: APEI: Kick the memory_failure() queue for synchronous errors (James Morse) [Orabug: 32290034] - iommu/arm-smmu-v3: Don't reserve implementation defined register space (Jean-Philippe Brucker) [Orabug: 32290034] - Revert 'BACKPORT: perf: Add Arm CMN-600 DT binding' (Dave Kleikamp) [Orabug: 32290034] - Revert 'BACKPORT: WIP: perf: Add Arm CMN-600 PMU driver' (Dave Kleikamp) [Orabug: 32290034] - Revert 'BACKPORT: WIP: perf/arm-cmn: Add ACPI support' (Dave Kleikamp) [Orabug: 32290034] - Revert 'perf: Add ARM DMC-620 PMU driver.' (Dave Kleikamp) [Orabug: 32290034] - Revert 'BACKPORT: ACPI / APEI: Kick the memory_failure() queue for synchronous errors' (Dave Kleikamp) [Orabug: 32290034] - Revert 'BACKPORT: arm64: acpi: Make apei_claim_sea() synchronise with APEI's irq work' (Dave Kleikamp) [Orabug: 32290034] - Revert 'Perf: arm-cmn: Allow irq to be shared.' (Dave Kleikamp) [Orabug: 32290034] - Revert 'perf: arm_cmn: improve and make it work on 2P.' (Dave Kleikamp) [Orabug: 32290034] - Revert 'perf: arm_dsu: Allow IRQ to be shared among devices.' (Dave Kleikamp) [Orabug: 32290034] - Revert 'perf: arm_dsu: Support ACPI mode.' (Dave Kleikamp) [Orabug: 32290034] - Revert 'perf: arm_dmc620: Update ACPI ID.' (Dave Kleikamp) [Orabug: 32290034] - Revert 'perf: avoid breaking KABI by reusing enum' (Dave Kleikamp) [Orabug: 32290034] - Revert 'perf/smmuv3: Allow sharing MMIO registers with the SMMU driver' (Dave Kleikamp) [Orabug: 32290034] - tty: Fix ->session locking (Jann Horn) [Orabug: 32266677] {CVE-2020-29660} - tty: Fix ->pgrp locking in tiocspgrp() (Jann Horn) [Orabug: 32266677] {CVE-2020-29660} - xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel Wieczorkiewicz) [Orabug: 32260252] {CVE-2020-29569} - xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568} - xen/xenbus: Count pending messages for each watch (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568} - xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568} - xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568} - xen/xenbus: Allow watches discard events before queueing (SeongJae Park) [Orabug: 32253409] {CVE-2020-29568} - KVM: x86: clflushopt should be treated as a no-op by emulation (David Edmondson) [Orabug: 32251910]'

Solution(s)


  • oracle-linux-upgrade-kernel-uek
  • oracle-linux-upgrade-kernel-uek-container
  • oracle-linux-upgrade-kernel-uek-container-debug
  • oracle-linux-upgrade-kernel-uek-debug
  • oracle-linux-upgrade-kernel-uek-debug-devel
  • oracle-linux-upgrade-kernel-uek-devel
  • oracle-linux-upgrade-kernel-uek-doc
  • oracle-linux-upgrade-kernel-uek-tools
  • oracle-linux-upgrade-kernel-uek-tools-libs
  • oracle-linux-upgrade-perf
  • oracle-linux-upgrade-python-perf

Reference(s)

WHAT WE DO

OTHER SERVICES

Consulting Services

We help your team successfully protect your company within your budget.

LEARN MORE

Application Security Services

Achieve more-secure applications, compliant environments, and safer systems development with streamlined and repeatable processes.

LEARN MORE

Data Security Services

Protectyour critical data across multiple environments, meet privacy regulations and simplify operational complexity.

LEARN MORE

Cloud Security Testing Services

Identify cloud vulnerabilities that tools alone cannot find.

LEARN MORE

Security Risk Services

Secure your operations and respond to threats with accuracy and speed.

LEARN MORE

Cloud Security Monitoring Services

Real-time threat detection across your cloud deployments.

LEARN MORE