Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2020-10742) ELSA-2020-4060: kernel security, bug fix, and enhancement update

Back to Search

Oracle Linux: (CVE-2020-10742) ELSA-2020-4060: kernel security, bug fix, and enhancement update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
10/06/2020
Created
10/09/2020
Added
10/07/2020
Modified
10/07/2020

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2020-4060:

[3.10.0-1160.OL7] - Oracle Linux certificates (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com) - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3 [3.10.0-1160] - [kernel] modsign: Add nomokvarconfig kernel parameter (Lenny Szubowicz) [1867857] - [firmware] modsign: Add support for loading certs from the EFI MOK config table (Lenny Szubowicz) [1867857] - [kernel] modsign: Move import of MokListRT certs to separate routine (Lenny Szubowicz) [1867857] - [kernel] modsign: Avoid spurious error message after last MokListRTn (Lenny Szubowicz) [1867857] [3.10.0-1159] - [kernel] modsign: Import certificates from optional MokListRT (Lenny Szubowicz) [1862840] - [crypto] crypto/pefile: Support multiple signatures in verify_pefile_signature (Lenny Szubowicz) [1862840] - [crypto] crypto/pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1862840] [3.10.0-1158] - [redhat] switch secureboot kernel image signing to release keys (Jan Stancek) [] [3.10.0-1157] - [fs] signal: Dont send signals to tasks that dont exist (Vladis Dronov) [1856166] [3.10.0-1156] - [fs] gfs2: Fix regression due to unwanted gfs2_qa_put (Robert S Peterson) [1798713] - [include] signal: Unfairly acquire tasklist_lock in send_sigio() if irq disabled (Waiman Long) [1838799] - [fs] signal: Dont take tasklist_lock if PID type is PIDTYPE_PID (Waiman Long) [1838799] - [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1820632] {CVE-2020-12888} [3.10.0-1155] - [x86] Revert 'x86: respect memory size limiting via mem= parameter' (Joel Savitz) [1851576] - [mm] Revert 'mm/memory_hotplug.c: only respect mem= parameter during boot stage' (Joel Savitz) [1851576] - [fs] nfsd: only WARN once on unmapped errors ('J. Bruce Fields') [1850430] - [powerpc] pci/of: Fix OF flags parsing for 64bit BARs (Greg Kurz) [1840114] - [fs] cifs: fix NULL dereference in match_prepath (Leif Sahlberg) [1759852] [3.10.0-1154] - [fs] gfs2: move privileged user check to gfs2_quota_lock_check (Robert S Peterson) [1798713] - [fs] gfs2: Fix problems regarding gfs2_qa_get and _put (Robert S Peterson) [1798713] - [fs] gfs2: dont call quota_unhold if quotas are not locked (Robert S Peterson) [1798713] - [fs] gfs2: Remove unnecessary gfs2_qa_{get, put} pairs (Robert S Peterson) [1798713] - [fs] gfs2: Split gfs2_rsqa_delete into gfs2_rs_delete and gfs2_qa_put (Robert S Peterson) [1798713] - [fs] gfs2: Change inode qa_data to allow multiple users (Robert S Peterson) [1798713] - [fs] gfs2: eliminate gfs2_rsqa_alloc in favor of gfs2_qa_alloc (Robert S Peterson) [1798713] - [fs] gfs2: Switch to list_{first,last}_entry (Robert S Peterson) [1798713] - [fs] gfs2: Clean up inode initialization and teardown (Robert S Peterson) [1798713] - [fs] gfs2: Minor gfs2_alloc_inode cleanup (Robert S Peterson) [1798713] - [fs] gfs2: Fix busy-on-umount in gfs2_atomic_open() (Andrew Price) [1812558] [3.10.0-1153] - [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843437] {CVE-2020-10757} - [mm] mm, dax: check for pmd_none() after split_huge_pmd() (Rafael Aquini) [1843437] {CVE-2020-10757} - [mm] mm: mremap: streamline move_page_tables()s move_huge_pmd() corner case (Rafael Aquini) [1843437] {CVE-2020-10757} - [mm] mm: mremap: validate input before taking lock (Rafael Aquini) [1843437] {CVE-2020-10757} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844070] {CVE-2020-12654} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844026] {CVE-2020-12653} - [net] netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 (Florian Westphal) [1845428] [3.10.0-1152] - [nvmem] nvmem: properly handle returned value nvmem_reg_read (Vladis Dronov) [1844409] - [mailbox] PCC: fix dereference of ERR_PTR (Vladis Dronov) [1844409] - [kernel] futex: Unlock hb->lock in futex_wait_requeue_pi() error path (Vladis Dronov) [1844409] - [fs] aio: fix inconsistent ring state (Jeff Moyer) [1845326] - [vfio] vfio/mdev: make create attribute static (Vladis Dronov) [1837549] - [vfio] treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Synchronize device create/remove with parent removal (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid creating sysfs remove file on stale device removal (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Improve the create/remove sequence (Vladis Dronov) [1837549] - [vfio] treewide: Add SPDX license identifier - Makefile/Kconfig (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid inline get and put parent helpers (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Fix aborting mdev child device removal if one fails (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Follow correct remove sequence (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid masking error code to EBUSY (Vladis Dronov) [1837549] - [include] vfio/mdev: Drop redundant extern for exported symbols (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Removed unused kref (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Avoid release parent reference during error path (Vladis Dronov) [1837549] - [vfio] vfio/mdev: Add iommu related member in mdev_device (Vladis Dronov) [1837549] - [vfio] vfio/mdev: add static modifier to add_mdev_supported_type (Vladis Dronov) [1837549] - [vfio] vfio: mdev: make a couple of functions and structure vfio_mdev_driver static (Vladis Dronov) [1837549] - [char] tpm/tpm_tis: Free IRQ if probing fails (David Arcari) [1774698] - [kernel] audit: fix a memleak caused by auditing load module (Richard Guy Briggs) [1843370] - [kernel] audit: fix potential null dereference 'context->module.name' (Richard Guy Briggs) [1843370] - [nvme] nvme: limit number of IO queues on Dell/Samsung config (David Milburn) [1837617] [3.10.0-1151] - [netdrv] qede: Fix multicast mac configuration (Michal Schmidt) [1740064] - [scsi] sd_dif: avoid incorrect ref_tag errors on 4K devices larger than 2TB (Ewan Milne) [1833528] - [hid] HID: hiddev: do cleanup in failure of opening a device (Torez Smith) [1814257] {CVE-2019-19527} - [hid] HID: hiddev: avoid opening a disconnected device (Torez Smith) [1814257] {CVE-2019-19527} - [x86] x86: make mul_u64_u64_div_u64() 'static inline' (Oleg Nesterov) [1845864] - [mm] mm: page_isolation: fix potential warning from user (Rafael Aquini) [1845620] - [s390] s390/mm: correct return value of pmd_pfn (Claudio Imbrenda) [1841106] - [fs] fs/proc/vmcore.c:mmap_vmcore: skip non-ram pages reported by hypervisors (Lianbo Jiang) [1790799] - [kernel] kernel/sysctl.c: ignore out-of-range taint bits introduced via kernel.tainted (Rafael Aquini) [1845356] - [documentation] kernel: add panic_on_taint (Rafael Aquini) [1845356] - [fs] ext4: Remove unwanted ext4_bread() from ext4_quota_write() (Lukas Czerner) [1845379] - [scsi] scsi: sg: add sg_remove_request in sg_write ('Ewan D. Milne') [1840699] {CVE-2020-12770} - [fs] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() (Donghai Qiao) [1832062] {CVE-2020-10732} [3.10.0-1150] - [netdrv] net/mlx5e: Fix handling of compressed CQEs in case of low NAPI budget (Alaa Hleihel) [1845020] - [mm] memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (Waiman Long) [1842715] - [mm] memcg: only free spare array when readers are done (Waiman Long) [1842715] - [powerpc] powerpc/crashkernel: Take 'mem=' option into account (Pingfan Liu) [1751555] - [infiniband] IB/ipoib: Fix double free of skb in case of multicast traffic in CM mode (Kamal Heib) [1597952] - [security] selinux: properly handle multiple messages in selinux_netlink_send() (Ondrej Mosnacek) [1839650] {CVE-2020-10751} - [netdrv] net: ena: Add PCI shutdown handler to allow safe kexec (Bhupesh Sharma) [1841578] - [x86] x86/speculation: Support old struct x86_cpu_id & x86_match_cpu() kABI (Waiman Long) [1827188] {CVE-2020-0543} - [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827188] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827188] {CVE-2020-0543} - [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827188] {CVE-2020-0543} - [cpufreq] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827188] {CVE-2020-0543} header (Waiman Long) [1827188] {CVE-2020-0543} [3.10.0-1149] - [mm] mm/memory_hotplug.c: only respect mem= parameter during boot stage (Joel Savitz) [1838795] - [netdrv] qed: Reduce the severity of ptp debug message (Manish Chopra) [1703770] - [kernel] pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes (Jay Shin) [1836620] - [fs] gfs2: remove BUG_ON() from gfs2_log_alloc_bio() (Abhijith Das) [1828454] - [fs] gfs2: Even more gfs2_find_jhead fixes (Abhijith Das) [1828454] - [fs] quota: fix return value in dqget() (Eric Sandeen) [1842761] - [fs] proc_sysctl.c: fix potential page fault while unregistering sysctl table (Carlos Maiolino) [1843368] - [fs] ext4: fix error handling in ext4_ext_shift_extents (Lukas Czerner) [1843366] - [vhost] vhost: Check docket sk_family instead of call getname (Vladis Dronov) [1823302] {CVE-2020-10942} - [input] hyperv-keyboard - add module description (Mohammed Gamal) [1842689] - [hv] hv: Add a module description line to the hv_vmbus driver (Mohammed Gamal) [1842689] - [hid] hyperv: Add a module description line (Mohammed Gamal) [1842689] - [x86] sched/cputime: Improve cputime_adjust() (Oleg Nesterov) [1511040] - [acpi] ACPI: APEI: call into AER handling regardless of severity (Al Stone) [1737246] - [acpi] ACPI: APEI: handle PCIe AER errors in separate function (Al Stone) [1737246] - [acpi] ras: acpi/apei: cper: add support for generic data v3 structure (Al Stone) [1737246] - [acpi] ACPICA: ACPI 6.1: Updates for the HEST ACPI table (Al Stone) [1737246] - [acpi] ACPI / APEI: Switch to use new generic UUID API (Al Stone) [1737246] - [x86] x86/efi-bgrt: Quirk for BGRT when memory encryption active (Lenny Szubowicz) [1723477] - [scsi] scsi: megaraid_sas: Update driver version to 07.714.04.00-rc1 (Tomas Henzl) [1840550] - [scsi] scsi: megaraid_sas: TM command refire leads to controller firmware crash (Tomas Henzl) [1840550] - [scsi] scsi: megaraid_sas: Replace undefined MFI_BIG_ENDIAN macro with __BIG_ENDIAN_BITFIELD macro (Tomas Henzl) [1840550] - [scsi] scsi: megaraid_sas: Limit device queue depth to controller queue depth (Tomas Henzl) [1840550] - [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1820632] {CVE-2020-12888} - [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1820632] {CVE-2020-12888} - [fs] signal: Extend exec_id to 64bits (Chris von Recklinghausen) [1834650] {CVE-2020-12826} [3.10.0-1148] - [x86] hyper-v: Report crash data in die() when panic_on_oops is set (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Report crash register data when sysctl_record_panic_msg is not set (Mohammed Gamal) [1828450] - [x86] hyper-v: Report crash register data or kmsg before running crash kernel (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Trigger crash enlightenment only once during system crash (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Free hv_panic_page when fail to register kmsg dump (Mohammed Gamal) [1828450] - [hv] x86/hyper-v: Unload vmbus channel in hv panic callback (Mohammed Gamal) [1828450] - [hv] vmbus: Fix the issue with freeing up hv_ctl_table_hdr (Mohammed Gamal) [1828450] - [hv] vmus: Fix the check for return value from kmsg get dump buffer (Mohammed Gamal) [1828450] - [hv] Send one page worth of kmsg dump over Hyper-V during panic (Mohammed Gamal) [1828450] - [x86] kvm: x86: Allow suppressing prints on RDMSR/WRMSR of unhandled MSRs (Vitaly Kuznetsov) [1837412] - [fs] ext4: Fix race when checking i_size on direct i/o read (Lukas Czerner) [1506437] - [fs] copy_file_range should return ENOSYS not EOPNOTSUPP ('J. Bruce Fields') [1783554] - [fs] NFSv4.1 fix incorrect return value in copy_file_range ('J. Bruce Fields') [1783554] - [x86] Remove the unsupported check for Intel IceLake (Steve Best) [1841237] - [md] md/raid1: release pending accounting for an I/O only after write-behind is also finished (Nigel Croxon) [1792520] - [net] gre: fix uninit-value in __iptunnel_pull_header (Guillaume Nault) [1840321] - [net] inet: protect against too small mtu values. (Guillaume Nault) [1840321] - [net] Fix one possible memleak in ip_setup_cork (Guillaume Nault) [1840321] - [net] fix a potential recursive NETDEV_FEAT_CHANGE (Guillaume Nault) [1839130] - [net] fix null de-reference of device refcount (Guillaume Nault) [1839130] - [net] sch_choke: avoid potential panic in choke_reset() (Davide Caratti) [1839118] - [net] net_sched: fix datalen for ematch (Davide Caratti) [1839118] - [net] netem: fix error path for corrupted GSO frames (Davide Caratti) [1839118] - [net] avoid potential infinite loop in tc_ctl_action() (Davide Caratti) [1839118] - [net] net_sched: let qdisc_put() accept NULL pointer (Davide Caratti) [1839118] - [net] ipv4: really enforce backoff for redirects (Paolo Abeni) [1832332] - [net] ipv4: avoid mixed n_redirects and rate_tokens usage (Paolo Abeni) [1832332] - [net] ipv4: use a dedicated counter for icmp_v4 redirect packets (Paolo Abeni) [1832332] - [net] ipset: Update byte and packet counters regardless of whether they match (Phil Sutter) [1801366] - [net] xfrm: skip rt6i_idev update in xfrm6_dst_ifdown if loopback_idev is gone (Sabrina Dubroca) [1390049] [3.10.0-1147] - [nvme] nvme: fix the parameter order for nvme_get_log in nvme_get_fw_slot_info (Gopal Tiwari) [1839991] - [fs] pipe: actually allow root to exceed the pipe buffer limits (Jan Stancek) [1839629] - [scsi] Revert 'scsi: mpt3sas: Dont change the DMA coherent mask after allocations' (Tomas Henzl) [1839128] - [scsi] Revert 'scsi: mpt3sas: Rename function name is_MSB_are_same' (Tomas Henzl) [1839128] - [scsi] Revert 'scsi: mpt3sas: Separate out RDPQ allocation to new function' (Tomas Henzl) [1839128] - [scsi] Revert 'scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region' (Tomas Henzl) [1839128] - [netdrv] net/mlx5e: Avoid duplicating rule destinations (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Extend encap entry with reference counter (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Fix free peer_flow when refcount is 0 (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Extend tc flow struct with reference counter (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Dont make internal use of errno to denote missing neigh (Alaa Hleihel) [1727593] - [netdrv] net/mlx5e: Fix freeing flow with kfree() and not kvfree() (Alaa Hleihel) [1727593] - [drm] drm/nouveau/gr/gp107, gp108: implement workaround for HW hanging during init (Karol Herbst) [1834360 1834356 1833485] - [drm] drm/nouveau: workaround runpm fail by disabling PCI power management on certain intel bridges (Karol Herbst) [1834360 1834356 1833485] [3.10.0-1146] - [net] revert 'rtnetlink: validate IFLA_MTU attribute in rtnl_create_link()' (Jiri Benc) [1839608] - [net] ipv6/addrconf: call ipv6_mc_up() for non-Ethernet interface (Davide Caratti) [1838936] - [net] ipv6: Handle missing host route in __ipv6_ifa_notify (Davide Caratti) [1838936] - [net] ipv6: drop incoming packets having a v4mapped source address (Davide Caratti) [1838936] - [net] l2tp: fix infoleak in l2tp_ip6_recvmsg() (Andrea Claudi) [1837546] - [net] vti6: Fix memory leak of skb if input policy check fails (Patrick Talbert) [1836160] - [net] tcp: prevent bogus FRTO undos with non-SACK flows (Guillaume Nault) [1694860] - [scsi] scsi: smartpqi: fix controller lockup observed during force reboot (Don Brace) [1775369] - [fs] ext4: fix setting of referenced bit in ext4_es_lookup_extent() (Lukas Czerner) [1663720] - [fs] ext4: introduce aging to extent status tree (Lukas Czerner) [1663720] - [fs] ext4: cleanup flag definitions for extent status tree (Lukas Czerner) [1663720] - [fs] ext4: limit number of scanned extents in status tree shrinker (Lukas Czerner) [1663720] - [fs] ext4: move handling of list of shrinkable inodes into extent status code (Lukas Czerner) [1663720] - [fs] ext4: change LRU to round-robin in extent status tree shrinker (Lukas Czerner) [1663720] - [fs] ext4, jbd2: ensure panic when aborting with zero errno (Lukas Czerner) [1834783] - [fs] jbd2: switch to use jbd2_journal_abort() when failed to submit the commit record (Lukas Czerner) [1834783] - [fs] jbd2: clear JBD2_ABORT flag before journal_reset to update log tail info when load journal (Lukas Czerner) [1834783] - [fs] ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (Lukas Czerner) [1834783] - [fs] ext4: fix missing return values checks in ext4_cross_rename (Lukas Czerner) [1836819] - [fs] ext4: Fix POSIX ACL leak in ext4_xattr_set_acl (Lukas Czerner) [1543020] - [vfio] vfio-pci: Mask cap zero (Alex Williamson) [1838717] - [x86] Mark Intel Cooper Lake (CPX) supported (Steve Best) [1773681] - [fs] fs/bio-integrity: dont enable integrity for data-less bio (Ming Lei) [1835943] - [char] ipmi_si: Only schedule continuously in the thread in maintenance mode (Alexey Klimov) [1837127] - [kernel] wait/ptrace: assume __WALL if the child is traced (Oleg Nesterov) [1497808] - [mm] mm, hugetlb, soft_offline: save compound page order before page migration (Artem Savkov) [1751589] - [fs] fs/hugetlbfs/inode.c: fix hwpoison reserve accounting (Artem Savkov) [1751589] - [fs] mm: hwpoison: dissolve in-use hugepage in unrecoverable memory error (Artem Savkov) [1751589] - [mm] mm: soft-offline: dissolve free hugepage if soft-offlined (Artem Savkov) [1751589] - [mm] mm: hugetlb: soft-offline: dissolve source hugepage after successful migration (Artem Savkov) [1751589] - [mm] mm: hwpoison: change PageHWPoison behavior on hugetlb pages (Artem Savkov) [1751589] - [mm] mm: hugetlb: prevent reuse of hwpoisoned free hugepages (Artem Savkov) [1751589] - [netdrv] net/mlx5: Tidy up and fix reverse christmas ordring (Alaa Hleihel) [1831134] - [netdrv] net/mlx5: Expose port speed when possible (Alaa Hleihel) [1831134] - [include] net/mlx5: Expose link speed directly (Alaa Hleihel) [1831134] - [usb] USB: core: Fix races in character device registration and deregistraion (Torez Smith) [1785065] {CVE-2019-19537} - [usb] usb: cdc-acm: make sure a refcount is taken early enough (Torez Smith) [1802548] {CVE-2019-19530} - [usb] USB: adutux: fix use-after-free on disconnect (Torez Smith) [1798822] {CVE-2019-19523} - [media] media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap (Torez Smith) [1795597] {CVE-2019-15217} [3.10.0-1145] - [scsi] scsi: qla2xxx: Do not log message when reading port speed via sysfs (Ewan Milne) [1837543] - [mm] mm: dmapool: add/remove sysfs file outside of the pool lock lock (Waiman Long) [1836837] - [mm] Fix unbalanced mutex in dma_pool_create() (Waiman Long) [1836837] - [mm] mm/dmapool.c: remove redundant NULL check for dev in dma_pool_create() (Waiman Long) [1836837] - [x86] x86/speculation: Prevent deadlock on ssb_state::lock (Waiman Long) [1836322] - [netdrv] can, slip: Protect tty->disc_data in write_wakeup and close with RCU (John Linville) [1805590] - [netdrv] slcan: Port write_wakeup deadlock fix from slip (John Linville) [1805590] - [fs] ext4: fix support for inode sizes > 1024 bytes (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] ext4: add more paranoia checking in ext4_expand_extra_isize handling (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] ext4: forbid i_extra_isize not divisible by 4 (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] ext4: validate the debug_want_extra_isize mount option at parse time (Lukas Czerner) [1817634] {CVE-2019-19767} - [fs] cachefiles: Fix race between read_waiter and read_copier involving op->to_do (Dave Wysochanski) [1829662] - [fs] jbd2: Fix possible overflow in jbd2_log_space_left() (Lukas Czerner) [1626092] - [media] media: v4l: event: Add subscription to list before calling 'add' operation (Jarod Wilson) [1828802] {CVE-2019-9458} - [media] media: v4l: event: Prevent freeing event subscriptions while accessed (Jarod Wilson) [1828802] {CVE-2019-9458} - [fs] block: Prevent hung_check firing during long sync IO (Ming Lei) [1724345] [3.10.0-1144] - [crypto] crypto: user - fix memory leak in crypto_report (Vladis Dronov) [1825132] {CVE-2019-18808 CVE-2019-19062} - [crypto] crypto: ccp - Release all allocated memory if sha type is invalid (Vladis Dronov) [1825132] {CVE-2019-18808} - [net] xfrm: policy: Fix doulbe free in xfrm_policy_timer (Xin Long) [1836813] - [net] xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire (Xin Long) [1836813] - [net] xfrm: fix uctx len check in verify_sec_ctx_len (Xin Long) [1836813] - [net] rtnetlink: validate IFLA_MTU attribute in rtnl_create_link() (Jiri Benc) [1835352] - [net] rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices (Jiri Benc) [1835352] - [net] netlink: fix uninit-value in netlink_sendmsg (Jiri Benc) [1835352] - [net] netlink: make sure nladdr has correct size in netlink_connect() (Jiri Benc) [1835352] - [net] rtnetlink: fix info leak in RTM_GETSTATS call (Jiri Benc) [1835352] - [net] rtnetlink: release net refcnt on error in do_setlink() (Jiri Benc) [1835352] - [net] bridge: deny dev_set_mac_address() when unregistering (Hangbin Liu) [1834203] - [net] bridge/mdb: remove wrong use of NLM_F_MULTI (Hangbin Liu) [1834203] - [net] udp: disable inner UDP checksum offloads in IPsec case (Sabrina Dubroca) [1826244] - [net] sctp: Fix SHUTDOWN CTSN Ack in the peer restart case (Xin Long) [1833869] - [net] sctp: Fix bundling of SHUTDOWN with COOKIE-ACK (Xin Long) [1833869] - [net] sctp: fix possibly using a bad saddr with a given dst (Xin Long) [1833869] - [net] sctp: fix refcount bug in sctp_wfree (Xin Long) [1833869] - [net] sctp: move the format error check out of __sctp_sf_do_9_1_abort (Xin Long) [1833869] - [net] sctp: free cmd->obj.chunk for the unprocessed SCTP_CMD_REPLY (Xin Long) [1833869] - [net] sctp: fully initialize v4 addr in some functions (Xin Long) [1833869] - [net] sctp: simplify addr copy (Xin Long) [1833869] - [net] sctp: cache netns in sctp_ep_common (Xin Long) [1833869] - [net] sctp: destroy bucket if failed to bind addr (Xin Long) [1833869] - [net] sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' (Xin Long) [1833869] - [net] netfilter: nat: never update the UDP checksum when its 0 (Guillaume Nault) [1834278] - [net] esp4: add length check for UDP encapsulation (Sabrina Dubroca) [1825155] - [net] sit: fix memory leak in sit_init_net() (Andrea Claudi) [1830011] {CVE-2019-16994} - [net] sched: cbs: fix NULL dereference in case cbs_init() fails (Davide Caratti) [1830245] - [net] netfilter: nf_tables: use-after-free in dynamic operations (Phil Sutter) [1819087] - [net] tcp: tcp_v4_err() should be more careful (Marcelo Leitner) [1749964] - [net] tcp: remove BUG_ON from tcp_v4_err (Marcelo Leitner) [1749964] - [net] tcp: clear icsk_backoff in tcp_write_queue_purge() (Marcelo Leitner) [1749964] - [net] psample: fix skb_over_panic (Sabrina Dubroca) [1823251] - [net] sched: ensure opts_len <= IP_TUNNEL_OPTS_MAX in act_tunnel_key (Patrick Talbert) [1823691] - [netdrv] fjes: Handle workqueue allocation failure (Masayoshi Mizuma) [1830563] {CVE-2019-16231} [3.10.0-1143] - [mm] mm: mempolicy: require at least one nodeid for MPOL_PREFERRED (Rafael Aquini) [1834434] {CVE-2020-11565} - [fs] fs: avoid softlockups in s_inodes iterators (Jay Shin) [1760145] - [scsi] scsi: core: Add DID_ALLOC_FAILURE and DID_MEDIUM_ERROR to hostbyte_table (Maurizio Lombardi) [1832019] - [fs] locks: allow filesystems to request that ->setlease be called without i_lock (Jeff Layton) [1830606] - [fs] locks: move fasync setup into generic_add_lease (Jeff Layton) [1830606] - [fs] revert '[fs] xfs: catch bad stripe alignment configurations' (Carlos Maiolino) [1836292] - [scsi] scsi: scsi_debug: num_tgts must be >= 0 (Ewan Milne) [1834998] - [scsi] scsi: scsi_debug: Avoid PI being disabled when TPGS is enabled (Ewan Milne) [1834998] - [scsi] scsi: scsi_debug: Fix memory leak if LBP enabled and module is unloaded (Ewan Milne) [1834998] - [scsi] scsi_debug: check for bigger value first (Ewan Milne) [1834998] - [scsi] scsi_debug: vfree is null safe so drop the check (Ewan Milne) [1834998] - [scsi] scsi_debug: error message should say scsi_host_alloc not scsi_register (Ewan Milne) [1834998] - [fs] xfs: Fix tail rounding in xfs_alloc_file_space() (Bill ODonnell) [1833223] - [fs] ceph: dont drop message if it contains more data than expected (Jeff Layton) [1828340] - [fs] ceph: dont error out on larger-than-expected session messages (Jeff Layton) [1828340] - [acpi] ACPI: disable BERT by default, add parameter to enable it (Aristeu Rozanski) [1525298] - [acpi] ACPI: APEI: Fix possible out-of-bounds access to BERT region (Aristeu Rozanski) [1525298] - [acpi] ACPI / sysfs: Extend ACPI sysfs to provide access to boot error region (Aristeu Rozanski) [1525298] - [acpi] ACPI: APEI: Fix BERT resources conflict with ACPI NVS area (Aristeu Rozanski) [1525298] - [acpi] ACPI / APEI: Add Boot Error Record Table (BERT) support (Aristeu Rozanski) [1525298] - [acpi] ACPICA: Restore error table definitions to reduce code differences between Linux and ACPICA upstream (Aristeu Rozanski) [1525298] [3.10.0-1142] - [fs] gfs2: Another gfs2_walk_metadata fix (Andreas Grunbacher) [1822230] - [fs] ext4: prevent ext4_quota_write() from failing due to ENOSPC (Lukas Czerner) [1068952] - [fs] ext4: do not zeroout extents beyond i_disksize (Lukas Czerner) [1834320] - [fs] pnfs: Ensure we layoutcommit before revalidating attributes (Benjamin Coddington) [1827647] - [fs] nfs: flush data when locking a file to ensure cache coherence for mmap (Scott Mayhew) [1813811] - [fs] call fsnotify_sb_delete after evict_inodes (Jay Shin) [1760145] - [fs] inode: dont softlockup when evicting inodes (Jay Shin) [1760145] - [fs] drop_caches.c: avoid softlockups in drop_pagecache_sb() (Jay Shin) [1760145] - [fs] gfs2: More gfs2_find_jhead fixes (Abhijith Das) [1828454] - [fs] gfs2: Another gfs2_find_jhead fix (Abhijith Das) [1828454] - [fs] nfs: fix mount/umount race in nlmclnt (Jay Shin) [1771205] - [fs] nlm_shutdown_hosts_net() cleanup (Jay Shin) [1771205] - [scsi] scsi: megaraid: Use true, false for bool variables (Tomas Henzl) [1827037] - [scsi] scsi: megaraid: make two symbols static in megaraid_sas_base.c (Tomas Henzl) [1827037] - [scsi] scsi: megaraid: make some symbols static in megaraid_sas_fusion.c (Tomas Henzl) [1827037] - [scsi] scsi: megaraid: make some symbols static in megaraid_sas_fp.c (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Use scnprintf() for avoiding potential buffer overflow (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: silence a warning (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: fix indentation issue (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Limit the number of retries for the IOCTLs causing firmware fault (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not initiate OCR if controller is not in ready state (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Re-Define enum DCMD_RETURN_STATUS (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not set HBA Operational if FW is not in operational state (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not kill HBA if JBOD Seqence map or RAID map is disabled (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Do not kill host bus adapter, if adapter is already dead (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Update optimal queue depth for SAS and NVMe devices (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Reset adapter if FW is not in READY state after device resume (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Make poll_aen_lock static (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Fix a compilation warning (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Make a bunch of functions static (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Make some functions static (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: remove unused variables 'debugBlk', 'fusion' (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: Unique names for MSI-X vectors (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: fix panic on loading firmware crashdump (Tomas Henzl) [1827037] - [scsi] scsi: megaraid_sas: fix spelling mistake 'megarid_sas' -> 'megaraid_sas' (Tomas Henzl) [1827037] - [scsi] scsi: mpt3sas: Disable DIF when prot_mask set to zero (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Handle RDPQ DMA allocation in same 4G region (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Separate out RDPQ allocation to new function (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Rename function name is_MSB_are_same (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Dont change the DMA coherent mask after allocations (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Fix kernel panic observed on soft HBA unplug (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Fix double free in attach error handling (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Use Component img header to get Package ver (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Fix module parameter max_msix_vectors (Tomas Henzl) [1832868] - [scsi] scsi: mpt3sas: Reject NVMe Encap cmnds to unsupported HBA (Tomas Henzl) [1832868] - [netdrv] hv_netvsc: Fix error handling in netvsc_set_features() (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Sync offloading features to VF NIC (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Fix IP header checksum for coalesced packets (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Fix rndis_per_packet_info internal field initialization (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Add handler for LRO setting change (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Add support for LRO/RSC in the vSwitch (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Add handlers for ethtool get/set msg level (Mohammed Gamal) [1821814] - [netdrv] hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (Mohammed Gamal) [1821814] - [fs] fix mntput/mntput race (Miklos Szeredi) [1828320] - [wireless] rtlwifi: prevent memory leak in rtl_usb_probe (Jarod Wilson) [1829847] {CVE-2019-19063} - [wireless] iwlwifi: dbg_ini: fix memory leak in alloc_sgtable (Jarod Wilson) [1829375] {CVE-2019-19058} - [net] nl80211: fix memory leak in nl80211_get_ftm_responder_stats (Jarod Wilson) [1829289] {CVE-2019-19055} - [wireless] iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init (Jarod Wilson) [1829393] {CVE-2019-19059} [3.10.0-1141] - [kernel] sched/fair: Scale bandwidth quota and period without losing quota/period ratio precision (Artem Savkov) [1752067] - [edac] EDAC: skx_common: downgrade message importance on missing PCI device (Aristeu Rozanski) [1832683] - [s390] s390/qdio: consider ERROR buffers for inbound-full condition (Philipp Rudo) [1831791] - [s390] s390/ftrace: fix potential crashes when switching tracers (Philipp Rudo) [1813124] - [netdrv] ibmvnic: Skip fatal error reset after passive init (Steve Best) [1830992] - [scsi] smartpqi: bump driver version (Don Brace) [1822762] - [scsi] scsi: smartpqi: add bay identifier (Don Brace) [1822762] - [scsi] scsi: smartpqi: add module param to hide vsep (Don Brace) [1822762] - [scsi] scsi: bnx2fc: Update the driver version to 2.12.13 (Nilesh Javali) [1709542] - [scsi] scsi: bnx2fc: fix boolreturn.cocci warnings (Nilesh Javali) [1709542] - [scsi] scsi: bnx2fc: Fix SCSI command completion after cleanup is posted (Nilesh Javali) [1709542] - [scsi] scsi: bnx2fc: Process the RQE with CQE in interrupt context (Nilesh Javali) [1709542] - [scsi] scsi: qla2xxx: Fix a recently introduced kernel warning (Nilesh Javali) [1828875] - [scsi] Fix abort timeouts in CQ Full conditions (Dick Kennedy) [1802654] - [input] Input: add safety guards to input_set_keycode() (Chris von Recklinghausen) [1828222] {CVE-2019-20636} - [scsi] scsi: libsas: delete sas port if expander discover failed (Tomas Henzl) [1829965] {CVE-2019-15807} - [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827240] {CVE-2020-10711} [3.10.0-1140] - [netdrv] mlx5: Remove unsupported tag for ConnectX-6 Dx device (Alaa Hleihel) [1829777] - [fs] xfs: clear PF_MEMALLOC before exiting xfsaild thread (Brian Foster) [1827910] - [fs] gfs2: fix O_EXCL|O_CREAT handling on cold dcache (Andrew Price) [1812558] - [fs] nfs: Correct an nfs page array calculation error (Jay Shin) [1824270] - [infiniband] RDMA/bnxt_re: Fix stat push into dma buffer on gen p5 devices (Jonathan Toppins) [1828475 1824438] - [netdrv] bnxt_en: Fix allocation of zero statistics block size regression (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Allocate the larger per-ring statistics block for 57500 chips (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Expand bnxt_tpa_info struct to support 57500 chips (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Refactor TPA logic (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Add TPA structure definitions for BCM57500 chips (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Update firmware interface spec. to 1.10.0.89 (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Update firmware interface to 1.10.0.69 (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Update firmware interface spec. to 1.10.0.47 (Jonathan Toppins) [1824438] - [netdrv] bnxt_en: Refactor ethtool ring statistics logic (Jonathan Toppins) [1824438] - [block] blk-mq: Put driver tag in blk_mq_dispatch_rq_list() when no budget (Ming Lei) [1825431] - [scsi] scsi: fnic: do not queue commands during fwreset (Govindarajulu Varadarajan) [1794150] - [scsi] scsi: fnic: fix invalid stack access (Govindarajulu Varadarajan) [1794150] - [scsi] scsi: fnic: fix use after free (Govindarajulu Varadarajan) [1794150] - [netdrv] enic: prevent waking up stopped tx queues over watchdog reset (Govindarajulu Varadarajan) [1794148] - [fs] ceph: use ceph_evict_inode to cleanup inodes resource (Jeff Layton) [1784016] - [fs] ceph: fix use-after-free in __ceph_remove_cap() (Jeff Layton) [1784016] - [fs] ceph: hold i_ceph_lock when removing caps for freeing inode (Jeff Layton) [1784016] - [input] Input: ff-memless - kill timer in destroy() (Chris von Recklinghausen) [1815021] {CVE-2019-19524} - [scsi] scsi: qla2xxx: fix a potential NULL pointer dereference ('Ewan D. Milne') [1829246] {CVE-2019-16233} [3.10.0-1139] - [fs] nfsd: Fix races between nfsd4_cb_release() and nfsd4_shutdown_callback() ('J. Bruce Fields') [1448750] - [fs] nfsd: minor 4.1 callback cleanup ('J. Bruce Fields') [1448750] - [fs] nfsd: Dont release the callback slot unless it was actually held (Benjamin Coddington) [1448750] - [lib] kobject: dont use WARN for registration failures (Ewan Milne) [1756495] - [lib] lib/kobject: Join string literals back (Ewan Milne) [1756495] - [scsi] scsi: ibmvfc: Dont send implicit logouts prior to NPIV login (Steve Best) [1828726] - [fs] nfs: Serialize O_DIRECT reads and writes (Benjamin Coddington) [1826571] - [mm] mm/page_owner: convert page_owner_inited to static key (Rafael Aquini) [1781726] - [mm] mm/page_owner: set correct gfp_mask on page_owner (Rafael Aquini) [1781726] - [mm] mm/page_owner: fix possible access violation (Rafael Aquini) [1781726] - [mm] mm/page_owner: use late_initcall to hook in enabling (Rafael Aquini) [1781726] - [mm] mm/page_owner: remove unnecessary stack_trace field (Rafael Aquini) [1781726] - [mm] mm/page_owner: correct owner information for early allocated pages (Rafael Aquini) [1781726] - [mm] mm/page_owner: keep track of page owners (Rafael Aquini) [1781726] - [documentation] Documentation: add new page_owner document (Rafael Aquini) [1781726] - [kernel] stacktrace: introduce snprint_stack_trace for buffer output (Rafael Aquini) [1781726] [3.10.0-1138] - [infiniband] RDMA/bnxt_re: Fix chip number validation Broadcoms Gen P5 series (Jonathan Toppins) [1823679] - [scsi] scsi: qla2xxx: Silence fwdump template message (Ewan Milne) [1783191] - [scsi] scsi: hpsa: Update driver version (Joseph Szczypek) [1808403] - [scsi] scsi: hpsa: correct race condition in offload enabled (Joseph Szczypek) [1808403] - [netdrv] bonding: fix active-backup transition after link failure (Jarod Wilson) [1712235] - [netdrv] bonding: fix state transition issue in link monitoring (Jarod Wilson) [1712235] - [netdrv] bonding: fix potential NULL deref in bond_update_slave_arr (Jarod Wilson) [1712235] - [netdrv] bonding: Force slave speed check after link state recovery for 802.3ad (Jarod Wilson) [1712235] - [i2c] i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA (Vladis Dronov) [1822641] {CVE-2017-18551} - [acpi] ACPI / EC: Ensure lock is acquired before accessing ec struct (Al Stone) [1811132] - [x86] x86/mce: Do not log spurious corrected mce errors (Prarit Bhargava) [1797205] - [wireless] mwifiex: Fix mem leak in mwifiex_tm_cmd (Jarod Wilson) [1804971] {CVE-2019-20095} - [kernel] kernel/module.c: wakeup processes in module_wq on module unload (Prarit Bhargava) [1771939] - [acpi] ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Prarit Bhargava) [1790782] [3.10.0-1137] - [tty] tty/hvc: Use IRQF_SHARED for OPAL hvc consoles (Gustavo Duarte) [1600213] - [mm] mm/swap_slots.c: fix race conditions in swap_slots cache init (Rafael Aquini) - [block] loop: set PF_MEMALLOC_NOIO for the worker thread (Ming Lei) [1825950] - [tty] serial: 8250: drop the printk from serial8250_interrupt() (Prarit Bhargava) [1825049] - [net] net: linkwatch: add check for netdevice being present to linkwatch_do_dev (Alaa Hleihel) [1595302] [3.10.0-1136] - [fs] sunrpc: expiry_time should be seconds not timeval (Benjamin Coddington) [1794055] - [nvdimm] Revert 'driver boilerplate changes to properly manage device_rh' (Christoph von Recklinghausen) [1823750] - [base] call device_rh_free in device_release before driver/class/type release is called (Christoph von Recklinghausen) [1822888] - [md] md:md-faulty kernel panic is caused by QUEUE_FLAG_NO_SG_MERGE (Nigel Croxon) [1822462] - [firmware] efi: cper: print AER info of PCIe fatal error (Vladis Dronov) [1820646] - [scsi] qla2xxx: Update driver version to 10.01.00.22.07.9-k (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix message indicating vectors used by driver (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Move free of fcport out of interrupt context (Nilesh Javali) [1808129] - [scsi] qla2xxx: delete all sessions before unregister local nvme port (Nilesh Javali) [1808129] - [scsi] qla2xxx: Fix hang when issuing nvme disconnect-all in NPIV (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix a NULL pointer dereference in an error path (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix mtcp dump collection failure (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix RIDA Format-2 (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix stuck login session using prli_pend_timer (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Add a shadow variable to hold disc_state history of fcport (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Use common routine to free fcport struct (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix update_fcport for current_topology (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix fabric scan hang (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Complain if sp->done() is not called from the completion path (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Ignore PORT UPDATE after N2N PLOGI (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Change discovery state before PLOGI (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Initialize free_work before flushing it (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Retry fabric Scan on IOCB queue full (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: initialize fc4_type_priority (Nilesh Javali) [1808129] - [scsi] scsi: qla2xxx: Fix a dma_pool_free() call (Nilesh Javali) [1808129] - [security] selinux: ensure we cleanup the internal AVC counters on error in avc_insert() (Artem Savkov) [1808675] - [acpi] ACPICA: Mark acpi_ut_create_internal_object_dbg() memory allocations as non-leaks (Artem Savkov) [1808675] - [x86] x86/microcode/AMD: Free unneeded patch before exit from update_cache() (Artem Savkov) [1808675] - [mm] memcg: ensure mem_cgroup_idr is updated in a coordinated manner (Aaron Tomlin) [1822405] - [mm] mm/page_alloc: increase default min_free_kbytes bound (Joel Savitz) [1704326] - [scsi] scsi: lpfc: Fix unexpected error messages during RSCN handling (Dick Kennedy) [1743667] - [scsi] scsi: lpfc: Fix discovery failures when target device connectivity bounces (Dick Kennedy) [1743667] - [scsi] scsi: lpfc: Fix devices that dont return after devloss followed by rediscovery (Dick Kennedy) [1743667] - [scsi] scsi: lpfc: Fix port relogin failure due to GID_FT interaction (Dick Kennedy) [1743667] - [video] vgacon: Fix a UAF in vgacon_invert_region (Vladis Dronov) [1818730] {CVE-2020-8647 CVE-2020-8649} - [x86] uprobes/x86: Fix detection of 32-bit user mode (Oleg Nesterov) [1804959] - [powerpc] module: Handle R_PPC64_ENTRY relocations (Yauheni Kaliuta) [1657540] - [scripts] recordmcount.pl: support data in text section on powerpc (Yauheni Kaliuta) [1657540] - [powerpc] boot: Request no dynamic linker for boot wrapper (Yauheni Kaliuta) [1657540] [3.10.0-1135] - [fs] fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Dave Wysochanski) [1683490] - [fs] fscache: Pass the correct cancelled indications to fscache_op_complete() (Dave Wysochanski) [1683490] - [char] tpm: ibmvtpm: Wait for buffer to be set before proceeding (Jerry Snitselaar) [1815536] - [fs] NFS: Fix a race between mmap() and O_DIRECT (Benjamin Coddington) [1813803] - [fs] NFS: Remove a redundant call to unmap_mapping_range() (Benjamin Coddington) [1813803] - [fs] NFS: Remove redundant waits for O_DIRECT in fsync() and write_begin() (Benjamin Coddington) [1813803] - [fs] NFS: Cleanup nfs_direct_complete() (Benjamin Coddington) [1813803] - [fs] NFS: Do not serialise O_DIRECT reads and writes (Benjamin Coddington) [1813803] - [fs] NFS: Move buffered I/O locking into nfs_file_write() (Benjamin Coddington) [1813803] - [fs] bdi: make inode_to_bdi() inline (Benjamin Coddington) [1813803] - [fs] NFS: Remove racy size manipulations in O_DIRECT (Benjamin Coddington) [1813803] - [fs] NFS: Dont hold the inode lock across fsync() (Benjamin Coddington) [1813803] - [fs] nfs: remove nfs_inode_dio_wait (Benjamin Coddington) [1813803] - [fs] nfs: remove nfs4_file_fsync (Benjamin Coddington) [1813803] - [fs] NFS: Kill NFS_INO_NFS_INO_FLUSHING: it is a performance killer (Benjamin Coddington) [1813803] - [fs] filesystem-dax: Fix dax_layout_busy_page() livelock (Carlos Maiolino) [1817866] - [block] blk-mq: fix hang caused by freeze/unfreeze sequence (Ming Lei) [1821718] - [fs] ceph: dont NULL terminate virtual xattrs (Jeff Layton) [1717454] - [fs] ceph: return -ERANGE if virtual xattr value didnt fit in buffer (Jeff Layton) [1717454] - [fs] ceph: make getxattr_cb return ssize_t (Jeff Layton) [1717454] - [fs] ceph: use bit flags to define vxattr attributes (Jeff Layton) [1717454] - [tty] tty: Prevent ldisc drivers from re-using stale tty fields (Vladis Dronov) [1820031] - [powerpc] powerpc64/kexec: Hard disable ftrace before switching to the new kernel (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Delay enabling ftrace on secondary cpus (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Add helpers to hard disable ftrace (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Rearrange #ifdef sections in ftrace.h (Jerome Marchand) [1731578] - [powerpc] powerpc64/ftrace: Add a field in paca to disable ftrace in unsafe code paths (Jerome Marchand) [1731578] - [powerpc] powerpc/ftrace: Pass the correct stack pointer for DYNAMIC_FTRACE_WITH_REGS (Jerome Marchand) [1731578] - [isdn] mISDN: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779474] {CVE-2019-17055} - [virtio] virtio-balloon: fix managed page counts when migrating pages between zones (David Hildenbrand) [1780330] [3.10.0-1134] - [net] netfilter: nf_log: fix uninit read in nf_log_proc_dostring (Phil Sutter) [1770232] - [net] netfilter: nf_log: fix error on write NONE to logger choice sysctl (Phil Sutter) [1770232] - [net] ethtool: convert large order kmalloc allocations to vzalloc (Davide Caratti) [1786448] - [net] l2tp: Allow duplicate session creation with UDP (Guillaume Nault) [1808928] - [net] sched: flower: insert new filter to idr after setting its mask (Davide Caratti) [1785141] - [net] ipv6: remove printk (Hangbin Liu) [1779533] - [net] netfilter: ctnetlink: netns exit must wait for callbacks (Florian Westphal) [1766816] - [net] raw: do not report ICMP redirects to user space (Hangbin Liu) [1758386] [3.10.0-1133] - [powerpc] powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() (Steve Best) [1806629] {CVE-2019-12614} - [s390] s390/pci: Recover handle in clp_set_pci_fn() (Philipp Rudo) [1816662] - [fs] xfs: fix attr leaf header freemap.size underflow (Bill ODonnell) [1808671] - [block] floppy: check FDC index for errors before assigning it (Ming Lei) [1815403] {CVE-2020-9383} - [block] virtio-blk: improve virtqueue error to BLK_STS (Philipp Rudo) [1818001] - [block] virtio-blk: fix hw_queue stopped on arbitrary error (Philipp Rudo) [1818001] - [s390] dasd: fix endless loop after read unit address configuration (Philipp Rudo) [1816661] - [fs] CIFS: Fix NULL-pointer dereference in smb2_push_mandatory_locks (Leif Sahlberg) [1504193] - [fs] cifs: Fix cifsInodeInfo lock_sem deadlock when reconnect occurs (Leif Sahlberg) [1504193] - [char] ipmi: Fix memory leak in __ipmi_bmc_register (Tony Camuso) [1812836] {CVE-2019-19046} - [net] ipvs: Remove noisy debug print from ip_vs_del_service (Alexey Klimov) [1769816] [3.10.0-1132] - [tools] tools/power turbostat: Support Ice Lake server (Steve Best) [1776508] - [nvme] nvme-fc: ensure association_id is cleared regardless of a Disconnect LS (Ewan Milne) [1816752] - [nvme] nvme-fc: clarify error messages (Ewan Milne) [1816752] - [nvme] nvme-fc: fix module unloads while lports still pending (Ewan Milne) [1816752] - [scsi] scsi: sd: Clear sdkp->protection_type if disk is reformatted without PI (Ewan Milne) [1816307] - [scsi] scsi: core: Fix a compiler warning triggered by the SCSI logging code (Ewan Milne) [1816307] - [scsi] scsi: tracing: Fix handling of TRANSFER LENGTH == 0 for READ(6) and WRITE(6) (Ewan Milne) [1816307] - [scsi] scsi: core: scsi_trace: Use get_unaligned_be*() (Ewan Milne) [1816307] - [scsi] scsi: core: try to get module before removing device (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions (Ewan Milne) [1816307] - [scsi] scsi: device_handler: remove VLAs (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh: Document alua_rtpg_queue() arguments (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh_alua: skip RTPG for devices only supporting active/optimized (Ewan Milne) [1816307] - [scsi] scsi: scsi_dh_emc: return success in clariion_std_inquiry() (Ewan Milne) [1816307] - [target] scsi: target: iscsi: rename some variables to avoid confusion (Maurizio Lombardi) [1806966] - [target] scsi: target: iscsi: tie the challenge length to the hash digest size (Maurizio Lombardi) [1806966] - [target] scsi: target: iscsi: CHAP: add support for SHA1, SHA256 and SHA3-256 (Maurizio Lombardi) [1806966] - [target] scsi: target: compare full CHAP_A Algorithm strings (Maurizio Lombardi) [1806966] - [base] device_release() can call device_rh_free() too (Christoph von Recklinghausen) [1793248] - [nvdimm] driver boilerplate changes to properly manage device_rh (Christoph von Recklinghausen) [1793248] - [base] Add an interface for certain drivers who manage their own struct devices to disassociate their device_rhs (Christoph von Recklinghausen) [1793248] - [base] kfree(dev->device_rh) in device_create_release() (Christoph von Recklinghausen) [1793248] - [base] kfree and zero device_rh in device_release() (Christoph von Recklinghausen) [1793248] - [input] Revert 'Fix device_rh memory leak' (Christoph von Recklinghausen) [1793248] - [scsi] Revert 'Fix device_rh leak in scsi_alloc_target()' (Christoph von Recklinghausen) [1793248] - [scsi] Revert 'Fix memory leaks in scsi_alloc_sdev()' (Christoph von Recklinghausen) [1793248] - [nvdimm] libnvdimm/security: Consolidate 'security' operations (Jeff Moyer) [1735364] - [nvdimm] libnvdimm/security: Tighten scope of nvdimm->busy vs security operations (Jeff Moyer) [1735364] - [nvdimm] libnvdimm/security: Introduce a 'frozen' attribute (Jeff Moyer) [1735364] - [acpi] libnvdimm/security, acpi/nfit: unify zero-key for all security commands (Jeff Moyer) [1735364] - [nvdimm] libnvdimm/security: provide fix for secure-erase to use zero-key (Jeff Moyer) [1735364] - [block] block: fix checking return value of blk_mq_init_queue (Maxim Levitsky) [1795777] - [bluetooth] Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() (Aristeu Rozanski) [1808803] {CVE-2019-15917} [3.10.0-1131] - [x86] kvm: x86: clear stale x86_emulate_ctxt->intercept value (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: vmx: check descriptor table exits on instruction emulation (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: nvmx: Check IO instruction VM-exit conditions (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: nvmx: Refactor IO bitmap checks into helper function (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: nvmx: Dont emulate instructions in guest mode (Jon Maloy) [1806818] {CVE-2020-2732} - [x86] kvm: x86: Fix kvm_bitmap_or_dest_vcpus() to use irq shorthand (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: Initializing all kvm_lapic_irq fields in ioapic_write_indirect (Nitesh Narayan Lal) [1772082] - [virt] kvm: x86: remove set but not used variable 'called' (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: Zero the IOAPIC scan request dest vCPUs bitmap (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: deliver KVM IOAPIC scan request to target vCPUs (Nitesh Narayan Lal) [1772082] - [kernel] kvm: remember position in kvm->vcpus array (Nitesh Narayan Lal) [1772082] - [x86] kvm: x86: Drop KVM_APIC_SHORT_MASK and KVM_APIC_DEST_MASK (Nitesh Narayan Lal) [1772082] - [virt] kvm: introduce kvm_make_vcpus_request_mask() API (Nitesh Narayan Lal) [1772082] - [virt] kvm: avoid unused variable warning for UP builds (Nitesh Narayan Lal) [1772082] - [kernel] smp, cpumask: Use non-atomic cpumask_{set, clear}_cpu() (Nitesh Narayan Lal) [1772082] - [fs] nfs: change sign of nfs_fh length ('J. Bruce Fields') [1813326] - [netdrv] ibmvnic: Do not process device remove during device reset (Steve Best) [1813903] - [x86] x86/debug: Extend the lower bound of crash kernel low reservations (Pingfan Liu) [1811511] - [net] tcp: make tcp_space() aware of socket backlog (Guillaume Nault) [1790840] - [net] ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (Sabrina Dubroca) [1774447] {CVE-2020-1749} - [net] ipv6: add net argument to ip6_dst_lookup_flow (Sabrina Dubroca) [1774447] {CVE-2020-1749} - [net] ipv6: constify ip6_dst_lookup_{flow|tail}() sock arguments (Sabrina Dubroca) [1774447] {CVE-2020-1749} - [net] macvlan: return correct error value (Matteo Croce) [1654878] - [net] ieee802154: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779494] {CVE-2019-17053} - [net] ipv4: fix fnhe usage by non-cached routes (Hangbin Liu) [1788435] - [net] route: do not cache fib route info on local routes with oif (Hangbin Liu) [1788435] - [net] ip6_tunnel: fix potential NULL pointer dereference (Hangbin Liu) [1767045] - [net] net_sched: remove a bogus warning in hfsc (Davide Caratti) [1781323] - [netdrv] net/mlx5e: allow TSO on VXLAN over VLAN topologies (Davide Caratti) [1780646] [3.10.0-1130] - [scsi] scsi: avoid repetitive logging of device offline messages (Nilesh Javali) [1798042] - [scsi] qla2xxx: Fix I/Os being passed down when FC device is being deleted (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Fix unbound sleep in fcport delete path (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Fix hang in fcport delete path (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Fix stuck session in GNL (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Correct fcport flags handling (Nilesh Javali) [1798042] - [scsi] scsi: qla2xxx: Remove defer flag to indicate immeadiate port loss (Nilesh Javali) [1798042] - [scsi] iscsi: Avoid potential deadlock in iscsi_if_rx func (Oleksandr Natalenko) [1715986] - [netdrv] hv/netvsc: Fix NULL dereference at single queue mode fallback (Mohammed Gamal) [1806488] - [netdrv] hv/netvsc: fix handling of fallback to single queue mode (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix unwanted rx_table reset (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix tx_table init in rndis_set_subchannel() (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: fix typos in code comments (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix a deadlock by getting rtnl lock earlier in netvsc_probe() (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix hash key value reset after other ops (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Refactor assignments of struct netvsc_device_info (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: split sub-channel setup into async and sync (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix send_table offset in case of a host bug (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: Fix offset usage in netvsc_send_table() (Mohammed Gamal) [1806488] - [netdrv] hv_netvsc: simplify receive side calling arguments (Mohammed Gamal) [1806488] - [scsi] scsi: ibmvfc: Fix NULL return compiler warning (Steve Best) [1810643] - [scsi] scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (Steve Best) [1810643] - [s390] s390/vdso: add vdso support for coarse clocks (Philipp Rudo) [1791822] - [s390] s390/vdso: remove NULL pointer check from clock_gettime (Philipp Rudo) [1791822] - [s390] scsi: zfcp: fix rport unblock if deleted SCSI devices on Scsi_Host (Philipp Rudo) [1804807] [3.10.0-1129] - [tools] perf header: Use last modification time for timestamp (Michael Petlan) [1789947] - [tools] perf header: Fix up argument to ctime() (Michael Petlan) [1789947] - [hid] HID: multitouch: Add pointstick support for ALPS Touchpad (Benjamin Tissoires) [1672425] - [kernel] blktrace: fix dereference after null check (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: Protect q->blk_trace with RCU (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: fix trace mutex deadlock (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: fix unlocked registration of tracepoints (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] blktrace: fix unlocked access to init/start-stop/teardown (Ming Lei) [1798318] {CVE-2019-19768} - [kernel] tracing: Handle NULL formats in hold_module_trace_bprintk_format() (Oleksandr Natalenko) [1811565] - [kernel] tracing: Fix trace_printk() to print when not using bprintk() (Oleksandr Natalenko) [1811565] - [sound] ALSA: timer: Fix incorrectly assigned timer instance (Jaroslav Kysela) [1798457] {CVE-2019-19807} - [x86] kvm: OOB memory write via kvm_dev_ioctl_get_cpuid (CVE-2019-19332) (Philippe Mathieu-Daud) [1783455] {CVE-2019-19332} - [x86] kvm: x86: do not reset microcode version on INIT or RESET (Paolo Bonzini) [1801852] - [x86] kvm: x86: list MSR_IA32_UCODE_REV as an emulated MSR (Paolo Bonzini) [1801852] - [x86] kvm: x86: Allow userspace to define the microcode version (Paolo Bonzini) [1801852] [3.10.0-1128] - [fs] ceph: only use d_name directly when parent is locked (Jeff Layton) [1699402] - [fs] ext4: work around deleting a file with i_nlink == 0 safely (Carlos Maiolino) [1801046] - [fs] xfs: attach dquots and reserve quota blocks during unwritten conversion (Carlos Maiolino) [1786005] - [fs] Revert 'xfs: attach dquots and reserve quota blocks during unwritten conversion' (Carlos Maiolino) [1786005] - [md] dm mpath: call clear_request_fn_mpio() in multipath_release_clone() (Mike Snitzer) [1806400] - [scsi] scsi: implement .cleanup_rq callback (Mike Snitzer) [1806400] - [md] blk-mq: add callback of .cleanup_rq (Mike Snitzer) [1806400] - [target] target: call init_timer_on_stack() to initialize login_timer (Maurizio Lombardi) [1810037] - [scsi] scsi: megaraid_sas: fixup MSIx interrupt setup during resume (Tomas Henzl) [1807077] - [tools] selftests/livepatch: Test interaction with ftrace_enabled (Yannick Cote) [1806653] - [tools] selftests/livepatch: Make dynamic debug setup and restore generic (Yannick Cote) [1806653] - [kernel] ftrace: Introduce PERMANENT ftrace_ops flag (Yannick Cote) [1806653] - [tools] selftests/livepatch: push and pop dynamic debug config (Yannick Cote) [1806653]

Solution(s)

  • oracle-linux-upgrade-kernel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;