Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2020-25668) (Multiple Advisories): Unbreakable Enterprise kernel security update

Back to Search

Oracle Linux: (CVE-2020-25668) (Multiple Advisories): Unbreakable Enterprise kernel security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
11/14/2020
Created
12/16/2020
Added
12/15/2020
Modified
01/08/2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2021-9002:

[4.1.12-124.46.3] - mwifiex: fix possible heap overflow in mwifiex_process_country_ie() (Ganapathi Bhat) [Orabug: 30781859] {CVE-2019-14895} {CVE-2019-14895} - ext4: fix ext4_empty_dir() for directories with holes (Jan Kara) [Orabug: 31265320] {CVE-2019-19037} {CVE-2019-19037} - netlabel: cope with NULL catmap (Paolo Abeni) [Orabug: 31350493] {CVE-2020-10711} - scsi: mptfusion: Fix double fetch bug in ioctl (Dan Carpenter) [Orabug: 31350941] {CVE-2020-12652} - scsi: mptfusion: Add bounds check in mptctl_hp_targetinfo() (Dan Carpenter) [Orabug: 31350941] {CVE-2020-12652} - USB: core: Fix free-while-in-use bug in the USB S-Glibrary (Alan Stern) [Orabug: 31350967] {CVE-2020-12464} - drivers: usb: core: Minimize irq disabling in usb_sg_cancel() (David Mosberger) [Orabug: 31350967] {CVE-2020-12464} - drivers: usb: core: Don't disable irqs in usb_sg_wait() during URB submit. (David Mosberger) [Orabug: 31350967] {CVE-2020-12464} - ext4: work around deleting a file with i_nlink == 0 safely (Theodore Ts'o) [Orabug: 31351014] {CVE-2019-19447} - xen/events: avoid removing an event channel while handling it (Juergen Gross) [Orabug: 31984319] - xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage (Josh Abraham) [Orabug: 31984319] - ext4: fix fencepost in s_first_meta_bg validation (Theodore Ts'o) [Orabug: 32197511] - dm crypt: Allow unaligned bio buffer lengths for skcipher devices (Sudhakar Panneerselvam) [Orabug: 32202000] - sched/fair: Don't free p->numa_faults with concurrent readers (Jann Horn) [Orabug: 32212524] {CVE-2019-20934} - netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 (Vasily Averin) [Orabug: 32222844] {CVE-2020-14305} - perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa) [Orabug: 32233360] {CVE-2020-14351} - ext4: fix calculation of meta_bg descriptor backups (Andy Leiserson) [Orabug: 32245133] [4.1.12-124.46.2] - ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 31780626] - Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye) [Orabug: 32176264] {CVE-2020-28915} - fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h (Peilin Ye) [Orabug: 32176264] {CVE-2020-28915} - page_frag: Recover from memory pressure (Dongli Zhang) [Orabug: 32177993] - vt: Disable KD_FONT_OP_COPY (Daniel Vetter) [Orabug: 32187749] {CVE-2020-28974} - block: Fix use-after-free in blkdev_get() (Jason Yan) [Orabug: 32194609] {CVE-2020-15436} - icmp: randomize the global rate limiter (Eric Dumazet) [Orabug: 32227971] {CVE-2020-25705} [4.1.12-124.46.1] - KVM: x86: minor code refactor and comments fixup around dirty logging (Anthony Yznaga) [Orabug: 31722767] - KVM: x86: Manually flush collapsible SPTEs only when toggling flags (Sean Christopherson) [Orabug: 31722767] - KVM: x86: avoid unnecessary rmap walks when creating/moving slots (Anthony Yznaga) [Orabug: 31722767] - KVM: x86: remove unnecessary rmap walk of read-only memslots (Anthony Yznaga) [Orabug: 31722767] - xfs: catch inode allocation state mismatch corruption (Gautham Ananthakrishna) [Orabug: 32071488] - tty: make FONTX ioctl use the tty pointer they were actually passed (Linus Torvalds) [Orabug: 32122731] {CVE-2020-25668} - IB/mlx4: Adjust delayed work when a dup is observed (Hakon Bugge) [Orabug: 32136900] - IB/mlx4: Add support for REJ due to timeout (Hakon Bugge) [Orabug: 32136900] - IB/mlx4: Fix starvation in paravirt mux/demux (Hakon Bugge) [Orabug: 32136900] - IB/mlx4: Separate tunnel and wire bufs parameters (Hakon Bugge) [Orabug: 32136900] - IB/mlx4: Add support for MRA (Hakon Bugge) [Orabug: 32136900] - IB/mlx4: Add and improve logging (Hakon Bugge) [Orabug: 32136900]

Solution(s)

  • oracle-linux-upgrade-kernel-uek
  • oracle-linux-upgrade-kernel-uek-debug
  • oracle-linux-upgrade-kernel-uek-debug-devel
  • oracle-linux-upgrade-kernel-uek-devel
  • oracle-linux-upgrade-kernel-uek-doc
  • oracle-linux-upgrade-kernel-uek-firmware
  • oracle-linux-upgrade-kernel-uek-headers
  • oracle-linux-upgrade-kernel-uek-tools
  • oracle-linux-upgrade-kernel-uek-tools-libs
  • oracle-linux-upgrade-kernel-uek-tools-libs-devel
  • oracle-linux-upgrade-perf
  • oracle-linux-upgrade-python-perf

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;