Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2021-3609) (Multiple Advisories): Unbreakable Enterprise kernel-container security update

Back to Search

Oracle Linux: (CVE-2021-3609) (Multiple Advisories): Unbreakable Enterprise kernel-container security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
06/23/2021
Created
08/14/2021
Added
08/12/2021
Modified
09/21/2021

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2021-9453:

[4.14.35-2047.507.7.4.el7] - KVM: x86: Check kvm_rebooting in kvm_spurious_fault() (Sean Christopherson) [Orabug: 33362693] [4.14.35-2047.507.7.3] - arm64: Reserve elfcorehdr before scanning reserved memory from device tree (Dave Kleikamp) [Orabug: 33354710] [4.14.35-2047.507.7.2] - net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Phillip Potter) [Orabug: 33337449] - ip: Manual backport of pskb_inet_may_pull() (Hakon Bugge) [Orabug: 33337449] - Revert Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Hakon Bugge) [Orabug: 33337449] [4.14.35-2047.507.7.1] - RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33306519] - Revert net: geneve: check skb is large enough for IPv4/IPv6 header (Somasundaram Krishnasamy) [Orabug: 33323390] [4.14.35-2047.507.7] - xen-acpi-processor: fix coordination type mismatch (Elena Ufimtseva) [Orabug: 33296813] - Revert mm: memcontrol: eliminate raw access to stat and event counters (Ritika Srivastava) [Orabug: 33254727] - Revert mm: memcontrol: implement lruvec stat functions on top of each other (Ritika Srivastava) [Orabug: 33254727] - KVM: do not allow mapping valid but non-reference-counted pages (Nicholas Piggin) [Orabug: 33054089] {CVE-2021-22543} {CVE-2021-22543} - ocfs2: issue zeroout to EOF blocks (Junxiao Bi) [Orabug: 32974988] - ocfs2: fix zero out valid data (Junxiao Bi) [Orabug: 32974988] [4.14.35-2047.507.6] - xen-netback: do not kfree_skb() when irq is disabled (Dongli Zhang) [Orabug: 33277336] - rds: ib: Set SEND_SIGNALED on the last WR posted (Hakon Bugge) [Orabug: 33253068] - uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi) [Orabug: 33246581] - scsi: lpfc: Fix crash due to port reset racing vs adapter error handling (James Smart) [Orabug: 33213341] - xfs: dont drain buffer lru on freeze and read-only remount (Brian Foster) [Orabug: 33141334] - xfs: rename xfs_wait_buftarg() to xfs_buftarg_drain() (Brian Foster) [Orabug: 33141334] - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl (Alexander Larkin) [Orabug: 33114988] {CVE-2021-3612} - rds: fix statistics counters and check for memory leak (Hans Westgaard Ry) [Orabug: 31372381] - dsc-drivers: update for 1.15.9-C-32 (Shannon Nelson) [Orabug: 33281086] - dts/pensando: creating reserved dma memory pool for mnet devices (Neel Patel) [Orabug: 33281086] - pcie: rm pcie register access message (#256) (Brad Smith) [Orabug: 33281086] - drivers: updates for 1.15.9-C-28 (Shannon Nelson) [Orabug: 33281086] [4.14.35-2047.507.5] - rds_rdma: add missing rds_ib_cm_handle_connect tracepoint (Alan Maguire) [Orabug: 33243560] - KVM: SVM: use vmsave/vmload for saving/restoring additional host state (Michael Roth) [Orabug: 33225761] - KVM: SVM: Use asm goto to handle unexpected #UD on SVM instructions (Sean Christopherson) [Orabug: 33225761] - kvm: svm/avic: Do not send AVIC doorbell to self (Suthikulpanit, Suravee) [Orabug: 33225761] - svm/avic: Fix invalidate logical APIC id entry (Suthikulpanit, Suravee) [Orabug: 33225761] - svm: Fix improper check when deactivate AVIC (Suthikulpanit, Suravee) [Orabug: 33225761] - svm: Fix AVIC DFR and LDR handling (Suthikulpanit, Suravee) [Orabug: 33225761] - scsi: qla2xxx: Add heartbeat check (Quinn Tran) [Orabug: 33116624] - scsi: qla2xxx: Use list_move_tail() instead of list_del()/list_add_tail() (Baokun Li) [Orabug: 33116624] - scsi: qla2xxx: Remove duplicate declarations (Shaokun Zhang) [Orabug: 33116624] - scsi: qla2xxx: Log PCI address in qla_nvme_unregister_remote_port() (Daniel Wagner) [Orabug: 33116624] - scsi: qla2xxx: Remove redundant assignment to rval (Jiapeng Chong) [Orabug: 33116624] - scsi: qla2xxx: Prevent PRLI in target mode (Anastasia Kovaleva) [Orabug: 33116624] - scsi: qla2xxx: Add marginal path handling support (Bikash Hazarika) [Orabug: 33116624] - scsi: qla2xxx: Reserve extra IRQ vectors (Roman Bolshakov) [Orabug: 33116624] - scsi: qla2xxx: Reuse existing error handling path (Christophe JAILLET) [Orabug: 33116624] - scsi: qla2xxx: Remove unneeded if-null-free check (Qiheng Lin) [Orabug: 33116624] - scsi: qla2xxx: Update version to 10.02.00.106-k (Nilesh Javali) [Orabug: 33116624] - scsi: qla2xxx: Update default AER debug mask (Quinn Tran) [Orabug: 33116624] - scsi: qla2xxx: Fix mailbox recovery during PCIe error (Quinn Tran) [Orabug: 33116624] - scsi: qla2xxx: Fix crash in PCIe error handling (Quinn Tran) [Orabug: 33116624] - scsi: qla2xxx: Fix RISC RESET completion polling (Quinn Tran) [Orabug: 33116624] - scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() (Arun Easi) [Orabug: 33116624] - scsi: qla2xxx: Consolidate zio threshold setting for both FCP & NVMe (Quinn Tran) [Orabug: 33116624] - scsi: qla2xxx: Fix stuck session (Quinn Tran) [Orabug: 33116624] - scsi: qla2xxx: Add H:C:T info in the log message for fc ports (Arun Easi) [Orabug: 33116624] - scsi: qla2xxx: Fix IOPS drop seen in some adapters (Arun Easi) [Orabug: 33116624] - scsi: qla2xxx: Check kzalloc() return value (Bart Van Assche) [Orabug: 33116624] - scsi: qla2xxx: Simplify qla8044_minidump_process_control() (Bart Van Assche) [Orabug: 33116624] - scsi: qla2xxx: Suppress Coverity complaints about dseg_r* (Bart Van Assche) [Orabug: 33116624] - scsi: qla2xxx: Fix endianness annotations (Bart Van Assche) [Orabug: 33116624] - scsi: qla2xxx: Constify struct qla_tgt_func_tmpl (Bart Van Assche) [Orabug: 33116624] - scsi: qla2xxx: Use dma_pool_zalloc() (Wang Qing) [Orabug: 33116624] - scsi: qla2xxx: Fix a couple of misdocumented functions (Lee Jones) [Orabug: 33116624] - scsi: qla2xxx: Fix incorrectly named function qla8044_check_temp() (Lee Jones) [Orabug: 33116624] - scsi: qla2xxx: Fix a couple of misnamed functions (Lee Jones) [Orabug: 33116624] - scsi: qla2xxx: Fix some incorrect formatting/spelling issues (Lee Jones) [Orabug: 33116624] - scsi: qla2xxx: Replace __qla2x00_marker()s missing underscores (Lee Jones) [Orabug: 33116624] - scsi: qla2xxx: Simplify if statement (Jiapeng Chong) [Orabug: 33116624] - scsi: qla2xxx: Simplify the calculation of variables (Jiapeng Zhong) [Orabug: 33116624] - scsi: qla2xxx: Fix some memory corruption (Dan Carpenter) [Orabug: 33116624] - scsi: qla2xxx: Remove redundant NULL check (Yang Li) [Orabug: 33116624] - scsi: qla2xxx: Remove unnecessary NULL check (Dan Carpenter) [Orabug: 33116624] - scsi: qla2xxx: Assign boolean values to a bool variable (Jiapeng Zhong) [Orabug: 33116624] - scsi: qla2xxx: fc_remote_port_chkready() returns a SCSI result value (Hannes Reinecke) [Orabug: 33116624] - scsi: qla2xxx: Fix description for parameter ql2xenforce_iocb_limit (Enzo Matsumiya) [Orabug: 33116624] - scsi: qla2xxx: Update version to 10.02.00.105-k (Nilesh Javali) [Orabug: 33116624] - scsi: qla2xxx: Enable NVMe CONF (BIT_7) when enabling SLER (Saurav Kashyap) [Orabug: 33116624] - scsi: qla2xxx: Fix mailbox Ch erroneous error (Quinn Tran) [Orabug: 33116624] - scsi: qla2xxx: Wait for ABTS response on I/O timeouts for NVMe (Bikash Hazarika) [Orabug: 33116624] - scsi: qla2xxx: Move some messages from debug to normal log level (Saurav Kashyap) [Orabug: 33116624] - scsi: qla2xxx: Add error counters to debugfs node (Saurav Kashyap) [Orabug: 33116624] - scsi: qla2xxx: Implementation to get and manage host, target stats and initiator port (Saurav Kashyap) [Orabug: 33116624] - scsi: qla2xxx: Update version to 10.02.00.104-k (Nilesh Javali) [Orabug: 33116624] - scsi: qla2xxx: Fix device loss on 4G and older HBAs (Arun Easi) [Orabug: 33116624] - scsi: qla2xxx: If fcport is undergoing deletion complete I/O with retry (Saurav Kashyap) [Orabug: 33116624] - scsi: qla2xxx: Fix the call trace for flush workqueue (Saurav Kashyap) [Orabug: 33116624] - scsi: qla2xxx: Fix flash update in 28XX adapters on big endian machines (Arun Easi) [Orabug: 33116624] - scsi: qla2xxx: Handle aborts correctly for port undergoing deletion (Saurav Kashyap) [Orabug: 33116624] - scsi: qla2xxx: Fix N2N and NVMe connect retry failure (Quinn Tran) [Orabug: 33116624] - scsi: qla2xxx: Fix FW initialization error on big endian machines (Arun Easi) [Orabug: 33116624] - scsi: qla2xxx: Fix compilation issue in PPC systems (Arun Easi) [Orabug: 33116624] - scsi: qla2xxx: Dont check for fw_started while posting NVMe command (Saurav Kashyap) [Orabug: 33116624] - scsi: qla2xxx: Tear down session if FW say it is down (Quinn Tran) [Orabug: 33116624] - scsi: qla2xxx: Limit interrupt vectors to number of CPUs (Quinn Tran) [Orabug: 33116624] - scsi: qla2xxx: Change post del message from debug level to log level (Saurav Kashyap) [Orabug: 33116624] - scsi: qla2xxx: Remove trailing semicolon in macro definition (Tom Rix) [Orabug: 33116624] - scsi: qla2xxx: Remove in_interrupt() from qla83xx-specific code (Ahmed S. Darwish) [Orabug: 33116624] - scsi: target: tcm_qla2xxx: Remove BUG_ON(in_interrupt()) (Ahmed S. Darwish) [Orabug: 33116624] - scsi: qla2xxx: Remove in_interrupt() from qla82xx-specific code (Ahmed S. Darwish) [Orabug: 33116624] - scsi: Remove unneeded break statements (Tom Rix) [Orabug: 33116624] - scsi: scsi_transport_fc: Add store capability to rport port_state in sysfs (Muneendra Kumar) [Orabug: 33116624] - scsi: scsi_transport_fc: Add a new rport state FC_PORTSTATE_MARGINAL (Muneendra Kumar) [Orabug: 33116624] - scsi: core: No retries on abort success (Muneendra Kumar) [Orabug: 33116624] - scsi: core: Add a new error code DID_TRANSPORT_MARGINAL in scsi.h (Muneendra Kumar) [Orabug: 33116624] [4.14.35-2047.507.4] - drivers: updated for 1.15.9.26 (Shannon Nelson) [Orabug: 33235357] - XFS: code enhancement to help debug (Wengang Wang) [Orabug: 33186644] - KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (Maxim Levitsky) [Orabug: 33234941] {CVE-2021-3656} {CVE-2021-3656} - KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (Maxim Levitsky) [Orabug: 33234967] {CVE-2021-3653} {CVE-2021-3653} [4.14.35-2047.507.3] - drivers: updates for 1.15.9.21 (Shannon Nelson) [Orabug: 33220300] - Revert rds/ib: reap tx completions during connection shutdown (Manjunath Patil) [Orabug: 33220435] - Revert rds/ib: handle posted ACK during connection shutdown (Manjunath Patil) [Orabug: 33220435] - Revert rds/ib: recover rds connection from interrupt loss scenario (Manjunath Patil) [Orabug: 33220435] - Revert rds/ib: move rds_ib_clear_irq_miss() to .h file (Manjunath Patil) [Orabug: 33220435] - NFS: Dont call generic_error_remove_page() while holding locks (Trond Myklebust) [Orabug: 33213898] - ip6_gre: proper dev_{hold|put} in ndo_[un]init methods (aloktiw) [Orabug: 33179252] - ifb: fix packets checksum (Jon Maxwell) [Orabug: 33145562] - Linux 4.14.239 (Greg Kroah-Hartman) - xen/events: reset active flag for lateeoi events later (Juergen Gross) - kthread: prevent deadlock when kthread_mod_delayed_work() races with kthread_cancel_delayed_work_sync() (Petr Mladek) - kthread_worker: split code for canceling the delayed work timer (Petr Mladek) - kfifo: DECLARE_KIFO_PTR(fifo, u64) does not work on arm 32 bit (Sean Young) - drm/nouveau: fix dma_address check for CPU/GPU sync (Christian Konig) - scsi: sr: Return appropriate error code when disk is ejected (ManYi Li) - mm/thp: another PVMW_SYNC fix in page_vma_mapped_walk() (Hugh Dickins) - mm/thp: fix page_vma_mapped_walk() if THP mapped by ptes (Hugh Dickins) - mm: page_vma_mapped_walk(): get vma_address_end() earlier (Hugh Dickins) - mm: page_vma_mapped_walk(): use goto instead of while (1) (Hugh Dickins) - mm: page_vma_mapped_walk(): add a level of indentation (Hugh Dickins) - mm: page_vma_mapped_walk(): crossing page table boundary (Hugh Dickins) - mm: page_vma_mapped_walk(): prettify PVMW_MIGRATION block (Hugh Dickins) - mm: page_vma_mapped_walk(): use pmde for *pvmw->pmd (Hugh Dickins) - mm: page_vma_mapped_walk(): settle PageHuge on entry (Hugh Dickins) - mm: page_vma_mapped_walk(): use page for pvmw->page (Hugh Dickins) - mm: thp: replace DEBUG_VM BUG with VM_WARN when unmap fails for split (Yang Shi) - mm/thp: fix page_address_in_vma() on file THP tails (Jue Wang) - mm/thp: fix vma_address() if virtual address below file offset (Hugh Dickins) - mm/thp: try_to_unmap() use TTU_SYNC for safe splitting (Hugh Dickins) - mm/rmap: use page_not_mapped in try_to_unmap() (Miaohe Lin) - mm/rmap: remove unneeded semicolon in page_not_mapped() (Miaohe Lin) - mm: add VM_WARN_ON_ONCE_PAGE() macro (Alex Shi) - include/linux/mmdebug.h: make VM_WARN* non-rvals (Michal Hocko) [4.14.35-2047.507.2] - uek-rpm: mark /etc/ld.so.conf.d/ files as %config (Stephen Brennan) [Orabug: 33186981] - rds: Congestion tracepoints should be enabled by default (Greg Jumper) [Orabug: 33145670] - Linux 4.14.238 (Sasha Levin) - i2c: robotfuzz-osif: fix control-request directions (Johan Hovold) - nilfs2: fix memory leak in nilfs_sysfs_delete_device_group (Pavel Skripkin) - pinctrl: stm32: fix the reported number of GPIO lines per bank (Fabien Dessenne) - net: ll_temac: Avoid ndo_start_xmit returning NETDEV_TX_BUSY (Esben Haabendal) - net: qed: Fix memcpy() overflow of qed_dcbx_params() (Kees Cook) - r8169: Avoid memcpy() over-reading of ETH_SS_STATS (Kees Cook) - sh_eth: Avoid memcpy() over-reading of ETH_SS_STATS (Kees Cook) - r8152: Avoid memcpy() over-reading of ETH_SS_STATS (Kees Cook) - net/packet: annotate accesses to po->ifindex (Eric Dumazet) - net/packet: annotate accesses to po->bind (Eric Dumazet) - net: caif: fix memory leak in ldisc_open (Pavel Skripkin) - inet: annotate date races around sk->sk_txhash (Eric Dumazet) - ping: Check return value of function ping_queue_rcv_skb (Zheng Yongjun) - mac80211: drop multicast fragments (Johannes Berg) - cfg80211: call cfg80211_leave_ocb when switching away from OCB (Du Cheng) - mac80211: remove warning in ieee80211_get_sband() (Johannes Berg) - Revert PCI: PM: Do not read power state in pci_enable_device_flags() (Rafael J. Wysocki) - arm64: perf: Disable PMU while processing counter overflows (Suzuki K Poulose) - MIPS: generic: Update node names to avoid unit addresses (Nathan Chancellor) - Makefile: Move -Wno-unused-but-set-variable out of GCC only block (Nathan Chancellor) - ARM: 9081/1: fix gcc-10 thumb2-kernel regression (Arnd Bergmann) - drm/radeon: wait for moving fence after pinning (Christian Konig) - drm/nouveau: wait for moving fence after pinning v2 (Christian Konig) - x86/fpu: Reset state for all signal restore failures (Thomas Gleixner) - unfuck sysfs_mount() (Al Viro) - kernfs: deal with kernfs_fill_super() failures (Al Viro) - usb: dwc3: core: fix kernel panic when do reboot (Peter Chen) - inet: use bigger hash table for IP ID generation (Eric Dumazet) - can: bcm/raw/isotp: use per module netdevice notifier (Tetsuo Handa) - net: fec_ptp: add clock rate zero check (Fugang Duan) - mm/slub.c: include swab.h (Andrew Morton) - net: bridge: fix vlan tunnel dst refcnt when egressing (Nikolay Aleksandrov) - net: bridge: fix vlan tunnel dst null pointer dereference (Nikolay Aleksandrov) - dmaengine: pl330: fix wrong usage of spinlock flags in dma_cyclc (Bumyong Lee) - ARCv2: save ABI registers across signal handling (Vineet Gupta) - PCI: Work around Huawei Intelligent NIC VF FLR erratum (Chiqijun) - PCI: Add ACS quirk for Broadcom BCM57414 NIC (Sriharsha Basavapatna) - PCI: Mark some NVIDIA GPUs to avoid bus reset (Shanker Donthineni) - PCI: Mark TI C667X to avoid bus reset (Antti Jarvinen) - tracing: Do no increment trace_clock_global() by one (Steven Rostedt (VMware)) - tracing: Do not stop recording comms if the trace file is being read (Steven Rostedt (VMware)) - tracing: Do not stop recording cmdlines when tracing is off (Steven Rostedt (VMware)) - usb: core: hub: Disable autosuspend for Cypress CY7C65632 (Andrew Lunn) - can: mcba_usb: fix memory leak in mcba_usb (Pavel Skripkin) - hwmon: (scpi-hwmon) shows the negative temperature properly (Riwen Lu) - radeon: use memcpy_to/fromio for UVD fw upload (Chen Li) - net: ethernet: fix potential use-after-free in ec_bhf_remove (Pavel Skripkin) - icmp: dont send out ICMP messages with a source address of 0.0.0.0 (Toke Hoiland-Jorgensen) - net: cdc_eem: fix tx fixup skb leak (Linyu Yuan) - net: hamradio: fix memory leak in mkiss_close (Pavel Skripkin) - be2net: Fix an error handling path in be_probe() (Christophe JAILLET) - net/af_unix: fix a data-race in unix_dgram_sendmsg / unix_release_sock (Eric Dumazet) - net: ipv4: fix memory leak in ip_mc_add1_src (Chengyang Fan) - net: usb: fix possible use-after-free in smsc75xx_bind (Dongliang Mu) - net: cdc_ncm: switch to eth%d interface naming (Maciej zenczykowski) - netxen_nic: Fix an error handling path in netxen_nic_probe() (Christophe JAILLET) - qlcnic: Fix an error handling path in qlcnic_probe() (Christophe JAILLET) - net: stmmac: dwmac1000: Fix extended MAC address registers definition (Jisheng Zhang) - alx: Fix an error handling path in alx_probe() (Christophe JAILLET) - netfilter: synproxy: Fix out of bounds when parsing TCP options (Maxim Mikityanskiy) - rtnetlink: Fix regression in bridge VLAN configuration (Ido Schimmel) - udp: fix race between close() and udp_abort() (Paolo Abeni) - net: rds: fix memory leak in rds_recvmsg (Pavel Skripkin) - net: ipv4: fix memory leak in netlbl_cipsov4_add_std (Nanyong Sun) - batman-adv: Avoid WARN_ON timing related checks (Sven Eckelmann) - mm/memory-failure: make sure wait for page writeback in memory_failure (yangerkun) - dmaengine: stedma40: add missing iounmap() on error in d40_probe() (Yang Yingliang) - dmaengine: QCOM_HIDMA_MGMT depends on HAS_IOMEM (Randy Dunlap) - dmaengine: ALTERA_MSGDMA depends on HAS_IOMEM (Randy Dunlap) - fib: Return the correct errno code (Zheng Yongjun) - net: Return the correct errno code (Zheng Yongjun) - net/x25: Return the correct errno code (Zheng Yongjun) - rtnetlink: Fix missing error code in rtnl_bridge_notify() (Jiapeng Chong) - net: ipconfig: Dont override command-line hostnames or domains (Josh Triplett) - nvme-loop: check for NVME_LOOP_Q_LIVE in nvme_loop_destroy_admin_queue() (Hannes Reinecke) - nvme-loop: clear NVME_LOOP_Q_LIVE when nvme_loop_configure_admin_queue() fails (Hannes Reinecke) - nvme-loop: reset queue count to 1 in nvme_loop_destroy_io_queues() (Hannes Reinecke) - ethernet: myri10ge: Fix missing error code in myri10ge_probe() (Jiapeng Chong) - scsi: target: core: Fix warning on realtime kernels (Maurizio Lombardi) - gfs2: Fix use-after-free in gfs2_glock_shrink_scan (Hillf Danton) - HID: gt683r: add missing MODULE_DEVICE_TABLE (Bixuan Cui) - ARM: OMAP2+: Fix build warning when mmc_omap is not built (Yongqiang Liu) - HID: usbhid: fix info leak in hid_submit_ctrl (Anirudh Rayabharam) - HID: Add BUS_VIRTUAL to hid_connect logging (Mark Bolhuis) - HID: hid-sensor-hub: Return error for hid_set_field() failure (Srinivas Pandruvada) - net: ieee802154: fix null deref in parse dev addr (Dan Robertson) - Linux 4.14.237 (Greg Kroah-Hartman) - proc: only require mm_struct for writing (Linus Torvalds) - tracing: Correct the length check which causes memory corruption (Liangyan) - ftrace: Do not blindly read the ip address in ftrace_bug() (Steven Rostedt (VMware)) - scsi: core: Only put parent device if host state differs from SHOST_CREATED (Ming Lei) - scsi: core: Put .shost_dev in failure path if host state changes to RUNNING (Ming Lei) - scsi: core: Fix error handling of scsi_host_alloc() (Ming Lei) - NFS: Fix use-after-free in nfs4_init_client() (Anna Schumaker) - kvm: fix previous commit for 32-bit builds (Paolo Bonzini) - perf session: Correct buffer copying when peeking events (Leo Yan) - NFS: Fix a potential NULL dereference in nfs_get_client() (Dan Carpenter) - perf: Fix data race between pin_count increment/decrement (Marco Elver) - regulator: max77620: Use device_set_of_node_from_dev() (Dmitry Osipenko) - regulator: core: resolve supply for boot-on/always-on regulators (Dmitry Baryshkov) - usb: fix various gadget panics on 10gbps cabling (Maciej zenczykowski) - usb: fix various gadgets null ptr deref on 10gbps cabling. (Maciej zenczykowski) - usb: gadget: eem: fix wrong eem header operation (Linyu Yuan) - USB: serial: quatech2: fix control-request directions (Johan Hovold) - USB: serial: omninet: add device id for Zyxel Omni 56K Plus (Alexandre GRIVEAUX) - USB: serial: ftdi_sio: add NovaTech OrionMX product ID (George McCollister) - usb: gadget: f_fs: Ensure io_completion_wq is idle during unbind (Wesley Cheng) - usb: typec: ucsi: Clear PPM capability data in ucsi_init() error path (Mayank Rana) - usb: dwc3: ep0: fix NULL pointer exception (Marian-Cristian Rotariu) - USB: f_ncm: ncm_bitrate (speed) is unsigned (Maciej zenczykowski) - cgroup1: dont allow in renaming (Alexander Kuznetsov) - btrfs: return value from btrfs_mark_extent_written() in case of error (Ritesh Harjani) - staging: rtl8723bs: Fix uninitialized variables (Wenli Looi) - kvm: avoid speculation-based attacks from out-of-range memslot accesses (Paolo Bonzini) - drm: Lock pointer access in drm_master_release() (Desmond Cheong Zhi Xi) - drm: Fix use-after-free read in drm_getunique() (Desmond Cheong Zhi Xi) - i2c: mpc: implement erratum A-004447 workaround (Chris Packham) - i2c: mpc: Make use of i2c_recover_bus() (Chris Packham) - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P1010 i2c controllers (Chris Packham) - powerpc/fsl: set fsl,i2c-erratum-a004447 flag for P2041 i2c controllers (Chris Packham) - bnx2x: Fix missing error code in bnx2x_iov_init_one() (Jiapeng Chong) - MIPS: Fix kernel hang under FUNCTION_GRAPH_TRACER and PREEMPT_TRACER (Tiezhu Yang) - net: appletalk: cops: Fix data race in cops_probe1 (Saubhik Mukherjee) - net: macb: ensure the device is available before accessing GEMGXL control registers (Zong Li) - scsi: target: qla2xxx: Wait for stop_phase1 at WWN removal (Dmitry Bogdanov) - scsi: vmw_pvscsi: Set correct residual data length (Matt Wang) - net/qla3xxx: fix schedule while atomic in ql_sem_spinlock (Zheyu Ma) - wq: handle VM suspension in stall detection (Sergey Senozhatsky) - cgroup: disable controllers at parse time (Shakeel Butt) - net: mdiobus: get rid of a BUG_ON() (Dan Carpenter) - netlink: disable IRQs for netlink_lock_table() (Johannes Berg) - bonding: init notify_work earlier to avoid uninitialized use (Johannes Berg) - isdn: mISDN: netjet: Fix crash in nj_probe: (Zheyu Ma) - ASoC: sti-sas: add missing MODULE_DEVICE_TABLE (Zou Wei) - net/nfc/rawsock.c: fix a permission check bug (Jeimon) - proc: Track /proc//attr/ opener mm_struct (Kees Cook) - rds/ib: quarantine STALE mr before dereg (Manjunath Patil) [Orabug: 33150437] - rds/ib: avoid dereg of mr in frwr_clean (Manjunath Patil) [Orabug: 33150414] - rds/ib: update mr incarnation after forming inv wr (Manjunath Patil) [Orabug: 33177350] - can: bcm: delay release of struct bcm_op after synchronize_rcu() (Thadeu Lima de Souza Cascardo) [Orabug: 33114648] {CVE-2021-3609} [4.14.35-2047.507.1] - can: bcm: fix infoleak in struct bcm_msg_head (Norbert Slusarek) [Orabug: 33030700] {CVE-2021-34693} - Linux 4.14.236 (Greg Kroah-Hartman) - xen-pciback: redo VF placement in the virtual topology (Jan Beulich) - sched/fair: Optimize select_idle_cpu (Cheng Jian) - KVM: SVM: Truncate GPR value for DR and CR accesses in !64-bit mode (Sean Christopherson) - bnxt_en: Remove the setting of dev_port. (Michael Chan) - bpf: No need to simulate speculative domain for immediates (Daniel Borkmann) - bpf: Fix mask direction swap upon off reg sign change (Daniel Borkmann) - bpf: Wrap aux data inside bpf_sanitize_info container (Daniel Borkmann) - bpf: Fix leakage of uninitialized bpf stack under speculation (Daniel Borkmann) - selftests/bpf: make dubious pointer arithmetic test useful (Alexei Starovoitov) - selftests/bpf: fix test_align (Alexei Starovoitov) - bpf/verifier: disallow pointer subtraction (Alexei Starovoitov) - bpf: Update selftests to reflect new error states (Daniel Borkmann) - bpf: Tighten speculative pointer arithmetic mask (Daniel Borkmann) - bpf: Move sanitize_val_alu out of op switch (Daniel Borkmann) - bpf: Refactor and streamline bounds check into helper (Daniel Borkmann) - bpf: Improve verifier error messages for users (Daniel Borkmann) - bpf: Rework ptr_limit into alu_limit and add common error path (Daniel Borkmann) - bpf: Ensure off_reg has no mixed signed bounds for all types (Daniel Borkmann) - bpf: Move off_reg into sanitize_ptr_alu (Daniel Borkmann) - bpf, selftests: Fix up some test_verifier cases for unprivileged (Piotr Krysiuk) - mm, hugetlb: fix simple resv_huge_pages underflow on UFFDIO_COPY (Mina Almasry) - btrfs: fixup error handling in fixup_inode_link_counts (Josef Bacik) - btrfs: fix error handling in btrfs_del_csums (Josef Bacik) - nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect (Krzysztof Kozlowski) - ocfs2: fix data corruption by fallocate (Junxiao Bi) - pid: take a reference when initializing (Mark Rutland) - ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed (Ye Bin) - ALSA: timer: Fix master timer notification (Takashi Iwai) - net: caif: fix memory leak in cfusbl_device_notify (Pavel Skripkin) - net: caif: fix memory leak in caif_device_notify (Pavel Skripkin) - net: caif: add proper error handling (Pavel Skripkin) - net: caif: added cfserl_release function (Pavel Skripkin) - ieee802154: fix error return code in ieee802154_llsec_getparams() (Wei Yongjun) - ieee802154: fix error return code in ieee802154_add_iface() (Zhen Lei) - netfilter: nfnetlink_cthelper: hit EBUSY on updates if size mismatches (Pablo Neira Ayuso) - HID: i2c-hid: fix format string mismatch (Arnd Bergmann) - HID: pidff: fix error return code in hid_pidff_init() (Zhen Lei) - ipvs: ignore IP_VS_SVC_F_HASHED flag when adding service (Julian Anastasov) - vfio/platform: fix module_put call in error flow (Max Gurtovoy) - vfio/pci: zap_vma_ptes() needs MMU (Randy Dunlap) - vfio/pci: Fix error return code in vfio_ecap_init() (Zhen Lei) - efi: cper: fix snprintf() use in cper_dimm_err_location() (Rasmus Villemoes) - efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared (Heiner Kallweit) - net: usb: cdc_ncm: dont spew notifications (Grant Grundler) - Linux 4.14.235 (Greg Kroah-Hartman) - usb: core: reduce power-on-good delay time of root hub (Chunfeng Yun) - drivers/net/ethernet: clean up unused assignments (Jesse Brandeburg) - hugetlbfs: hugetlb_fault_mutex_hash() cleanup (Mike Kravetz) - MIPS: ralink: export rt_sysc_membase for rt2880_wdt.c (Randy Dunlap) - MIPS: alchemy: xxs1500: add gpio-au1000.h header file (Randy Dunlap) - sch_dsmark: fix a NULL deref in qdisc_reset() (Taehee Yoo) - ipv6: record frag_max_size in atomic fragments in input path (Francesco Ruggeri) - scsi: libsas: Use _safe() loop in sas_resume_port() (Dan Carpenter) - ixgbe: fix large MTU request from VF (Jesse Brandeburg) - bpf: Set mac_len in bpf_skb_change_head (Jussi Maki) - ASoC: cs35l33: fix an error code in probe() (Dan Carpenter) - staging: emxx_udc: fix loop in _nbu2ss_nuke() (Dan Carpenter) - mld: fix panic in mld_newpack() (Taehee Yoo) - net: bnx2: Fix error return code in bnx2_init_board() (Zhen Lei) - net: mdio: octeon: Fix some double free issues (Christophe JAILLET) - net: mdio: thunder: Fix a double free issue in the .remove function (Christophe JAILLET) - net: netcp: Fix an error message (Christophe JAILLET) - drm/amdgpu: Fix a use-after-free (xinhui pan) - SMB3: incorrect file id in requests compounded with open (Steve French) - platform/x86: intel_punit_ipc: Append MODULE_DEVICE_TABLE for ACPI (Andy Shevchenko) - platform/x86: hp-wireless: add AMDs hardware id to the supported list (Shyam Sundar S K) - btrfs: do not BUG_ON in link_to_fixup_dir (Josef Bacik) - openrisc: Define memory barrier mb (Peter Zijlstra) - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (Matt Wang) - media: gspca: properly check for errors in po1030_probe() (Greg Kroah-Hartman) - media: dvb: Add check on sp8870_readreg return (Alaa Emad) - libertas: register sysfs groups properly (Greg Kroah-Hartman) - dmaengine: qcom_hidma: comment platform_driver_register call (Phillip Potter) - isdn: mISDNinfineon: check/cleanup ioremap failure correctly in setup_io (Phillip Potter) - char: hpet: add checks after calling ioremap (Tom Seewald) - net: caif: remove BUG_ON(dev == NULL) in caif_xmit (Du Cheng) - net: fujitsu: fix potential null-ptr-deref (Anirudh Rayabharam) - serial: max310x: unregister uart driver in case of failure and abort (Atul Gopinathan) - platform/x86: hp_accel: Avoid invoking _INI to speed up resume (Kai-Heng Feng) - perf jevents: Fix getting maximum number of fds (Felix Fietkau) - i2c: i801: Dont generate an interrupt on bus reset (Jean Delvare) - i2c: s3c2410: fix possible NULL pointer deref on read message after write (Krzysztof Kozlowski) - tipc: skb_linearize the head skb when reassembling msgs (Xin Long) - Revert net:tipc: Fix a double free in tipc_sk_mcast_rcv (Hoang Le) - drm/meson: fix shutdown crash when component not probed (Neil Armstrong) - NFSv4: Fix v4.0/v4.1 SEEK_DATA return -ENOTSUPP when set NFS_V4_2 config (Zhang Xiaoxu) - NFS: Dont corrupt the value of pg_bytes_written in nfs_do_recoalesce() (Trond Myklebust) - NFS: fix an incorrect limit in filelayout_decode_layout() (Dan Carpenter) - Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails (Thadeu Lima de Souza Cascardo) - net: usb: fix memory leak in smsc75xx_bind (Pavel Skripkin) - usb: gadget: udc: renesas_usb3: Fix a race in usb3_start_pipen() (Yoshihiro Shimoda) - USB: serial: pl2303: add device id for ADLINK ND-6530 GC (Zolton Jheng) - USB: serial: ftdi_sio: add IDs for IDS GmbH Products (Dominik Andreas Schorpp) - USB: serial: option: add Telit LE910-S1 compositions 0x7010, 0x7011 (Daniele Palmas) - USB: serial: ti_usb_3410_5052: add startech.com device id (Sean MacLennan) - serial: rp2: use request_firmware instead of request_firmware_nowait (Zheyu Ma) - serial: sh-sci: Fix off-by-one error in FIFO threshold register setting (Geert Uytterhoeven) - USB: trancevibrator: fix control-request direction (Johan Hovold) - iio: adc: ad7793: Add missing error code in ad7793_setup() (YueHaibing) - staging: iio: cdc: ad7746: avoid overwrite of num_channels (Lucas Stankus) - mei: request autosuspend after sending rx flow control (Alexander Usyskin) - thunderbolt: dma_port: Fix NVM read buffer bounds and offset issue (Mathias Nyman) - misc/uss720: fix memory leak in uss720_probe (Dongliang Mu) - kgdb: fix gcc-11 warnings harder (Greg Kroah-Hartman) - dm snapshot: properly fix a crash when an origin has no snapshots (Mikulas Patocka) - ath10k: Validate first subframe of A-MSDU before processing the list (Sriram R) - mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong) {CVE-2020-24586} {CVE-2020-24587} - mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg) - mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg) - mac80211: check defrag PN against current frame (Johannes Berg) - mac80211: add fragment cache to sta_info (Johannes Berg) - mac80211: drop A-MSDUs on old ciphers (Johannes Berg) {CVE-2020-24588} - cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef) {CVE-2020-24588} - mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef) - mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef) {CVE-2020-24587} {CVE-2020-24586} - mac80211: assure all fragments are encrypted (Mathy Vanhoef) {CVE-2020-26147} - net: hso: fix control-request directions (Johan Hovold) - proc: Check /proc//attr/ writes against file opener (Kees Cook) - perf intel-pt: Fix transaction abort handling (Adrian Hunter) - perf intel-pt: Fix sample instruction bytes (Adrian Hunter) - iommu/vt-d: Fix sysfs leak in alloc_iommu() (Rolf Eike Beer) - NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() (Anna Schumaker) - NFC: nci: fix memory leak in nci_allocate_device (Dongliang Mu) - usb: dwc3: gadget: Enable suspend events (Jack Pham) - scripts: switch explicitly to Python 3 (Andy Shevchenko) - tweewide: Fix most Shebang lines (Finn Behrens) - A/A Bonding: dev_hold/put() the delayed GARP work handlers netdev in rdmaip (Sharath Srinivasan) [Orabug: 33161269] - capmem: Mark the pages as non-readonly+dirty. (David Clear) [Orabug: 33155665] - Revert capmem: Mark the pages as non-readonly+dirty. (Dave Kleikamp) [Orabug: 33155665] - ionic: clean interrupt before enabling queue to avoid credit race (Shannon Nelson) [Orabug: 33155665] - scsi: core: Retry I/O for Notify (Enable Spinup) Required error (Quat Le) [Orabug: 33165871] - Revert x86/reboot: Force all cpus to exit VMX root if VMX is supported (Somasundaram Krishnasamy) [Orabug: 33156450]

Solution(s)

  • oracle-linux-upgrade-kernel
  • oracle-linux-upgrade-kernel-uek
  • oracle-linux-upgrade-kernel-uek-container
  • oracle-linux-upgrade-kernel-uek-container-debug
  • oracle-linux-upgrade-kernel-uek-debug
  • oracle-linux-upgrade-kernel-uek-debug-devel
  • oracle-linux-upgrade-kernel-uek-devel
  • oracle-linux-upgrade-kernel-uek-doc
  • oracle-linux-upgrade-kernel-uek-firmware
  • oracle-linux-upgrade-kernel-uek-headers
  • oracle-linux-upgrade-kernel-uek-tools
  • oracle-linux-upgrade-kernel-uek-tools-libs
  • oracle-linux-upgrade-kernel-uek-tools-libs-devel
  • oracle-linux-upgrade-perf
  • oracle-linux-upgrade-python-perf

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;