Oracle Linux: (CVE-2021-3743) ELSA-2021-9475: Unbreakable Enterprise kernel-container security update
Description
Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.
From ELSA-2021-9475:
[5.4.17-2102.206.1] - Revert 'scsi: core: Cap scsi_host cmd_per_lun at can_queue' (Jack Vogel) [Orabug: 33403144] [5.4.17-2102.206.0] - Revert 'uek-rpm: Don't recompute build-ids for kernel-uek-debuginfo' (Jack Vogel) [Orabug: 33245043] - integrity: Load mokx variables into the blacklist keyring (Eric Snowberg) [Orabug: 33418496] - perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (Like Xu) [Orabug: 33359395] - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (Dongli Zhang) [Orabug: 33352679] - Revert 'uek-rpm: mark /etc/ld.so.conf.d/ files as %config' (aloktiw) [Orabug: 33311489] - IB/core: Read subnet_prefix in ib_query_port via cache. (Anand Khoje) [Orabug: 33134286] - IB/core: Shifting initialization of device->cache_lock (Anand Khoje) [Orabug: 33134286] - IB/core: Updating cache for subnet_prefix in config_non_roce_gid_cache() (Anand Khoje) [Orabug: 33134286] - IB/core: Shuffle locks in ib_port_data to save memory (Anand Khoje) [Orabug: 33134286] - IB/core: Removed port validity check from ib_get_cached_subnet_prefix (Anand Khoje) [Orabug: 33134286] - btrfs: fix NULL pointer dereference when deleting device by invalid id (Qu Wenruo) [Orabug: 33281078] {CVE-2021-3739} - btrfs: fix race between marking inode needs to be logged and log syncing (Filipe Manana) [Orabug: 33349276] - net: qrtr: fix another OOB Read in qrtr_endpoint_post (Xiaolong Huang) [Orabug: 33284937] {CVE-2021-3743} - ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o) [Orabug: 33327177] {CVE-2021-40490} - xfs: remove unused variable (Wengang Wang) [Orabug: 33313442] - RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33306518] - xen-acpi-processor: fix coordination type mismatch (Elena Ufimtseva) [Orabug: 33296812] - KVM: X86: MMU: Use the correct inherited permissions to get shadow page (Lai Jiangshan) [Orabug: 33209458] {CVE-2021-38198} - usb: hso: fix error handling code of hso_create_net_device (Dongliang Mu) [Orabug: 33174795] {CVE-2021-37159} - hso: fix bailout in error case of probe (Oliver Neukum) [Orabug: 33174795] {CVE-2021-37159}
Solution(s)
- oracle-linux-upgrade-kernel-uek
- oracle-linux-upgrade-kernel-uek-container
- oracle-linux-upgrade-kernel-uek-container-debug
- oracle-linux-upgrade-kernel-uek-debug
- oracle-linux-upgrade-kernel-uek-debug-devel
- oracle-linux-upgrade-kernel-uek-devel
- oracle-linux-upgrade-kernel-uek-doc
- oracle-linux-upgrade-kernel-uek-tools
- oracle-linux-upgrade-kernel-uek-tools-libs
- oracle-linux-upgrade-perf
- oracle-linux-upgrade-python-perf
- Lightweight Endpoint Agent
- Live Dashboards
- Real Risk Prioritization
- IT-Integrated Remediation Projects
- Cloud, Virtual, and Container Assessment
- Integrated Threat Feeds
- Easy-to-Use RESTful API
- Automation-Assisted Patching
- Automated Containment
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center