Oracle Linux Security Advisory ELSA-2021-9487

https://linux.oracle.com/errata/ELSA-2021-9487.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unb=
reakable Linux Network:

x86_64:
kernel-uek-container-5.4.17-2136.300.7.el8.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.300.7.el8.x86_64.rpm


SRPMS:
https://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-container-5.4.17-2136.30=
0.7.el8.src.rpm

Related CVEs:

CVE-2017-6074
CVE-2020-16119




Description of changes:

[5.4.17-2136.300.7.el8]
- KVM: SVM: Fix mismerge in svm_update_pi_irte() (Liam Merwick)  [Orabug: 3=
3446526]
- Revert "KVM: x86: hyperv: Remove duplicate definitions of Reference TSC P=
age" (Liam Merwick)  [Orabug: 33450675]

[5.4.17-2136.300.6.el8]
- Revert "scsi: core: Cap scsi_host cmd_per_lun at can_queue" (Jack Vogel)
  [Orabug: 33441404]

[5.4.17-2136.300.5.el8]
- dccp: don't duplicate ccid when cloning dccp sock (Lin, Zhenpeng)  [Orabu=
g: 33408808]  {CVE-2017-6074} {CVE-2020-16119}
- block: workaround to avoid self-deadlock in del_gendisk (Junxiao Bi)  [Or=
abug: 33396355]
- uek-rpm: add ofb.ko and crypto_user.ko modules to nano kernel (Somasundar=
am Krishnasamy)  [Orabug: 31895743]

[5.4.17-2136.300.4.el8]
- Reintroduce: certs: Add EFI_CERT_X509_GUID support for dbx entries (Konra=
d Rzeszutek Wilk)  [Orabug: 33382994]
- bnxt_en: Update the driver version string (Jack Vogel)  [Orabug: 33392416]

[5.4.17-2136.300.3.el8]
- net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venk=
atsubra)  [Orabug: 33379543]
- KVM: X86: MMU: Use the correct inherited permissions to get shadow page (=
Lai Jiangshan)  [Orabug: 33359297]  {CVE-2021-38198}
- KVM: x86: adjust SEV for commit 7e8e6eed75e (Paolo Bonzini)  [Orabug: 333=
75655]
- net/mlx5: Implement Oracle-only solution for mlx device names (Mikhael Go=
ikhman)  [Orabug: 33247746]

[5.4.17-2136.300.2.el8]
- btrfs: fix NULL pointer dereference when deleting device by invalid id (Q=
u Wenruo)  [Orabug: 33365609]  {CVE-2021-3739}
- Revert "uek-rpm: mark /etc/ld.so.conf.d/ files as %config" (aloktiw)  [Or=
abug: 33359669]
- bpf: provide BPF Type Format (BTF) info for kernel (Alan Maguire)  [Orabu=
g: 33331233]
- perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the gues=
t (Like Xu)  [Orabug: 33194216]
- IB/core: Read subnet_prefix in ib_query_port via cache. (Anand Khoje)  [O=
rabug: 33283556]
- IB/core: Shifting initialization of device->cache_lock (Anand Khoje)  [Or=
abug: 33283556]
- IB/core: Updating cache for subnet_prefix in config_non_roce_gid_cache() =
(Anand Khoje)  [Orabug: 33283556]
- IB/core: Shuffle locks in ib_port_data to save memory (Anand Khoje)  [Ora=
bug: 33283556]
- IB/core: Removed port validity check from ib_get_cached_subnet_prefix (An=
and Khoje)  [Orabug: 33283556]
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=3D32 (Dongli=
 Zhang)  [Orabug: 33106728]

[5.4.17-2136.300.1.el8]
- net: qrtr: fix another OOB Read in qrtr_endpoint_post (Xiaolong Huang)  [=
Orabug: 33336805]  {CVE-2021-3743}
- ext4: fix race writing to an inline_data file while its xattrs are changi=
ng (Theodore Ts'o)  [Orabug: 33336785]  {CVE-2021-40490}
- net/mlx5: E-Switch, Fix vlan or qos setting in legacy mode (Vu Pham)  [Or=
abug: 33291040]
- rds: ib: Set SEND_SIGNALED on the last WR posted (H=E5kon Bugge)  [Orabug=
: 33331710]
- RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn)  [Orabug: 33331640]
- usb: hso: fix error handling code of hso_create_net_device (Dongliang Mu)=
  [Orabug: 33329086]  {CVE-2021-37159}
- hso: fix bailout in error case of probe (Oliver Neukum)  [Orabug: 3332908=
6]  {CVE-2021-37159}
- uek-rpm: Set DEFAULTKERNEL in /etc/sysconfig/kernel correctly (Dave Kleik=
amp)  [Orabug: 33219604]
- RDMA/mlx5: Fix crash when unbind multiport slave (Maor Gottlieb)  [Orabug=
: 33303425]
- net/mlx5: Don't overwrite HCA capabilities when setting MSI-X count (Leon=
 Romanovsky)  [Orabug: 33220810]
- net/mlx5: Implement sriov_get_vf_total_msix/count() callbacks (Leon Roman=
ovsky)  [Orabug: 33220810]
- net/mlx5: Dynamically assign MSI-X vectors count (Leon Romanovsky)  [Orab=
ug: 33220810]
- net/mlx5: Add dynamic MSI-X capabilities bits (Leon Romanovsky)  [Orabug:=
 33220810]
- PCI/IOV: Add sysfs MSI-X vector assignment interface (Leon Romanovsky)  [=
Orabug: 33220810]
- net/mlx5: Check that driver was probed prior attaching the device (Leon R=
omanovsky)  [Orabug: 33286656]

[5.4.17-2136.300.0.el8]
- misc/pvpanic: fix set driver data (Mihai Carabas)  [Orabug: 33290806]
- btrfs: fix race between marking inode needs to be logged and log syncing =
(Filipe Manana)  [Orabug: 33265208]
- vdpa/mlx5: fix feature negotiation across device reset (Si-Wei Liu)  [Ora=
bug: 33247045]
- net/mlx5: E-switch, When eswitch is unsupported, return -EOPNOTSUPP (Para=
v Pandit)  [Orabug: 33241452]
- xen-acpi-processor: fix coordination type mismatch (Elena Ufimtseva)  [Or=
abug: 33214673]
- net/mlx5: E-switch, Use eswitch total_vports (Parav Pandit)  [Orabug: 332=
13269]
- net/mlx5: E-switch, Reuse total_vports and avoid duplicate nvports (Parav=
 Pandit)  [Orabug: 33213269]
- net/mlx5: E-switch, Consider maximum vf vports for steering init (Parav P=
andit)  [Orabug: 33213269]
- RDMA/mlx5: Fix NULL pointer dereference in destroy_prefetch_work (Maor Go=
ttlieb)  [Orabug: 33303297]
- rds: fix statistics counters and check for memory leak (Hans Westgaard Ry=
)  [Orabug: 31372378]
- KVM: X86: Micro-optimize IPI fastpath delay (Wanpeng Li)  [Orabug: 331194=
31]
- net/mlx5_core: Restore driver version (Roy Novich)  [Orabug: 33112151]
- RDMA/umem: Use ib_dma_max_seg_size instead of dma_get_max_seg_size (Chris=
toph Hellwig)  [Orabug: 33107202]
- lib/scatterlist: Do not limit max_segment to PAGE_ALIGNED values (Jason G=
unthorpe)  [Orabug: 33107202]
- uek-rpm: update kABI lists for new symbols (Saeed Mirzamohammadi)  [Orabu=
g: 33246580]
- rdmaip: trace message buffer size too small for rdmaip debug tracepoints =
(Alan Maguire)  [Orabug: 33267573]
- driver core: auxiliary bus: Fix memory leak when driver_register() fail (=
Peter Ujfalusi)  [Orabug: 32461425]
- driver core: auxiliary bus: Remove unneeded module bits (Dave Jiang)  [Or=
abug: 32461425]
- driver core: auxiliary bus: Fix calling stage for auxiliary bus init (Dav=
e Jiang)  [Orabug: 32461425]
- driver core: auxiliary bus: Fix auxiliary bus shutdown null auxdrv ptr (D=
ave Jiang)  [Orabug: 32461425]
- bnxt_en: Use register window 6 instead of 5 to read the PHC (Michael Chan=
)  [Orabug: 33181761]
- bnxt_en: Update firmware call to retrieve TX PTP timestamp (Michael Chan)=
  [Orabug: 33181761]
- bnxt_en: Update firmware interface to 1.10.2.52 (Michael Chan)  [Orabug: =
33181761]

[5.4.17-2122.305.7.el8]
- ice: implement device flash update via devlink (Jacob Keller)  [Orabug: 3=
3236075]
- ice: add board identifier info to devlink .info_get (Jacob Keller)  [Orab=
ug: 33236075]
- ice: add basic handler for devlink .info_get (Jacob Keller)  [Orabug: 332=
36075]
- ice: enable initial devlink support (Jacob Keller)  [Orabug: 33236075]
- bitops: introduce the for_each_set_clump8 macro (William Breathitt Gray) =
 [Orabug: 33236075]
- Add pldmfw library for PLDM firmware update (Jacob Keller)  [Orabug: 3323=
6075]
- devlink: expand the devlink-info documentation (Jakub Kicinski)  [Orabug:=
 33236075]
- devlink: promote "fw.bundle_id" to a generic info version (Jacob Keller) =
 [Orabug: 33236075]
- devlink: remove trigger command from devlink-region.rst (Jacob Keller)  [=
Orabug: 33236075]
- devlink: add trap metadata type for cookie (Jiri Pirko)  [Orabug: 3323607=
5]
- devlink: add ACL generic packet traps (Jiri Pirko)  [Orabug: 33236075]
- devlink: Force enclosing array on binary fmsg data (Aya Levin)  [Orabug: =
33236075]
- devlink: document devlink info versions reported by bnxt_en driver (Vasun=
dhara Volam)  [Orabug: 33236075]
- devlink: add macro for "fw.roce" (Vasundhara Volam)  [Orabug: 33236075]
- devlink: Add health recover notifications on devlink flows (Moshe Shemesh=
)  [Orabug: 33236075]
- devlink: Add overlay source MAC is multicast trap (Amit Cohen)  [Orabug: =
33236075]
- devlink: Add tunnel generic packet traps (Amit Cohen)  [Orabug: 33236075]
- devlink: Add non-routable packet trap (Amit Cohen)  [Orabug: 33236075]
- devlink: fix typos in qed documentation (Jacob Keller)  [Orabug: 33236075]
- devlink: correct misspelling of snapshot (Jacob Keller)  [Orabug: 3323607=
5]
- devlink: document region snapshot triggering from userspace (Jacob Keller=
)  [Orabug: 33236075]
- devlink: introduce devlink-dpipe.rst documentation file (Jacob Keller)  [=
Orabug: 33236075]
- devlink: add a devlink-resource.rst documentation file (Jacob Keller)  [O=
rabug: 33236075]
- devlink: rename and expand devlink-trap-netdevsim.rst (Jacob Keller)  [Or=
abug: 33236075]
- devlink: add documentation for ionic device driver (Jacob Keller)  [Orabu=
g: 33236075]
- devlink: add a file documenting devlink regions (Jacob Keller)  [Orabug: =
33236075]
- devlink: add a driver-specific file for the qed driver (Jacob Keller)  [O=
rabug: 33236075]
- devlink: add parameter documentation for the mlx4 driver (Jacob Keller)  =
[Orabug: 33236075]
- devlink: document info versions for each driver (Jacob Keller)  [Orabug: =
33236075]
- devlink: convert driver-specific files to reStructuredText (Jacob Keller)=
  [Orabug: 33236075]
- devlink: mention reloading in devlink-params.rst (Jacob Keller)  [Orabug:=
 33236075]
- devlink: add documentation for generic devlink parameters (Jacob Keller) =
 [Orabug: 33236075]
- devlink: convert devlink-params.txt to reStructuredText (Jacob Keller)  [=
Orabug: 33236075]
- devlink: rename devlink-info-versions.rst and add a header (Jacob Keller)=
  [Orabug: 33236075]
- devlink: convert devlink-health.txt to rst format (Jacob Keller)  [Orabug=
: 33236075]
- devlink: move devlink documentation to subfolder (Jacob Keller)  [Orabug:=
 33236075]
- devlink: add macro for "fw.psid" (Jacob Keller)  [Orabug: 33236075]
- devlink: add devink notification when reporter update health state (Vikas=
 Gupta)  [Orabug: 33236075]
- rds_rdma: add missing rds_ib_cm_handle_connect tracepoint (Alan Maguire) =
 [Orabug: 33243559]

_______________________________________________
El-errata mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/el-errata