-
Mon Oct 26 2020 Brian Maly <brian.maly@oracle.com> [4.1.12-124.44.4.1.el7uek]
- powercap: restrict energy meter to root access (Kanth Ghatraju) [Orabug: 32040806] {CVE-2020-8694} {CVE-2020-8695}
-
Wed Oct 21 2020 Brian Maly <brian.maly@oracle.com> [4.1.12-124.44.4.el7uek]
- scsi: qla2xxx: Fix NULL pointer crash due to active timer for ABTS (himanshu.madhani@cavium.com) [Orabug: 32020790]
-
Tue Oct 20 2020 Brian Maly <brian.maly@oracle.com> [4.1.12-124.44.3.el7uek]
- qed: Reduce verbosity of unimplemented MFW messages (Mintz, Yuval) [Orabug: 31959299]
- kexec: validate pe files against the system_blacklist_keyring (Eric Snowberg) [Orabug: 31961119] {CVE-2020-26541}
-
Mon Oct 12 2020 Brian Maly <brian.maly@oracle.com> [4.1.12-124.44.2.el7uek]
- usb: cdc-acm: make sure a refcount is taken early enough (Oliver Neukum) [Orabug: 31351088] {CVE-2019-19530}
- net/rds: migration of a delayed initialized port present in down state (Praveen Kumar Kannoju) [Orabug: 31729995]
- net: add high_order_alloc_disable sysctl (Eric Dumazet) [Orabug: 31835223]
- mm, page_alloc: double zone's batchsize (Aaron Lu) [Orabug: 31835223]
- mm/free_pcppages_bulk: prefetch buddy while not holding lock (Aruna Ramakrishna) [Orabug: 31835223]
- mm/free_pcppages_bulk: do not hold lock when picking pages to free (Aruna Ramakrishna) [Orabug: 31835223]
- mm, page_alloc: remove unnecessary variable from free_pcppages_bulk (Mel Gorman) [Orabug: 31835223]
- netfilter: ctnetlink: add a range check for l3/l4 protonum (Will McVicker) [Orabug: 31872865] {CVE-2020-25211}
- net/rds: Extract dest qp num for displaying in rds-info (Praveen Kumar Kannoju) [Orabug: 31880144]
- uek-rpm: Update secure boot UEK signing certificates (Brian Maly) [Orabug: 31974559]
-
Tue Oct 06 2020 Brian Maly <brian.maly@oracle.com> [4.1.12-124.44.1.el7uek]
- oracleasm: Retrieve d_bdev before dropping inode (Stephen Brennan) [Orabug: 31832592]
- KVM: VMX: fixes for vmentry_l1d_flush module parameter (Paolo Bonzini) [Orabug: 31962487]
-
Tue Sep 22 2020 Brian Maly <brian.maly@oracle.com> [4.1.12-124.43.4.el7uek]
- kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974) (Jann Horn) [Orabug: 29434845] {CVE-2019-6974}
- KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221) (Peter Shier) [Orabug: 29434898] {CVE-2019-7221}
- KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222) (Paolo Bonzini) [Orabug: 29434924] {CVE-2019-7222}
- net: arc_emac: fix koops caused by sk_buff free (Alexander Kochetkov) [Orabug: 30254239] {CVE-2016-10906}
- GFS2: don't set rgrp gl_object until it's inserted into rgrp tree (Bob Peterson) [Orabug: 30254251] {CVE-2016-10905}
- GFS2: Fix rgrp end rounding problem for bsize < page size (Bob Peterson) [Orabug: 30254251] {CVE-2016-10905}
- x86/apic/msi: update address_hi on set msi affinity (Joe Jin) [Orabug: 31477035]
- x86/apic/msi: check and sync apic IRR on msi_set_affinity (Joe Jin) [Orabug: 31477035]
- net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (Sabrina Dubroca) [Orabug: 31872821] {CVE-2020-1749}
- nfs: Fix getxattr kernel panic and memory overflow (Jeffrey Mitchell) [Orabug: 31872910] {CVE-2020-25212}
- rbd: require global CAP_SYS_ADMIN for mapping and unmapping (Ilya Dryomov) [Orabug: 31884169] {CVE-2020-25284}
- mm/hugetlb: fix a race between hugetlb sysctl handlers (Muchun Song) [Orabug: 31884239] {CVE-2020-25285}
- ext4: fix potential negative array index in do_split() (Eric Sandeen) [Orabug: 31895331] {CVE-2020-14314}
-
Tue Sep 15 2020 Brian Maly <brian.maly@oracle.com> [4.1.12-124.43.3.el7uek]
- ARM: amba: Fix race condition with driver_override (Geert Uytterhoeven) [Orabug: 29671212] {CVE-2018-9415}
- block: blk_init_allocated_queue() set q->fq as NULL in the fail case (xiao jin) [Orabug: 30120513] {CVE-2018-20856}
- USB: serial: omninet: fix reference leaks at open (Johan Hovold) [Orabug: 30484761] {CVE-2017-8925}
- nl80211: validate beacon head (Johannes Berg) [Orabug: 30556264] {CVE-2019-16746}
- cfg80211: Use const more consistently in for_each_element macros (Jouni Malinen) [Orabug: 30556264] {CVE-2019-16746}
- cfg80211: add and use strongly typed element iteration macros (Johannes Berg) [Orabug: 30556264] {CVE-2019-16746}
- cfg80211: add helper to find an IE that matches a byte-array (Luca Coelho) [Orabug: 30556264] {CVE-2019-16746}
- cfg80211: allow finding vendor with OUI without specifying the OUI type (Emmanuel Grumbach) [Orabug: 30556264] {CVE-2019-16746}
- dccp: Fix memleak in __feat_register_sp (YueHaibing) [Orabug: 30732821] {CVE-2019-20096}
- fs/proc/proc_sysctl.c: Fix a NULL pointer dereference (YueHaibing) [Orabug: 30732938] {CVE-2019-20054}
- fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links (YueHaibing) [Orabug: 30732938] {CVE-2019-20054}
- scsi: libsas: stop discovering if oob mode is disconnected (Jason Yan) [Orabug: 30770913] {CVE-2019-19965}
- kernel/sysctl.c: fix out-of-bounds access when setting file-max (Will Deacon) [Orabug: 31350720] {CVE-2019-14898}
- sysctl: handle overflow for file-max (Christian Brauner) [Orabug: 31350720] {CVE-2019-14898}
- ath9k_htc: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351572] {CVE-2019-19073}
- can: gs_usb: gs_can_open(): prevent memory leak (Navid Emamdoost) [Orabug: 31351682] {CVE-2019-19052}
- ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (Takashi Iwai) [Orabug: 31351837] {CVE-2019-15927}
- media: usb: siano: Fix general protection fault in smsusb (Alan Stern) [Orabug: 31351875] {CVE-2019-15218}
- crypto: vmac - separate tfm and request context (Eric Biggers) [Orabug: 31584410]
- SUNRPC: Fix a race with XPRT_CONNECTING (Trond Myklebust) [Orabug: 31796770]
- SUNRPC: Fix disconnection races (Trond Myklebust) [Orabug: 31796770]
- SUNRPC: Add a helper to wake up a sleeping rpc_task and set its status (Trond Myklebust) [Orabug: 31796770]
- SUNRPC: Reduce latency when send queue is congested (Trond Myklebust) [Orabug: 31796770]
- SUNRPC: RPC transport queue must be low latency (Trond Myklebust) [Orabug: 31796770]
- SUNRPC: Fix a potential race in xprt_connect() (Trond Myklebust) [Orabug: 31796770]
- SUNRPC: ensure correct error is reported by xs_tcp_setup_socket() (NeilBrown) [Orabug: 31796770]
- SUNRPC: Fix races between socket connection and destroy code (Trond Myklebust) [Orabug: 31796770]
- SUNRPC: Prevent SYN+SYNACK+RST storms (Trond Myklebust) [Orabug: 31796770]
- SUNRPC: Report TCP errors to the caller (Trond Myklebust) [Orabug: 31796770]
- SUNRPC: Ensure we release the TCP socket once it has been closed (Trond Myklebust) [Orabug: 31796770]
- net-gro: fix use-after-free read in napi_gro_frags() (Eric Dumazet) [Orabug: 31856195] {CVE-2020-10720}
- PCI: Probe bridge window attributes once at enumeration-time (Bjorn Helgaas) [Orabug: 31867577]
-
Mon Sep 07 2020 Brian Maly <brian.maly@oracle.com> [4.1.12-124.43.2.el7uek]
- ALSA: seq: Cancel pending autoload work at unbinding device (Takashi Iwai) [Orabug: 31352045] {CVE-2017-16528}
- USB: serial: io_ti: fix information leak in completion handler (Johan Hovold) [Orabug: 31352084] {CVE-2017-8924}
- sample-trace-array: Fix sleeping function called from invalid context (Kefeng Wang) [Orabug: 31543032]
- sample-trace-array: Remove trace_array 'sample-instance' (Kefeng Wang) [Orabug: 31543032]
- tracing: Sample module to demonstrate kernel access to Ftrace instances. (Divya Indi) [Orabug: 31543032]
- tracing: Adding new functions for kernel access to Ftrace instances (Aruna Ramakrishna) [Orabug: 31543032]
- tracing: Adding NULL checks for trace_array descriptor pointer (Divya Indi) [Orabug: 31543032]
- tracing: Verify if trace array exists before destroying it. (Divya Indi) [Orabug: 31543032]
- tracing: Declare newly exported APIs in include/linux/trace.h (Divya Indi) [Orabug: 31543032]
- tracing: Kernel access to Ftrace instances (Divya Indi) [Orabug: 31543032]
-
Thu Sep 03 2020 Brian Maly <brian.maly@oracle.com> [4.1.12-124.43.1.el7uek]
- blktrace: Protect q->blk_trace with RCU (Jan Kara) [Orabug: 31123576] {CVE-2019-19768}
- media: technisat-usb2: break out of loop at end of buffer (Sean Young) [Orabug: 31224554] {CVE-2019-15505}
- btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31351746] {CVE-2019-18885}
- RDMA/cxgb4: Do not dma memory off of the stack (Greg KH) [Orabug: 31351783] {CVE-2019-17075}
- mwifiex: Abort at too short BSS descriptor element (Takashi Iwai) [Orabug: 31351916] {CVE-2019-3846}
- mwifiex: Fix possible buffer overflows at parsing bss descriptor (Takashi Iwai) [Orabug: 31351916] {CVE-2019-3846} {CVE-2019-3846}
- repair kABI breakage from "fs: prevent page refcount overflow in pipe_buf_get" (Dan Duval) [Orabug: 31351941] {CVE-2019-11487}
- mm: prevent get_user_pages() from overflowing page refcount (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487}
- mm: add 'try_get_page()' helper function (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487}
- fs: prevent page refcount overflow in pipe_buf_get (Matthew Wilcox) [Orabug: 31351941] {CVE-2019-11487}
- mm: make page ref count overflow check tighter and more explicit (Linus Torvalds) [Orabug: 31351941] {CVE-2019-11487}
- sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31351960] {CVE-2019-3874}
- sunrpc: use SVC_NET() in svcauth_gss_* functions (Vasily Averin) [Orabug: 31351995] {CVE-2018-16884}
- sunrpc: use-after-free in svc_process_common() (Vasily Averin) [Orabug: 31351995] {CVE-2018-16884}
- af_packet: set defaule value for tmo (Mao Wenan) [Orabug: 31439107] {CVE-2019-20812}
- selinux: properly handle multiple messages in selinux_netlink_send() (Paul Moore) [Orabug: 31439369] {CVE-2020-10751}
- selinux: Print 'sclass' as string when unrecognized netlink message occurs (Marek Milkovic) [Orabug: 31439369] {CVE-2020-10751}
- mac80211: Do not send Layer 2 Update frame before authorization (Jouni Malinen) [Orabug: 31473652] {CVE-2019-5108}
- cfg80211/mac80211: make ieee80211_send_layer2_update a public function (Dedy Lansky) [Orabug: 31473652] {CVE-2019-5108}
- crypto: authenc - fix parsing key with misaligned rta_len (Eric Biggers) [Orabug: 31535529] {CVE-2020-10769}
- vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31705121] {CVE-2020-14331} {CVE-2020-14331}
- rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31783151]
-
Thu Sep 03 2020 Brian Maly <brian.maly@oracle.com> [4.1.12-124.42.4.el7uek]
- rds/ib: Make i_{recv,send}_hdrs non-contigious (Hans Westgaard Ry) [Orabug: 30634865]
- md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31683116]
- md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31683116]