An Unbreakable Enterprise kernel security update has been released for Oracle Linux 7.
Oracle Linux Security Advisory ELSA-2020-5526
http://linux.oracle.com/errata/ELSA-2020-5526.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
x86_64:
kernel-uek-4.14.35-1902.10.4.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-1902.10.4.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-1902.10.4.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-1902.10.4.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-1902.10.4.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-1902.10.4.el7uek.noarch.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-1902.10.4.el7uek.src.rpm
Description of changes:
[4.14.35-1902.10.4.el7uek]
- kvm: Don't reference vcpu->arch.st in arch-independent code (Boris Ostrovsky) [Orabug: 30489861]
- kvm: fix compile on s390 part 2 (Christian Borntraeger) [Orabug: 30489861]
- kvm: fix compilation on s390 (Paolo Bonzini) [Orabug: 30489861]
- kvm: fix compilation on aarch64 (Paolo Bonzini) [Orabug: 30489861]
[4.14.35-1902.10.3.el7uek]
- x86/KVM: Clean up host's steal time structure (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016}
- x86/KVM: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016}
- x86/kvm: Cache gfn to pfn translation (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016}
- x86/kvm: Introduce kvm_(un)map_gfn() (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016}
- x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (Boris Ostrovsky) [Orabug: 30489861] {CVE-2019-3016} {CVE-2019-3016}
- KVM: Properly check if "page" is valid in kvm_vcpu_unmap (KarimAllah Ahmed) [Orabug: 30489861]
- KVM: Introduce a new guest mapping API (KarimAllah Ahmed) [Orabug: 30489861]
- KVM: x86: svm: make sure NMI is injected after nmi_singlestep (Vitaly Kuznetsov) [Orabug: 30714532]