Oracle Linux 6278 Published by

An Unbreakable Enterprise kernel security update has been released for Oracle Linux 7.



El-errata: ELSA-2021-9005 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2021-9005

  http://linux.oracle.com/errata/ELSA-2021-9005.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-2025.404.1.1.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2025.404.1.1.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2025.404.1.1.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2025.404.1.1.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2025.404.1.1.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2025.404.1.1.el7uek.noarch.rpm

SRPMS:
  http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-2025.404.1.1.el7uek.src.rpm


Description of changes:

[4.14.35-2025.404.1.1.el7uek]
- target: fix XCOPY NAA identifier lookup (David Disseldorp) [Orabug:
32248040] {CVE-2020-28374}

[4.14.35-2025.404.1.el7uek]
- xenbus/xenbus_backend: Disallow pending watch messages (SeongJae Park)
[Orabug: 32253412] {CVE-2020-29568}
- xen/xenbus: Count pending messages for each watch (SeongJae Park)
[Orabug: 32253412] {CVE-2020-29568}
- xen/xenbus/xen_bus_type: Support will_handle watch callback (SeongJae
Park) [Orabug: 32253412] {CVE-2020-29568}
- xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path()
(SeongJae Park) [Orabug: 32253412] {CVE-2020-29568}
- xen/xenbus: Allow watches discard events before queueing (SeongJae
Park) [Orabug: 32253412] {CVE-2020-29568}
- xen-blkback: set ring->xenblkd to NULL after kthread_stop() (Pawel
Wieczorkiewicz) [Orabug: 32260256] {CVE-2020-29569}

[4.14.35-2025.404.0.el7uek]
- vhost scsi: Add support for LUN resets. (Mike Christie) [Orabug: 32201584]
- vhost/scsi: Use copy_to_iter() to send control queue response (Bijan
Mottahedeh) [Orabug: 32201584]
- vhost scsi: add lun parser helper (Mike Christie) [Orabug: 32201584]
- scsi: sd: Allow user to configure command retries (Mike Christie)
[Orabug: 32201584]
- scsi: core: Add limitless cmd retry support (Mike Christie) [Orabug:
32201584]

[4.14.35-2025.403.5.el7uek]
- dm crypt: Allow unaligned bio buffer lengths for skcipher devices
(Sudhakar Panneerselvam) [Orabug: 32210463]
- mm: thp: make the THP mapcount atomic against
__split_huge_pmd_locked() (Andrea Arcangeli) [Orabug: 32212583]
{CVE-2020-29368}
- perf/core: Fix race in the perf_mmap_close() function (Jiri Olsa)
[Orabug: 32233358] {CVE-2020-14351}

[4.14.35-2025.403.4.el7uek]
- icmp: randomize the global rate limiter (Eric Dumazet) [Orabug:
32227961] {CVE-2020-25705}
- ocfs2: initialize ip_next_orphan (Wengang Wang) [Orabug: 32159055]
- hv_netvsc: make recording RSS hash depend on feature flag (Stephen
Hemminger) [Orabug: 32159975]
- hv_netvsc: record hardware hash in skb (Stephen Hemminger) [Orabug:
32159975]
- Fonts: Support FONT_EXTRA_WORDS macros for built-in fonts (Peilin Ye)
[Orabug: 32176263] {CVE-2020-28915}
- fbdev, newport_con: Move FONT_EXTRA_WORDS macros into linux/font.h
(Peilin Ye) [Orabug: 32176263] {CVE-2020-28915}
- block: Fix use-after-free in blkdev_get() (Jason Yan) [Orabug:
32194608] {CVE-2020-15436}
- serial: 8250: fix null-ptr-deref in serial8250_start_tx() (Yang
Yingliang) [Orabug: 32194712] {CVE-2020-15437}
- staging: rts5208: rename SG_END macro (Arnd Bergmann) [Orabug: 32218496]
- misc: rtsx: rename SG_END macro (Arnd Bergmann) [Orabug: 32218496]