El-errata: ELSA-2021-9172 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update (aarch64)
Oracle Linux Security Advisory ELSA-2021-9172
http://linux.oracle.com/errata/ELSA-2021-9172.html
The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:
aarch64:
kernel-uek-4.14.35-2047.502.4.el7uek.aarch64.rpm
kernel-uek-debug-4.14.35-2047.502.4.el7uek.aarch64.rpm
kernel-uek-debug-devel-4.14.35-2047.502.4.el7uek.aarch64.rpm
kernel-uek-devel-4.14.35-2047.502.4.el7uek.aarch64.rpm
kernel-uek-tools-4.14.35-2047.502.4.el7uek.aarch64.rpm
kernel-uek-tools-libs-4.14.35-2047.502.4.el7uek.aarch64.rpm
kernel-uek-tools-libs-devel-4.14.35-2047.502.4.el7uek.aarch64.rpm
perf-4.14.35-2047.502.4.el7uek.aarch64.rpm
python-perf-4.14.35-2047.502.4.el7uek.aarch64.rpm
kernel-uek-headers-4.14.35-2047.502.4.el7uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-2047.502.4.el7uek.src.rpm
Description of changes:
[4.14.35-2047.502.4.el7uek]
- Revert "rds: ib: Remove two ib_modify_qp() calls" (Sharath Srinivasan) [Orabug: 32715567]
- uek-rpm: Update SecureBoot Digicert 2021 certificates (Somasundaram Krishnasamy) [Orabug: 32532514]
[4.14.35-2047.502.3.el7uek]
- video: hyperv_fb: Fix the mmap() regression for v5.4.y and older (Dexuan Cui) [Orabug: 32620797]
- video: hyperv_fb: Fix the cache type when mapping the VRAM (Dexuan Cui) [Orabug: 32620797]
- RDMA/core: Fix corrupted SL on passive side (Håkon Bugge) [Orabug: 32644356]
[4.14.35-2047.502.2.el7uek]
- EDAC: skx_common: downgrade message importance on missing PCI device (Aristeu Rozanski) [Orabug: 32651294]
- Xen/gnttab: handle p2m update errors on a per-slot basis (Jan Beulich) [Orabug: 32651477] {CVE-2021-28038}
- KVM: kvmclock: Fix vCPUs > 64 can't be online/hotpluged (Wanpeng Li) [Orabug: 32633928]
- xen/netback: avoid race in xenvif_rx_ring_slots_available() (Juergen Gross) [Orabug: 32640132]
[4.14.35-2047.502.1.el7uek]
- mm/vmscan: fix infinite loop in drop_slab_node (Chunxin Zang) [Orabug: 32619973]
- scsi: iscsi: Verify lengths on passthrough PDUs (Chris Leech) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE (Chris Leech) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- scsi: iscsi: Report connection state in sysfs (Gabriel Krisman Bertazi) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (Joe Perches) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- scsi: iscsi: Restrict sessions and handles to admin capabilities (Lee Duncan) [Orabug: 32603381] {CVE-2021-27363} {CVE-2021-27364} {CVE-2021-27365}
- uek-rpm: add opbmc to nano-kernel (Eric Snowberg) [Orabug: 32555678]
- ovl: restore creds in all return paths of ovl_iterate (Somasundaram Krishnasamy) [Orabug: 32608965]
[4.14.35-2047.502.0.el7uek]
- rds: rds_drop_egress events should be enabled as part of RDS_RTD_SND (Alan Maguire) [Orabug: 32586918]
- rds: use dedicated rds_send_lock_contention tracepoint instead of drop (Alan Maguire) [Orabug: 32586918]
- rds: ensure saddr/daddr for tracepoints is not NULL (Alan Maguire) [Orabug: 32580944]
- hsr: use netdev_err() instead of WARN_ONCE() (Taehee Yoo) [Orabug: 32576073]
- vhost: do not try to access device IOTLB when not initialized (Jason Wang) [Orabug: 31906788]
- uek-rpm: config-aarch-embedded2 update for Feb 2021 Elba patches (Dave Kleikamp) [Orabug: 32544715]
- huge page support for device memory (Neel Patel) [Orabug: 32544715]
- mmc: sdhci-cadence-elba.c: Remove SDHCI_QUIRK_BROKEN_TIMEOUT_VAL (David Clear) [Orabug: 32544715]
- KVM: nVMX: use correct clean fields when copying from eVMCS (Vitaly Kuznetsov) [Orabug: 32544092]
- net/mlx4_en: Handle TX error CQE (Moshe Shemesh) [Orabug: 32492971]
- net/mlx4_en: Avoid scheduling restart task if it is already running (Moshe Shemesh) [Orabug: 32492971]
- PCI: hotplug: Add module parameter to allow user control of LEDs (James Puthukattukaran) [Orabug: 32527186]
- net/rds: Reject error code change (Ka-Cheong Poon) [Orabug: 32565543]
- rds: ib: Remove two ib_modify_qp() calls (Håkon Bugge) [Orabug: 32519917]
- arm64: kexec: add support for kexec with spin-table (Henry Willard) [Orabug: 32546040]
- x86/kvm/hyper-v: move VMX controls sanitization out of nested_enable_evmcs() (Vitaly Kuznetsov) [Orabug: 32543800]
- x86/kvm/hyper-v: remove stale evmcs_already_enabled check from nested_enable_evmcs() (Vitaly Kuznetsov) [Orabug: 32543800]
- net/rds: Need to check shutdown progress in rds_conn_path_destroy() (Ka-Cheong Poon) [Orabug: 32536002]
- A/A Bonding: In rdmaip synchronize access to ip_config[].rdmaip_dev (Sharath Srinivasan) [Orabug: 32050122]
- net/rds: In rds_send_xmit() use sg_next() to get the next sg entry (Sharath Srinivasan) [Orabug: 32125836]
- net/rds: increase 1MB MR pool size for RDS (Manjunath Patil) [Orabug: 32551377]
An unbreakable Enterprise kernel security update (aarch64) has been released for Oracle Linux 7.