-
Wed Jan 05 2022 Jack Vogel <jack.vogel@oracle.com> [4.1.12-124.59.1.2.el7uek]
- fix regression in "epoll: Keep a reference on files added to the check list" (Al Viro) [Orabug: 33679854] {CVE-2021-1048}
- fget: check that the fd still exists after getting a ref to it (Linus Torvalds) [Orabug: 33679806] {CVE-2021-0920}
- fs: add fget_many() and fput_many() (Jens Axboe) [Orabug: 33679806]
- af_unix: fix garbage collect vs MSG_PEEK (Miklos Szeredi) [Orabug: 33679806] {CVE-2021-0920}
- net: split out functions related to registering inflight socket files (Jens Axboe) [Orabug: 33679806]
-
Thu Dec 23 2021 Jack Vogel <jack.vogel@oracle.com> [4.1.12-124.59.1.1.el7uek]
- xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate (Darrick J. Wong) [Orabug: 33703630] {CVE-2021-4155}
-
Tue Dec 14 2021 aloktiw <alok.a.tiwari@oracle.com> [4.1.12-124.59.1.el7uek]
- ocfs2: fix race between searching chunks and release journal_head from buffer_head (Gautham Ananthakrishna) [Orabug: 33369488]
- net: mac802154: Fix general protection fault (Pavel Skripkin) [Orabug: 33556911] {CVE-2021-3659}
- uek-rpm: Add __sw_hweight64 to KABI (John Donnelly) [Orabug: 33557971]
- isdn: cpai: check ctr->cnr to avoid array index out of bound (Xiaolong Huang) [Orabug: 33617286] {CVE-2021-43389}
-
Wed Nov 17 2021 visuman <vijayendra.suman@oracle.com> [4.1.12-124.58.2.el7uek]
- ovl: prevent private clone if bind mount is not allowed (Miklos Szeredi) [Orabug: 33560431] {CVE-2021-3732}
-
Wed Nov 10 2021 aloktiw <alok.a.tiwari@oracle.com> [4.1.12-124.58.1.el7uek]
- sunrpc: move NO_CRKEY_TIMEOUT to the auth->au_flags (Scott Mayhew) [Orabug: 33443537]
- xen/netfront: stop tx queues during live migration (Dongli Zhang) [Orabug: 33536410]
-
Fri Oct 22 2021 aloktiw <alok.a.tiwari@oracle.com> [4.1.12-124.57.1.el7uek]
- target; fix print statement warning (John Donnelly) [Orabug: 33495661]
- enic;: fix warning on module_param disable_vlan0, (John Donnelly) [Orabug: 33495661]
- bnx2fc: correct BNX2FC_TM_TIMEOUT to be 60 sec (John Donnelly) [Orabug: 33495661]
- target: Fix linux-4.1.y specific compile warning (Nicholas Bellinger) [Orabug: 33495661]
- net/mlx4: Fixing warning in mlx4_get_module_info() (John Donnelly) [Orabug: 33495661]
- rds: Avoid compiler warning in ib_send.c: opcode (John Donnelly) [Orabug: 33495661]
- RDMA/mad: correct build warning (John Donnelly) [Orabug: 33495661]
- dtrace: Fix warning in dtrace_sync() (Tomas Jedlicka) [Orabug: 33495661]
- virtio: Silence uninitialized variable warning (Dan Carpenter) [Orabug: 33495661]
- scsi: correct uninitialized variable (John Donnelly) [Orabug: 33495661]
- media: smsusb: better handle optional alignment (Mauro Carvalho Chehab) [Orabug: 33495661]
- media: usb: siano: Fix false-positive "uninitialized variable" warning (Alan Stern) [Orabug: 33495661]
- toshiba_acpi: correct build warning (John Donnelly) [Orabug: 33495661]
- RDS/IB: corrects build warning (John Donnelly) [Orabug: 33495661]
- x86/mce: correct return warning (John Donnelly) [Orabug: 33495661]
- x86/asm/msr: Make wrmsrl_safe() a function (Andy Lutomirski) [Orabug: 33495661]
- x86/mitigations: fix warnings in taa_select_mitigation() (John Donnelly) [Orabug: 33495661]
- mm: correct build warning with pgprot (John Donnelly) [Orabug: 33495661]
- Thermal: remove unused variable (John Donnelly) [Orabug: 33495661]
- ixgbe: remove unused variables and functions (John Donnelly) [Orabug: 33495661]
- i40e: remove unused variables and functions (John Donnelly) [Orabug: 33495661]
- mlx4: remove unused variables and functions, (John Donnelly) [Orabug: 33495661]
- nvme: remove unused variables and functions (John Donnelly) [Orabug: 33495661]
- ocfs2: remove unused function: ocfs2_prepare_inode_for_refcount() (John Donnelly) [Orabug: 33495661]
- ipv6: remove unused variable: payload_len (John Donnelly) [Orabug: 33495661]
- Revert "efi: Fix out-of-bounds read in variable_matches()" (John Donnelly) [Orabug: 33495661]
- dtrace: remove unused variable "iph" (John Donnelly) [Orabug: 33495661]
- ext4: remove unused function ext4_init_inode_bitmap() (John Donnelly) [Orabug: 33495661]
- cpuidle: remove unused function: call_cpuidle() (John Donnelly) [Orabug: 33495661]
- cifs: remove unused label (John Donnelly) [Orabug: 33495661]
- block: remove unused out: label (John Donnelly) [Orabug: 33495661]
- Bluetooth: hci_uart: check for missing tty operations (Vladis Dronov) [Orabug: 30244627] {CVE-2019-10207} {CVE-2019-10207}
- Bluetooth: hci_uart: Add basic support for Intel Lightning Peak devices (Loic Poulain) [Orabug: 30244627] {CVE-2019-10207}
- Bluetooth: hci_uart: Add new line discipline enhancements (Ilya Faenson) [Orabug: 30244627] {CVE-2019-10207}
- Bluetooth: hci_uart: Support operational speed during setup (Frederic Danis) [Orabug: 30244627] {CVE-2019-10207}
-
Tue Oct 12 2021 aloktiw <alok.a.tiwari@oracle.com> [4.1.12-124.56.2.el7uek]
- btrfs: fix return value mixup in btrfs_get_extent (Pavel Machek) [Orabug: 31864610] {CVE-2019-19813}
- btrfs: inode: Verify inode mode to avoid NULL pointer dereference (Qu Wenruo) [Orabug: 31864610] {CVE-2019-19813}
- net: create skb_gso_validate_mac_len() (Daniel Axtens) [Orabug: 28094432] {CVE-2018-1000026}
- bnx2x: disable GSO where gso_size is too big for hardware (Daniel Axtens) [Orabug: 28094432] {CVE-2018-1000026}
- Bluetooth: fix the erroneous flush_work() order (Lin Ma) [Orabug: 33014035] {CVE-2021-3564} {CVE-2021-3564}
- l2tp: Avoid schedule while atomic in exit_net (Ridge Kennedy) [Orabug: 33360013]
- l2tp: remove skb_dst_set() from l2tp_xmit_skb() (Xin Long) [Orabug: 33360013]
- dtrace: remove unused variables (John Donnelly) [Orabug: 33387203]
- scsi: treat lun as 64-bit in scsi_report_lun_scan() error message (Henry Willard) [Orabug: 33387203]
-
Mon Oct 04 2021 aloktiw <alok.a.tiwari@oracle.com> [4.1.12-124.56.1.el7uek]
- ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (alex chen) [Orabug: 29184589] {CVE-2017-18216}
- bcache: fix potential deadlock problem in btree_gc_coalesce (Zhiqiang Liu) {CVE-2020-12771}
- filldir[64]: remove WARN_ON_ONCE() for bad directory entries (Linus Torvalds) [Orabug: 31351271] {CVE-2019-10220}
- Make filldir[64]() verify the directory entry filename is valid (Linus Torvalds) [Orabug: 31351271] {CVE-2019-10220}
- ath9k: release allocated buffer if timed out (Navid Emamdoost) [Orabug: 31351559] {CVE-2019-19074}
- scsi: bfa: release allocated memory in case of error (Navid Emamdoost) [Orabug: 31351615] {CVE-2019-19066}
- rtlwifi: prevent memory leak in rtl_usb_probe (Navid Emamdoost) [Orabug: 31351626] {CVE-2019-19063}
- perf/core: Fix perf_event_open() vs. execve() race (Peter Zijlstra) [Orabug: 31351766] {CVE-2019-3901}
- l2tp: pass tunnel pointer to ->session_create() (Guillaume Nault) [Orabug: 31352004] {CVE-2018-9517}
- net: bonding: add new option arp_allslaves for arp_ip_target (Venkat Venkatsubra) [Orabug: 33039295]
- Revert "uek-rpm: mark /etc/ld.so.conf.d/ files as %config" (aloktiw) [Orabug: 33359684]
- ksplice: Fix build warning with ksplice_sysctls (John Donnelly) [Orabug: 33365274]
- kvm:vmx Fix build error in kvm/vmx.c (John Donnelly) [Orabug: 33375485]
- vmscan: Fix build error in mm/vmscan.c (John Donnelly) [Orabug: 33375931]
- constify iov_iter_count() and iter_is_iovec() (Al Viro) [Orabug: 33381741]
-
Fri Sep 17 2021 Brian Maly <brian.maly@oracle.com> [4.1.12-124.55.3.el7uek]
- fs/namespace.c: fix mountpoint reference counter race (Piotr Krysiuk) [Orabug: 31350976] {CVE-2020-12114} {CVE-2020-12114}
- btrfs: only search for left_info if there is no right_info in try_merge_free_space (Josef Bacik) [Orabug: 31351025] {CVE-2019-19448} {CVE-2019-19448}
- cfg80211: wext: avoid copying malformed SSIDs (Will Deacon) [Orabug: 31351800] {CVE-2019-17133}
- vhost_net: fix possible infinite loop (Jason Wang) [Orabug: 31351950] {CVE-2019-3900} {CVE-2019-3900}
- vhost: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351950] {CVE-2019-3900}
- vhost_net: introduce vhost_exceeds_weight() (Jason Wang) [Orabug: 31351950] {CVE-2019-3900}
- vhost_net: use packet weight for rx handler, too (Paolo Abeni) [Orabug: 31351950] {CVE-2019-3900}
- vhost-net: set packet weight of tx polling to 2 * vq size (haibinzhang(张海斌)) [Orabug: 31351950] {CVE-2019-3900}
- mac80211: extend protection against mixed key and fragment cache attacks (Wen Gong) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24586} {CVE-2020-24587}
- mac80211: do not accept/forward invalid EAPOL frames (Johannes Berg) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: prevent attacks on TKIP/WEP as well (Johannes Berg) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: check defrag PN against current frame (Johannes Berg) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: add fragment cache to sta_info (Johannes Berg) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: drop A-MSDUs on old ciphers (Johannes Berg) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588}
- cfg80211: mitigate A-MSDU aggregation attacks (Mathy Vanhoef) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24588}
- mac80211: properly handle A-MSDUs that start with an RFC 1042 header (Mathy Vanhoef) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147}
- mac80211: prevent mixed key and fragment cache attacks (Mathy Vanhoef) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-24587} {CVE-2020-24586}
- mac80211: assure all fragments are encrypted (Mathy Vanhoef) [Orabug: 33009788] {CVE-2020-24586} {CVE-2020-26139} {CVE-2020-24587} {CVE-2020-24588} {CVE-2020-26139} {CVE-2020-26140} {CVE-2020-26141} {CVE-2020-26142} {CVE-2020-26143} {CVE-2020-26144} {CVE-2020-26145} {CVE-2020-26146} {CVE-2020-26147} {CVE-2020-26147}
- sctp: validate from_addr_param return (Marcelo Ricardo Leitner) [Orabug: 33198409] {CVE-2021-3655}
- virtio_console: Assure used length from device is limited (Xie Yongji) [Orabug: 33209274] {CVE-2021-38160}
- net_sched: cls_route: remove the right filter from hashtable (Cong Wang) [Orabug: 33326887] {CVE-2021-3715}
- HID: make arrays usage and value to be the same (Will McVicker) [Orabug: 33326939] {CVE-2021-0512}
- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o) [Orabug: 33327200] {CVE-2021-40490}
-
Tue Sep 14 2021 Brian Maly <brian.maly@oracle.com> [4.1.12-124.55.2.el7uek]
- x86/mm: Fix compiler warning in pageattr.c (John Donnelly) [Orabug: 33332673]
- security: Make inode argument of inode_getsecid non-const (Andreas Gruenbacher) [Orabug: 33337179]
- security: Make inode argument of inode_getsecurity non-const (Andreas Gruenbacher) [Orabug: 33337179]