A kernel security and bug fix update has been released for Oracle Linux 7.

El-errata: ELSA-2020-2664 Important: Oracle Linux 7 kernel security and bug fix update

Oracle Linux Security Advisory ELSA-2020-2664

  http://linux.oracle.com/errata/ELSA-2020-2664.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1127.13.1.el7.noarch.rpm
kernel-debug-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-devel-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-doc-3.10.0-1127.13.1.el7.noarch.rpm
kernel-headers-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-tools-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1127.13.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1127.13.1.el7.x86_64.rpm
perf-3.10.0-1127.13.1.el7.x86_64.rpm
python-perf-3.10.0-1127.13.1.el7.x86_64.rpm

SRPMS:
  http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1127.13.1.el7.src.rpm


Description of changes:

[3.10.0-1127.13.1.el7.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel
(olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]

[3.10.0-1127.13.1.el7]
- [x86] x86/speculation: Support old struct x86_cpu_id & x86_match_cpu()
kABI (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [documentation] x86/speculation: Add Ivy Bridge to affected list
(Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [documentation] x86/speculation: Add SRBDS vulnerability and
mitigation documentation (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [x86] x86/speculation: Add Special Register Buffer Data Sampling
(SRBDS) mitigation (Waiman Long) [1827187 1827188] {CVE-2020-0543}
- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long)
[1827187 1827188] {CVE-2020-0543}
- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman
Long) [1827187 1827188] {CVE-2020-0543}
- [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long)
[1827187 1827188] {CVE-2020-0543}
- [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827187
1827188] {CVE-2020-0543}
- [cpufreq] x86/devicetable: Move x86 specific macro out of generic code
(Waiman Long) [1827187 1827188] {CVE-2020-0543}
header (Waiman Long) [1827187 1827188] {CVE-2020-0543}

[3.10.0-1127.12.1.el7]
- [x86] x86/speculation: Prevent deadlock on ssb_state::lock (Waiman
Long) [1841121 1836322]
- [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled
memory (Alex Williamson) [1837297 1820632] {CVE-2020-12888}
- [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson)
[1837297 1820632] {CVE-2020-12888}
- [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson)
[1837297 1820632] {CVE-2020-12888}
- [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in
vaddr_get_pfn() (Alex Williamson) [1837297 1820632] {CVE-2020-12888}
- [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing
irq (Alex Williamson) [1837297 1820632] {CVE-2020-12888}
- [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom
(Alex Williamson) [1837297 1820632] {CVE-2020-12888}

[3.10.0-1127.11.1.el7]
- [fs] cachefiles: Fix race between read_waiter and read_copier
involving op->to_do (Dave Wysochanski) [1839757 1829662]