An Unbreakable Enterprise kernel security update has been released for Oracle Linux 7.

El-errata: ELSA-2020-5844 Important: Oracle Linux 7 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2020-5844

  http://linux.oracle.com/errata/ELSA-2020-5844.html

The following updated rpms for Oracle Linux 7 have been uploaded to the
Unbreakable Linux Network:

x86_64:
kernel-uek-4.14.35-2025.400.9.el7uek.x86_64.rpm
kernel-uek-debug-4.14.35-2025.400.9.el7uek.x86_64.rpm
kernel-uek-debug-devel-4.14.35-2025.400.9.el7uek.x86_64.rpm
kernel-uek-devel-4.14.35-2025.400.9.el7uek.x86_64.rpm
kernel-uek-tools-4.14.35-2025.400.9.el7uek.x86_64.rpm
kernel-uek-doc-4.14.35-2025.400.9.el7uek.noarch.rpm

SRPMS:
  http://oss.oracle.com/ol7/SRPMS-updates/kernel-uek-4.14.35-2025.400.9.el7uek.src.rpm


Description of changes:

[4.14.35-2025.400.9.el7uek]
- btrfs: merge btrfs_find_device and find_device (Anand Jain) [Orabug: 31867382] {CVE-2019-18885}
- sctp: implement memory accounting on tx path (Xin Long) [Orabug: 31867387] {CVE-2019-3874}
- Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" (Wade Mealing) [Orabug: 31867403] {CVE-2020-10781}
- x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (Anthony Steinhauser) [Orabug: 31867441] {CVE-2020-10767}
- md: get sysfs entry after redundancy attr group create (Junxiao Bi) [Orabug: 31867436]
- md: fix deadlock causing by sysfs_notify (Junxiao Bi) [Orabug: 31867436]
- random32: update the net random state on interrupt and activity (Willy Tarreau) [Orabug: 31867433] {CVE-2020-16166}
- vgacon: Fix for missing check in scrollback handling (Yunhai Zhang) [Orabug: 31867431] {CVE-2020-14331} {CVE-2020-14331}
- Reverts "rds: avoid unnecessary cong_update in loop transport" (Iraimani Pavadai) [Orabug: 31867423]
- net/mlx5e: Poll event queue upon TX timeout before performing full channels recovery (Eran Ben Elisha) [Orabug: 31867421]
- net/rds: Incorrect pointer used in rds_getname() (Ka-Cheong Poon) [Orabug: 31867418]
- nfsd: apply umask on fs without ACL support (J. Bruce Fields) [Orabug: 31867417] {CVE-2020-24394}
- RDMA/mlx5: Fix Shared PD prefetch of ODP memory region (Mark Haywood) [Orabug: 31867413]
- rename kABI whitelists to lockedlists (Dan Duval) [Orabug: 31867411]

[4.14.35-2025.400.8.el7uek]
- rds: Test parameter in rds_ib_recv_cache_put (Hans Westgaard Ry) [Orabug: 31737041]
- net/rds: rds_ib_remove_one() needs to wait (Ka-Cheong Poon) [Orabug: 31777364]
- RDMA/cm: Fix missing RDMA_CM_EVENT_REJECTED event after receiving REJ message (Leon Romanovsky) [Orabug: 31784658]
- RDMA/cm: Protect access to remote_sidr_table (Maor Gottlieb) [Orabug: 31784891]
- tcp: add sanity tests in tcp_add_backlog() (Eric Dumazet) [Orabug: 31780103]