An unbreakable Enterprise kernel security update has been released for Oracle Linux 8.

El-errata: ELSA-2021-9474 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2021-9474

  http://linux.oracle.com/errata/ELSA-2021-9474.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2102.206.1.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2102.206.1.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2102.206.1.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2102.206.1.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2102.206.1.el8uek.noarch.rpm

SRPMS:
  http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.4.17-2102.206.1.el8uek.src.rpm

Related CVEs:

CVE-2021-37159
CVE-2021-3739
CVE-2021-3743
CVE-2021-38198
CVE-2021-40490



Description of changes:

[5.4.17-2102.206.1.el8uek]
- Revert "scsi: core: Cap scsi_host cmd_per_lun at can_queue" (Jack Vogel) [Orabug: 33403144]

[5.4.17-2102.206.0.el8uek]
- Revert "uek-rpm: Don't recompute build-ids for kernel-uek-debuginfo" (Jack Vogel) [Orabug: 33245043]
- integrity: Load mokx variables into the blacklist keyring (Eric Snowberg) [Orabug: 33418496]
- perf/x86/amd: Don't touch the AMD64_EVENTSEL_HOSTONLY bit inside the guest (Like Xu) [Orabug: 33359395]
- xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (Dongli Zhang) [Orabug: 33352679]
- Revert "uek-rpm: mark /etc/ld.so.conf.d/ files as %config" (aloktiw) [Orabug: 33311489]
- IB/core: Read subnet_prefix in ib_query_port via cache. (Anand Khoje) [Orabug: 33134286]
- IB/core: Shifting initialization of device->cache_lock (Anand Khoje) [Orabug: 33134286]
- IB/core: Updating cache for subnet_prefix in config_non_roce_gid_cache() (Anand Khoje) [Orabug: 33134286]
- IB/core: Shuffle locks in ib_port_data to save memory (Anand Khoje) [Orabug: 33134286]
- IB/core: Removed port validity check from ib_get_cached_subnet_prefix (Anand Khoje) [Orabug: 33134286]
- btrfs: fix NULL pointer dereference when deleting device by invalid id (Qu Wenruo) [Orabug: 33281078] {CVE-2021-3739}
- btrfs: fix race between marking inode needs to be logged and log syncing (Filipe Manana) [Orabug: 33349276]
- net: qrtr: fix another OOB Read in qrtr_endpoint_post (Xiaolong Huang) [Orabug: 33284937] {CVE-2021-3743}
- ext4: fix race writing to an inline_data file while its xattrs are changing (Theodore Ts'o) [Orabug: 33327177] {CVE-2021-40490}
- xfs: remove unused variable (Wengang Wang) [Orabug: 33313442]
- RDMA/cma: Revert INIT-INIT patch (Mike Marciniszyn) [Orabug: 33306518]
- uek-rpm: Don't recompute build-ids for kernel-uek-debuginfo (Somasundaram Krishnasamy) [Orabug: 33245043]
- xen-acpi-processor: fix coordination type mismatch (Elena Ufimtseva)
- KVM: X86: MMU: Use the correct inherited permissions to get shadow page (Lai Jiangshan) [Orabug: 33209458] {CVE-2021-38198}
- usb: hso: fix error handling code of hso_create_net_device (Dongliang Mu) [Orabug: 33174795] {CVE-2021-37159}
- hso: fix bailout in error case of probe (Oliver Neukum) [Orabug: 33174795] {CVE-2021-37159}