https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00255.html

The remote OracleVM system is missing necessary patches to address critical security updates :

  - KVM: x86: Remove spurious semicolon (Joao Martins)     [Orabug: 31413782]

  - genirq: Use rcu in kstat_irqs_usr (Eric Dumazet)

  - genirq: Make sparse_irq_lock protect what it should     protect (Thomas Gleixner) [Orabug: 30953676]

  - genirq: Free irq_desc with rcu (Thomas Gleixner)     [Orabug: 30953676]

  - qla2xxx: Update driver version to 9.00.00.00.42.0-k1-v2     (Arun Easi) [Orabug: 30372266]

  - qla2xxx: Fix device discovery when FCP2 device is lost.
    (Arun Easi) [Orabug: 30372266]

  - brcmfmac: add subtype check for event handling in data     path (John Donnelly) [Orabug: 30776354] (CVE-2019-9503)

  - percpu-refcount: fix reference leak during percpu-atomic     transition (Douglas Miller) [Orabug: 30867060]

  - blk-mq: Allow timeouts to run while queue is freezing     (Gabriel Krisman Bertazi) [Orabug: 30867060]

  - fs/dcache.c: fix spin lockup issue on nlru->lock     (Junxiao Bi) [Orabug: 30953290]

  - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug:
    31234664]

  - mwifiex: pcie: Fix memory leak in     mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug:
    31246302] (CVE-2019-19056)

  - drm/vmwgfx: limit the number of mip levels in     vmw_gb_surface_define_ioctl (Vladis Dronov) [Orabug:
    31262557] (CVE-2017-7346)

  - i40e: Increment the driver version for FW API update     (Jack Vogel) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: Update FW API version to 1.9 (Piotr Azarewicz)     [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139)     (CVE-2019-0144)

  - i40e: Changed maximum supported FW API version to 1.8     (Adam Ludkiewicz) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: Stop dropping 802.1ad tags - eth proto 0x88a8     (Scott Peterson) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: fix reading LLDP configuration (Mariusz Stachura)     [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139)     (CVE-2019-0144)

  - i40e: Add capability flag for stopping FW LLDP     (Krzysztof Galazka) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: refactor FW version checking (Mitch Williams)     [Orabug: 31051191] (CVE-2019-0140) (CVE-2019-0139)     (CVE-2019-0144)

  - i40e: shutdown all IRQs and disable MSI-X when suspended     (Jacob Keller) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: prevent service task from running while we're     suspended (Jacob Keller) [Orabug: 31051191]     (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144)

  - i40e: don't clear suspended state until we finish     resuming (Jacob Keller) [Orabug: 31051191]     (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144)

  - i40e: use newer generic PM support instead of legacy PM     callbacks (Jacob Keller) [Orabug: 31051191]     (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144)

  - i40e: use separate state bit for miscellaneous IRQ setup     (Jacob Keller) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: fix for flow director counters not wrapping as     expected (Mariusz Stachura) [Orabug: 31051191]     (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144)

  - i40e: relax warning message in case of version mismatch     (Mariusz Stachura) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: simplify member variable accesses (Sudheer     Mogilappagari) [Orabug: 31051191] (CVE-2019-0140)     (CVE-2019-0139) (CVE-2019-0144)

  - i40e: Fix link down message when interface is brought up     (Sudheer Mogilappagari) [Orabug: 31051191]     (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144)

  - i40e: Fix unqualified module message while bringing link     up (Sudheer Mogilappagari) [Orabug: 31051191]     (CVE-2019-0140) (CVE-2019-0139) (CVE-2019-0144)

  - HID: Fix assumption that devices have inputs (Alan     Stern) [Orabug: 31208622] (CVE-2019-19532)

  - qla2xxx: DBG: disable 3D mailbox. (Quinn Tran) [Orabug:
    30890687]

  - scsi: qla2xxx: Fix mtcp dump collection failure (Quinn     Tran) [Orabug: 30890687]

  - scsi: qla2xxx: Add Serdes support for ISP27XX (Joe     Carnuccio) [Orabug: 30890687]

  - vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu)     [Orabug: 31143947] (CVE-2020-8649) (CVE-2020-8647)     (CVE-2020-8647) (CVE-2020-8649) (CVE-2020-8649)     (CVE-2020-8647)

  - HID: hiddev: do cleanup in failure of opening a device     (Hillf Danton) [Orabug: 31206360] (CVE-2019-19527)

  - HID: hiddev: avoid opening a disconnected device (Hillf     Danton) [Orabug: 31206360] (CVE-2019-19527)

  - USB: adutux: fix use-after-free on disconnect (Johan     Hovold) [Orabug: 31233769] (CVE-2019-19523)

  - ipv4: implement support for NOPREFIXROUTE ifa flag for     ipv4 address (Paolo Abeni) [Orabug: 30292825]

  - vt: selection, push sel_lock up (Jiri Slaby) [Orabug:
    30923298] (CVE-2020-8648)

  - vt: selection, push console lock down (Jiri Slaby)     [Orabug: 30923298] (CVE-2020-8648)

  - vt: selection, close sel_buffer race (Jiri Slaby)     [Orabug: 30923298] (CVE-2020-8648) (CVE-2020-8648)

  - xfs: stop searching for free slots in an inode chunk     when there are none (Carlos Maiolino) [Orabug: 31030659]

  - xfs: fix up xfs_swap_extent_forks inline extent handling     (Eric Sandeen) [Orabug: 31032831]

  - xfs: validate sb_logsunit is a multiple of the fs     blocksize (Darrick J. Wong) [Orabug: 31034071]

  - mwifiex: Fix three heap overflow at parsing element in     cfg80211_ap_settings (Wen Huang) [Orabug: 31104481]     (CVE-2019-14814) (CVE-2019-14815) (CVE-2019-14816)     (CVE-2019-14814) (CVE-2019-14815) (CVE-2019-14816)

  - rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu)     [Orabug: 30770962] (CVE-2016-5244)

  - xfs: do async inactivation only when fs freezed (Junxiao     Bi) [Orabug: 30944736]

  - xfs: fix deadlock between shrinker and fs freeze     (Junxiao Bi) [Orabug: 30944736]

  - xfs: increase the default parallelism levels of pwork     clients (Junxiao Bi) [Orabug: 30944736]

  - xfs: decide if inode needs inactivation (Junxiao Bi)     [Orabug: 30944736]

  - xfs: refactor the predicate part of xfs_free_eofblocks     (Junxiao Bi) [Orabug: 30944736]

  - floppy: check FDC index for errors before assigning it     (Linus Torvalds) [Orabug: 31067516] (CVE-2020-9383)

  - KVM: x86: clear stale x86_emulate_ctxt->intercept value     (Vitaly Kuznetsov) [Orabug: 31118691]

  - slcan: Don't transmit uninitialized stack data in     padding (Richard Palethorpe) [Orabug: 31136753]     (CVE-2020-11494)

  - rds: transport module should be auto loaded when     transport is set (Rao Shoaib) [Orabug: 31031928]

  - KVM: X86: Fix NULL deref in vcpu_scan_ioapic (Wanpeng     Li) [Orabug: 31078882]

  - vhost: Check docket sk_family instead of call getname     (Eugenio P&eacute rez) [Orabug: 31085993]     (CVE-2020-10942)

  - Revert 'oled: give panic handler chance to run before     kexec' (Wengang Wang) [Orabug: 31098797]

  - kernel: cpu.c: fix return in void function     cpu_smt_disable (Mihai Carabas) [Orabug: 31047871]

  - net: qlogic: Fix memory leak in ql_alloc_large_buffers     (Navid Emamdoost) [Orabug: 31055327] (CVE-2019-18806)

  - swiotlb: clean up reporting (Kees Cook) [Orabug:
    31085017] (CVE-2018-5953)

  - KVM: x86: Expose more Intel AVX512 feature to guest     (Luwei Kang) [Orabug: 31085086]

  - x86/cpufeature: Enable new AVX-512 features (Fenghua Yu)     [Orabug: 31085086]

  - xenbus: req->err should be updated before req->state     (Dongli Zhang) [Orabug: 30705030]

  - xenbus: req->body should be updated before req->state     (Dongli Zhang) [Orabug: 30705030]

Description of changes:

[4.1.12-124.39.1.el7uek]
- qla2xxx: Update driver version to 9.00.00.00.42.0-k1-v2 (Arun Easi) [Orabug: 30372266] - qla2xxx: Fix device discovery when FCP2 device is lost. (Arun Easi) [Orabug: 30372266] - brcmfmac: add subtype check for event handling in data path (John Donnelly) [Orabug: 30776354] {CVE-2019-9503}
- percpu-refcount: fix reference leak during percpu-atomic transition (Douglas Miller) [Orabug: 30867060] - blk-mq: Allow timeouts to run while queue is freezing (Gabriel Krisman Bertazi) [Orabug: 30867060] - fs/dcache.c: fix spin lockup issue on nlru->lock (Junxiao Bi) [Orabug: 30953290] - jbd2: disable CONFIG_JBD2_DEBUG (Junxiao Bi) [Orabug: 31234664] - mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf (Navid Emamdoost) [Orabug: 31246302] {CVE-2019-19056}
- drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl() (Vladis Dronov) [Orabug: 31262557] {CVE-2017-7346}

[4.1.12-124.38.5.el7uek]
- i40e: Increment the driver version for FW API update (Jack Vogel) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: Update FW API version to 1.9 (Piotr Azarewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: Changed maximum supported FW API version to 1.8 (Adam Ludkiewicz) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: Stop dropping 802.1ad tags - eth proto 0x88a8 (Scott Peterson) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: fix reading LLDP configuration (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: Add capability flag for stopping FW LLDP (Krzysztof Galazka) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: refactor FW version checking (Mitch Williams) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: shutdown all IRQs and disable MSI-X when suspended (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: prevent service task from running while we're suspended (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: don't clear suspended state until we finish resuming (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: use newer generic PM support instead of legacy PM callbacks (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: use separate state bit for miscellaneous IRQ setup (Jacob Keller) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: fix for flow director counters not wrapping as expected (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: relax warning message in case of version mismatch (Mariusz Stachura) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: simplify member variable accesses (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: Fix link down message when interface is brought up (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}
- i40e: Fix unqualified module message while bringing link up (Sudheer Mogilappagari) [Orabug: 31051191] {CVE-2019-0140} {CVE-2019-0139} {CVE-2019-0144}

[4.1.12-124.38.4.el7uek]
- HID: Fix assumption that devices have inputs (Alan Stern) [Orabug: 31208622] {CVE-2019-19532}
- qla2xxx: DBG: disable 3D mailbox. (Quinn Tran) [Orabug: 30890687] - scsi: qla2xxx: Fix mtcp dump collection failure (Quinn Tran) [Orabug: 30890687] - scsi: qla2xxx: Add Serdes support for ISP27XX (Joe Carnuccio) [Orabug: 30890687] - vgacon: Fix a UAF in vgacon_invert_region (Zhang Xiaoxu) [Orabug: 31143947] {CVE-2020-8649} {CVE-2020-8647} {CVE-2020-8647} {CVE-2020-8649} {CVE-2020-8649} {CVE-2020-8647}
- HID: hiddev: do cleanup in failure of opening a device (Hillf Danton) [Orabug: 31206360] {CVE-2019-19527}
- HID: hiddev: avoid opening a disconnected device (Hillf Danton) [Orabug: 31206360] {CVE-2019-19527}
- USB: adutux: fix use-after-free on disconnect (Johan Hovold) [Orabug: 31233769] {CVE-2019-19523}

[4.1.12-124.38.3.el7uek]
- ipv4: implement support for NOPREFIXROUTE ifa flag for ipv4 address (Paolo Abeni) [Orabug: 30292825] - vt: selection, push sel_lock up (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648}
- vt: selection, push console lock down (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648}
- vt: selection, close sel_buffer race (Jiri Slaby) [Orabug: 30923298] {CVE-2020-8648} {CVE-2020-8648}
- xfs: stop searching for free slots in an inode chunk when there are none (Carlos Maiolino) [Orabug: 31030659] - xfs: fix up xfs_swap_extent_forks inline extent handling (Eric Sandeen) [Orabug: 31032831] - xfs: validate sb_logsunit is a multiple of the fs blocksize (Darrick J. Wong) [Orabug: 31034071] - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings (Wen Huang) [Orabug: 31104481] {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816} {CVE-2019-14814} {CVE-2019-14815} {CVE-2019-14816}

[4.1.12-124.38.2.el7uek]
- rds: fix an infoleak in rds_inc_info_copy (Kangjie Lu) [Orabug: 30770962] {CVE-2016-5244}
- xfs: do async inactivation only when fs freezed (Junxiao Bi) [Orabug: 30944736] - xfs: fix deadlock between shrinker and fs freeze (Junxiao Bi) [Orabug: 30944736] - xfs: increase the default parallelism levels of pwork clients (Junxiao Bi) [Orabug: 30944736] - xfs: decide if inode needs inactivation (Junxiao Bi) [Orabug: 30944736] - xfs: refactor the predicate part of xfs_free_eofblocks (Junxiao Bi) [Orabug: 30944736] - floppy: check FDC index for errors before assigning it (Linus Torvalds) [Orabug: 31067516] {CVE-2020-9383}
- KVM: x86: clear stale x86_emulate_ctxt->intercept value (Vitaly Kuznetsov) [Orabug: 31118691] - slcan: Don't transmit uninitialized stack data in padding (Richard Palethorpe) [Orabug: 31136753] {CVE-2020-11494}

ID	Name	Product	Family	Severity
137128	OracleVM 3.4 : Unbreakable / etc (OVMSA-2020-0019)	Nessus	OracleVM Local Security Checks	high
136388	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5670)	Nessus	Oracle Linux Local Security Checks	high

CVE-2019-0144

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Tenable Plugins