Oracle Unbreakable Enterprise Kernel Release 5 Update 2
The Unbreakable Enterprise Kernel (UEK) for Oracle Linux provides the latest open source innovations and key optimizations and security to enterprise cloud workloads. It is the Linux kernel that powers Oracle Cloud and Oracle Engineered Systems such as Oracle Exadata Database Machine as well as Oracle Linux on any Intel-64, AMD-64 or ARM hardware.
What’re Notable New Features and Changes in Oracle Unbreakable Enterprise Kernel Release 5 Update 2
UEK R5 Update 2 is based on the mainline kernel version 4.14.35. Through actively monitoring upstream check-ins and collaboration with partners and customers, Oracle continues to improve and apply critical bug and security fixes to the Unbreakable Enterprise Kernel (UEK) R5 for Oracle Linux. This update includes several new features, added functionality, and bug fixes across a range of subsystems.
- Pressure Stall Information (PSI) patchset implemented. PSI is designed to help system administrators maximize server resources and can be used to pinpoint and troubleshoot resource utilization issues.
- Implementation of the ktask framework for parallelizing CPU-intensive work. The ktask framework parallelizes CPU-intensive work in the kernel. This helps improve performance by harnessing idle CPUs, to complete jobs more quickly.
- DTrace support for libpcap packet capture. Kernel and userspace updates enable support for libpcap-based packet capture in DTrace.
- File system and storage fixes. Fixes to btrfs, CIFS, ext4, OCFS2, and XFS file systems.
- Virtualization features and updates. Upstream improvements from the 4.19 kernel for KVM, Xen, and Hyper-V, including major updates and security fixes for KVM; numerous security fixes and code enhancements for Hyper-V; fix for the Xen blkfront hotplug issue; and a fix for the Xen x86 guest clock scheduler.
- Driver updates. In close cooperation with hardware and software vendors, several device drivers have been updated.
- Kernel tuning dedicated to the Arm platform. Further kernel tuning for Arm platforms and parameters for unsupported hardware have been disabled, to improve stability and performance.
- NVMe updates. Fixes and improvements for NVMe are included from upstream Linux kernel versions 4.18 through 4.21.
Notable Driver Features
The following new features are noted in the drivers shipped with UEK R5U2 as opposed to the original release of UEK R5:
- Amazon Elastic Network Adapter. The Amazon Elastic Network Adapter driver,
ena, is enabled in this kernel update release and a patch is included to fix how the driver handles page sizes that are 64kB or larger when used on Arm platforms.
- Broadcom/Emulex OneConnect NIC driver updated to version 188.8.131.52. The Broadcom/Emulex OneConnect NIC driver,
be2net, has been updated to version 184.108.40.206 in this kernel update release. This update includes upstream patches and bug fixes. Notable changes to the driver include a fix to a hardware stall issue and better handling of transmit completion errors.
- Broadcom/Emulex BCM573xx NIC driver updated. The Broadcom/Emulex BCM573xx NIC driver,
bnxt_en, has been updated in this kernel update release to include many upstream patches and bug fixes. Notable changes to the driver include support for additional hardware, including a 200Gb network interface card and updates to the firmware interface specification. A bug was also fixed to enable hardware GRO (Generic Receive Offload), in the form of the
NETIF_F_GRO_HWfeature flag, which can be used to independently manage GRO in the hardware driver without affecting GRO at a system level.
- Broadcom/Emulex LightPulse Fibre Channel SCSI driver updated to 220.127.116.11. The Broadcom/Emulex LightPulse Fibre Channel SCSI driver,
lpfchas been updated to version 18.104.22.168. Many upstream patches were applied for bug fixes and enhancements. This release also includes improvements to the framework to enable NVMe on Fibre Channel. Note that FC-NVMe in
lpfcis available as a technical preview.
- Broadcom RoCE driver blacklisted. The Broadcom RoCE driver,
bnxt_re, is blacklisted to avoid several bugs that can cause a kernel panic when working with some Broadcom network interface cards, such as the Broadcom BCM57414 NetXtreme-E. These include a bug where a hotplug operation can cause a kernel panic when the
bnxt_redriver is loaded for this hardware if virtual fabrics (VFs) are defined and the RDMA option is enabled for the card. A second bug is triggered when you attempt to create or remove VFs and the RDMA option is enabled in the card. RDMA is not supported on this hardware, so to resolve these issues, the driver module is blacklisted.
- Intel Ethernet Connection XL710 network driver updated. The Intel Ethernet Connection XL710 network driver,
i40e, is updated to include a large number of upstream fixes and enhancements.
- Intel Ethernet Connection E800 Series network driver added. The Intel Ethernet Connection E800 Series network driver,
ice, has been added to this kernel update release. This driver enables new hardware available from Intel.
- Intel Ethernet Adaptive Virtual Function network driver renamed. The Intel Ethernet Adaptive Virtual Function network driver previously known as
i40evfhas been renamed to
iavfas it takes a more generic function and supports a wider range of hardware. The driver is updated for upstream changes including support for a new range of network interface cards.
- Intel 2.5G Ethernet network driver added. The Intel 2.5G Ethernet network driver,
igc, has been added in this kernel update release. This driver enables new hardware available from Intel.
- Avago MegaRAID SAS driver updated. The Avago MegaRAID SAS driver,
megaraid_sas, driver was updated for upstream patches and enhancements, including support for new MegaRAID Aero controllers.
- Avago LSI MPT Fusion SAS 3.0 device driver updated to 27.101.00.00. The Avago LSI MPT Fusion SAS 3.0 device driver,
mpt3sas, was updated to 27.101.00.00 to include upstream patches and enhancements.
Oracle Linux maintains full user space compatibility with Red Hat Enterprise Linux, which is independent of the kernel version running underneath the operating system. Existing applications in user space will continue to run unmodified on the Unbreakable Enterprise Kernel Release 5 and no re-certifications are needed for RHEL certified applications.
To minimize impact on interoperability during releases, the Oracle Linux team works closely with third-party vendors whose hardware and software have dependencies on kernel modules. The kernel ABI for UEK R5 will remain unchanged in all subsequent updates to the initial release. In this release, there are changes to the kernel ABI relative to UEK R4 that require recompilation of third-party kernel modules on the system. Before installing UEK R5, verify its support status with your application vendor.
List of CVEs Fixed in This Release
The following list describes the CVEs that are fixed in this release. The content provided here is automatically generated and includes the CVE identifier and a summary of the issue. The associated internal Oracle bug identifiers are also included to reference work that was carried out to address each issue.
- CVE-2018-10322. The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image. (Bug: 28906188 29044524 )See https://linux.oracle.com/cve/CVE-2018-10322.html for more information.
- CVE-2018-10940. The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory. (Bug: 28906151 )See https://linux.oracle.com/cve/CVE-2018-10940.html for more information.
- CVE-2018-12126. No information available. (Bug: 29526898 29725301 )
- CVE-2018-12127. No information available. (Bug: 29526898 29725301 )
- CVE-2018-12130. No information available. (Bug: 29526898 29725301 )
- CVE-2018-12928. In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem. (Bug: 28312743 )
- CVE-2018-13053. The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. (Bug: 29269150 )See https://linux.oracle.com/cve/CVE-2018-13053.html for more information.
- CVE-2018-14612. An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group mapping validation in btrfs_read_block_groups in fs/btrfs/extent-tree.c, and a lack of empty-tree checks in check_leaf in fs/btrfs/tree-checker.c. (Bug: 28693496 )See https://linux.oracle.com/cve/CVE-2018-14612.html for more information.
- CVE-2018-14625. A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients. (Bug: 29212490 )
- CVE-2018-16658. An issue was discovered in the Linux kernel before 4.18.6. An information leak in cdrom_ioctl_drive_status in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940. (Bug: 28906151 )See https://linux.oracle.com/cve/CVE-2018-16658.html for more information.
- CVE-2018-16862. A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one. (Bug: 29364664 )See https://linux.oracle.com/cve/CVE-2018-16862.html for more information.
- CVE-2018-17972. An issue was discovered in the proc_pid_stack function in fs/proc/base.c in the Linux kernel through 4.18.11. It does not ensure that only root may inspect the kernel stack of an arbitrary task, allowing a local attacker to exploit racy stack unwinding and leak kernel task stack contents. (Bug: 29258950 )See https://linux.oracle.com/cve/CVE-2018-17972.html for more information.
- CVE-2018-18397. The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c. (Bug: 29189776 )See https://linux.oracle.com/cve/CVE-2018-18397.html for more information.
- CVE-2018-18445. In the Linux kernel 4.14.x, 4.15.x, 4.16.x, 4.17.x, and 4.18.x before 4.18.13, faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts. (Bug: 28855418 )See https://linux.oracle.com/cve/CVE-2018-18445.html for more information.
- CVE-2018-18710. An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658. (Bug: 28906151 )See https://linux.oracle.com/cve/CVE-2018-18710.html for more information.
- CVE-2018-19406. kvm_pv_send_ipi in arch/x86/kvm/lapic.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where the apic map is uninitialized. (Bug: 29364725 )
- CVE-2018-19407. The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized. (Bug: 29010225 )See https://linux.oracle.com/cve/CVE-2018-19407.html for more information.
- CVE-2018-19824. In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c. (Bug: 29011303 )See https://linux.oracle.com/cve/CVE-2018-19824.html for more information.
- CVE-2018-19985. The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space. (Bug: 29613789 )
- CVE-2018-3620. Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis. (Bug: 28961067 )See https://linux.oracle.com/cve/CVE-2018-3620.html for more information.
- CVE-2018-5333. In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. (Bug: 28020561 )See https://linux.oracle.com/cve/CVE-2018-5333.html for more information.
- CVE-2018-5848. In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the ‘ie_len’ argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. (Bug: 28569708 )See https://linux.oracle.com/cve/CVE-2018-5848.html for more information.
- CVE-2018-6554. Memory leak in the irda_bind function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket.
- CVE-2018-6555. The irda_setsockopt function in net/irda/af_irda.c and later in drivers/staging/irda/net/af_irda.c in the Linux kernel before 4.17 allows local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket.
- CVE-2018-7755. An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.See https://linux.oracle.com/cve/CVE-2018-7755.html for more information.
- CVE-2018-8043. The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference). (Bug: 29012327 )See https://linux.oracle.com/cve/CVE-2018-8043.html for more information.
- CVE-2019-11091. No information available. (Bug: 29721933 )
- CVE-2019-3459. A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1. (Bug: 29526424 )
- CVE-2019-3701. An issue was discovered in can_can_gw_rcv in net/can/gw.c in the Linux kernel through 4.19.13. The CAN frame modification rules allow bitwise logical operations that can be also applied to the can_dlc field. The privileged user “root” with CAP_NET_ADMIN can create a CAN frame modification rule that makes the data length code a higher value than the available CAN frame data size. In combination with a configured checksum calculation where the result is stored relatively to the end of the data (e.g. cgw_csum_xor_rel) the tail of the skb (e.g. frag_list pointer in skb_shared_info) can be rewritten which finally can cause a system crash. Because of a missing check, the CAN drivers may write arbitrary content beyond the data registers in the CAN controller’s I/O memory when processing can-gw manipulated outgoing frames. (Bug: 29215295 )See https://linux.oracle.com/cve/CVE-2019-3701.html for more information.
- CVE-2019-3819. A flaw was found in the Linux kernel in the function hid_debug_events_read() in drivers/hid/hid-debug.c file which may enter an infinite loop with certain parameters passed from a userspace. A local privileged user (“root”) can cause a system lock up and a denial of service. Versions from v4.18 and newer are vulnerable. (Bug: 29629479 )
- CVE-2019-3882. A flaw was found in the Linux kernel’s vfio interface implementation that permits violation of the user’s locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable. (Bug: 29681377 )
- CVE-2019-5489. The mincore() implementation in mm/mincore.c in the Linux kernel through 4.19.13 allowed local attackers to observe page cache access patterns of other processes on the same system, potentially allowing sniffing of secret information. (Fixing this affects the output of the fincore program.) Limited remote exploitation may be possible, as demonstrated by latency differences in accessing public files from an Apache HTTP Server. (Bug: 29187400 )See https://linux.oracle.com/cve/CVE-2019-5489.html for more information.
- CVE-2019-6974. In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free. (Bug: 29408540 )See https://linux.oracle.com/cve/CVE-2019-6974.html for more information.
- CVE-2019-7221. The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free. (Bug: 29408587 )See https://linux.oracle.com/cve/CVE-2019-7221.html for more information.
- CVE-2019-7222. The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak. (Bug: 29408573 )See https://linux.oracle.com/cve/CVE-2019-7222.html for more information.
- CVE-2019-8912. In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr. (Bug: 29454835 )See https://linux.oracle.com/cve/CVE-2019-8912.html for more information.
- CVE-2019-8980. A memory leak in the kernel_read_file function in fs/exec.c in the Linux kernel through 4.20.11 allows attackers to cause a denial of service (memory consumption) by triggering vfs_read failures. (Bug: 29454811 )See https://linux.oracle.com/cve/CVE-2019-8980.html for more information.
- CVE-2019-9213. In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task. (Bug: 29501960 )See https://linux.oracle.com/cve/CVE-2019-9213.html for more information.
For more details on these and other new features and changes, please consult the Release Notes for the UEK R5 Update