[3.10.0-1160.21.1.el7.OL7] - Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 = 15-2.0.3.el7 [3.10.0-1160.21.1.el7] - [pinctrl] devicetree: Avoid taking direct reference to device name string [1922902] {CVE-2020-0427} - [pinctrl] Delete an error message [1922902] {CVE-2020-0427} - [tty] vt: keyboard, reorder user buffer handling in vt_do_kdgkb_ioctl [1896775] {CVE-2020-25656} - [tty] vt: keyboard, rename i to kb_func in vt_do_kdgkb_ioctl [1896775] {CVE-2020-25656} - [tty] vt: keyboard, extend func_buf_lock to readers [1896775] {CVE-2020-25656} - [tty] vt: keyboard, simplify vt_kdgkbsent [1896775] {CVE-2020-25656} - [tty] keyboard, do not speculate on func_table index [1896775] {CVE-2020-25656} - [tty] vt: fix write/write race in ioctl handler [1896775] {CVE-2020-25656} - [iommu] amd: return error on real irq alloc failure [1918273] - [iommu] amd: Set DTE[IntTabLen] to represent 512 IRTEs [1921187] - [iommu] amd: Increase interrupt remapping table limit to 512 entries [1921187] - [scsi] lpfc: Fix LUN loss after cable pull [1875961] - [scsi] lpfc: Fix NVMe rport deregister and registration during ADISC [1875961] - [scsi] lpfc: Fix ADISC reception terminating login state if a NVME target [1875961] - [netdrv] i40e: revert i40e: don"t report link up for a VF who hasn"t enabled queues [1901064] [3.10.0-1160.20.1.el7] - [md] Set prev_flush_start and flush_bio in an atomic way [1889372] - [md] improve variable names in md_flush_request [1889372] - [kernel] timer: Fix potential bug in requeue_timers [1914011] - [x86] kvm: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits [1890669] - [x86] kvm: avoid incorrect writes to host MSR_IA32_SPEC_CTRL [1890669] - [md] dm-mirror: fix a crash if the underlying block device doesn"t have merge_bvec_fn [1916407] - [gpu] drm/i915: Fix use-after-free when destroying GEM context [1814731] {CVE-2020-7053} [3.10.0-1160.19.1.el7] - [kernel] watchdog: use nmi registers snapshot in hardlockup handler [1916589] - [nvme] nvmet: allow Keep Alive for Discovery controller [1910817] - [net] netfilter: ctnetlink: add a range check for l3/l4 protonum [1888296] {CVE-2020-25211} - [net] icmp: randomize the global rate limiter [1896515] {CVE-2020-25705} [3.10.0-1160.18.1.el7] - [fs] nfs: Fix security label length not being reset [1917504] - [target] scsi: Fix XCOPY NAA identifier lookup [1900469] {CVE-2020-28374} - [ipc] sem.c: fully initialize sem_array before making it visible [1877264] - [netdrv] geneve: add transport ports in route lookup for geneve [1885144] {CVE-2020-25645} - [kernel] perf/core: Fix race in the perf_mmap_close function [1869936] {CVE-2020-14351} [3.10.0-1160.17.1.el7] - [x86] kvm: svm: Initialize prev_ga_tag before use [1909036] - [scsi] scsi_dh: fix scheduling while atomic and also missing unlock in error path [1619147] - [video] hyperv_fb: Fix the cache type when mapping the VRAM [1908896] - [video] hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver [1908896] - [scsi] target: iscsi: Fix cmd abort fabric stop race [1784540] - [scsi] target/iscsi: Avoid iscsit_release_commands_from_conn deadlock [1784540] - [s390] kernel/uv: handle length extension properly [1899172] [3.10.0-1160.16.1.el7] - [tty] Fix -pgrp locking in tiocspgrp [1908193] {CVE-2020-29661} - [net] fix struct pid memory leak [1901797] - [hid] Fix assumption that devices have inputs [1821870] {CVE-2019-19532} - [hid] microsoft: the driver now neeed MEMLESS_FF infrastructure [1821870] {CVE-2019-19532} - [hid] microsoft: Add rumble support for Xbox One S controller [1821870] {CVE-2019-19532} - [hid] microsoft: Convert private data to be a proper struct [1821870] {CVE-2019-19532} - [hid] revert hid: microsoft: fix invalid rdesc for 3k kbd [1821870] {CVE-2019-19532} - [hid] input: ignore System Control application usages if not System Controls [1821870] {CVE-2019-19532} - [hid] hid-microsoft: Do the check for the ms usage page per device [1821870] {CVE-2019-19532} - [net] net-sysfs: take the rtnl lock when accessing xps_cpus_map and num_tc [1903819] - [net] net-sysfs: take the rtnl lock when storing xps_cpus [1903819]