ELSA-2018-4011

ELSA-2018-4011 - Unbreakable Enterprise kernel security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2018-01-12

Description

[4.1.12-112.14.11]
- x86/pti/efi: broken conversion from efi to kernel page table (Pavel Tatashin) [Orabug: 27363926] [Orabug: 27352353] {CVE-2017-5754}
- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT (redux) (Konrad Rzeszutek Wilk) [Orabug: 27369994]
- x86/IBRS: Make sure we restore MSR_IA32_SPEC_CTRL to a valid value (Boris Ostrovsky) [Orabug: 27362581]
- x86/IBRS/IBPB: Set sysctl_ibrs/ibpb_enabled properly (Boris Ostrovsky) [Orabug: 27363792]
- x86/spec_ctrl: Add missing 'lfence' when IBRS is not supported. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/entry_64: TRACE_IRQS_OFF before re-enabling. (Jamie Iles) [Orabug: 27339995] {CVE-2017-5715}
- ptrace: remove unlocked RCU dereference. (Jamie Iles) [Orabug: 27339995] {CVE-2017-5715}
- x86/ia32: Adds code hygiene for 32bit SYSCALL instruction entry. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/ia32: don't save registers on audit call (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/spec/ia32: Sprinkle IBRS and RSB at the 32-bit SYSCALL (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/ia32: Move STUFF_RSB And ENABLE_IBRS (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/spec: Always set IBRS to guest value on VMENTER and host on VMEXIT. (Konrad Rzeszutek Wilk) [Orabug: 27365544] {CVE-2017-5715}

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 6 (x86_64)	kernel-uek-4.1.12-112.14.11.el6uek.src.rpm	a25633ec44f1b378bc04c2f9f3dbf6829162960171fe005a97abbd81c4e113a5	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
	kernel-uek-4.1.12-112.14.11.el6uek.x86_64.rpm	badd67806b6c5580dec7aa186d165f3fc4792d1b330a8cfff5df691981c5ef6d	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
	kernel-uek-debug-4.1.12-112.14.11.el6uek.x86_64.rpm	89026998c055ce356a4c0696afb17c1c094424a9a83c9c7e659690446dc3aafb	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
	kernel-uek-debug-devel-4.1.12-112.14.11.el6uek.x86_64.rpm	0bcf9f5c3c1fdbdfe9fd4d4ff42b66f55ab8e0d303e41242828accef246c69e7	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
	kernel-uek-devel-4.1.12-112.14.11.el6uek.x86_64.rpm	ff77e55a566250d30bc0c821d3291fd2a96ee1cf895080a43170a6fc2cfe3035	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
	kernel-uek-doc-4.1.12-112.14.11.el6uek.noarch.rpm	9d0d7a18ab1d63e25425ff0d773d8b2dd4f05cce9fa00fbd3f8ab217e12916a3	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
	kernel-uek-firmware-4.1.12-112.14.11.el6uek.noarch.rpm	dee38a2ea9ee92cc0cdfadf6d37f27892359a59f03f7f84f9e6c1b7a34f14bc6	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
Oracle Linux 7 (x86_64)	kernel-uek-4.1.12-112.14.11.el7uek.src.rpm	8d576cb9bd3e85288296ef867ec989132312511860dd61c8426bdcdc02fc4937	ELSA-2025-20190	ol7_x86_64_UEKR4_archive
	kernel-uek-4.1.12-112.14.11.el7uek.x86_64.rpm	41f59248cab7a0376faaf4196b80dc205d4a610d089b269c81dcdab01ba5c903	ELSA-2025-20190	ol7_x86_64_UEKR4_archive
	kernel-uek-debug-4.1.12-112.14.11.el7uek.x86_64.rpm	985a48d40602f832b2d5c1ddcbe6d07748b02c4db51e679ff50c7b40dbbc659d	ELSA-2025-20190	ol7_x86_64_UEKR4_archive
	kernel-uek-debug-devel-4.1.12-112.14.11.el7uek.x86_64.rpm	39bd4039c27f8825fe2c01612bdfcfa31b37ab6b438fcc0153a9d794857e67b0	ELSA-2025-20190	ol7_x86_64_UEKR4_archive
	kernel-uek-devel-4.1.12-112.14.11.el7uek.x86_64.rpm	d61a2c1a13e0165a0743b375e77524a28912450521660212223b8d5b72371970	ELSA-2025-20190	ol7_x86_64_UEKR4_archive
	kernel-uek-doc-4.1.12-112.14.11.el7uek.noarch.rpm	01e95d7a8a0cb3e7f943e64b22e5a23fab0bc46780ca1bc844ce09dba04a0c23	ELSA-2025-20190	ol7_x86_64_UEKR4_archive
	kernel-uek-firmware-4.1.12-112.14.11.el7uek.noarch.rpm	734c7a8ad0d3b9b256e307b58850d4aa2b91821d8e324e50547300070ed6efc3	ELSA-2025-20007	ol7_x86_64_UEKR4_archive

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team