ELSA-2018-2164 - kernel security and bug fix update

Release Date:2018-07-10


- Update genkey [bug 25599697]

- [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1596113] {CVE-2018-10872}
- [fs] gfs2: Flush delayed work earlier in gfs2_inode_lookup (Andreas Grunbacher) [1506281]
- [mm] mempolicy: fix use after free when calling get_mempolicy (Augusto Caringi) [1576757] {CVE-2018-10675}
- [mm] Fix NULL pointer dereference in dequeue_hwpoisoned_huge_page() (Larry Woodman) [1381653]
- [fs] NFSv4.1: Fix up replays of interrupted requests (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Simplify struct nfs4_sequence_args too (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Label each entry in the session slot tables with its slot number (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Shrink struct nfs4_sequence_res by moving the session pointer (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: nfs4_alloc_slots doesn't need zeroing (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: clean up nfs4_recall_slot to use nfs4_alloc_slots (Benjamin Coddington) [1553423]
- [fs] NFSv4.1: Fix a NFSv4.1 session initialisation regression (Benjamin Coddington) [1553423]
- [scsi] ipr: Fix sync scsi scan (Gustavo Duarte) [1572310]
- [scsi] ipr: Wait to do async scan until scsi host is initialized (Gustavo Duarte) [1572310]

- [x86] microcode: Fix CPU synchronization routine (Prarit Bhargava) [1574592]
- [x86] microcode: Synchronize late microcode loading (Prarit Bhargava) [1574592]
- [x86] microcode: Request microcode on the BSP (Prarit Bhargava) [1574592]
- [x86] microcode: Sanitize per-cpu microcode reloading interface (Prarit Bhargava) [1574592]
- [x86] virt_spec_ctrl: Set correct host SSDB value for AMD (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Eliminate TIF_SSBD checks in IBRS on/off functions (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Disable SSBD update from scheduler if not user settable (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Make ssbd_enabled writtable (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Remove thread_info check in __wrmsr_on_cpu() (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Write per-thread SSBD state to spec_ctrl_pcp (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Add a read-only ssbd_enabled debugfs file (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Switch the selection of mitigation from CPU vendor to CPU features (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Add AMD's SPEC_CTRL MSR usage (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Add AMD's variant of SSB_NO (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs/intel: Set proper CPU features and setup RDS (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Rework spec_ctrl base and mask logic (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Rework SPEC_CTRL update after late microcode loading (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Make sync_all_cpus_ibrs() write spec_ctrl_pcp value (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Unify x86_spec_ctrl_{set_guest, restore_host} (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Rework speculative_store_bypass_update() (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Add virtualized speculative store bypass disable support (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] KVM: Rename KVM SPEC_CTRL MSR functions to match upstream (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Handle HT correctly on AMD (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] cpufeatures: Add FEATURE_ZEN (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] cpufeatures: Disentangle SSBD enumeration (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] cpufeatures: Disentangle MSR_SPEC_CTRL enumeration from IBRS (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Use synthetic bits for IBRS/IBPB/STIBP (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] bugs: Fix missing void (Waiman Long) [1584356] {CVE-2018-3639}
- [documentation] spec_ctrl: Do some minor cleanups (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] speculation: Make 'seccomp' the default mode for Speculative Store Bypass (Waiman Long) [1584356] {CVE-2018-3639}
- [kernel] seccomp: Move speculation migitation control to arch code (Waiman Long) [1584356] {CVE-2018-3639}
- [kernel] seccomp: Use PR_SPEC_FORCE_DISABLE (Waiman Long) [1584356] {CVE-2018-3639}
- [uapi] prctl: Add force disable speculation (Waiman Long) [1584356] {CVE-2018-3639}
- [kernel] seccomp: Enable speculation flaw mitigations (Waiman Long) [1584356] {CVE-2018-3639}
- [fs] proc: Provide details on speculation flaw mitigations (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] nospec: Allow getting/setting on non-current task (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Show IBPB in the Spectre_v2 sysfs file (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] pti: Check MSR_IA32_ARCH_CAPABILITIES for Meltdown vulnearability (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up naming of SPEC_CTRL MSR bits with upstream (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] pti: Fix kexec warning on debug kernel (Waiman Long) [1584356] {CVE-2018-3639}
- [x86] kvm/fpu: Enable eager FPU restore (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] always enable eager FPU by default (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Load xsave pointer *after* initialization (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Fix 32-bit signal frame handling (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Always restore_xinit_state() when use_eager_cpu() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Rename drop_init_fpu() to fpu_reset_state() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Fix math_state_restore() race with kernel_fpu_begin() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Fold __drop_fpu() into its sole user (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Don't abuse drop_init_fpu() in flush_thread() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Introduce restore_init_xstate() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Document user_fpu_begin() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Factor out memset(xstate, 0) in fpu_finit() paths (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Change xstateregs_get()/set() to use ->xsave.i387 rather than ->fxsave (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Always allow FPU in interrupt if use_eager_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Don't abuse has_fpu in __kernel_fpu_begin/end() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Introduce per-cpu in_kernel_fpu state (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Check tsk_used_math() in kernel_fpu_end() for eager FPU (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Change math_error() to use unlazy_fpu(), kill (now) unused save_init_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Merge simd_math_error() into math_error() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Don't do __thread_fpu_end() if use_eager_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Don't reset thread.fpu_counter (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: shift drop_init_fpu() from save_xstate_sig() to handle_signal() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Allow FPU to be used at interrupt time even with eagerfpu (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387.c: Initialize thread xstate only on CPU0 only once (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] kvm: fix kvm's usage of kernel_fpu_begin/end() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] rhel: initialize scattered CPUID features early (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: make eagerfpu= boot param tri-state (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: enable eagerfpu by default for xsaveopt (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: decouple non-lazy/eager fpu restore from xsave (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: use non-lazy fpu restore for processors supporting xsave (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: remove unnecessary user_fpu_end() in save_xstate_sig() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: drop_fpu() before restoring new state from sigframe (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Unify signal handling code paths for x86 and x86_64 kernels (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: drop the fpu state during thread exit (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] signals: ia32_signal.c: add __user casts to fix sparse warnings (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Consolidate inline asm routines for saving/restoring fpu state (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] signal: Cleanup ifdefs and is_ia32, is_x32 (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu/xsave: Keep __user annotation in casts (Paolo Bonzini) [1589047] {CVE-2018-3665}
(Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] extable: Remove open-coded exception table entries in arch/x86/include/asm/xsave.h (Paolo Bonzini) [1589047] {CVE-2018-3665}
into exported and internal interfaces (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: Uninline the generic FP helpers that we expose to kernel modules (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: (DON'T ACTUALLY) support lazy restore of FPU state (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: use 'restore_fpu_checking()' directly in task switching code (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: fix up some fpu_counter confusion (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: re-introduce FPU state preloading at context switch time (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: move TS_USEDFPU flag from thread_info to task_struct (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: move AMD K7/K8 fpu fxsave/fxrstor workaround from save to restore (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: do not preload FPU state at task switch time (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: don't ever touch TS_USEDFPU directly, use helper functions (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: move TS_USEDFPU clearing out of __save_init_fpu and into callers (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: fix x86-64 preemption-unsafe user stack save/restore (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] i387: math_state_restore() isn't called from asm (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fix potentially dangerous trailing '; ' in #defined values/expressions (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-32, fpu: Fix FPU exception handling on non-SSE systems (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Fix common misspellings (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] kvm: Initialize fpu state in preemptible context (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Merge fpu_save_init() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-32, fpu: Rewrite fpu_save_init() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Remove PSHUFB_XMM5_* macros (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Remove unnecessary ifdefs from i387 code. (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-64, fpu: Simplify constraints for fxsave/fxtstor (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-64, fpu: Fix cs value in convert_from_fxsr() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] x86-64, fpu: Disable preemption when using TS_USEDFPU (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Merge __save_init_fpu() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Merge tolerant_fwait() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] fpu: Merge fpu_init() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Disable xsave in i387 emulation mode (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Make xstate_enable_boot_cpu() __init, protect on CPU 0 (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Add __init attribute to setup_xstate_features() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Make init_xstate_buf static (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Check cpuid level for XSTATE_CPUID (0x0d) (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Introduce xstate enable functions (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Do not include asm/i387.h in asm/xsave.h (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Avoid unnecessary __clear_user() and xrstor in signal handling (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Cleanup return codes in check_for_xstate() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Separate fpu and xsave initialization (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] xsave: Move boot cpu initialization to xsave_init() (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Revert '[x86] fpu: change save_i387_xstate() to rely on unlazy_fpu()' (Paolo Bonzini) [1589047] {CVE-2018-3665}
- [x86] Revert '[x86] fpu: shift clear_used_math() from save_i387_xstate() to handle_signal()' (Paolo Bonzini) [1589047] {CVE-2018-3665}

Related CVEs


Updated Packages

Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) kernel-2.6.32-754.2.1.el6.src.rpm3be6c0866c7fa7b66e8c2851413ea2db-
Oracle Linux 6 (x86_64) kernel-2.6.32-754.2.1.el6.src.rpm3be6c0866c7fa7b66e8c2851413ea2db-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team