ELSA-2018-2390

ELSA-2018-2390 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2018-08-14

Description


[2.6.32-754.3.5.OL6]
- Update genkey [bug 25599697]

[2.6.32-754.3.5]
- [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Frantisek Hrbata) [1593376] {CVE-2018-3620}

[2.6.32-754.3.4]
- [x86] x86/mm: Simplify p[g4um]d_page() macros (Josh Poimboeuf) [1593376] {CVE-2018-3620}
- [x86] x86/mm: Fix regression with huge pages on PAE (Josh Poimboeuf) [1593376] {CVE-2018-3620}
- [x86] x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Josh Poimboeuf) [1593376] {CVE-2018-3620}
- [x86] x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Josh Poimboeuf) [1593376] {CVE-2018-3620}
- [x86] x86/asm: Move PUD_PAGE macros to page_types.h (Josh Poimboeuf) [1593376] {CVE-2018-3620}
- [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] tcp: avoid collapses in tcp_prune_queue() if possible (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] add rb_to_skb() and other rb tree helpers (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] tcp: fix a stale ooo_last_skb after a replace (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] tcp: use an RB tree for ooo receive queue (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] add rbnode to struct sk_buff (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Florian Westphal) [1611376] {CVE-2018-5390}

[2.6.32-754.3.3]
- [x86] syscall: Fix regression when using the last syscall (process_vm_writev) (Lauro Ramos Venancio) [1589032] {CVE-2018-3693}
- [x86] syscall: Fix regression on strace and stap (Lauro Ramos Venancio) [1589032] {CVE-2018-3693}

[2.6.32-754.3.2]
- [kvm] VMX: Fix host GDT.LIMIT corruption (CVE-2018-10301) (Paolo Bonzini) [1601851] {CVE-2018-10901}
- [x86] Initialize __max_smt_threads to 1 (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: detect SMT disabled by BIOS (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] topology: Add topology_max_smt_threads() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Fix incorrect error return code in vm_insert_pfn() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] kvm: Don't flush L1D cache if VMENTER_L1D_FLUSH_NEVER (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] kvm: Take out the unused nosmt module parameter (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation for 32-bit PAE (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect swap entries aganst L1TF for 32-bit PAE (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Waiman Long) [1593376] {CVE-2018-3620}
- [Documentation] Add section about CPU vulnerabilities (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] bugs, kvm: Introduce boot-time control of L1TF mitigations (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: Expose SMT control init function (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] kvm: Allow runtime control of L1D flush (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] kvm: Serialize L1D flush parameter setter (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] kvm: Move l1tf setup function (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] l1tf: Handle EPT disabled state proper (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] kvm: Drop L1TF MSR list approach (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] litf: Introduce vmx status variable (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Add find_msr() helper function (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Add L1D flush logic (Waiman Long) [1593376] {CVE-2018-3620}
- [kvm] VMX: Make indirect call speculation safe (Waiman Long) [1593376] {CVE-2018-3620}
- [kvm] VMX: Enable acknowledge interupt on vmexit (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Add L1D MSR based flush (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Add L1D flush algorithm (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Add module argument for L1TF mitigation (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Waiman Long) [1593376] {CVE-2018-3620}
- [kvm] x86: Introducing kvm_x86_ops VM init/destroy hooks (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: Boot HT siblings at least once (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] Revert 'x86/apic: Ignore secondary threads if nosmt=force' (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpufeatures: Add detection of L1D cache flush support. (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] apic: Ignore secondary threads if nosmt=force (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu/AMD: Evaluate smp_num_siblings early (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu/intel: Evaluate smp_num_siblings early (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu/topology: Provide detect_extended_topology_early() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu/common: Provide detect_ht_early() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu/AMD: Remove the pointless detect_ht() call (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu: Remove the pointless CPU printout (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: Split do_cpu_down() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] topology: Provide topology_smt_supported() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] smp: Provide topology_is_primary_thread() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Add sysfs reporting for l1tf (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect swap entries against L1TF (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Change order of offset/type in swap entry (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] bugs: Export the internal __cpu_bugs variable (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] intel-family.h: Add GEMINI_LAKE SOC (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] mm: Move swap offset/type up in PTE to work around erratum (Waiman Long) [1593376] {CVE-2018-3620}

[2.6.32-754.3.1]
- [infiniband] ib/iser: Rewrite bounce buffer code path (Don Dutile) [1585312]
- [sound] alsa: pcm: prevent UAF in snd_pcm_info (CVE-2017-0861) (Jaroslav Kysela) [1565188] {CVE-2017-0861}
- [sound] alsa: seq: Fix racy pool initializations (Jaroslav Kysela) [1550176] {CVE-2018-7566}
- [sound] alsa: seq: Fix use-after-free at creating a port (Jaroslav Kysela) [1503383] {CVE-2017-15265}
- [sound] alsa: seq: Make ioctls race-free (Jaroslav Kysela) [1537452] {CVE-2018-1000004}
- [mm] reduce total RAM held in per-CPU pvecs by flushing them on compound/THP page arrival (Larry Woodman) [1575819]
- [usb] acm: fix the computation of the number of data bits (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [misc] spectre: fix gadgets found by smatch scanner, part 2 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] kvm/vmx: Remove barrier_nospec() in slot_largepage_idx() (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [kvm] Remove memory alias support (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [misc] spectre: fix gadgets found by smatch scanner (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [sound] alsa: rme9652: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [sound] alsa: opl3: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [sound] alsa: hda: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [sound] alsa: seq: oss: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [sound] alsa: seq: oss: Fix unbalanced use lock for synth MIDI device (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [net] atm: Fix potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [kernel] posix-timers: Protect posix clock array access against speculation (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [kernel] sys.c: fix potential Spectre v1 issue (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [kernel] sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [kernel] perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [ipc] sysvipc/sem: mitigate semnum index against spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [sound] alsa: control: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [media] dvb_ca_en50221: prevent using slot_info for Spectre attacs (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- media] dvb_ca_en50221: sanity check slot number from userspace (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [atm] zatm: Fix potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] perf: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] perf: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [net] nl80211: Sanitize array index in parse_txq_params (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [include] vfs, fdtable: Prevent bounds-check bypass via speculative execution (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] syscall: Sanitize syscall table de-references under speculation (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [powerpc] Use barrier_nospec in copy_from_user() (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [include] nospec: Introduce barrier_nospec for other arches (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] Introduce barrier_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] spectre_v1: Disable compiler optimizations over array_index_mask_nospec() (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] Implement array_index_mask_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [documentation] Document array_index_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693}
dependency (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [include] nospec: Allow index argument to have const-qualified type (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [include] nospec: Kill array_index_nospec_mask_check() (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [include] nospec: Move array_index_nospec() parameter checking into separate macro (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [include] array_index_nospec: Sanitize speculative array de-references (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] get_user: Use pointer masking to limit speculation (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] Introduce __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] reorganize SMAP handling in user space accesses (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] uaccess: Tell the compiler that uaccess is unlikely to fault (Josh Poimboeuf) [1589032] {CVE-2018-3693}


Related CVEs


CVE-2017-0861
CVE-2017-15265
CVE-2018-1000004
CVE-2018-5390
CVE-2018-3620
CVE-2018-3693
CVE-2018-7566
CVE-2018-3646
CVE-2018-10901

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 6 (i386) kernel-2.6.32-754.3.5.el6.src.rpm73a3e7bbd224b96871b9134db38b2799-
kernel-2.6.32-754.3.5.el6.i686.rpm56f99c116c25c32ba101d4260c54515f-
kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpma84d0015c571b999366a7271d739b334-
kernel-debug-2.6.32-754.3.5.el6.i686.rpm0eac4ad59964fc35d8e1c73e896905bc-
kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm40ce6dc149806864ef3a2999c8f1ff7b-
kernel-devel-2.6.32-754.3.5.el6.i686.rpm5c26d510f37c85bba7e662e44f9176c8-
kernel-doc-2.6.32-754.3.5.el6.noarch.rpm92f5295b01e2dacb44b935898dedc30a-
kernel-firmware-2.6.32-754.3.5.el6.noarch.rpme5a269df2cc930c0c75877aeb705f776-
kernel-headers-2.6.32-754.3.5.el6.i686.rpme6106f2c84786aae03b51f1746dff5e2-
perf-2.6.32-754.3.5.el6.i686.rpm1103a8248f3134cecf307fc271e159a8-
python-perf-2.6.32-754.3.5.el6.i686.rpm20f758f6783a17036eb762334293a1d6-
Oracle Linux 6 (x86_64) kernel-2.6.32-754.3.5.el6.src.rpm73a3e7bbd224b96871b9134db38b2799-
kernel-2.6.32-754.3.5.el6.x86_64.rpm529cb9510e17f525d4abf61579dd5e01-
kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpma84d0015c571b999366a7271d739b334-
kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm2b046c6bbdc979046f5a4d25ada2880c-
kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm40ce6dc149806864ef3a2999c8f1ff7b-
kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm0cbf26b08a648f1b36e38d7cf33ef579-
kernel-devel-2.6.32-754.3.5.el6.x86_64.rpmc6c5e270be67e69e79d7c9c1d9f6a4df-
kernel-doc-2.6.32-754.3.5.el6.noarch.rpm92f5295b01e2dacb44b935898dedc30a-
kernel-firmware-2.6.32-754.3.5.el6.noarch.rpme5a269df2cc930c0c75877aeb705f776-
kernel-headers-2.6.32-754.3.5.el6.x86_64.rpmb8262d8b0d43094c653a3d84ece440d8-
perf-2.6.32-754.3.5.el6.x86_64.rpm081dbed59378e16b5d31ab9580ee0830-
python-perf-2.6.32-754.3.5.el6.x86_64.rpm449594810e0a5b5465c2ad566284380c-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete