ELSA-2018-2748

ELSA-2018-2748 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2018-09-26

Description


[3.10.0-862.14.4.OL7]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [bug 24817676]

[3.10.0-862.14.4]
- [scsi] Revert: lpfc: Fix port initialization failure (Radomir Vrbovsky) [1605235 1584377]
- [scsi] Revert: qla2xxx: Fix NULL pointer access for fcport structure (Radomir Vrbovsky) [1597546 1547714]

[3.10.0-862.14.3]
- [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634}
- [fs] exec: account for argv/envp pointers (Yauheni Kaliuta) [1625980 1625991] {CVE-2018-14634}

[3.10.0-862.14.2]
- [uio] fix possible circular locking dependency (Xiubo Li) [1608677 1560418]
- [scsi] tcmu: Don't pass KERN_ERR to pr_err (Xiubo Li) [1608677 1560418]
- [scsi] tcmu: add module wide block/reset_netlink support (Xiubo Li) [1608677 1560418]
- [scsi] tcmu: simplify nl interface (Xiubo Li) [1608677 1560418]
- [scsi] tcmu: track nl commands (Xiubo Li) [1608677 1560418]
- [scsi] tcmu: delete unused __wait (Xiubo Li) [1608677 1560418]
- [uio] fix crash after the device is unregistered (Xiubo Li) [1608677 1560418]
- [uio] change to use the mutex lock instead of the spin lock (Xiubo Li) [1608677 1560418]
- [uio] Prevent device destruction while fds are open (Xiubo Li) [1608677 1560418]
- [uio] Reduce return paths from uio_write() (Xiubo Li) [1608677 1560418]
- [uio] fix incorrect memory leak cleanup (Xiubo Li) [1608677 1560418]
- [uio] add missing error codes (Xiubo Li) [1608677 1560418]
- [uio] fix false positive __might_sleep warning splat (Xiubo Li) [1608677 1560418]
- [uio] Destroy uio_idr on module exit (Xiubo Li) [1608677 1560418]
- [uio] don't free irq that was not requested (Xiubo Li) [1608677 1560418]
- [uio] support memory sizes larger than 32 bits (Xiubo Li) [1608677 1560418]
- [uio] we cannot mmap unaligned page contents (Xiubo Li) [1608677 1560418]
- [uio] Pass pointers to virt_to_page(), not integers (Xiubo Li) [1608677 1560418]
- [uio] fix memory leak (Xiubo Li) [1608677 1560418]
- [uio] Request/free irq separate from dev lifecycle (Xiubo Li) [1608677 1560418]
- [uio] Simplify uio error path by using devres functions (Xiubo Li) [1608677 1560418]

[3.10.0-862.14.1]
- [x86] microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf) [1619622 1614515]
- [infiniband] core: Fix nospec regression (Josh Poimboeuf) [1619624 1616346]
- [x86] microcode/amd: Do not load when running on a hypervisor (Vitaly Kuznetsov) [1618390 1607899]

[3.10.0-862.13.1]
- [infiniband] ib/ipoib: Fix race condition in neigh creation (Don Dutile) [1616164 1520300]
- [gpu] qxl: hook monitors_config updates into crtc, not encoder (Gerd Hoffmann) [1614349 1544322]
- [gpu] qxl: move qxl_send_monitors_config() (Gerd Hoffmann) [1614349 1544322]
- [gpu] qxl: remove qxl_io_log() (Gerd Hoffmann) [1614349 1544322]
- [kernel] locking: Introduce smp_mb__after_spinlock() (Steve Best) [1613814 1496574]
- [scsi] ibmvfc: Avoid unnecessary port relogin (Steve Best) [1613202 1605080]
- [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1612353 1585297]
- [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1612353 1585297]
- [nvmet-fc] move tech preview warning to nvmet_fc_register_targetport call (Ewan Milne) [1610381 1608947]
- [nvme-fc] move tech preview warning to nvme_fc_register_localport call (Ewan Milne) [1610381 1608947]
- [block] blk-throttle: check stats_cpu before reading it from sysfs (Ming Lei) [1608228 1567748]
- [powerpc] signals: Discard transaction state from signal frames (Steve Best) [1608227 1586153]
- [ipc] shm.c: add split function to shm_vm_ops (Desnes Augusto Nunes do Rosario) [1608225 1586152]
- [scsi] lpfc: Fix port initialization failure (Dick Kennedy) [1605235 1584377]
- [vmbus] fix the missed signaling in hv_signal_on_read() (Vitaly Kuznetsov) [1605089 1591976]
- [infiniband] ib/ipoib: Fix for potential no-carrier state (Donald Dutile) [1601935 1548474]
- [vmwgfx] refuse to hibernate if we have any resources. (v2) (Dave Airlie) [1601516 1595136]
- [netdrv] sfc: stop the TX queue before pushing new buffers (Xin Long) [1601353 1445576]
- [lib] rhashtable: Fix rhlist duplicates insertion (Xin Long) [1601009 1559106]
- [kernel] hrtimer: Allow concurrent hrtimer_start() for self restarting timers (Oleksandr Natalenko) [1600911 1574387]
- [iommu] amd: Add NULL sanity check for struct irq_2_irte.ir_data (Suravee Suthikulpanit) [1600661 1542697]
- [hid] wacom: Correct logical maximum Y for 2nd-gen Intuos Pro large (Benjamin Tissoires) [1600660 1591499]
- [md] avoid NULL dereference to queue pointer (Ming Lei) [1600056 1581845]
- [scsi] qla2xxx: Fix NULL pointer access for fcport structure (Himanshu Madhani) [1597546 1547714]
- [scsi] csiostor: Add a soft dep on cxgb4 driver (Arjun Vynipadath) [1597529 1584003]
- [mm] initialize pages on demand during boot (Masayoshi Mizuma) [1588366 1496330]
- [mm] split deferred_init_range into initializing and freeing parts (Masayoshi Mizuma) [1588366 1496330]
- [kernel] cpu/hotplug: Fix 'online' sysfs entry with 'nosmt' (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [net] ipv6: fix nospec-related regression in ipv6_addr_prefix() (Josh Poimboeuf) [1589033 1589035] {CVE-2018-3693}
- [net] tcp: add tcp_ooo_try_coalesce() helper (Paolo Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] tcp: call tcp_drop() from tcp_data_queue_ofo() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] tcp: avoid collapses in tcp_prune_queue() if possible (Paolo Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Paolo Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] add rb_to_skb() and other rb tree helpers (Paolo Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] tcp: fix a stale ooo_last_skb after a replace (Paolo Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] tcp: use an RB tree for ooo receive queue (Paolo Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Paolo Abeni) [1611368 1611369] {CVE-2018-5390}
- [net] tcp: increment sk_drops for dropped rx packets (Paolo Abeni) [1611368 1611369] {CVE-2018-5390}
- [x86] x86/syscall: Fix regression when using the last syscall (pkey_free) (Lauro Ramos Venancio) [1589033 1589035] {CVE-2018-3693}
- [kernel] cpu: hotplug: detect SMT disabled by BIOS (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [documentation] l1tf: Fix typos (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: Remove extra newline in vmentry_l1d_flush sysfs file (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: vmx: Initialize the vmx_l1d_flush_pages' content (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] speculation: l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [documentation] Add section about CPU vulnerabilities (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] bugs, kvm: introduce boot-time control of L1TF mitigations (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu: hotplug: Set CPU_SMT_NOT_SUPPORTED early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu: hotplug: Expose SMT control init function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: Allow runtime control of L1D flush (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: Serialize L1D flush parameter setter (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: Add static key for flush always (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: Move l1tf setup function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Handle EPT disabled state proper (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: Drop L1TF MSR list approach (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] litf: Introduce vmx status variable (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] bugs: Make cpu_show_common() static (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] bugs: Concentrate bug reporting into a separate function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu: hotplug: Online siblings when SMT control is turned on (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: vmx: Use MSR save list for IA32_FLUSH_CMD if required (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: vmx: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: vmx: Separate the VMX AUTOLOAD guest/host number accounting (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: vmx: Add find_msr() helper function (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: vmx: Split the VMX MSR LOAD structures to have an host/guest numbers (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities, part 3 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu: hotplug: Boot HT siblings at least once, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] speculation/l1tf: fix typo in l1tf mitigation string (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Boot HT siblings at least once (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- Revert 'x86/apic: Ignore secondary threads if nosmt=force' (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PAE swap entries against L1TF (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] cpu/AMD: Remove the pointless detect_ht() call (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT, part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] topology: Provide topology_smt_supported() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] smp: Provide topology_is_primary_thread(), part 2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] apic: Ignore secondary threads if nosmt=force (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] cpu/AMD: Evaluate smp_num_siblings early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] cpu/intel: Evaluate smp_num_siblings early (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] cpu/topology: Provide detect_extended_topology_early() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] cpu/common: Provide detect_ht_early() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] cpu: Remove the pointless CPU printout (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [kernel] cpu/hotplug: Split do_cpu_down() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] smp: Provide topology_is_primary_thread() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] CPU: Modify detect_extended_topology() to return result (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: fix build for CONFIG_NUMA_BALANCING=n (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: sync with latest L1TF patches (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_NUMA PTEs and PMDs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [mm] l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Report if too much memory for L1TF workaround (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Limit swap file size to MAX_PA/2 (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Add sysfs reporting for l1tf (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Make sure the first page is always reserved (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Protect PROT_NONE PTEs against speculation (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Protect swap entries against L1TF (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] l1tf: Increase 32bit PAE __PHYSICAL_PAGE_MASK (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] add support for L1D flush MSR (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}
- [x86] kvm: mitigation for L1 cache terminal fault vulnerabilities (Josh Poimboeuf) [1593383 1593384] {CVE-2018-3620}

[3.10.0-862.12.1]
- [fs] CIFS: Fix NULL pointer deref on SMB2_tcon() failure (Leif Sahlberg) [1609159 1591092]
- [net] multicast: do not restore deleted record source filter mode to new one (Hangbin Liu) [1610380 1586321]
- [net] multicast: remove useless parameter for group add (Hangbin Liu) [1610380 1586321]
- [net] ipv6/mcast: init as INCLUDE when join SSM INCLUDE group (Hangbin Liu) [1610380 1586321]
- [net] ipv4/igmp: init group mode as INCLUDE when join source group (Hangbin Liu) [1610380 1586321]
- [net] ipv6: mcast: fix unsolicited report interval after receiving querys (Hangbin Liu) [1610380 1586321]
- [net] ipv6: refactor ipv6_dev_mc_inc() (Hangbin Liu) [1610380 1586321]


Related CVEs


CVE-2018-14634

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) kernel-3.10.0-862.14.4.el7.src.rpm8c52c3628d366083ba3eebe87fcdfee1ELBA-2021-1397-1
kernel-3.10.0-862.14.4.el7.x86_64.rpm0568273b2ea9d766684be02a67fbb15eELBA-2021-1397-1
kernel-abi-whitelists-3.10.0-862.14.4.el7.noarch.rpm5123d297b5dfbf45c09a4180641fd484ELBA-2021-1397-1
kernel-debug-3.10.0-862.14.4.el7.x86_64.rpm4081205b962d3d4abc0ed34addec29c5ELBA-2021-1397-1
kernel-debug-devel-3.10.0-862.14.4.el7.x86_64.rpm1ac1aec45e40e20996724bb7ac5f0311ELBA-2021-1397-1
kernel-devel-3.10.0-862.14.4.el7.x86_64.rpm3bd073673fee034ec6880f7a162a1b80ELBA-2021-1397-1
kernel-doc-3.10.0-862.14.4.el7.noarch.rpmd6172c6abec41cb358b49466b99cb773ELBA-2021-1397-1
kernel-headers-3.10.0-862.14.4.el7.x86_64.rpm8e71843c5ff66358a1efcf207dab7ae1ELBA-2021-1397-1
kernel-tools-3.10.0-862.14.4.el7.x86_64.rpme754aa4e38fbfa02cf6cd58ebd4ae6c9ELBA-2021-1397-1
kernel-tools-libs-3.10.0-862.14.4.el7.x86_64.rpm6567872d375854a85e72e92a51ef23ceELBA-2021-1397-1
kernel-tools-libs-devel-3.10.0-862.14.4.el7.x86_64.rpm2dd2eccd960e9953798575675abff60aELBA-2021-1397-1
perf-3.10.0-862.14.4.el7.x86_64.rpmd6189d6d27832f8c77caf6a623d9ffefELSA-2021-9220
python-perf-3.10.0-862.14.4.el7.x86_64.rpmb4d7447f4a1d50b640e2524242e03a1cELSA-2021-9220



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete