ELSA-2018-4004
- ULN >
- Oracle Linux Errata repository >
- ELSA-2018-4004
ELSA-2018-4004 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2018-01-05 |
Description
[4.1.12-112.14.5]
- x86/ibrs: Remove 'ibrs_dump' and remove the pr_debug (Konrad Rzeszutek Wilk) [Orabug: 27350825]
[4.1.12-112.14.4]
- kABI: Revert kABI: Make the boot_cpu_data look normal (Konrad Rzeszutek Wilk) {CVE-2017-5715}
[4.1.12-112.14.3]
- userns: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- udf: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- net: mpls: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- fs: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- ipv6: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- ipv4: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- Thermal/int340x: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- cw1200: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- qla2xxx: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- p54: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- carl9170: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- uvcvideo: prevent speculative execution (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- bpf: prevent speculative execution in eBPF interpreter (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- locking/barriers: introduce new observable speculation barrier (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- x86/cpu/AMD: Make the LFENCE instruction serialized (Elena Reshetova) [Orabug: 27340459] {CVE-2017-5753}
- kABI: Make the boot_cpu_data look normal. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- kernel.spec: Require the new microcode_ctl. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715} {CVE-2017-5715}
- x86/microcode/AMD: Add support for fam17h microcode loading (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715}
- x86/spec_ctrl: Disable if running as Xen PV guest. (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- Set IBPB when running a different VCPU (Dave Hansen) [Orabug: 27339995] {CVE-2017-5715}
- Clear the host registers after setbe (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715}
- Use the ibpb_inuse variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715}
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715}
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715}
- Use the 'ibrs_inuse' variable. (Jun Nakajima) [Orabug: 27339995] {CVE-2017-5715}
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715}
- x86/svm: Set IBPB when running a different VCPU (Paolo Bonzini) [Orabug: 27339995] {CVE-2017-5715}
- x86/kvm: Pad RSB on VM transition (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/cpu/AMD: Add speculative control support for AMD (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715}
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86: Move IBRS/IBPB feature detection to scattered.c (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/kvm: clear registers on VM exit (Tom Lendacky) [Orabug: 27339995] {CVE-2017-5715}
- x86/kvm: Set IBPB when switching VM (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- *INCOMPLETE* x86/syscall: Clear unused extra registers on syscall entrance (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/mm: Set IBPB upon context switch (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/idle: Disable IBRS entering idle and enable it on wakeup (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry (Andrea Arcangeli) [Orabug: 27339995] {CVE-2017-5715}
- *Scaffolding* x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/enter: Use IBRS on syscall and interrupts (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86: Add macro that does not save rax, rcx, rdx on stack to disable IBRS (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/enter: MACROS to set/clear IBRS and set IBP (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86/feature: Report presence of IBPB and IBRS control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
- x86: Add STIBP feature enumeration (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 27339995] {CVE-2017-5715}
- x86/feature: Enable the x86 feature to control (Tim Chen) [Orabug: 27339995] {CVE-2017-5715}
Related CVEs
| CVE-2017-5715 |
| CVE-2017-5753 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 6 (x86_64) | kernel-uek-4.1.12-112.14.5.el6uek.src.rpm | 5ad631e951a203ce7e3fc17ee100f4c3cfe3ff89dfff92b6efd93d0192b55837 | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive |
| kernel-uek-4.1.12-112.14.5.el6uek.x86_64.rpm | 23682e98f2a160c3ec6313cf8c857a8eaacc5193159744b40e587140e0c08ee7 | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| kernel-uek-debug-4.1.12-112.14.5.el6uek.x86_64.rpm | bbda63dd90d4f3ca22e2e12066a72e1caac704c985853237cb62ac0a2c615020 | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| kernel-uek-debug-devel-4.1.12-112.14.5.el6uek.x86_64.rpm | ffda78122caf38da8d108ab6cb66b082d2a5de83902d23561069fe046c408db0 | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| kernel-uek-devel-4.1.12-112.14.5.el6uek.x86_64.rpm | 056ce0b4384fdd0c30ae7a75545d63da363e186438571e261cb9450bece583bc | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| kernel-uek-doc-4.1.12-112.14.5.el6uek.noarch.rpm | 88656aab5c39beb71f2d76e903d10be0a905619092de9f49e17ab1bb489419e2 | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| kernel-uek-firmware-4.1.12-112.14.5.el6uek.noarch.rpm | 4bd8242f42de4d4738c8a3b1ee1eed89102b7b92f580356b054b5abc35967b35 | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| Oracle Linux 7 (x86_64) | kernel-uek-4.1.12-112.14.5.el7uek.src.rpm | 7492a516389e3dc80b6aa99b73653716890abf35fef568bd937443d904d921d5 | ELSA-2025-20190 | ol7_x86_64_UEKR4_archive |
| kernel-uek-4.1.12-112.14.5.el7uek.x86_64.rpm | 67c88f4fd6bc853aaae7cd509b6788c2a0e98d9fc7e68cb460ce0c28d7075a70 | ELSA-2025-20190 | ol7_x86_64_UEKR4_archive | |
| kernel-uek-debug-4.1.12-112.14.5.el7uek.x86_64.rpm | c0475f5705d62ddb93a40e0f9f6416f12b999c96b9c1fb887ff6ca70bb069f24 | ELSA-2025-20190 | ol7_x86_64_UEKR4_archive | |
| kernel-uek-debug-devel-4.1.12-112.14.5.el7uek.x86_64.rpm | d4b1d0d6518e84df713b3d1627c84454a225e155717c17cc2f94387059b15fa5 | ELSA-2025-20190 | ol7_x86_64_UEKR4_archive | |
| kernel-uek-devel-4.1.12-112.14.5.el7uek.x86_64.rpm | e357100138cf79972658255d67dbd8cbbfaeccd4d1e4f2d02de0f78a48ceac80 | ELSA-2025-20190 | ol7_x86_64_UEKR4_archive | |
| kernel-uek-doc-4.1.12-112.14.5.el7uek.noarch.rpm | 0ca47585b4e718db035da990e8a825d7a029d90f848068b6542d8db3b1395e19 | ELSA-2025-20190 | ol7_x86_64_UEKR4_archive | |
| kernel-uek-firmware-4.1.12-112.14.5.el7uek.noarch.rpm | 696b6004ba64f5f0b81a7b84649088d30fd0d9d43dd5540588cbea2a7901f946 | ELSA-2025-20007 | ol7_x86_64_UEKR4_archive | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
