ELSA-2018-4114

ULN >
Oracle Linux Errata repository >
ELSA-2018-4114

ELSA-2018-4114 - Unbreakable Enterprise kernel security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2018-05-22

Description

[4.1.12-124.15.2]
- KVM: SVM: Move spec control call after restore of GS (Thomas Gleixner) {CVE-2018-3639}
- x86/bugs: Fix the parameters alignment and missing void (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Make cpu_show_common() static (Jiri Kosina) {CVE-2018-3639}
- x86/bugs: Fix __ssb_select_mitigation() return type (Jiri Kosina) {CVE-2018-3639}
- Documentation/spec_ctrl: Do some minor cleanups (Borislav Petkov) {CVE-2018-3639}
- proc: Use underscores for SSBD in 'status' (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Rename _RDS to _SSBD (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/speculation: Make 'seccomp' the default mode for Speculative Store Bypass (Kees Cook) {CVE-2018-3639}
- seccomp: Move speculation migitation control to arch code (Thomas Gleixner) {CVE-2018-3639}
- seccomp: Add filter flag to opt-out of SSB mitigation (Kees Cook) {CVE-2018-3639}
- seccomp: Use PR_SPEC_FORCE_DISABLE (Thomas Gleixner) {CVE-2018-3639}
- prctl: Add force disable speculation (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- seccomp: Enable speculation flaw mitigations (Kees Cook) {CVE-2018-3639}
- proc: Provide details on speculation flaw mitigations (Kees Cook) {CVE-2018-3639}
- nospec: Allow getting/setting on non-current task (Kees Cook) {CVE-2018-3639}
- x86/bugs/IBRS: Disable SSB (RDS) if IBRS is sslected for spectre_v2. (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/speculation: Add prctl for Speculative Store Bypass mitigation (Thomas Gleixner) {CVE-2018-3639}
- x86: thread_info.h: move RDS from index 5 to 23 (Mihai Carabas) {CVE-2018-3639}
- x86/process: Allow runtime control of Speculative Store Bypass (Thomas Gleixner) {CVE-2018-3639}
- prctl: Add speculation control prctls (Thomas Gleixner) {CVE-2018-3639}
- x86/speculation: Create spec-ctrl.h to avoid include hell (Thomas Gleixner) {CVE-2018-3639}
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/intel: Set proper CPU features and setup RDS (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/cpufeatures: Add X86_FEATURE_RDS (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Expose /sys/../spec_store_bypass (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) {CVE-2018-3639}
- x86/cpu: Rename Merrifield2 to Moorefield (Andy Shevchenko) {CVE-2018-3639}
- x86/bugs, KVM: Support the combination of guest and host IBRS (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/IBRS: Warn if IBRS is enabled during boot. (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/IBRS: Use variable instead of defines for enabling IBRS (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/IBRS: Turn on IBRS in spectre_v2_select_mitigation (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/msr: Add SPEC_CTRL_IBRS.. (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- scsi: libfc: Revisit kref handling (Hannes Reinecke)
- scsi: libfc: reset exchange manager during LOGO handling (Hannes Reinecke)
- scsi: libfc: send LOGO for PLOGI failure (Hannes Reinecke)
- scsi: libfc: Issue PRLI after a PRLO has been received (Hannes Reinecke)
- libfc: Update rport reference counting (Hannes Reinecke)
- amd/kvm: do not intercept new MSRs for spectre v2 mitigation (Elena Ufimtseva)
- RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 27422832] {CVE-2018-5333}
- ACPI: sbshc: remove raw pointer from printk() message (Greg Kroah-Hartman) [Orabug: 27501257] {CVE-2018-5750}
- futex: Prevent overflow by strengthen input validation (Li Jinyue) [Orabug: 27539548] {CVE-2018-6927}
- net: ipv4: add support for ECMP hash policy choice (Venkat Venkatsubra) [Orabug: 27547114]
- net: ipv4: Consider failed nexthops in multipath routes (David Ahern) [Orabug: 27547114]
- ipv4: L3 hash-based multipath (Peter Norlund) [Orabug: 27547114]
- dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou Tao) [Orabug: 27677556] {CVE-2017-18203}
- NFS: only invalidate dentrys that are clearly invalid. (NeilBrown) [Orabug: 27870824]
- net: Improve handling of failures on link and route dumps (David Ahern) [Orabug: 27959177]
- mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 27963519] {CVE-2018-10675}
- drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman) [Orabug: 27963530] {CVE-2018-8781}
- xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27963576] {CVE-2018-10323}
- Revert 'mlx4: change the ICM table allocations to lowest needed size' (Hakon Bugge) [Orabug: 27980030]
- Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030514] {CVE-2017-1000410} {CVE-2017-1000410}

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 6 (x86_64)	kernel-uek-4.1.12-124.15.2.el6uek.src.rpm	6a3d541d1055a0eae7e7698d597c5cbc0aff8c2900da5a5f816b72e207fd0a52	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
	kernel-uek-4.1.12-124.15.2.el6uek.x86_64.rpm	5b5dd35da757c743f1f20d70101baa0626d730e6ddc35b4ffbb625772ef4fa44	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
	kernel-uek-debug-4.1.12-124.15.2.el6uek.x86_64.rpm	b0bc43bb4cb8cee41af738bdddb3cc68db7fa0af2c86612ab961537a32557dad	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
	kernel-uek-debug-devel-4.1.12-124.15.2.el6uek.x86_64.rpm	8913fee8a490c55e702025114647d4dff7aba82b6d2756ae45d5f047366b9729	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
	kernel-uek-devel-4.1.12-124.15.2.el6uek.x86_64.rpm	6ac30aab7ad3c9dcf7b20c1e97f27d68bf6623b893a871a0429427b84899f479	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
	kernel-uek-doc-4.1.12-124.15.2.el6uek.noarch.rpm	e48c6be108ab171cf9a3c02ba0f3c9963cf3a1c90b99ff7eec3271dc0a48236b	ELSA-2025-20007	ol6_x86_64_UEKR4_archive
	kernel-uek-firmware-4.1.12-124.15.2.el6uek.noarch.rpm	10bc860ce59ec01e9108c1c059c7468dae7d739305777f33df0fb30772d59254	ELSA-2025-20007	ol6_x86_64_UEKR4_archive

Oracle Linux 7 (x86_64)	kernel-uek-4.1.12-124.15.2.el7uek.src.rpm	8d886b9525e0bd78e2a6c09f6f518e2a4943941c64463f6eb574bbd8ee742180	ELSA-2025-20190	ol7_x86_64_UEKR4_archive
	kernel-uek-4.1.12-124.15.2.el7uek.x86_64.rpm	f85558098a6945c5f63d9da34444c8e897e7526ee4c4d79661a3c8609f27f1b1	ELSA-2025-20190	ol7_x86_64_UEKR4_archive
	kernel-uek-debug-4.1.12-124.15.2.el7uek.x86_64.rpm	ec34af07adf5020cd75c8fa573de0a58aaade0e6bbf5199f294b610c9912bd2c	ELSA-2025-20190	ol7_x86_64_UEKR4_archive
	kernel-uek-debug-devel-4.1.12-124.15.2.el7uek.x86_64.rpm	c31cb3919764253f7034e11d83d19740809f3650ad0d88f3be6e282514ca6512	ELSA-2025-20190	ol7_x86_64_UEKR4_archive
	kernel-uek-devel-4.1.12-124.15.2.el7uek.x86_64.rpm	29929434712d7e6040cc0b3846d54f8b68873554b027661551dbf6ec0cfd931c	ELSA-2025-20190	ol7_x86_64_UEKR4_archive
	kernel-uek-doc-4.1.12-124.15.2.el7uek.noarch.rpm	c2439ea8262573bb3303b6993afb9bf439204244c90321bc52841e8b09fc1418	ELSA-2025-20190	ol7_x86_64_UEKR4_archive
	kernel-uek-firmware-4.1.12-124.15.2.el7uek.noarch.rpm	ffc3e183e8483be6ec3ac822e69b349408b912d32461e7b77b9204dcd93da731	ELSA-2025-20007	ol7_x86_64_UEKR4_archive

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691