ELSA-2018-4214

ELSA-2018-4214 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2018-09-13

Description


[2.6.39-400.301.1]
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620}
- mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28505519] {CVE-2018-3620}
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk.c: prevent positive return value of walk_page_test() from being passed to callers (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620}
- mm: pagewalk: fix misbehavior of walk_page_range for vma(VM_PFNMAP) (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620}
- pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX) [Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas (Cliff Wickman) [Orabug: 28505519] {CVE-2018-3620}
- pagewalk: don't look up vma if walk->hugetlb_entry is unused (KOSAKI Motohiro) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28505519] {CVE-2018-3620}
- x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug: 28505519] {CVE-2018-3620}
- x86/mm: Move swap offset/type up in PTE to work around erratum (Dave Hansen) [Orabug: 28505519] {CVE-2018-3620}
- mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov) [Orabug: 28505519] {CVE-2018-3620}
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505519] {CVE-2018-3620}
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505519] {CVE-2018-3620}
- x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug: 28505519] {CVE-2018-3620}
- x86/cpufeature: uniquely define *IA32_ARCH_CAPS and *IBRS_ATT (Daniel Jordan) [Orabug: 28505519] {CVE-2018-3620}
- Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 28001909]
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 28001909]
- x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (David Woodhouse) [Orabug: 28001909]
- Add driver auto probing for x86 features v4 (Andi Kleen) [Orabug: 28001909]
- mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 28022110] {CVE-2018-10675}
- xen-netback: do not requeue skb if xenvif is already disconnected (Dongli Zhang) [Orabug: 28247698]
- posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner) [Orabug: 28481397] {CVE-2017-18344}


Related CVEs


CVE-2018-10675
CVE-2018-3620
CVE-2017-18344

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 5 (i386) kernel-uek-2.6.39-400.301.1.el5uek.src.rpm66f50ba548dca063e26430c052d89ea6-
kernel-uek-2.6.39-400.301.1.el5uek.i686.rpma4492572e02ea2da0c104c6a5b637997-
kernel-uek-debug-2.6.39-400.301.1.el5uek.i686.rpm0332d982f11e610e1e38dcaf2dc0c105-
kernel-uek-debug-devel-2.6.39-400.301.1.el5uek.i686.rpmdfb4104ab8f473348d8ee592b91b9581-
kernel-uek-devel-2.6.39-400.301.1.el5uek.i686.rpmab16ee501a56a558a31eb54357a95eec-
kernel-uek-doc-2.6.39-400.301.1.el5uek.noarch.rpmd20c430c0e662175ab3537296a0b2b93-
kernel-uek-firmware-2.6.39-400.301.1.el5uek.noarch.rpm6bfa6b42a343a8f3fdb91d1584ea117c-
Oracle Linux 5 (x86_64) kernel-uek-2.6.39-400.301.1.el5uek.src.rpm66f50ba548dca063e26430c052d89ea6-
kernel-uek-2.6.39-400.301.1.el5uek.x86_64.rpme6b6e5e8d1def68beced1a8755eada9d-
kernel-uek-debug-2.6.39-400.301.1.el5uek.x86_64.rpme32e534d637aa48339775656e1c53e6b-
kernel-uek-debug-devel-2.6.39-400.301.1.el5uek.x86_64.rpm5b40d6198184ac31378eb95c15ed4835-
kernel-uek-devel-2.6.39-400.301.1.el5uek.x86_64.rpmf64b072ec43bfcb5405148f0a42d4ef9-
kernel-uek-doc-2.6.39-400.301.1.el5uek.noarch.rpmd20c430c0e662175ab3537296a0b2b93-
kernel-uek-firmware-2.6.39-400.301.1.el5uek.noarch.rpm6bfa6b42a343a8f3fdb91d1584ea117c-
Oracle Linux 6 (i386) kernel-uek-2.6.39-400.301.1.el6uek.src.rpmde75b17875dad9638417e2524cba2295-
kernel-uek-2.6.39-400.301.1.el6uek.i686.rpm680887d2fc23b694df760546b897d181-
kernel-uek-debug-2.6.39-400.301.1.el6uek.i686.rpmf4ed2753acbff300d66627e6673f4004-
kernel-uek-debug-devel-2.6.39-400.301.1.el6uek.i686.rpm3129167139cd47a72982990c2c9c9e2b-
kernel-uek-devel-2.6.39-400.301.1.el6uek.i686.rpmf6041f4eec1d9fa2fe03d16e4b13577d-
kernel-uek-doc-2.6.39-400.301.1.el6uek.noarch.rpm70ba1e852333aea9fbf953b876a829a7-
kernel-uek-firmware-2.6.39-400.301.1.el6uek.noarch.rpm912aeae73dd3e880ca7ff7f0d82d4bf9-
Oracle Linux 6 (x86_64) kernel-uek-2.6.39-400.301.1.el6uek.src.rpmde75b17875dad9638417e2524cba2295-
kernel-uek-2.6.39-400.301.1.el6uek.x86_64.rpmf0b8e5e730fa37460e473c1b08580e34-
kernel-uek-debug-2.6.39-400.301.1.el6uek.x86_64.rpmdef75bbad400c853e6a42e2a4f26ac67-
kernel-uek-debug-devel-2.6.39-400.301.1.el6uek.x86_64.rpmf7bd66f965eda5092e6bc192c63d7ed6-
kernel-uek-devel-2.6.39-400.301.1.el6uek.x86_64.rpm539de421c15b58701d618a64a7188920-
kernel-uek-doc-2.6.39-400.301.1.el6uek.noarch.rpm70ba1e852333aea9fbf953b876a829a7-
kernel-uek-firmware-2.6.39-400.301.1.el6uek.noarch.rpm912aeae73dd3e880ca7ff7f0d82d4bf9-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete