ELSA-2018-4245

ULN >
Oracle Linux Errata repository >
ELSA-2018-4245

ELSA-2018-4245 - Unbreakable Enterprise kernel security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2018-10-10

Description

kernel-uek
[3.8.13-118.25.1]
- x86/spectre_v2: Don't check microcode versions when running under hypervisors (Konrad Rzeszutek Wilk) [Orabug: 27959785]
- rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 28552792] {CVE-2018-7492}
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664530] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664579] {CVE-2017-13695}
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour) [Orabug: 28680238]
- exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710010] {CVE-2018-14634}
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt Fleming) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: prevent positive return value of walk_page_test() from being passed to callers (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620}
- pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Move swap offset/type up in PTE to work around erratum (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620}
- mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation: sort X86_BUG_* with X86_FEATURE_* (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620}
- Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27958074]
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 27958074]
- x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (Kanth Ghatraju) [Orabug: 27958074]
- x86/cpufeatures: Add Intel feature bit for IA32_ARCH_CAPABILITIES supported (Kanth Ghatraju) [Orabug: 27958074]

Related CVEs

CVE-2018-7492

CVE-2017-13695

CVE-2018-16658

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 6 (x86_64)	dtrace-modules-3.8.13-118.25.1.el6uek-0.4.5-3.el6.src.rpm	ff86db611bcbfeb3c8ee9dba0296747f580e87473e9c5a36a4a2f7ddd7ed7f0c	-	ol6_x86_64_UEKR3_latest
	kernel-uek-3.8.13-118.25.1.el6uek.src.rpm	357ac24e837648f45bc672f620a3418e255cfb042fb391341fa1aa46d9004fda	ELSA-2025-20007	ol6_x86_64_UEKR3_latest
	dtrace-modules-3.8.13-118.25.1.el6uek-0.4.5-3.el6.x86_64.rpm	d865264d113386541d917a900aa32ad5d2795ac70a380a9626639a6bad850ecc	-	ol6_x86_64_UEKR3_latest
	kernel-uek-3.8.13-118.25.1.el6uek.x86_64.rpm	0c5d38197887536c2fea2f6a5f8cbda9acad73e07949d1a06c5515842e9f0094	ELSA-2025-20007	ol6_x86_64_UEKR3_latest
	kernel-uek-debug-3.8.13-118.25.1.el6uek.x86_64.rpm	cb8c80ee7c21780a442e7958f652310f2a0d6c8fa358950734720eb78cce0ad2	ELSA-2025-20007	ol6_x86_64_UEKR3_latest
	kernel-uek-debug-devel-3.8.13-118.25.1.el6uek.x86_64.rpm	59bf41c94e1974552a45fa41fa65b80d94c431b067cdfc142de0d78cdef81ed1	ELSA-2025-20007	ol6_x86_64_UEKR3_latest
	kernel-uek-devel-3.8.13-118.25.1.el6uek.x86_64.rpm	14417df93df566bfc71e978e49e61228a0daedc57a8cf3c5842074d3ab582e36	ELSA-2025-20007	ol6_x86_64_UEKR3_latest
	kernel-uek-doc-3.8.13-118.25.1.el6uek.noarch.rpm	6a0fe4ba635916c2eef4883392250a692dcf75c2ce4769d8c0f657736f39254c	ELSA-2025-20007	ol6_x86_64_UEKR3_latest
	kernel-uek-firmware-3.8.13-118.25.1.el6uek.noarch.rpm	e96bf88a24525f04de209f5b24d9eee99e0a25ad2354ca4718f10e058db0a3bf	ELSA-2025-20007	ol6_x86_64_UEKR3_latest

Oracle Linux 7 (x86_64)	dtrace-modules-3.8.13-118.25.1.el7uek-0.4.5-3.el7.src.rpm	db915ee65690ffe1a7eafda65ba90d1a6764f6a2a991fd98bed0a6e1e3ffa7df	-	ol7_x86_64_UEKR3
	kernel-uek-3.8.13-118.25.1.el7uek.src.rpm	20c6f51baa3270a2e183d5e347e50af50ff055e25ccd181a369536dd911bee2e	ELSA-2025-20190	ol7_x86_64_UEKR3
	dtrace-modules-3.8.13-118.25.1.el7uek-0.4.5-3.el7.x86_64.rpm	2090c0c942159979950f66246205f0c4026b23e5b507d4f01bf6104bf3c5dd74	-	ol7_x86_64_UEKR3
	kernel-uek-3.8.13-118.25.1.el7uek.x86_64.rpm	8a35309b57b124732b4a3ac5304bae77b561b588722f6d04ec80b2be3e5a0195	ELSA-2025-20190	ol7_x86_64_UEKR3
	kernel-uek-debug-3.8.13-118.25.1.el7uek.x86_64.rpm	1b4bfc17b5df433eddfa549f0507d2a82e20e4a208512cd4b12db32182d63193	ELSA-2025-20190	ol7_x86_64_UEKR3
	kernel-uek-debug-devel-3.8.13-118.25.1.el7uek.x86_64.rpm	e9797c7de0c28142e7412c3d07f83eeb576302137c7689dfb8ed9cd8b8102f6e	ELSA-2025-20190	ol7_x86_64_UEKR3
	kernel-uek-devel-3.8.13-118.25.1.el7uek.x86_64.rpm	fdcfa95659ef537744cf55283eb0d68679b3ff384834558f3e36e3de0f03fb55	ELSA-2025-20190	ol7_x86_64_UEKR3
	kernel-uek-doc-3.8.13-118.25.1.el7uek.noarch.rpm	4f935880fbc73756c18ab8046e5c6f025df145023def3e4b280fbabb743ba7ff	ELSA-2025-20190	ol7_x86_64_UEKR3
	kernel-uek-firmware-3.8.13-118.25.1.el7uek.noarch.rpm	363d84b66866cd3a0b90cd6ee86c35d2ed26fa870160d38d0b7563ee12d7d76d	ELSA-2025-20007	ol7_x86_64_UEKR3

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691