ELSA-2018-4245
- ULN >
- Oracle Linux Errata repository >
- ELSA-2018-4245
ELSA-2018-4245 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2018-10-10 |
Description
kernel-uek
[3.8.13-118.25.1]
- x86/spectre_v2: Don't check microcode versions when running under hypervisors (Konrad Rzeszutek Wilk) [Orabug: 27959785]
- rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 28552792] {CVE-2018-7492}
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664530] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664579] {CVE-2017-13695}
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour) [Orabug: 28680238]
- exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710010] {CVE-2018-14634}
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt Fleming) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: prevent positive return value of walk_page_test() from being passed to callers (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620}
- pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Move swap offset/type up in PTE to work around erratum (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620}
- mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation: sort X86_BUG_* with X86_FEATURE_* (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620}
- Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27958074]
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 27958074]
- x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (Kanth Ghatraju) [Orabug: 27958074]
- x86/cpufeatures: Add Intel feature bit for IA32_ARCH_CAPABILITIES supported (Kanth Ghatraju) [Orabug: 27958074]
Related CVEs
| CVE-2017-13695 |
| CVE-2018-16658 |
| CVE-2018-7492 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 6 (x86_64) | dtrace-modules-3.8.13-118.25.1.el6uek-0.4.5-3.el6.src.rpm | 0e8856863234bd1069f2a532649f768c | - |
| kernel-uek-3.8.13-118.25.1.el6uek.src.rpm | ffd568ee378863055dce0f5adda57945 | ELSA-2021-9215 | |
| dtrace-modules-3.8.13-118.25.1.el6uek-0.4.5-3.el6.x86_64.rpm | f502f3a19bff247e4fc39ed66e682682 | - | |
| kernel-uek-3.8.13-118.25.1.el6uek.x86_64.rpm | 4e35677525420d6b8e53e0e4efe30d87 | ELSA-2021-9215 | |
| kernel-uek-debug-3.8.13-118.25.1.el6uek.x86_64.rpm | 66e24949fbdd619bc64d4be344e61b74 | ELSA-2021-9215 | |
| kernel-uek-debug-devel-3.8.13-118.25.1.el6uek.x86_64.rpm | 0092f03f6f44e047133d46030c87f611 | ELSA-2021-9215 | |
| kernel-uek-devel-3.8.13-118.25.1.el6uek.x86_64.rpm | f8a191cb381601b30383707a33db4f6b | ELSA-2021-9215 | |
| kernel-uek-doc-3.8.13-118.25.1.el6uek.noarch.rpm | dd5eebf1bfbc6c8f2492dc4e5a37f2eb | ELSA-2021-9215 | |
| kernel-uek-firmware-3.8.13-118.25.1.el6uek.noarch.rpm | 6a72c24b05bbfdddd2ac40a8b69c0037 | ELSA-2021-9215 | |
| Oracle Linux 7 (x86_64) | dtrace-modules-3.8.13-118.25.1.el7uek-0.4.5-3.el7.src.rpm | d5a10d2d3252c8cb7f549fb08ce71dd9 | - |
| kernel-uek-3.8.13-118.25.1.el7uek.src.rpm | f428a931ccf11ec335cfce7b15fa34cb | ELSA-2021-9220 | |
| dtrace-modules-3.8.13-118.25.1.el7uek-0.4.5-3.el7.x86_64.rpm | 9bbe1eaec929dd617e8fd2950b6e74ac | - | |
| kernel-uek-3.8.13-118.25.1.el7uek.x86_64.rpm | 21a378ff8276f8d24407b755207c1860 | ELSA-2021-9220 | |
| kernel-uek-debug-3.8.13-118.25.1.el7uek.x86_64.rpm | 9e422e08d3db2e03c91e13bf27c258b7 | ELSA-2021-9220 | |
| kernel-uek-debug-devel-3.8.13-118.25.1.el7uek.x86_64.rpm | fe3a29456b23ce1a25997f433886ffae | ELSA-2021-9220 | |
| kernel-uek-devel-3.8.13-118.25.1.el7uek.x86_64.rpm | a8d64bccaaff08305a7bd95609a5e7c0 | ELSA-2021-9220 | |
| kernel-uek-doc-3.8.13-118.25.1.el7uek.noarch.rpm | 9228d6f12fa92b8ce3c1301e01209d7d | ELSA-2021-9220 | |
| kernel-uek-firmware-3.8.13-118.25.1.el7uek.noarch.rpm | c337df113e1c026ebf7351ce1fc7d5bf | ELSA-2021-9215 | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
