Stay Connected:

ELSA-2019-3832

ELSA-2019-3832 - kernel security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2019-11-22

Description


[4.18.0-147.0.2_1.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]

[4.18.0-147.0.2_1]
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [x86] x86/tsx: Add config options to set tsx=on|off|auto (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [x86] x86/cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] Revert 'KVM: x86/mmu: Zap only the relevant pages when removing a memslot' (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [zstream] switch to zstream (Frantisek Hrbata)


Related CVEs


CVE-2018-12207
CVE-2019-11135
CVE-2019-0154

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) kernel-4.18.0-147.0.2.el8_1.src.rpm3411651bc7e0e003836235990375b26f2b3e0deabd694eeaf5cb5b6db4507a04-ol8_aarch64_codeready_builder
kernel-tools-libs-devel-4.18.0-147.0.2.el8_1.aarch64.rpm5486985bca47e80691119ad200d719ed0bb77a58c75bc711c71c26030018560d-ol8_aarch64_codeready_builder
Oracle Linux 8 (x86_64) kernel-4.18.0-147.0.2.el8_1.src.rpm3411651bc7e0e003836235990375b26f2b3e0deabd694eeaf5cb5b6db4507a04-ol8_x86_64_baseos_latest
kernel-4.18.0-147.0.2.el8_1.src.rpm3411651bc7e0e003836235990375b26f2b3e0deabd694eeaf5cb5b6db4507a04-ol8_x86_64_codeready_builder
kernel-4.18.0-147.0.2.el8_1.src.rpm3411651bc7e0e003836235990375b26f2b3e0deabd694eeaf5cb5b6db4507a04-ol8_x86_64_u1_baseos_patch
bpftool-4.18.0-147.0.2.el8_1.x86_64.rpm60298d5c85dfec878456ee1a4fad54fea8d2cb52ae9b9c8a48e3503816976844-ol8_x86_64_baseos_latest
bpftool-4.18.0-147.0.2.el8_1.x86_64.rpm60298d5c85dfec878456ee1a4fad54fea8d2cb52ae9b9c8a48e3503816976844-ol8_x86_64_u1_baseos_patch
kernel-4.18.0-147.0.2.el8_1.x86_64.rpme6a790f1350fce77048c04ec5abcd2fa93fe3da5b5c11b24ec78a5eeed5cf5e6-ol8_x86_64_baseos_latest
kernel-4.18.0-147.0.2.el8_1.x86_64.rpme6a790f1350fce77048c04ec5abcd2fa93fe3da5b5c11b24ec78a5eeed5cf5e6-ol8_x86_64_u1_baseos_patch
kernel-abi-whitelists-4.18.0-147.0.2.el8_1.noarch.rpmf566ffb85203db1e7906fcb4e032ec62e346337ae563ee3f419a26563e84052c-ol8_x86_64_baseos_latest
kernel-abi-whitelists-4.18.0-147.0.2.el8_1.noarch.rpmf566ffb85203db1e7906fcb4e032ec62e346337ae563ee3f419a26563e84052c-ol8_x86_64_u1_baseos_patch
kernel-core-4.18.0-147.0.2.el8_1.x86_64.rpmde391a4d062dee19db10eafad86a76af35e529bc6833fc0c1780536efb025e49-ol8_x86_64_baseos_latest
kernel-core-4.18.0-147.0.2.el8_1.x86_64.rpmde391a4d062dee19db10eafad86a76af35e529bc6833fc0c1780536efb025e49-ol8_x86_64_u1_baseos_patch
kernel-cross-headers-4.18.0-147.0.2.el8_1.x86_64.rpm0af17c8f7dbdc987a95dfcde58577b4540ef0757014058b0b07b391f38da497c-ol8_x86_64_baseos_latest
kernel-cross-headers-4.18.0-147.0.2.el8_1.x86_64.rpm0af17c8f7dbdc987a95dfcde58577b4540ef0757014058b0b07b391f38da497c-ol8_x86_64_u1_baseos_patch
kernel-debug-4.18.0-147.0.2.el8_1.x86_64.rpme836e30837ff6dd8f28a90be069a99d910cc3e4086bac5b79a317d082b1991ad-ol8_x86_64_baseos_latest
kernel-debug-4.18.0-147.0.2.el8_1.x86_64.rpme836e30837ff6dd8f28a90be069a99d910cc3e4086bac5b79a317d082b1991ad-ol8_x86_64_u1_baseos_patch
kernel-debug-core-4.18.0-147.0.2.el8_1.x86_64.rpm4d3ddf272b50d3032740a249a23c525335f24485efebea06a595967abd74bc0f-ol8_x86_64_baseos_latest
kernel-debug-core-4.18.0-147.0.2.el8_1.x86_64.rpm4d3ddf272b50d3032740a249a23c525335f24485efebea06a595967abd74bc0f-ol8_x86_64_u1_baseos_patch
kernel-debug-devel-4.18.0-147.0.2.el8_1.x86_64.rpmd155e4fcd6a74ab7119d971a2c18346305e43ca759a4b6376c52d5cbc843a039-ol8_x86_64_baseos_latest
kernel-debug-devel-4.18.0-147.0.2.el8_1.x86_64.rpmd155e4fcd6a74ab7119d971a2c18346305e43ca759a4b6376c52d5cbc843a039-ol8_x86_64_u1_baseos_patch
kernel-debug-modules-4.18.0-147.0.2.el8_1.x86_64.rpmd96b840597fc3e0554599e3e8a588550877c7053dc79f3bee5d4997e779dda49-ol8_x86_64_baseos_latest
kernel-debug-modules-4.18.0-147.0.2.el8_1.x86_64.rpmd96b840597fc3e0554599e3e8a588550877c7053dc79f3bee5d4997e779dda49-ol8_x86_64_u1_baseos_patch
kernel-debug-modules-extra-4.18.0-147.0.2.el8_1.x86_64.rpm7f685c6fec06a54c46fd699a641347547619007f5f7d932e2819b9dd51a5f4aa-ol8_x86_64_baseos_latest
kernel-debug-modules-extra-4.18.0-147.0.2.el8_1.x86_64.rpm7f685c6fec06a54c46fd699a641347547619007f5f7d932e2819b9dd51a5f4aa-ol8_x86_64_u1_baseos_patch
kernel-devel-4.18.0-147.0.2.el8_1.x86_64.rpme084f0f8d9f769bb46c405bcca0053d1853a9e8a4ef4d3d22fa340c1899cda93-ol8_x86_64_baseos_latest
kernel-devel-4.18.0-147.0.2.el8_1.x86_64.rpme084f0f8d9f769bb46c405bcca0053d1853a9e8a4ef4d3d22fa340c1899cda93-ol8_x86_64_u1_baseos_patch
kernel-doc-4.18.0-147.0.2.el8_1.noarch.rpmc0b5483bf80d255f670feb07e611baa54ce0643e2421f2070e16667eda5f2dc2-ol8_x86_64_baseos_latest
kernel-doc-4.18.0-147.0.2.el8_1.noarch.rpmc0b5483bf80d255f670feb07e611baa54ce0643e2421f2070e16667eda5f2dc2-ol8_x86_64_u1_baseos_patch
kernel-headers-4.18.0-147.0.2.el8_1.x86_64.rpm8bdd434f58a663e7e77bde849c66de92a0e09182b007c825eaf7899deefc8fb0-ol8_x86_64_baseos_latest
kernel-headers-4.18.0-147.0.2.el8_1.x86_64.rpm8bdd434f58a663e7e77bde849c66de92a0e09182b007c825eaf7899deefc8fb0-ol8_x86_64_u1_baseos_patch
kernel-modules-4.18.0-147.0.2.el8_1.x86_64.rpm46ced908be5f08c77634fbf65544091745d391aa4d5dd2eeb2fe9a5ec082852d-ol8_x86_64_baseos_latest
kernel-modules-4.18.0-147.0.2.el8_1.x86_64.rpm46ced908be5f08c77634fbf65544091745d391aa4d5dd2eeb2fe9a5ec082852d-ol8_x86_64_u1_baseos_patch
kernel-modules-extra-4.18.0-147.0.2.el8_1.x86_64.rpmc6dd2eeeb7870b8537082a6ed148d2e21c66fffc2dd5e919bb7cccb131616a25-ol8_x86_64_baseos_latest
kernel-modules-extra-4.18.0-147.0.2.el8_1.x86_64.rpmc6dd2eeeb7870b8537082a6ed148d2e21c66fffc2dd5e919bb7cccb131616a25-ol8_x86_64_u1_baseos_patch
kernel-tools-4.18.0-147.0.2.el8_1.x86_64.rpm74f57df0555ecd97bcc4871ca6cab00870a1c8232dd2bcfbecce76553016288c-ol8_x86_64_baseos_latest
kernel-tools-4.18.0-147.0.2.el8_1.x86_64.rpm74f57df0555ecd97bcc4871ca6cab00870a1c8232dd2bcfbecce76553016288c-ol8_x86_64_u1_baseos_patch
kernel-tools-libs-4.18.0-147.0.2.el8_1.x86_64.rpm88de3ee0ec04e985f0b04b75a5489d15fb05c243db252024e7b577965f8334cd-ol8_x86_64_baseos_latest
kernel-tools-libs-4.18.0-147.0.2.el8_1.x86_64.rpm88de3ee0ec04e985f0b04b75a5489d15fb05c243db252024e7b577965f8334cd-ol8_x86_64_u1_baseos_patch
kernel-tools-libs-devel-4.18.0-147.0.2.el8_1.x86_64.rpm6c1db3de1911050641638d98ffc1e5ed3f467964850e1f829b5a78e8ce8719e7-ol8_x86_64_codeready_builder
perf-4.18.0-147.0.2.el8_1.x86_64.rpm55ad261d9c827579a6c5b5c60e68181892c52e9ba3d19f76248335b7427573c8-ol8_x86_64_baseos_latest
perf-4.18.0-147.0.2.el8_1.x86_64.rpm55ad261d9c827579a6c5b5c60e68181892c52e9ba3d19f76248335b7427573c8-ol8_x86_64_u1_baseos_patch
python3-perf-4.18.0-147.0.2.el8_1.x86_64.rpmbc4435ad052170d26a2eeb4abff4eafce86821e811e3c962aec394e1768f3330-ol8_x86_64_baseos_latest
python3-perf-4.18.0-147.0.2.el8_1.x86_64.rpmbc4435ad052170d26a2eeb4abff4eafce86821e811e3c962aec394e1768f3330-ol8_x86_64_u1_baseos_patch



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights