ELSA-2019-3832

ELSA-2019-3832 - kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2019-11-22

Description


[4.18.0-147.0.2_1.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]

[4.18.0-147.0.2_1]
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [x86] x86/tsx: Add config options to set tsx=on|off|auto (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [x86] x86/cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] Revert 'KVM: x86/mmu: Zap only the relevant pages when removing a memslot' (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [zstream] switch to zstream (Frantisek Hrbata)


Related CVEs


CVE-2018-12207
CVE-2019-11135
CVE-2019-0154

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) kernel-4.18.0-147.0.2.el8_1.src.rpm37e2821e51b76ba9a5b9a66c573372bb-
bpftool-4.18.0-147.0.2.el8_1.aarch64.rpm4a10751c272f03431788da87a9e341d4-
kernel-4.18.0-147.0.2.el8_1.aarch64.rpm3c4f36c7b3d7352271929bb2c1b862a7-
kernel-abi-whitelists-4.18.0-147.0.2.el8_1.noarch.rpmabdd4ab4e6476e6f956612b9922f549b-
kernel-core-4.18.0-147.0.2.el8_1.aarch64.rpma1197a72cabeaea11698556880c9e4c1-
kernel-cross-headers-4.18.0-147.0.2.el8_1.aarch64.rpm15afd7e81589060a126d973db8e312c6-
kernel-debug-4.18.0-147.0.2.el8_1.aarch64.rpm90959b957d659266e503ce0f6ae24e60-
kernel-debug-core-4.18.0-147.0.2.el8_1.aarch64.rpmd6eea262949d75418df4b4005658a83c-
kernel-debug-devel-4.18.0-147.0.2.el8_1.aarch64.rpmf689cf2b60fd2da068e03a920bc0799c-
kernel-debug-modules-4.18.0-147.0.2.el8_1.aarch64.rpm8fa7b60b4d6d2eb298e1d57f21334fd7-
kernel-debug-modules-extra-4.18.0-147.0.2.el8_1.aarch64.rpm2b89cf133aa008c50f000e3bd7e91933-
kernel-devel-4.18.0-147.0.2.el8_1.aarch64.rpmb9ec624af6d6ae91647cc40e621ab204-
kernel-doc-4.18.0-147.0.2.el8_1.noarch.rpm89d58a23ecfc91f475a6d7973dbbf5c0-
kernel-headers-4.18.0-147.0.2.el8_1.aarch64.rpma53fba527d8d0efb7f30ec3bc59a4d2a-
kernel-modules-4.18.0-147.0.2.el8_1.aarch64.rpm578a15ad540affe818b875e0925e245f-
kernel-modules-extra-4.18.0-147.0.2.el8_1.aarch64.rpma79d6c91f27395ad30e4b1c43a1c9ac6-
kernel-tools-4.18.0-147.0.2.el8_1.aarch64.rpm37395430a69d1ed15a287c7cfe9be853-
kernel-tools-libs-4.18.0-147.0.2.el8_1.aarch64.rpm84ec8afc9f2271291f77c144e3815c64-
kernel-tools-libs-devel-4.18.0-147.0.2.el8_1.aarch64.rpmb25a19922dfdaafdd040ac81bd375374-
perf-4.18.0-147.0.2.el8_1.aarch64.rpm80986ad6fdfd380a01fa390bfa0cd481-
python3-perf-4.18.0-147.0.2.el8_1.aarch64.rpma925f2660ba61def8da206ecf816574f-
Oracle Linux 8 (x86_64) kernel-4.18.0-147.0.2.el8_1.src.rpm37e2821e51b76ba9a5b9a66c573372bb-
bpftool-4.18.0-147.0.2.el8_1.x86_64.rpmc529f1d7a3722c1b5808d4296715d357-
kernel-4.18.0-147.0.2.el8_1.x86_64.rpma8a274607e8aaacf760c065e993d3734-
kernel-abi-whitelists-4.18.0-147.0.2.el8_1.noarch.rpmabdd4ab4e6476e6f956612b9922f549b-
kernel-core-4.18.0-147.0.2.el8_1.x86_64.rpm728c81e11dc88922ab5148882c3a11af-
kernel-cross-headers-4.18.0-147.0.2.el8_1.x86_64.rpmaba6decfc9c379f2cecfc4980395fb37-
kernel-debug-4.18.0-147.0.2.el8_1.x86_64.rpma8cb304f09f484e36783a9e1365fa85d-
kernel-debug-core-4.18.0-147.0.2.el8_1.x86_64.rpm52623b9732878a161777c40d6c83debd-
kernel-debug-devel-4.18.0-147.0.2.el8_1.x86_64.rpm3606564966d69b395b72528c751526c4-
kernel-debug-modules-4.18.0-147.0.2.el8_1.x86_64.rpm67b22b18fda2d71836fdfe1527b06c05-
kernel-debug-modules-extra-4.18.0-147.0.2.el8_1.x86_64.rpme49952c4b94eabb9cb1c2b367176affb-
kernel-devel-4.18.0-147.0.2.el8_1.x86_64.rpmb34ad70ab901d8a9aae228aa7eec2fb0-
kernel-doc-4.18.0-147.0.2.el8_1.noarch.rpm89d58a23ecfc91f475a6d7973dbbf5c0-
kernel-headers-4.18.0-147.0.2.el8_1.x86_64.rpm313534b193be19ab1bfb941812891b5c-
kernel-modules-4.18.0-147.0.2.el8_1.x86_64.rpme189df5ee6d576a8644604adf33a38fa-
kernel-modules-extra-4.18.0-147.0.2.el8_1.x86_64.rpm7aa0ac8dd127ccfebdb2cb713b67762a-
kernel-tools-4.18.0-147.0.2.el8_1.x86_64.rpmb7ca4b04fcffb672aaba92c4a2c41ce3-
kernel-tools-libs-4.18.0-147.0.2.el8_1.x86_64.rpm25965b244c21c3860afa7b1992e310a2-
kernel-tools-libs-devel-4.18.0-147.0.2.el8_1.x86_64.rpm47884ef4236c134b8af46cefb9f1ab8f-
perf-4.18.0-147.0.2.el8_1.x86_64.rpmb7f9068e0e155ce1ea03554a9281d25f-
python3-perf-4.18.0-147.0.2.el8_1.x86_64.rpm67d510ea534805a0a6267a4d484be381-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete