ELSA-2019-3832

ULN >
Oracle Linux Errata repository >
ELSA-2019-3832

ELSA-2019-3832 - kernel security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2019-11-22

Description

[4.18.0-147.0.2_1.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]

[4.18.0-147.0.2_1]
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [x86] x86/tsx: Add config options to set tsx=on|off|auto (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [x86] x86/cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] Revert 'KVM: x86/mmu: Zap only the relevant pages when removing a memslot' (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [zstream] switch to zstream (Frantisek Hrbata)

Related CVEs

CVE-2018-12207

CVE-2019-11135

CVE-2019-0154

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	kernel-4.18.0-147.0.2.el8_1.src.rpm	37e2821e51b76ba9a5b9a66c573372bb	-
	kernel-tools-libs-devel-4.18.0-147.0.2.el8_1.aarch64.rpm	b25a19922dfdaafdd040ac81bd375374	-

Oracle Linux 8 (x86_64)	kernel-4.18.0-147.0.2.el8_1.src.rpm	37e2821e51b76ba9a5b9a66c573372bb	-
	bpftool-4.18.0-147.0.2.el8_1.x86_64.rpm	c529f1d7a3722c1b5808d4296715d357	-
	kernel-4.18.0-147.0.2.el8_1.x86_64.rpm	a8a274607e8aaacf760c065e993d3734	-
	kernel-abi-whitelists-4.18.0-147.0.2.el8_1.noarch.rpm	abdd4ab4e6476e6f956612b9922f549b	-
	kernel-core-4.18.0-147.0.2.el8_1.x86_64.rpm	728c81e11dc88922ab5148882c3a11af	-
	kernel-cross-headers-4.18.0-147.0.2.el8_1.x86_64.rpm	aba6decfc9c379f2cecfc4980395fb37	-
	kernel-debug-4.18.0-147.0.2.el8_1.x86_64.rpm	a8cb304f09f484e36783a9e1365fa85d	-
	kernel-debug-core-4.18.0-147.0.2.el8_1.x86_64.rpm	52623b9732878a161777c40d6c83debd	-
	kernel-debug-devel-4.18.0-147.0.2.el8_1.x86_64.rpm	3606564966d69b395b72528c751526c4	-
	kernel-debug-modules-4.18.0-147.0.2.el8_1.x86_64.rpm	67b22b18fda2d71836fdfe1527b06c05	-
	kernel-debug-modules-extra-4.18.0-147.0.2.el8_1.x86_64.rpm	e49952c4b94eabb9cb1c2b367176affb	-
	kernel-devel-4.18.0-147.0.2.el8_1.x86_64.rpm	b34ad70ab901d8a9aae228aa7eec2fb0	-
	kernel-doc-4.18.0-147.0.2.el8_1.noarch.rpm	89d58a23ecfc91f475a6d7973dbbf5c0	-
	kernel-headers-4.18.0-147.0.2.el8_1.x86_64.rpm	313534b193be19ab1bfb941812891b5c	-
	kernel-modules-4.18.0-147.0.2.el8_1.x86_64.rpm	e189df5ee6d576a8644604adf33a38fa	-
	kernel-modules-extra-4.18.0-147.0.2.el8_1.x86_64.rpm	7aa0ac8dd127ccfebdb2cb713b67762a	-
	kernel-tools-4.18.0-147.0.2.el8_1.x86_64.rpm	b7ca4b04fcffb672aaba92c4a2c41ce3	-
	kernel-tools-libs-4.18.0-147.0.2.el8_1.x86_64.rpm	25965b244c21c3860afa7b1992e310a2	-
	kernel-tools-libs-devel-4.18.0-147.0.2.el8_1.x86_64.rpm	47884ef4236c134b8af46cefb9f1ab8f	-
	perf-4.18.0-147.0.2.el8_1.x86_64.rpm	b7f9068e0e155ce1ea03554a9281d25f	-
	python3-perf-4.18.0-147.0.2.el8_1.x86_64.rpm	67d510ea534805a0a6267a4d484be381	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691