ELSA-2019-4643
- ULN >
- Oracle Linux Errata repository >
- ELSA-2019-4643
ELSA-2019-4643 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2019-05-16 |
Description
[4.14.35-1844.5.3]
- x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk) [Orabug: 29721848] {CVE-2019-11091}
- x86/speculation/mds: Make mds_mitigation mutable after init (Konrad Rzeszutek Wilk) [Orabug: 29721835] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
[4.14.35-1844.5.2]
- xen: Fix x86 sched_clock() interface for xen (Juergen Gross) [Orabug: 29464437]
- x86/xen/time: Output xen sched_clock time from 0 (Pavel Tatashin) [Orabug: 29464437]
- repairing kmodstd to support cross compilation (Mark Nicholson) [Orabug: 29682406]
- xfs: don't overflow xattr listent buffer (Darrick J. Wong) [Orabug: 29697225]
[4.14.35-1844.5.1]
- x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Konrad Rzeszutek Wilk) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add boot option to enable MDS protection only while in idle (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation: Add MDS vulnerability documentation (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation: Move L1TF to separate directory (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/msr-index: Cleanup bit defines (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
file (Will Deacon) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/cpu: Sanitize FAM6_ATOM naming (Peter Zijlstra) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Simplify the CPU bug detection logic (Dominik Brodowski) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- tools include: Adopt linux/bits.h (Arnaldo Carvalho de Melo) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
[4.14.35-1844.5.0]
- swiotlb: save io_tlb_used to local variable before leaving critical section (Dongli Zhang) [Orabug: 29637519]
- swiotlb: dump used and total slots when swiotlb buffer is full (Dongli Zhang) [Orabug: 29637519]
- bonding: ratelimit no-delay interface up messages (Shamir Rabinovitch) [Orabug: 29016284]
- xen/netfront: don't bug in case of too many frags (Juergen Gross) [Orabug: 29462653]
- bnxt_en: Drop oversize TX packets to prevent errors. (Michael Chan) [Orabug: 29547792]
- xen/netfront: tolerate frags with no data (Juergen Gross) [Orabug: 29632146]
- net/mlx5: E-Switch, fix syndrome (0x678139) when turn on vepa (Huy Nguyen) [Orabug: 29455439]
- net/mlx5: E-Switch, Fix access to invalid memory when toggling esw modes (Roi Dayan) [Orabug: 29455439]
- net/mlx5: Avoid panic when setting vport mac, getting vport config (Tonghao Zhang) [Orabug: 29455439]
- net/mlx5: Support ndo bridge_setlink and getlink (Huy Nguyen) [Orabug: 29455439]
- net/mlx5: E-Switch, Add support for VEPA in legacy mode. (Huy Nguyen) [Orabug: 29455439]
- net/mlx5: Split FDB fast path prio to multiple namespaces (Paul Blakey) [Orabug: 29455439]
- net/mlx5: E-Switch, Remove unused argument when creating legacy FDB (Eli Cohen) [Orabug: 29455439]
- net/mlx5: E-switch, Create a second level FDB flow table (Chris Mi) [Orabug: 29455439]
- net/mlx5: Add cap bits for flow table destination in FDB table (Chris Mi) [Orabug: 29455439]
- net/mlx5: E-Switch, Reorganize and rename fdb flow tables (Chris Mi) [Orabug: 29455439]
- net/mlx5: Add destination e-switch owner (Shahar Klein) [Orabug: 29455439]
- net/mlx5: Properly handle a vport destination when setting FTE (Shahar Klein) [Orabug: 29455439]
- net/mlx5: E-Switch, Reload IB interface when switching devlink modes (Mark Bloch) [Orabug: 29455439]
- net/mlx5: E-Switch, Optimize HW steering tables in switchdev mode (Mark Bloch) [Orabug: 29455439]
- net/mlx5: E-Switch, Increase number of FTEs in FDB in switchdev mode (Mark Bloch) [Orabug: 29455439]
- net/mlx5: Separate ingress/egress namespaces for each vport (Gal Pressman) [Orabug: 29455439]
- net/mlx5: Fix ingress/egress naming mistake (Gal Pressman) [Orabug: 29455439]
- net/mlx5: Initialize destination_flow struct to 0 (Rabie Loulou) [Orabug: 29455439]
- USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (Hui Peng) [Orabug: 29613788] {CVE-2018-19985} {CVE-2018-19985}
- mm: hwpoison: fix thp split handing in soft_offline_in_use_page() (zhongjiang) [Orabug: 29613794] {CVE-2019-10124}
- x86/bugs, kvm: don't miss SSBD when IBRS is in use. (Mihai Carabas) [Orabug: 29642112]
Related CVEs
| CVE-2018-12130 |
| CVE-2018-12127 |
| CVE-2018-19985 |
| CVE-2019-10124 |
| CVE-2019-11091 |
| CVE-2018-12126 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 7 (aarch64) | kernel-uek-4.14.35-1844.5.3.el7uek.src.rpm | a518e25a98242ac38b9c127cf8093dee1a323d5b7b3c5b05dca3db334bb1b2a1 | ELSA-2025-20190 | ol7_aarch64_latest |
| kernel-uek-4.14.35-1844.5.3.el7uek.aarch64.rpm | 1181fe35e7b874ab39b1ae83c83913a799e36fc29b37062f6b14cc8c8e447140 | ELSA-2025-20190 | ol7_aarch64_latest | |
| kernel-uek-debug-4.14.35-1844.5.3.el7uek.aarch64.rpm | 3995ad0b228a83b4535853a7d0b65e4ea588896b55d03841c559f43f04f87214 | ELSA-2025-20190 | ol7_aarch64_latest | |
| kernel-uek-debug-devel-4.14.35-1844.5.3.el7uek.aarch64.rpm | 07cdce577369a872b8e81e480c6207814f2261ecbe717ebe3dd4e6d5bfe34c69 | ELSA-2025-20190 | ol7_aarch64_latest | |
| kernel-uek-devel-4.14.35-1844.5.3.el7uek.aarch64.rpm | 76c7518be11f2b6cbdc6608b90c2b854107d11ca3023b625f3c1e90d0ef97a40 | ELSA-2025-20190 | ol7_aarch64_latest | |
| kernel-uek-headers-4.14.35-1844.5.3.el7uek.aarch64.rpm | 422cf472aa7b8e562269a6678cbf63ed128cb1b3f2d79cce9316844b4786dae2 | ELBA-2025-20014 | ol7_aarch64_latest | |
| kernel-uek-tools-4.14.35-1844.5.3.el7uek.aarch64.rpm | 567f530bf810324761946f2d9333355e85b442298d5cf98be85caa2d11cc17b9 | ELSA-2025-20190 | ol7_aarch64_latest | |
| kernel-uek-tools-libs-4.14.35-1844.5.3.el7uek.aarch64.rpm | fe3c5ca1da0f2d377a8628dae0351dcc07738e8e44c8f793258def5ec3c992a9 | ELSA-2025-20019 | ol7_aarch64_latest | |
| kernel-uek-tools-libs-devel-4.14.35-1844.5.3.el7uek.aarch64.rpm | a5a2cd0a149080856c7a4e0d19276e650d69803b839dfa11c0a587468370a78f | ELBA-2025-20014 | ol7_aarch64_latest | |
| perf-4.14.35-1844.5.3.el7uek.aarch64.rpm | 429a22246c47eb7eb50832685a48745af69fe92c10c6749c72e38743a8e61567 | ELSA-2025-20019 | ol7_aarch64_latest | |
| python-perf-4.14.35-1844.5.3.el7uek.aarch64.rpm | 0c81d6e4c672c96eebe4893820379557e3f07a603bfaf493ab1108bec03188b0 | ELSA-2025-20019 | ol7_aarch64_latest | |
| Oracle Linux 7 (x86_64) | kernel-uek-4.14.35-1844.5.3.el7uek.src.rpm | a518e25a98242ac38b9c127cf8093dee1a323d5b7b3c5b05dca3db334bb1b2a1 | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive |
| kernel-uek-4.14.35-1844.5.3.el7uek.x86_64.rpm | 12ef381365f51e16ded5ed55a6dac03ff56e9491f24a5bfef80ff99b0ed720cc | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive | |
| kernel-uek-debug-4.14.35-1844.5.3.el7uek.x86_64.rpm | 5dc5f17393befe74624064330d6591f17afcd8ef1fd41c139b8e0a66c67c96c8 | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive | |
| kernel-uek-debug-devel-4.14.35-1844.5.3.el7uek.x86_64.rpm | 1345c010474d0f5f2963590f794df6f65ddbc6b4e25d70b9cd02d94c073bf849 | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive | |
| kernel-uek-devel-4.14.35-1844.5.3.el7uek.x86_64.rpm | 5d5ab0583cd1623942d34f20f956cb075f65dd21a0f2fb0f0b1e35aab7509922 | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive | |
| kernel-uek-doc-4.14.35-1844.5.3.el7uek.noarch.rpm | 02f25446e07c0faa6752cb7f35636e1f5c4adb7ffdd4b2244b4f435e65697ed2 | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive | |
| kernel-uek-tools-4.14.35-1844.5.3.el7uek.x86_64.rpm | 1a951b6d1cf4473d0f29792124e05c29f13c9bde07174fad3116b0ab95c014c2 | ELSA-2025-20190 | ol7_x86_64_UEKR5_archive | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
