OVMSA-2020-0037

OVMSA-2020-0037 - kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2020-08-26

Description


[2.6.32-754.31.1.el6.OL6]
- Update genkey [bug 25599697]

[2.6.32-754.31.1.el6]
- [x86] x86/speculation: Provide SRBDS late microcode loading support (Waiman Long) [1827185] {CVE-2020-0543}
- [documentation] x86/speculation: Add Ivy Bridge to affected list (Waiman Long) [1827185] {CVE-2020-0543}
- [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add 'table' argument to cpu_matches() (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu/bugs: Convert to new matching macros (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/cpu: Add consistent CPU match macros (Waiman Long) [1827185] {CVE-2020-0543}
- [x86] x86/devicetable: Move x86 specific macro out of generic code (Waiman Long) [1827185] {CVE-2020-0543}
- [netdrv] bonding/802.3ad: fix link_failure_count tracking (Patrick Talbert) [1841819]
- [mm] mm: migration: add migrate_entry_wait_huge() (Waiman Long) [1839653]
- [powerpc] powerpc/book3s64: Fix link stack flush on context switch (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: support nospectre_v2 cmdline option (Gustavo Duarte) [1796810]
- [powerpc] powerpc/security: Fix spectre_v2 reporting (Gustavo Duarte) [1796810]
- [powerpc] powerpc/fsl: Update Spectre v2 reporting (Gustavo Duarte) [1796810]
- [powerpc] powerpc/fsl: Add nospectre_v2 command line argument (Gustavo Duarte) [1796810]
- [powerpc] powerpc/fsl: Fix spectre_v2 mitigations reporting (Gustavo Duarte) [1796810]
- [powerpc] powerpc/pseries: Query hypervisor for count cache flush settings (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Add support for software count cache flush (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Add new security feature flags for count cache flush (Gustavo Duarte) [1796810]
- [powerpc] powerpc/asm: Add a patch_site macro & helpers for patching instructions (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Make meltdown reporting Book3S 64 specific (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Call setup_barrier_nospec() from setup_arch() (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Make stf barrier PPC_BOOK3S_64 specific (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Disable the speculation barrier from the command line (Gustavo Duarte) [1796810]
- [powerpc] powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2 (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Enhance the information in cpu_show_spectre_v1() (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64: Use barrier_nospec in syscall entry (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Enable barrier_nospec based on firmware settings (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Patch barrier_nospec in modules (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Add support for ori barrier_nospec patching (Gustavo Duarte) [1796810]
- [powerpc] powerpc/64s: Add barrier_nospec (Gustavo Duarte) [1796810]
- [powerpc] powerpc: Add helper to check if offset is within relative branch range (Gustavo Duarte) [1796810]
- [powerpc] powerpc: Have patch_instruction detect faults (Gustavo Duarte) [1796810]
- [powerpc] powerpc: Introduce asm-prototypes.h (Gustavo Duarte) [1796810]
- [powerpc] powerpc: Move local setup.h declarations to arch includes (Gustavo Duarte) [1796810]

[2.6.32-754.30.1.el6]
- [net] netlabel: cope with NULL catmap (Paolo Abeni) [1827226] {CVE-2020-10711}
- [netdrv] bonding: dont set slave->link in bond_update_speed_duplex() (Patrick Talbert) [1828604]
- [security] KEYS: prevent KEYCTL_READ on negative key (Patrick Talbert) [1498368] {CVE-2017-12192}

[2.6.32-754.29.1.el6]
- [wireless] rtlwifi: Fix potential overflow on P2P code (Jarod Wilson) [1775226] {CVE-2019-17666}
- [x86] mm: revert x86_64 and arm64 ELF_ET_DYN_BASE base changes (Denys Vlasenko) [1485759]
- [powerpc] powerpc: move ELF_ET_DYN_BASE to 4GB / 4MB (Denys Vlasenko) [1485759]
- binfmt_elf: use ELF_ET_DYN_BASE only for PIE (Denys Vlasenko) [1485759]
- [powerpc] powerpc: Use generic PIE randomization (Denys Vlasenko) [1485759]

[2.6.32-754.28.1.el6]
- [netdrv] ixgbevf: Use cached link state instead of re-reading the value for ethtool (Ken Cox) [1795404]
- [isdn] mISDN: enforce CAP_NET_RAW for raw sockets (Andrea Claudi) [1779473] {CVE-2019-17055}
- [net] cfg80211: wext: avoid copying malformed SSIDs (Jarod Wilson) [1778625] {CVE-2019-17133}
- [netdrv] bonding: speed/duplex update at NETDEV_UP event (Patrick Talbert) [1772779]
- [netdrv] bonding: make speed, duplex setting consistent with link state (Patrick Talbert) [1772779]
- [netdrv] bonding: simplify / unify event handling code for 3ad mode (Patrick Talbert) [1772779]
- [netdrv] bonding: unify all places where actor-oper key needs to be updated (Patrick Talbert) [1772779]
- [netdrv] bonding: simple code refactor (Patrick Talbert) [1772779]

[2.6.32-754.27.1.el6]
- [mm] mempolicy: fix a memory corruption by refcount imbalance in alloc_pages_vma() (Waiman Long) [1785321]

[2.6.32-754.26.1.el6]
- [s390] scsi: zfcp: fix reaction on bit error threshold notification (Philipp Rudo) [1764544]
- [drm] vmwgfx: refuse to hibernate if we have any resources v2 (Kenneth Yin) [1748195]
- [fs] CIFS: avoid using MID 0xFFFF (Leif Sahlberg) [1739948]

[2.6.32-754.25.1.el6]
- [kvm] KVM: VMX: Set VMENTER_L1D_FLUSH_NOT_REQUIRED if !X86_BUG_L1TF (Waiman Long) [1733760]
- [virt] KVM: coalesced_mmio: add bounds checking (Bandan Das) [1746799] {CVE-2019-14821}
- [virt] KVM: MMIO: Lock coalesced device when checking for available entry (Bandan Das) [1746799] {CVE-2019-14821}
- [scsi] scsi: bnx2fc: Handle scope bits when array returns BUSY or TSF (Nilesh Javali) [1749512]
- [scsi] scsi: bnx2fc: remove set but not used variables 'task', 'port', 'orig_task' (Nilesh Javali) [1749512]
- [scsi] scsi: bnx2fc: remove set but not used variables 'lport', 'host' (Nilesh Javali) [1749512]
- [security] KEYS: prevent creating a different users keyrings (David Howells) [1537371]
- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [kvm] KVM: introduce no_huge_pages module parameter (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1692385] {CVE-2018-12207}
- [x86] x86/spec_ctrl/taa: Enable TAA status change after late microcode (Waiman Long) [1766531] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766531] {CVE-2019-11135}
- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766531] {CVE-2019-11135}
- [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Denys Vlasenko) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756824] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756824] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/gtt: Disable read-only support under GVT (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] erm/i915/gtt: Read-only pages for insert_entries on bdw+ (Dave Airlie) [1756891] {CVE-2019-0155}
- [drm] drm/i915/gtt: Add read only pages to gen8_pte_encode (Dave Airlie) [1756891] {CVE-2019-0155}

[2.6.32-754.24.1.el6]
- [net] ip: Dont leak head fragment on queue timeout (Stefano Brivio) [1752536]
- [vhost] vhost_net: fix possible infinite loop (Eugenio Perez) [1702941]
- [vhost] vhost: introduce vhost_exceeds_weight() (Eugenio Perez) [1702941]
- [vhost] vhost_net: introduce vhost_exceeds_weight() (Eugenio Perez) [1702941]
- [vhost] vhost_net: use packet weight for rx handler, too (Eugenio Perez) [1702941]
- [vhost] vhost-net: set packet weight of tx polling to 2 * vq size (Eugenio Perez) [1702941]
- [x86] x86/pti: Fix incorrect global bit setting with PTI on (Waiman Long) [1645724]
- [x86] spec_ctrl: disable IBRS in idle, part 2 (Rafael Aquini) [1560787]

[2.6.32-754.23.1.el6]
- [vhost] vhost: make sure log_num < in_num (Eugenio Perez) [1750869 1750869] {CVE-2019-14835}

[2.6.32-754.22.1.el6]
- Rebuild

[2.6.32-754.21.1.el6]
- [scsi] scsi: megaraid_sas: return error when create DMA pool failed (Tomas Henzl) [1712858] {CVE-2019-11810}
- [net] net: Set sk_prot_creator when copying sockets to the right proto (Andrea Claudi) [1657117] {CVE-2018-9568}

[2.6.32-754.20.1.el6]
- [x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations (Waiman Long) [1724512] {CVE-2019-1125}
- [x86] x86/speculation: Enable Spectre v1 swapgs mitigations (Waiman Long) [1724512] {CVE-2019-1125}

[2.6.32-754.19.1.el6]
- [net] tcp: be more careful in tcp_fragment() (Marcelo Leitner) [1732107]
- [net] tcp: refine memory limit test in tcp_fragment() (Florian Westphal) [1728931]

[2.6.32-754.18.1.el6]
- [virt] xenbus: dont look up transaction IDs for ordinary writes (Vitaly Kuznetsov) [1663262]
- [virt] xenbus: dont BUG() on user mode induced condition (Vitaly Kuznetsov) [1663262]
- [virt] xenbus: Add proper handling of XS_ERROR from Xenbus for transactions (Vitaly Kuznetsov) [1663262]
- [fs] proc: restrict kernel stack dumps to root (Denys Vlasenko) [1638193] {CVE-2018-17972}
- [crypto] salsa20 - fix blkcipher_walk API usage (Bruno Eduardo de Oliveira Meneguele) [1543984]
- [mm] vmscan: do not loop on too_many_isolated for ever (Rafael Aquini) [1658254]
- [x86] spec_ctrl: Dont report the use of retpoline on Skylake as vulnerable (Waiman Long) [1666102]
- [mm] try harder to allocate vmemmap blocks (Rafael Aquini) [1591394]
- [v4l] dvb: revert spectre v1 mitigation (Josh Poimboeuf) [1647975]
- [fs] binfmt_misc.c: do not allow offset overflow (Bill ODonnell) [1710149]
- [x86] pti: Dont use PCID and INVPCID in x86-32 (Waiman Long) [1702782]
- [mm] mincore.c: make mincore() more conservative (Rafael Aquini) [1664197] {CVE-2019-5489}
- [x86] spec: Move retp_compiler() inline function to bugs.c (Waiman Long) [1722185]

[2.6.32-754.17.1.el6]
- [net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Florian Westphal) [1719614] {CVE-2019-11479}
- [net] tcp: add tcp_min_snd_mss sysctl (Florian Westphal) [1719614] {CVE-2019-11479}
- [net] tcp: tcp_fragment() should apply sane memory limits (Florian Westphal) [1719840] {CVE-2019-11478}
- [net] tcp: limit payload size of sacked skbs (Florian Westphal) [1719585] {CVE-2019-11477}
- [net] tcp: pass previous skb to tcp_shifted_skb() (Florian Westphal) [1719585] {CVE-2019-11477}
- [lib] idr: free the top layer if idr tree has the maximum height (Denys Vlasenko) [1698139] {CVE-2019-3896}
- [lib] idr: fix top layer handling (Denys Vlasenko) [1698139] {CVE-2019-3896}
- [lib] idr: fix backtrack logic in idr_remove_all (Denys Vlasenko) [1698139] {CVE-2019-3896}

[2.6.32-754.16.1.el6]
- [virt] xenbus: Fix memory leak on release (Vitaly Kuznetsov) [1661666]
- [fs] dcache: fix locking around setting DCACHE_SHRINKING flag (Miklos Szeredi) [1672269]
- [x86] KVM: SVM: Selective cr0 intercept (Wei Huang) [1655873]
- [x86] KVM: SVM: Restore unconditional cr0 intercept under npt (Wei Huang) [1655873]

[2.6.32-754.15.1.el6]
- [x86] x86/speculation: Dont print MDS_MSG_SMT message if mds_nosmt specified (Waiman Long) [1710081 1710517]
- [x86] x86/spec_ctrl: Fix incorrect MDS handling in late microcode loading (Waiman Long) [1710081 1710517]
- [x86] x86/speculation: Fix misuse of boot_cpu_has() with bug bits (Waiman Long) [1710121]
- [x86] x86/speculation/mds: Fix documentation typo (Waiman Long) [1710517]
- [documentation] Documentation: Correct the possible MDS sysfs values (Waiman Long) [1710517]
- [x86] x86/mds: Add MDSUM variant to the MDS documentation (Waiman Long) [1710517]
- [x86] x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Waiman Long) [1710517]
- [x86] x86/speculation/mds: Fix comment (Waiman Long) [1710517]
- [x86] x86/speculation/mds: Add SMT warning message (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mds=full, nosmt cmdline option (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Remove redundant arch_smt_update() invocation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/spec_ctrl: Add debugfs x86/smt_present file (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/spec_ctrl: Update MDS mitigation status after late microcode load (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [documentation] Documentation: Add MDS vulnerability documentation (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [documentation] Documentation: Move L1TF to separate directory (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mitigation mode VMWERV (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add sysfs reporting for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mitigation control for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kvm] x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Clear CPU buffers on exit to user (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add mds_clear_cpu_buffers() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kvm] x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add BUG_MSBDS_ONLY (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation/mds: Add basic bug infrastructure for MDS (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Consolidate CPU whitelists (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/l1tf: Show actual SMT state (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/cpu: Sanitize FAM6_ATOM naming (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [kernel] sched/smt: Provide sched_smt_active() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/speculation: Provide arch_smt_update() (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}
- [x86] x86/mm: Fix compilation warning in pgtable_types.h (Waiman Long) [1692386 1692387 1692388] {CVE-2018-12126 CVE-2018-12127 CVE-2018-12130}

[2.6.32-754.14.1.el6]
- [s390] kernel: Add crypto card toleration support (Hendrik Brueckner) [1695496]

[2.6.32-754.13.1.el6]
- [fs] ext4: Fix data corruption caused by unaligned direct AIO (Lukas Czerner) [1686170]

[2.6.32-754.12.1.el6]
- [x86] vDSO: Dont generate retpoline for indirect call (Waiman Long) [1638552]
- [fs] cifs: fix reparse point/symlink breakage (Leif Sahlberg) [1636484]
- [scsi] qla2xxx: Mask off Scope bits in retry delay (Himanshu Madhani) [1588133]
- [net] tcp: make tcp_retransmit_timer a no-op on empty write queue (Paolo Abeni) [1585892]
- [kernel] sched/sysctl: Check user input value of sysctl_sched_time_avg (Lauro Ramos Venancio) [1579128]
- [fs] Fix up non-directory creation in SGID directories (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] hugetlbfs: switch to inode_init_owner() (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] udf: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ubifs: replace inode uid, gid, mode initialization with helper function (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ramfs: replace inode uid, gid, mode initialization with helper function (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ext4: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ext3: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] ext2: replace inode uid, gid, mode init with helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] btrfs: replace inode uid, gid, mode initialization with helper function (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [fs] vfs: Add inode uid,gid,mode init helper (Miklos Szeredi) [1600951] {CVE-2018-13405}
- [s390] kernel: adapt to changed CPU vulnerabilities function prototypes (Hendrik Brueckner) [1625381]
- [s390] detect etoken facility (Hendrik Brueckner) [1625381]
- [s390] Correct register corruption in critical section cleanup (Hendrik Brueckner) [1625381]
- [s390] remove indirect branch from do_softirq_own_stack (Hendrik Brueckner) [1625381]
- [s390] move spectre sysfs attribute code (Hendrik Brueckner) [1625381]
- [s390] kernel: use expoline for indirect branches (Hendrik Brueckner) [1625381]
- [s390] ftrace: use expoline for indirect branches (Hendrik Brueckner) [1625381]
- [s390] move expoline assembler macros to a header (Hendrik Brueckner) [1625381]
- [s390] correct module section names for expoline code revert (Hendrik Brueckner) [1625381]
- [x86] speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Oleksandr Natalenko) [1670328]
- [perf] Fix a race between ring_buffer_detach() and ring_buffer_attach() (Jiri Olsa) [1589340]
- [perf] Fix mmap() accounting hole (Jiri Olsa) [1627672]
- [perf] Fix perf mmap bugs (Jiri Olsa) [1627672]

[2.6.32-754.11.1.el6]
- [x86] mm/fault: Allow stack access below rsp (Waiman Long) [1644401]
- [sound] alsa: rawmidi: Change resized buffers atomically (Denys Vlasenko) [1593083] {CVE-2018-10902}

[2.6.32-754.10.1.el6]
- [net] sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close (Xin Long) [1646405]
- [x86] kvm: Update cpuid properly when CR4.OSXAVE or CR4.PKE is changed (Wei Huang) [1425051]
- [mm] mempolicy: migrate_to_node should only migrate to node (Rafael Aquini) [1577094]
- [mm] vmscan: avoid possible deadlock caused by too_many_isolated() (Rafael Aquini) [1577094]
- [fs] seqfile: always allow oom killer (Rodrigo Freire) [1632434]
- [fs] seq_file: fallback to vmalloc instead of oom kill processes (Rodrigo Freire) [1632434]
- [fs] seq_file: fallback to vmalloc allocation (Rodrigo Freire) [1632434]
- [fs] proc/stat: convert to single_open_size() (Rodrigo Freire) [1632434]
- [fs] seq_file: always clear m->count when we free m->buf (Rodrigo Freire) [1632434]
- [fs] seq_file: single_open_size() new helper (Rodrigo Freire) [1632434]
- [fs] stat: Use size_t for sizes instead of unsigned (Rodrigo Freire) [1632434]
- [fs] proc: speed up /proc/stat handling (Rodrigo Freire) [1632434]

[2.6.32-754.9.1.el6]
- [block] make sure queue_lock is held when setting flag (Ming Lei) [1650024]

[2.6.32-754.8.1.el6]
- [block] fix warning on lockdep_assert_held(q->queue_lock) (Ming Lei) [1624747]
- [kvm] vmx: fix vmwrite to invalid VMCS (Radim Krcmar) [1602011]

[2.6.32-754.7.1.el6]
- [s390] cio: update chpid descriptor after resource accessibility event (Hendrik Brueckner) [1574471]
- [s390] af_iucv: enable control sends in case of SEND_SHUTDOWN (Hendrik Brueckner) [1559048]
- [s390] qeth: repair SBAL elements calculation (Hendrik Brueckner) [1559021]
- [kvm] VMX: fixes for vmentry_l1d_flush module parameter (Marcelo Tosatti) [1628796]
- [x86] speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Marcelo Tosatti) [1628796]
- [x86] KVM: VMX: skip L1TF flush on VM-entry if EPT is disabled (Marcelo Tosatti) [1616397]
- [fs] exec: Limit arg stack to at most 75 of _STK_LIM (Yauheni Kaliuta) [1625976] {CVE-2018-14634}
- [fs] exec.c: account for argv/envp pointers (Yauheni Kaliuta) [1625976] {CVE-2018-14634}

[2.6.32-754.6.1.el6]
- [x86] set __max_smt_threads for 1 core systems (Prarit Bhargava) [1623255]
- [md] dm rq: fix a race condition in rq_completed() (Ming Lei) [1574568]
- [scsi] scsi_transport_fc: Hold queue lock while calling blk_run_queue_async() (Ming Lei) [1574568]
- [block] Avoid scheduling delayed work on a dead queue (Ming Lei) [1574568]
- [block] Avoid that request_fn is invoked on a dead queue (Ming Lei) [1574568]
- [block] Let blk_drain_queue() caller obtain the queue lock (Ming Lei) [1574568]
- [block] Rename queue dead flag (Ming Lei) [1574568]

[2.6.32-754.5.1.el6]
- [s390] dasd: fix IO error for newly defined devices (Hendrik Brueckner) [1574448]
- [s390] dasd: fix failing path verification (Hendrik Brueckner) [1581684]
- [s390] qeth: on channel error, reject further cmd requests (Hendrik Brueckner) [1562009]
- [s390] qdio: fix access to uninitialized qdio_q fields (Hendrik Brueckner) [1581685]
- [powerpc] stf-barrier: update (rfi_)enabled_flush_types as in upstream (Gustavo Duarte) [1585299]
- [powerpc] stf-barrier: update debugfs as in upstream (Gustavo Duarte) [1585299]
- [powerpc] stf-barrier: update handle_ssbd() as in upstream (Gustavo Duarte) [1585299]
- [powerpc] stf-barrier: update stf_barrier_enable() as in upstream (Gustavo Duarte) [1585299]
- [powerpc] stf-barrier: add cpu_show_spec_store_bypass() as in upstream (Gustavo Duarte) [1585299]
- [powerpc] stf-barrier: add comment as in upstream (Gustavo Duarte) [1585299]
- [powerpc] stf-barrier: move code from setup_64.c to security.c as in upstream (Gustavo Duarte) [1585299]
- [powerpc] stf-barrier: move code from setup.h to security_features.h as in upstream (Gustavo Duarte) [1585299]
- [powerpc] stf-barrier: update fallback routine as in upstream (Gustavo Duarte) [1585299]
- [powerpc] stf-barrier: update entry barrier slot as in upstream (Gustavo Duarte) [1585299]
- [x86] Add host_initiated check in reading MSR_AMD64_VIRT_SPEC_CTRL (Wei Huang) [1608576]
- [x86] KVM: pass host_initiated to functions that read MSRs (Wei Huang) [1608576]
- [fs] gfs2: Special-case rindex for gfs2_grow (Robert S Peterson) [1384184]
- [fs] Revert '[fs] gfs2: Special case the rindex in gfs2_write_alloc_required()' (Robert S Peterson) [1384184]
- [net] ip: process in-order fragments efficiently (Stefano Brivio) [1613925] {CVE-2018-5391}
- [net] ip: add helpers to process in-order fragments faster. (Stefano Brivio) [1613925] {CVE-2018-5391}
- [net] ipv6: defrag: drop non-last frags smaller than min mtu (Stefano Brivio) [1613925] {CVE-2018-5391}
- [net] ip: use rb trees for IP frag queue. (Stefano Brivio) [1613925] {CVE-2018-5391}
- [net] ip: discard IPv4 datagrams with overlapping segments. (Stefano Brivio) [1613925] {CVE-2018-5391}
- [net] net: modify skb_rbtree_purge to return the truesize of all purged skbs. (Stefano Brivio) [1613925] {CVE-2018-5391}
- [net] net: speed up skb_rbtree_purge() (Stefano Brivio) [1613925] {CVE-2018-5391}
- [net] skbuff: Rename RHEL6 version of skb_tree_purge() to skb_tree_purge_sk() (Stefano Brivio) [1613925] {CVE-2018-5391}

[2.6.32-754.4.1.el6]
- [kernel] cpu/hotplug: Enable 'nosmt' as late as possible (Frantisek Hrbata) [1593376] {CVE-2018-3620}
- [x86] x86/mm: Simplify p[g4um]d_page() macros (Josh Poimboeuf) [1593376] {CVE-2018-3620}
- [x86] x86/mm: Fix regression with huge pages on PAE (Josh Poimboeuf) [1593376] {CVE-2018-3620}
- [x86] x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Josh Poimboeuf) [1593376] {CVE-2018-3620}
- [x86] x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Josh Poimboeuf) [1593376] {CVE-2018-3620}
- [x86] x86/asm: Move PUD_PAGE macros to page_types.h (Josh Poimboeuf) [1593376] {CVE-2018-3620}
- [net] tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] tcp: avoid collapses in tcp_prune_queue() if possible (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] tcp: free batches of packets in tcp_prune_ofo_queue() (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] add rb_to_skb() and other rb tree helpers (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] tcp: fix a stale ooo_last_skb after a replace (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] tcp: use an RB tree for ooo receive queue (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] add rbnode to struct sk_buff (Florian Westphal) [1611376] {CVE-2018-5390}
- [net] tcp: refine tcp_prune_ofo_queue() to not drop all packets (Florian Westphal) [1611376] {CVE-2018-5390}
- [x86] syscall: Fix regression when using the last syscall (process_vm_writev) (Lauro Ramos Venancio) [1589032] {CVE-2018-3693}
- [x86] syscall: Fix regression on strace and stap (Lauro Ramos Venancio) [1589032] {CVE-2018-3693}
- [kvm] VMX: Fix host GDT.LIMIT corruption (CVE-2018-10301) (Paolo Bonzini) [1601851] {CVE-2018-10901}
- [x86] Initialize __max_smt_threads to 1 (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: detect SMT disabled by BIOS (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] topology: Add topology_max_smt_threads() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Fix incorrect error return code in vm_insert_pfn() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Initialize the vmx_l1d_flush_pages content (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] kvm: Dont flush L1D cache if VMENTER_L1D_FLUSH_NEVER (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] kvm: Take out the unused nosmt module parameter (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] mm/dump_pagetables: Add a check_l1tf debugfs file (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation for 32-bit PAE (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect swap entries aganst L1TF for 32-bit PAE (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu: Make flush_l1d visible in /proc/cpuinfo (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] l1tf: protect _PAGE_FILE PTEs against speculation (Waiman Long) [1593376] {CVE-2018-3620}
- [Documentation] Add section about CPU vulnerabilities (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] bugs, kvm: Introduce boot-time control of L1TF mitigations (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: Expose SMT control init function (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] kvm: Allow runtime control of L1D flush (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] kvm: Serialize L1D flush parameter setter (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] kvm: Move l1tf setup function (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] l1tf: Handle EPT disabled state proper (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] kvm: Drop L1TF MSR list approach (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] litf: Introduce vmx status variable (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: Online siblings when SMT control is turned on (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Add find_msr() helper function (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Add L1D flush logic (Waiman Long) [1593376] {CVE-2018-3620}
- [kvm] VMX: Make indirect call speculation safe (Waiman Long) [1593376] {CVE-2018-3620}
- [kvm] VMX: Enable acknowledge interupt on vmexit (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Add L1D MSR based flush (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Add L1D flush algorithm (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM/VMX: Add module argument for L1TF mitigation (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Waiman Long) [1593376] {CVE-2018-3620}
- [kvm] x86: Introducing kvm_x86_ops VM init/destroy hooks (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: Boot HT siblings at least once (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] Revert 'x86/apic: Ignore secondary threads if nosmt=force' (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Fix up pte->pfn conversion for PAE (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpufeatures: Add detection of L1D cache flush support. (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Extend 64bit swap file size limit (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] apic: Ignore secondary threads if nosmt=force (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu/AMD: Evaluate smp_num_siblings early (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu/intel: Evaluate smp_num_siblings early (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu/topology: Provide detect_extended_topology_early() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu/common: Provide detect_ht_early() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu/AMD: Remove the pointless detect_ht() call (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu: Remove the pointless CPU printout (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: Provide knobs to control SMT (Waiman Long) [1593376] {CVE-2018-3620}
- [kernel] cpu/hotplug: Split do_cpu_down() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] topology: Provide topology_smt_supported() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] smp: Provide topology_is_primary_thread() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] bugs: Move the l1tf function and define pr_fmt properly (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Limit swap file size to MAX_PA/2 (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Add sysfs reporting for l1tf (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect PROT_NONE PTEs against speculation (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Protect swap entries against L1TF (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Change order of offset/type in swap entry (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] cpu: Fix incorrect vulnerabilities files function prototypes (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] bugs: Export the internal __cpu_bugs variable (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] spec_ctrl: sync with upstream cpu_set_bug_bits() (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] intel-family.h: Add GEMINI_LAKE SOC (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] mm: Fix swap entry comment and macro (Waiman Long) [1593376] {CVE-2018-3620}
- [x86] mm: Move swap offset/type up in PTE to work around erratum (Waiman Long) [1593376] {CVE-2018-3620}

[2.6.32-754.3.1.el6]
- [infiniband] ib/iser: Rewrite bounce buffer code path (Don Dutile) [1585312]
- [sound] alsa: pcm: prevent UAF in snd_pcm_info (CVE-2017-0861) (Jaroslav Kysela) [1565188] {CVE-2017-0861}
- [sound] alsa: seq: Fix racy pool initializations (Jaroslav Kysela) [1550176] {CVE-2018-7566}
- [sound] alsa: seq: Fix use-after-free at creating a port (Jaroslav Kysela) [1503383] {CVE-2017-15265}
- [sound] alsa: seq: Make ioctls race-free (Jaroslav Kysela) [1537452] {CVE-2018-1000004}
- [mm] reduce total RAM held in per-CPU pvecs by flushing them on compound/THP page arrival (Larry Woodman) [1575819]
- [usb] acm: fix the computation of the number of data bits (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [misc] spectre: fix gadgets found by smatch scanner, part 2 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] kvm/vmx: Remove barrier_nospec() in slot_largepage_idx() (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [kvm] Remove memory alias support (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [misc] spectre: fix gadgets found by smatch scanner (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [sound] alsa: rme9652: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [sound] alsa: opl3: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [sound] alsa: hda: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [sound] alsa: seq: oss: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [sound] alsa: seq: oss: Fix unbalanced use lock for synth MIDI device (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [net] atm: Fix potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [kernel] posix-timers: Protect posix clock array access against speculation (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [kernel] sys.c: fix potential Spectre v1 issue (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [kernel] sched/autogroup: Fix possible Spectre-v1 indexing for sched_prio_to_weight[] (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [kernel] perf/core: Fix possible Spectre-v1 indexing for ->aux_pages[] (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [ipc] sysvipc/sem: mitigate semnum index against spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [sound] alsa: control: Hardening for potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [media] dvb_ca_en50221: prevent using slot_info for Spectre attacs (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- media] dvb_ca_en50221: sanity check slot number from userspace (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [atm] zatm: Fix potential Spectre v1 (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] perf: Fix possible Spectre-v1 indexing for x86_pmu::event_map() (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] perf: Fix possible Spectre-v1 indexing for hw_perf_event cache_* (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [net] nl80211: Sanitize array index in parse_txq_params (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [include] vfs, fdtable: Prevent bounds-check bypass via speculative execution (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] syscall: Sanitize syscall table de-references under speculation (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [powerpc] Use barrier_nospec in copy_from_user() (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [include] nospec: Introduce barrier_nospec for other arches (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] Introduce barrier_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] spectre_v1: Disable compiler optimizations over array_index_mask_nospec() (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] Implement array_index_mask_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [documentation] Document array_index_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693}
dependency (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [include] nospec: Allow index argument to have const-qualified type (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [include] nospec: Kill array_index_nospec_mask_check() (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [include] nospec: Move array_index_nospec() parameter checking into separate macro (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [include] array_index_nospec: Sanitize speculative array de-references (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] get_user: Use pointer masking to limit speculation (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] Introduce __uaccess_begin_nospec() and uaccess_try_nospec (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] reorganize SMAP handling in user space accesses (Josh Poimboeuf) [1589032] {CVE-2018-3693}
- [x86] uaccess: Tell the compiler that uaccess is unlikely to fault (Josh Poimboeuf) [1589032] {CVE-2018-3693}


Related CVEs


CVE-2019-18660

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle VM 3.4 (x86_64) kernel-2.6.32-754.31.1.el6.src.rpm113969dcfac7047938e92da2b4ed8ffc-
kernel-headers-2.6.32-754.31.1.el6.x86_64.rpm06d1b667fef829dac1bfaa915a9a65b0-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete