1. Home
  2. Security Advisories
  3. Oracle Linux
  4. ELSA-2018-1319

[ELSA-2018-1319] kernel security and bug fix update

Severity Important
Affected Packages 10
CVEs 6
Info Packages References Vulnerabilities

[2.6.32-696.28.1.OL6]
- Update genkey [bug 25599697]

[2.6.32-696.28.1]
- [x86] entry/64: Don't use IST entry for #BP stack (Waiman Long) [1567078 1567079] {CVE-2018-8897}
- [x86] xen: do not use xen_info on HVM, set pv_info name to 'Xen HVM' (Vitaly Kuznetsov) [1569141 1568241]

[2.6.32-696.27.1]
- [mm] account skipped entries to avoid looping in find_get_pages (Dave Wysochanski) [1565989 1559386]
- [x86] pti/32: Don't use trampoline stack on Xen PV (Waiman Long) [1568327 1562725]
- [x86] pti: Use boot_cpu_has(X86_FEATURE_PTI_SUPPORT) for early call sites (Waiman Long) [1568327 1562725]
- [x86] pti: Set X86_FEATURE_PTI_SUPPORT early (Waiman Long) [1568327 1562725]
- [x86] pti: Rename X86_FEATURE_NOPTI to X86_FEATURE_PTI_SUPPORT (Waiman Long) [1568327 1562725]
- [x86] pti/32: Fix setup_trampoline_page_table() bug (Waiman Long) [1568327 1562725]
- [x86] entry: Remove extra argument in call instruction (Waiman Long) [1568332 1562552]
- [x86] syscall: Fix ia32_ptregs handling bug in 64-bit kernel (Waiman Long) [1568332 1562552]
- [x86] efi/64: Align efi_pgd on even page boundary (Waiman Long) [1568535 1558845]
- [x86] pgtable/pae: Revert 'Use separate kernel PMDs for user page-table' (Waiman Long) [1568535 1558845]
- [x86] pgtable/pae: Revert 'Unshare kernel PMDs when PTI is enabled' (Waiman Long) [1568535 1558845]
- [x86] mm: Dump both kernel & user page tables at fault (Waiman Long) [1568535 1558845]
- [x86] entry/32: Fix typo in PARANOID_EXIT_TO_KERNEL_MODE (Waiman Long) [1568535 1558845]

[2.6.32-696.26.1]
- [s390] qeth: check not more than 16 SBALEs on the completion queue (Hendrik Brueckner) [1557477 1520860]
- [x86] pti: Disable kaiser_add_mapping if X86_FEATURE_NOPTI (Waiman Long) [1561441 1557562] {CVE-2017-5754}
- [x86] irq/ioapic: Check for valid irq_cfg pointer in smp_irq_move_cleanup_interrupt (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] kexec/64: Clear control page after PGD init (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] efi/64: Fix potential PTI data corruption problem (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti/mm: Fix machine check with PTI on old AMD CPUs (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti/mm: Enable PAGE_GLOBAL if not affected by Meltdown (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] retpoline: Avoid retpolines for built-in __init functions (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] kexec/32: Allocate 8k PGD for PTI (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] spec_ctrl: Patch out lfence on old 32-bit CPUs (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] spec_ctrl/32: Enable IBRS processing on kernel entries & exits (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] spec_ctrl/32: Stuff RSB on kernel entry (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti/32: Add a PAE specific version of __pti_set_user_pgd (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Support PAE page table dumping (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pgtable/pae: Use separate kernel PMDs for user page-table (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] mm/pae: Populate valid user PGD entries (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti: Enable x86-32 for kaiser.c (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti: Disable PCID handling in x86-32 TLB flushing code (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pgtable: Disable user PGD poisoning for PAE (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pgtable: Move more PTI functions out of pgtable_64.h (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pgtable: Move pgdp kernel/user conversion functions to pgtable.h (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pgtable/32: Allocate 8k page-tables when PTI is enabled (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pgtable/pae: Unshare kernel PMDs when PTI is enabled (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Handle debug exception similar to NMI (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Add PTI cr3 switch to non-NMI entry/exit points (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Add PTI cr3 switches to NMI handler code (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Enable the use of trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Change INT80 to be an interrupt gate (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Handle Entry from Kernel-Mode on Entry-Stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Leave the kernel via trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Enter the kernel via trampoline stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Restore segments before int registers (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Split off return-to-kernel path (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Unshare NMI return path (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Put ESPFIX code into a macro (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] pti: Add X86_FEATURE_NOPTI to permanently disable PTI (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] entry/32: Simplify and fix up the SYSENTER stack #DB/NMI fixup (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] doublefault: Set the right gs register for doublefault (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] syscall: int80 must not clobber r12-15 (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] syscall: change ia32_syscall() to create the full register frame in ia32_do_call() (Waiman Long) [1553283 1550599] {CVE-2017-5754}
- [x86] cve: Make all Meltdown/Spectre percpu variables available to x86-32 (Waiman Long) [1553283 1550599] {CVE-2017-5754}

[2.6.32-696.25.1]
- [net] packet: Allow packets with only a header (but no payload) (Lorenzo Bianconi) [1557896 1535024]
- [net] packet: make packet too small warning match condition (Lorenzo Bianconi) [1557896 1535024]
- [net] packet: bail out of packet_snd() if L2 header creation fails (Lorenzo Bianconi) [1557896 1535024]
- [net] packet: make packet_snd fail on len smaller than l2 header (Lorenzo Bianconi) [1557896 1535024]
- [net] dccp: use-after-free in DCCP code (Stefano Brivio) [1520818 1520817] {CVE-2017-8824}
- [fs] nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [1447640 1447641] {CVE-2017-7645}
- [netdrv] be2net: Fix UE detection logic for BE3 (Ivan Vecera) [1552706 1437991]
- [x86] skip check for spurious faults for non-present faults (Daniel Vacek) [1551471 1495167]
- [x86] mm: Fix boot crash caused by incorrect loop count calculation in sync_global_pgds() (Daniel Vacek) [1551471 1495167]
- [scsi] lpfc: Null pointer dereference when log_verbose is set to 0xffffffff (Dick Kennedy) [1540481 1538340]
- [mm] prevent concurrent unmap_mapping_range() on the same inode (Miklos Szeredi) [1538654 1408108]
- [s390] fix transactional execution control register handling (Hendrik Brueckner) [1538591 1520862]
- [netdrv] bnx2x: prevent crash when accessing PTP with interface down (Michal Schmidt) [1538586 1518669]
- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup (Jarod Wilson) [1548429 1548432] {CVE-2017-13166}
- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic (Jarod Wilson) [1548429 1548432] {CVE-2017-13166}
- [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff (Florian Westphal) [1543089 1543091] {CVE-2017-18017}
- [net] netfilter: xt_TCPMSS: fix handling of malformed TCP header and options (Florian Westphal) [1543089 1543091] {CVE-2017-18017}
- [net] netfilter: xt_TCPMSS: SYN packets are allowed to contain data (Florian Westphal) [1543089 1543091] {CVE-2017-18017}
- [net] bluetooth: Prevent uninitialized data (Gopal Tiwari) [1519627 1519626] {CVE-2017-1000410}

[2.6.32-696.24.1]
- [kernel] sched/core: Rework rq->clock update skips (Lauro Ramos Venancio) [1551475 1212959]
- [kernel] sched: Remove useless code in yield_to() (Lauro Ramos Venancio) [1551475 1212959]
- [kernel] sched: Set skip_clock_update in yield_task_fair() (Lauro Ramos Venancio) [1551475 1212959]
- [kernel] sched, rt: Update rq clock when unthrottling of an otherwise idle CPU (Lauro Ramos Venancio) [1551475 1212959]
- [kernel] lockdep: Fix lock_is_held() on recursion (Lauro Ramos Venancio) [1551475 1212959]
- [net] bonding: discard lowest hash bit for 802.3ad layer3+4 (Hangbin Liu) [1550103 1532167]

Package Affected Version
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-6 < 2.6.32-696.28.1.el6
pkg:rpm/oraclelinux/perf?distro=oraclelinux-6 < 2.6.32-696.28.1.el6
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-6 < 2.6.32-696.28.1.el6
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-6 < 2.6.32-696.28.1.el6
pkg:rpm/oraclelinux/kernel-firmware?distro=oraclelinux-6 < 2.6.32-696.28.1.el6
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-6 < 2.6.32-696.28.1.el6
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-6 < 2.6.32-696.28.1.el6
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-6 < 2.6.32-696.28.1.el6
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-6 < 2.6.32-696.28.1.el6
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-6 < 2.6.32-696.28.1.el6
ID
ELSA-2018-1319
Severity
important
URL
https://linux.oracle.com/errata/ELSA-2018-1319.html
Published
2018-05-08T00:00:00
(6 years ago)
Modified
2018-05-08T00:00:00
(6 years ago)
Rights
Copyright 2018 Oracle, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-6 oraclelinux python-perf < 2.6.32-696.28.1.el6 oraclelinux-6
Affected pkg:rpm/oraclelinux/perf?distro=oraclelinux-6 oraclelinux perf < 2.6.32-696.28.1.el6 oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel?distro=oraclelinux-6 oraclelinux kernel < 2.6.32-696.28.1.el6 oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-6 oraclelinux kernel-headers < 2.6.32-696.28.1.el6 oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-firmware?distro=oraclelinux-6 oraclelinux kernel-firmware < 2.6.32-696.28.1.el6 oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-6 oraclelinux kernel-doc < 2.6.32-696.28.1.el6 oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-6 oraclelinux kernel-devel < 2.6.32-696.28.1.el6 oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-6 oraclelinux kernel-debug < 2.6.32-696.28.1.el6 oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-6 oraclelinux kernel-debug-devel < 2.6.32-696.28.1.el6 oraclelinux-6
Affected pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-6 oraclelinux kernel-abi-whitelists < 2.6.32-696.28.1.el6 oraclelinux-6
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date