[ELSA-2018-4025] Unbreakable Enterprise kernel security update
[4.1.12-112.14.14]
- drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 27234850] [Orabug: 27234850]
- hugetlb: fix nr_pmds accounting with shared page tables (Kirill A. Shutemov) [Orabug: 26988581]
- x86/IBRS: Drop unnecessary WRITE_ONCE (Boris Ostrovsky) [Orabug: 27416198]
- x86/IBRS: Dont try to change IBRS mode if IBRS is not available (Boris Ostrovsky) [Orabug: 27416198]
- x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27416198]
- x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27418896]
- x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk)
- x86/spec: Dont print the Missing arguments for option spectre_v2. (Konrad Rzeszutek Wilk)
- x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk)
- x86/IBPB: Provide debugfs interface for changing IBPB mode (Boris Ostrovsky) [Orabug: 27449065]
- xen: Make PV Dom0 Linux kernel NUMA aware (Elena Ufimtseva)
- net/rds: Fix incorrect error handling (Hakon Bugge) [Orabug: 26848729]
- net/rds: use multiple sge than buddy allocation in congestion code (Wei Lin Guay) [Orabug: 26848729]
- Revert RDS: fix the sg allocation based on actual message size (Wei Lin Guay) [Orabug: 26848729]
- Revert RDS: avoid large pages for sg allocation for TCP transport (Wei Lin Guay) [Orabug: 26848729]
- Revert net/rds: Reduce memory footprint in rds_sendmsg (Wei Lin Guay) [Orabug: 26848729]
- net/rds: reduce memory footprint during ib_post_recv in IB transport (Wei Lin Guay) [Orabug: 26848729]
- net/rds: reduce memory footprint during rds_sendmsg with IB transport (Wei Lin Guay) [Orabug: 26848729]
- net/rds: set the rds_ib_init_frag based on supported sge (Wei Lin Guay) [Orabug: 26848729]
- bnxt_en: Fix possible corrupted NVRAM parameters from firmware response. (Michael Chan) [Orabug: 27199588]
- x86, kasan: Fix build failure on KASAN=y && KMEMCHECK=y kernels (Andrey Ryabinin) [Orabug: 27255122]
- x86, efi, kasan: Fix build failure on !KASAN && KMEMCHECK=y kernels (Andrey Ryabinin) [Orabug: 27255122]
- x86, efi, kasan: #undef memset/memcpy/memmove per arch (Andrey Ryabinin) [Orabug: 27255122]
- Revert Makefile: Build with -Werror=date-time if the compiler supports it (Gayatri Vasudevan) [Orabug: 27255122]
- dccp: CVE-2017-8824: use-after-free in DCCP code (Mohamed Ghannam) [Orabug: 27290300] {CVE-2017-8824}
- x86/efi: Initialize and display UEFI secure boot state a bit later during init (Daniel Kiper) [Orabug: 27309477]
- x86/espfix: Init espfix on the boot CPU side (Zhu Guihua) [Orabug: 27344552]
- x86/espfix: Add cpu parameter to init_espfix_ap() (Zhu Guihua) [Orabug: 27344552]
- ALSA: pcm: prevent UAF in snd_pcm_info (Robb Glasser) [Orabug: 27344841] {CVE-2017-0861} {CVE-2017-0861}
- fs/ocfs2: remove page cache for converted direct write (Wengang Wang)
- Revert ocfs2: code clean up for direct io (Wengang Wang)
- assoc_array: Fix a buggy node-splitting case (David Howells) [Orabug: 27364592] {CVE-2017-12193} {CVE-2017-12193}
- Sanitize move_pages() permission checks (Linus Torvalds) [Orabug: 27364690] {CVE-2017-14140}
- pti: compile fix for when PTI is disabled (Pavel Tatashin) [Orabug: 27383147] {CVE-2017-5754}
- sctp: do not peel off an assoc from one netns to another one (Xin Long) [Orabug: 27386999] {CVE-2017-15115}
- net: ipv4: fix for a race condition in raw_sendmsg (Mohamed Ghannam) [Orabug: 27390682] {CVE-2017-17712}
- mlx4: add mstflint secure boot access kernel support (Qing Huang) [Orabug: 27404202]
- x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk)
- x86/spec: STUFF_RSB before ENABLE_IBRS (Konrad Rzeszutek Wilk)
- x86: Move ENABLE_IBRS in the interrupt macro. (Konrad Rzeszutek Wilk) [Orabug: 27449045]
- ID
- ELSA-2018-4025
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2018-4025.html
- Published
-
2018-02-07T00:00:00
(6 years ago) - Modified
-
2018-02-07T00:00:00
(6 years ago) - Rights
- Copyright 2018 Oracle, Inc.
- Other Advisories
-
- ALAS-2017-925
- ALAS-2017-937
- ALAS-2018-939
- ALAS-2018-944
- ALAS2-2018-939
- ALPINE:CVE-2017-5754
- ASA-201801-1
- ASA-201801-2
- ASA-201801-3
- ASA-201801-4
- ASA-201801-6
- CISCO-SA-20180104-CPUSIDECHANNEL
- DSA-3981-1
- DSA-4073-1
- DSA-4078-1
- DSA-4082-1
- DSA-4120-1
- DSA-4187-1
- ELSA-2018-0007
- ELSA-2018-0008
- ELSA-2018-0151
- ELSA-2018-0292
- ELSA-2018-1062
- ELSA-2018-1319
- ELSA-2018-2390
- ELSA-2018-3083
- ELSA-2018-4006
- ELSA-2018-4020
- ELSA-2018-4022
- ELSA-2018-4040
- ELSA-2018-4041
- ELSA-2018-4285
- ELSA-2018-4289
- ELSA-2019-4585
- FEDORA-2017-129969aa8a
- FEDORA-2017-1b4d140781
- FEDORA-2017-38b37120a2
- FEDORA-2017-62e3a94f2a
- FEDORA-2017-7810b7c59f
- FEDORA-2017-9fbb35aeda
- FEDORA-2017-ba6b6e71f7
- FEDORA-2017-ef58cbde27
- FEDORA-2017-f73d3f1fc4
- FEDORA-2017-f7cb245861
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-1e033dc308
- FEDORA-2018-2a0f8b2c9d
- FEDORA-2018-2ee3411cb8
- FEDORA-2018-2f6df9abfb
- FEDORA-2018-49bda79bd5
- FEDORA-2018-4ca01704a2
- FEDORA-2018-6367a17aa3
- FEDORA-2018-79d7c3d2df
- FEDORA-2018-8484550fff
- FEDORA-2018-884a105c04
- FEDORA-2018-93c2e74446
- FEDORA-2018-94315e9a6b
- FEDORA-2018-9d0e4e40b5
- FEDORA-2018-b57db4753c
- FEDORA-2018-b68776e5b0
- FEDORA-2018-b997780dca
- FEDORA-2018-c0a1284064
- FEDORA-2018-c449dc1c9c
- FEDORA-2018-d77cc41f35
- FEDORA-2018-e71875c4aa
- FEDORA-2018-e8f793bbfc
- FREEBSD:74DAA370-2797-11E8-95EC-A4BADB2F4699
- GLSA-201810-06
- RHSA-2018:0016
- RHSA-2018:0151
- RHSA-2018:0152
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1319
- RHSA-2018:2390
- RHSA-2018:3083
- RHSA-2018:3096
- SSA:2018-016-01
- SUSE-SU-2017:2694-1
- SUSE-SU-2017:2908-1
- SUSE-SU-2017:2920-1
- SUSE-SU-2017:3210-1
- SUSE-SU-2017:3249-1
- SUSE-SU-2017:3265-1
- SUSE-SU-2017:3398-1
- SUSE-SU-2017:3410-1
- SUSE-SU-2018:0010-1
- SUSE-SU-2018:0011-1
- SUSE-SU-2018:0012-1
- SUSE-SU-2018:0031-1
- SUSE-SU-2018:0040-1
- SUSE-SU-2018:0115-1
- SUSE-SU-2018:0180-1
- SUSE-SU-2018:0213-1
- SUSE-SU-2018:0219-1
- SUSE-SU-2018:0269-1
- SUSE-SU-2018:0272-1
- SUSE-SU-2018:0273-1
- SUSE-SU-2018:0277-1
- SUSE-SU-2018:0278-1
- SUSE-SU-2018:0280-1
- SUSE-SU-2018:0281-1
- SUSE-SU-2018:0282-1
- SUSE-SU-2018:0285-1
- SUSE-SU-2018:0294-1
- SUSE-SU-2018:0296-1
- SUSE-SU-2018:0297-1
- SUSE-SU-2018:0298-1
- SUSE-SU-2018:0301-1
- SUSE-SU-2018:0340-1
- SUSE-SU-2018:0345-1
- SUSE-SU-2018:0346-1
- SUSE-SU-2018:0347-1
- SUSE-SU-2018:0383-1
- SUSE-SU-2018:0416-1
- SUSE-SU-2018:0431-1
- SUSE-SU-2018:0433-1
- SUSE-SU-2018:0436-1
- SUSE-SU-2018:0438-1
- SUSE-SU-2018:0472-1
- SUSE-SU-2018:0482-1
- SUSE-SU-2018:0552-1
- SUSE-SU-2018:0552-2
- SUSE-SU-2018:0601-1
- SUSE-SU-2018:0609-1
- SUSE-SU-2018:0638-1
- SUSE-SU-2018:0678-1
- SUSE-SU-2018:0909-1
- SUSE-SU-2018:0986-1
- SUSE-SU-2018:1080-1
- SUSE-SU-2018:1172-1
- SUSE-SU-2018:1220-1
- SUSE-SU-2018:1221-1
- SUSE-SU-2018:1222-1
- SUSE-SU-2018:1224-1
- SUSE-SU-2018:1226-1
- SUSE-SU-2018:1227-1
- SUSE-SU-2018:1228-1
- SUSE-SU-2018:1229-1
- SUSE-SU-2018:1230-1
- SUSE-SU-2018:1231-1
- SUSE-SU-2018:1232-1
- SUSE-SU-2018:1233-1
- SUSE-SU-2018:1234-1
- SUSE-SU-2018:1235-1
- SUSE-SU-2018:1236-1
- SUSE-SU-2018:1237-1
- SUSE-SU-2018:1240-1
- SUSE-SU-2018:1241-1
- SUSE-SU-2018:1242-1
- SUSE-SU-2018:1243-1
- SUSE-SU-2018:1244-1
- SUSE-SU-2018:1245-1
- SUSE-SU-2018:1247-1
- SUSE-SU-2018:1248-1
- SUSE-SU-2018:1250-1
- SUSE-SU-2018:1251-1
- SUSE-SU-2018:1252-1
- SUSE-SU-2018:1253-1
- SUSE-SU-2018:1254-1
- SUSE-SU-2018:1255-1
- SUSE-SU-2018:1256-1
- SUSE-SU-2018:1257-1
- SUSE-SU-2018:1259-1
- SUSE-SU-2018:1260-1
- SUSE-SU-2018:1261-1
- SUSE-SU-2018:1262-1
- SUSE-SU-2018:1263-1
- SUSE-SU-2018:1264-1
- SUSE-SU-2018:1266-1
- SUSE-SU-2018:1267-1
- SUSE-SU-2018:1268-1
- SUSE-SU-2018:1269-1
- SUSE-SU-2018:1270-1
- SUSE-SU-2018:1272-1
- SUSE-SU-2018:1273-1
- SUSE-SU-2018:1309-1
- SUSE-SU-2018:1603-1
- SUSE-SU-2018:1658-1
- SUSE-SU-2018:1699-1
- SUSE-SU-2018:1699-2
- SUSE-SU-2018:2528-1
- SUSE-SU-2018:3230-1
- SUSE-SU-2023:0634-1
- USN-3444-1
- USN-3444-2
- USN-3507-1
- USN-3507-2
- USN-3509-1
- USN-3509-2
- USN-3516-1
- USN-3522-1
- USN-3522-2
- USN-3523-1
- USN-3523-2
- USN-3524-1
- USN-3524-2
- USN-3525-1
- USN-3540-1
- USN-3540-2
- USN-3541-1
- USN-3541-2
- USN-3581-1
- USN-3581-2
- USN-3581-3
- USN-3582-1
- USN-3582-2
- USN-3583-1
- USN-3583-2
- USN-3597-1
- USN-3597-2
- USN-3617-1
- USN-3617-2
- USN-3617-3
- USN-3619-1
- USN-3619-2
- USN-3632-1
- USN-3698-1
- USN-3698-2
- VU:584653
- XSA-254
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2018-4025 | http://linux.oracle.com/errata/ELSA-2018-4025.html | |
CVE | CVE-2017-5754 | http://linux.oracle.com/cve/CVE-2017-5754.html | |
CVE | CVE-2017-12193 | http://linux.oracle.com/cve/CVE-2017-12193.html | |
CVE | CVE-2017-8824 | http://linux.oracle.com/cve/CVE-2017-8824.html | |
CVE | CVE-2017-0861 | http://linux.oracle.com/cve/CVE-2017-0861.html | |
CVE | CVE-2017-15115 | http://linux.oracle.com/cve/CVE-2017-15115.html | |
CVE | CVE-2017-17712 | http://linux.oracle.com/cve/CVE-2017-17712.html | |
CVE | CVE-2017-14140 | http://linux.oracle.com/cve/CVE-2017-14140.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 4.1.12-112.14.14.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6 | oraclelinux | kernel-uek | < 4.1.12-112.14.14.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-7 | oraclelinux | kernel-uek-firmware | < 4.1.12-112.14.14.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6 | oraclelinux | kernel-uek-firmware | < 4.1.12-112.14.14.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 4.1.12-112.14.14.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6 | oraclelinux | kernel-uek-doc | < 4.1.12-112.14.14.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 4.1.12-112.14.14.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6 | oraclelinux | kernel-uek-devel | < 4.1.12-112.14.14.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 4.1.12-112.14.14.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6 | oraclelinux | kernel-uek-debug | < 4.1.12-112.14.14.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 4.1.12-112.14.14.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6 | oraclelinux | kernel-uek-debug-devel | < 4.1.12-112.14.14.el6uek | oraclelinux-6 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |