[ELSA-2018-4214] Unbreakable Enterprise kernel security update
[2.6.39-400.301.1]
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28505519] {CVE-2018-3620}
- mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28505519] {CVE-2018-3620}
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk.c: prevent positive return value of walk_page_test() from being passed to callers (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620}
- mm: pagewalk: fix misbehavior of walk_page_range for vma(VM_PFNMAP) (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620}
- pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi) [Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX) [Orabug: 28505519] {CVE-2018-3620}
- mm/pagewalk.c: walk_page_range should avoid VM_PFNMAP areas (Cliff Wickman) [Orabug: 28505519] {CVE-2018-3620}
- pagewalk: don't look up vma if walk->hugetlb_entry is unused (KOSAKI Motohiro) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28505519] {CVE-2018-3620}
- x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug: 28505519] {CVE-2018-3620}
- x86/mm: Move swap offset/type up in PTE to work around erratum (Dave Hansen) [Orabug: 28505519] {CVE-2018-3620}
- mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov) [Orabug: 28505519] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Kleen) [Orabug: 28505519] {CVE-2018-3620}
- x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov) [Orabug: 28505519] {CVE-2018-3620}
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505519] {CVE-2018-3620}
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505519] {CVE-2018-3620}
- x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug: 28505519] {CVE-2018-3620}
- x86/cpufeature: uniquely define *IA32_ARCH_CAPS and *IBRS_ATT (Daniel Jordan) [Orabug: 28505519] {CVE-2018-3620}
- Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 28001909]
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 28001909]
- x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (David Woodhouse) [Orabug: 28001909]
- Add driver auto probing for x86 features v4 (Andi Kleen) [Orabug: 28001909]
- mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 28022110] {CVE-2018-10675}
- xen-netback: do not requeue skb if xenvif is already disconnected (Dongli Zhang) [Orabug: 28247698]
- posix-timer: Properly check sigevent->sigev_notify (Thomas Gleixner) [Orabug: 28481397] {CVE-2017-18344}
- ID
- ELSA-2018-4214
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2018-4214.html
- Published
-
2018-09-13T00:00:00
(6 years ago) - Modified
-
2018-09-13T00:00:00
(6 years ago) - Rights
- Copyright 2018 Oracle, Inc.
- Other Advisories
-
- ALAS-2018-1023
- ALAS-2018-1058
- ALAS2-2018-1058
- ALAS2-2018-994
- ALPINE:CVE-2018-3620
- CISCO-SA-20180814-CPUSIDECHANNEL
- DSA-4274-1
- DSA-4279-1
- ELSA-2018-2164
- ELSA-2018-2384
- ELSA-2018-2390
- ELSA-2018-3083
- ELSA-2018-4114
- ELSA-2018-4195
- ELSA-2018-4196
- ELSA-2018-4211
- ELSA-2018-4215
- ELSA-2018-4235
- FEDORA-2018-0edb45d9db
- FEDORA-2018-1621b2204a
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-2ee3411cb8
- FEDORA-2018-3857a8b41a
- FEDORA-2018-59e4747e0f
- FEDORA-2018-683dfde81a
- FEDORA-2018-6e8c330d50
- FEDORA-2018-73dd8de892
- FEDORA-2018-79d7c3d2df
- FEDORA-2018-8422d94975
- FEDORA-2018-915602df63
- FEDORA-2018-94315e9a6b
- FEDORA-2018-9f4381d8c4
- FEDORA-2018-a0914af224
- FEDORA-2018-b68776e5b0
- FEDORA-2018-c0a1284064
- FEDORA-2018-d77cc41f35
- FEDORA-2018-ddbaca855e
- FEDORA-2018-e820fccd83
- FEDORA-2018-f20a0cead5
- FEDORA-2018-f8cba144ae
- FEDORA-2018-fe24359b69
- FEDORA-2019-16de0047d4
- FEDORA-2019-196ab64d65
- FEDORA-2019-1b986880ea
- FEDORA-2019-20a89ca9af
- FEDORA-2019-337484d88b
- FEDORA-2019-3da64f3e61
- FEDORA-2019-4002b91800
- FEDORA-2019-509c133845
- FEDORA-2019-65c6d11eba
- FEDORA-2019-7d3500d712
- FEDORA-2019-a6cd583a8d
- FEDORA-2019-bce6498890
- FEDORA-2019-c36afa818c
- FEDORA-2019-ce2933b003
- FREEBSD:2310B814-A652-11E8-805B-A4BADB2F4699
- GLSA-201810-06
- RHSA-2018:2164
- RHSA-2018:2384
- RHSA-2018:2390
- RHSA-2018:2395
- RHSA-2018:3083
- RHSA-2018:3096
- SSA:2018-240-01
- SUSE-SU-2018:1368-1
- SUSE-SU-2018:1374-1
- SUSE-SU-2018:1375-1
- SUSE-SU-2018:1376-1
- SUSE-SU-2018:1846-1
- SUSE-SU-2018:2222-1
- SUSE-SU-2018:2223-1
- SUSE-SU-2018:2328-1
- SUSE-SU-2018:2332-1
- SUSE-SU-2018:2344-1
- SUSE-SU-2018:2344-2
- SUSE-SU-2018:2362-1
- SUSE-SU-2018:2366-1
- SUSE-SU-2018:2374-1
- SUSE-SU-2018:2380-1
- SUSE-SU-2018:2381-1
- SUSE-SU-2018:2384-1
- SUSE-SU-2018:2387-1
- SUSE-SU-2018:2391-1
- SUSE-SU-2018:2413-1
- SUSE-SU-2018:2416-1
- SUSE-SU-2018:2450-1
- SUSE-SU-2018:2472-1
- SUSE-SU-2018:2474-1
- SUSE-SU-2018:2596-1
- SUSE-SU-2018:2637-1
- SUSE-SU-2023:3333-1
- USN-3740-1
- USN-3740-2
- USN-3741-1
- USN-3741-2
- USN-3742-1
- USN-3742-2
- USN-3754-1
- USN-3823-1
- VU:982149
- XSA-273
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2018-4214 | http://linux.oracle.com/errata/ELSA-2018-4214.html | |
CVE | CVE-2018-10675 | http://linux.oracle.com/cve/CVE-2018-10675.html | |
CVE | CVE-2018-3620 | http://linux.oracle.com/cve/CVE-2018-3620.html | |
CVE | CVE-2017-18344 | http://linux.oracle.com/cve/CVE-2017-18344.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6 | oraclelinux | kernel-uek | < 2.6.39-400.301.1.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-5 | oraclelinux | kernel-uek | < 2.6.39-400.301.1.el5uek | oraclelinux-5 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6 | oraclelinux | kernel-uek-firmware | < 2.6.39-400.301.1.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-5 | oraclelinux | kernel-uek-firmware | < 2.6.39-400.301.1.el5uek | oraclelinux-5 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6 | oraclelinux | kernel-uek-doc | < 2.6.39-400.301.1.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-5 | oraclelinux | kernel-uek-doc | < 2.6.39-400.301.1.el5uek | oraclelinux-5 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6 | oraclelinux | kernel-uek-devel | < 2.6.39-400.301.1.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-5 | oraclelinux | kernel-uek-devel | < 2.6.39-400.301.1.el5uek | oraclelinux-5 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6 | oraclelinux | kernel-uek-debug | < 2.6.39-400.301.1.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-5 | oraclelinux | kernel-uek-debug | < 2.6.39-400.301.1.el5uek | oraclelinux-5 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6 | oraclelinux | kernel-uek-debug-devel | < 2.6.39-400.301.1.el6uek | oraclelinux-6 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-5 | oraclelinux | kernel-uek-debug-devel | < 2.6.39-400.301.1.el5uek | oraclelinux-5 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |