[ELSA-2018-4245] Unbreakable Enterprise kernel security update
kernel-uek
[3.8.13-118.25.1]
- x86/spectre_v2: Don't check microcode versions when running under hypervisors (Konrad Rzeszutek Wilk) [Orabug: 27959785]
- rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map (Hakon Bugge) [Orabug: 28552792] {CVE-2018-7492}
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer) [Orabug: 28664530] {CVE-2018-16658}
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han) [Orabug: 28664579] {CVE-2017-13695}
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour) [Orabug: 28680238]
- exec: Limit arg stack to at most 75% of _STK_LIM (Kees Cook) [Orabug: 28710010] {CVE-2018-14634}
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka) [Orabug: 28505476] {CVE-2018-3620}
- mm, fremap: mitigate L1TF in remap_file_pages (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation: Don't mark cpu_no_l1tf __initconst (Boris Ostrovsky) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (Matt Fleming) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: prevent positive return value of walk_page_test() from being passed to callers (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620}
- pagewalk: improve vma handling (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk: remove pgd_entry() and pud_entry() (Naoya Horiguchi) [Orabug: 28505476] {CVE-2018-3620}
- mm/pagewalk.c: fix walk_page_range() access of wrong PTEs (Chen LinX) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and X86_FEATURE_IBRS_ATT (Konrad Rzeszutek Wilk) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Make sure the first page is always reserved (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix swap entry comment and macro (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Move swap offset/type up in PTE to work around erratum (Dave Hansen) [Orabug: 28505476] {CVE-2018-3620}
- mm: x86 pgtable: drop unneeded preprocessor ifdef (Cyrill Gorcunov) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Kleen) [Orabug: 28505476] {CVE-2018-3620}
- x86/mm: Fix regression with huge pages on PAE (Kirill A. Shutemov) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Fix pud/pmd interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Add pud/pmd mask interfaces to handle large PAT bit (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/asm: Move PUD_PAGE macros to page_types.h (Toshi Kani) [Orabug: 28505476] {CVE-2018-3620}
- x86/speculation: sort X86_BUG_* with X86_FEATURE_* (Daniel Jordan) [Orabug: 28505476] {CVE-2018-3620}
- Disable kaiser if the cpu is not vulnerable to X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27958074]
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 27958074]
- x86/msr: Add definitions for IA32_ARCH_CAPABILITIES MSR (Kanth Ghatraju) [Orabug: 27958074]
- x86/cpufeatures: Add Intel feature bit for IA32_ARCH_CAPABILITIES supported (Kanth Ghatraju) [Orabug: 27958074]
- ID
- ELSA-2018-4245
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2018-4245.html
- Published
-
2018-10-10T00:00:00
(6 years ago) - Modified
-
2018-10-10T00:00:00
(6 years ago) - Rights
- Copyright 2018 Oracle, Inc.
- Other Advisories
-
-
ALAS-2018-1086
-
ALAS2-2018-1086
-
DSA-4187-1
-
DSA-4308-1
-
ELSA-2018-4227
-
ELSA-2018-4242
-
ELSA-2018-4246
-
ELSA-2018-4250
-
ELSA-2019-2029
-
FEDORA-2017-6764d16965
-
FEDORA-2017-a3a8638a60
-
FEDORA-2018-4ca01704a2
-
FEDORA-2018-59e4747e0f
-
FEDORA-2018-6367a17aa3
-
FEDORA-2018-7c2e0a998d
-
FEDORA-2018-884a105c04
-
FEDORA-2018-8d90571cdf
-
RHSA-2019:2029
-
RHSA-2019:2043
-
SUSE-SU-2018:1366-1
-
SUSE-SU-2018:1761-1
-
SUSE-SU-2018:1762-1
-
SUSE-SU-2018:1816-1
-
SUSE-SU-2018:1855-1
-
SUSE-SU-2018:1855-2
-
SUSE-SU-2018:2092-1
-
SUSE-SU-2018:2332-1
-
SUSE-SU-2018:2366-1
-
SUSE-SU-2018:2637-1
-
SUSE-SU-2018:2775-1
-
SUSE-SU-2018:2776-1
-
SUSE-SU-2018:2858-1
-
SUSE-SU-2018:2862-1
-
SUSE-SU-2018:2879-1
-
SUSE-SU-2018:2907-1
-
SUSE-SU-2018:2908-1
-
SUSE-SU-2018:2908-2
-
SUSE-SU-2018:2980-1
-
SUSE-SU-2018:2981-1
-
SUSE-SU-2018:3083-1
-
SUSE-SU-2018:3084-1
-
SUSE-SU-2018:3088-1
-
SUSE-SU-2018:3961-1
-
SUSE-SU-2022:2077-1
-
SUSE-SU-2022:2082-1
-
SUSE-SU-2022:2103-1
-
SUSE-SU-2022:2111-1
-
SUSE-SU-2023:0416-1
-
USN-3619-1
-
USN-3619-2
-
USN-3674-1
-
USN-3674-2
-
USN-3677-1
-
USN-3677-2
-
USN-3696-1
-
USN-3696-2
-
USN-3762-1
-
USN-3762-2
-
USN-3797-1
-
USN-3797-2
-
USN-3820-1
-
USN-3820-2
-
USN-3820-3
-
USN-3822-1
-
USN-3822-2
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2018-4245 |
|
|
| CVE | CVE-2017-13695 |
|
|
| CVE | CVE-2018-16658 |
|
|
| CVE | CVE-2018-7492 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux |
 kernel-uek
|
< 3.8.13-118.25.1.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-6 | oraclelinux |
kernel-uek
|
< 3.8.13-118.25.1.el6uek | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-7 | oraclelinux |
kernel-uek-firmware
|
< 3.8.13-118.25.1.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-firmware?distro=oraclelinux-6 | oraclelinux |
kernel-uek-firmware
|
< 3.8.13-118.25.1.el6uek | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux |
kernel-uek-doc
|
< 3.8.13-118.25.1.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-6 | oraclelinux |
kernel-uek-doc
|
< 3.8.13-118.25.1.el6uek | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-devel
|
< 3.8.13-118.25.1.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-6 | oraclelinux |
kernel-uek-devel
|
< 3.8.13-118.25.1.el6uek | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug
|
< 3.8.13-118.25.1.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-6 | oraclelinux |
kernel-uek-debug
|
< 3.8.13-118.25.1.el6uek | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug-devel
|
< 3.8.13-118.25.1.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-6 | oraclelinux |
kernel-uek-debug-devel
|
< 3.8.13-118.25.1.el6uek | oraclelinux-6 | ||
| Affected | pkg:rpm/oraclelinux/dtrace-modules-3.8.13-118.25.1.el7uek?distro=oraclelinux-7 | oraclelinux |
dtrace-modules-3.8.13-118.25.1.el7uek
|
< 0.4.5-3.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/dtrace-modules-3.8.13-118.25.1.el6uek?distro=oraclelinux-6 | oraclelinux |
dtrace-modules-3.8.13-118.25.1.el6uek
|
< 0.4.5-3.el6 | oraclelinux-6 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |