[ELSA-2018-4304] Unbreakable Enterprise kernel security update
[4.14.35-1818.5.4]
- RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 28020694] {CVE-2018-5333}
- x86/speculation: Make enhanced IBRS the default spectre v2 mitigation (Alejandro Jimenez) [Orabug: 28474853]
- x86/speculation: Enable enhanced IBRS usage (Alejandro Jimenez) [Orabug: 28474853]
- x86/speculation: functions for supporting enhanced IBRS (Alejandro Jimenez) [Orabug: 28474853]
- KVM: x86: Expose CLDEMOTE CPU feature to guest VM (Jingqi Liu) [Orabug: 28938290]
- x86/cpufeatures: Enumerate cldemote instruction (Fenghua Yu) [Orabug: 28938290]
- libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (Fred Herard) [Orabug: 28946206]
- wil6210: missing length check in wmi_set_ie (Lior David) [Orabug: 28951267] {CVE-2018-5848}
- floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl (Andy Whitcroft) [Orabug: 28956546] {CVE-2018-7755} {CVE-2018-7755}
[4.14.35-1818.5.3]
- hugetlbfs: use truncate mutex to prevent pmd sharing race (Mike Kravetz) [Orabug: 28896279]
- xfs: enhance dinode verifier (Eric Sandeen) [Orabug: 28943579] {CVE-2018-10322}
- xfs: move inode fork verifiers to xfs_dinode_verify (Darrick J. Wong) [Orabug: 28943579] {CVE-2018-10322}
[4.14.35-1818.5.2]
- rds: crash at rds_ib_inc_copy_to_user+104 due to NULL ptr reference (Venkat Venkatsubra) [Orabug: 28748049]
- kdump/vmcore: support encrypted old memory with SME enabled (Lianbo Jiang) [Orabug: 28796835]
- amd_iommu: remap the device table of IOMMU with the memory encryption mask for kdump (Lianbo Jiang) [Orabug: 28796835]
- kexec: allocate unencrypted control pages for kdump in case SME is enabled (Lianbo Jiang) [Orabug: 28796835]
- x86/ioremap: add a function ioremap_encrypted() to remap kdump old memory (Lianbo Jiang) [Orabug: 28796835]
- net/rds: Fix endless RNR situation (Venkat Venkatsubra) [Orabug: 28857013]
- Btrfs: fix xattr loss after power failure (Filipe Manana) [Orabug: 28893942]
- xen/balloon: Support xend-based toolstack (Boris Ostrovsky) [Orabug: 28901032]
- Btrfs: fix file data corruption after cloning a range and fsync (Filipe Manana) [Orabug: 28905635]
- xen-blkfront: fix kernel panic with negotiate_mq error path (Manjunath Patil)
- cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929755] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710}
- sched/fair: Use a recently used CPU as an idle candidate and the basis for SIS (Mel Gorman) [Orabug: 28940633]
- sched/fair: Move select_task_rq_fair() slow-path into its own function (Brendan Jackman) [Orabug: 28940633]
- certs: Add Oracle's new X509 cert into .builtin_trusted_keys (Eric Snowberg) [Orabug: 28926200]
- net: Allow pernet_operations to be executed in parallel (Kirill Tkhai) [Orabug: 28924205]
- net: Move mutex_unlock() in cleanup_net() up (Kirill Tkhai) [Orabug: 28924205]
- locking/arch, x86: Add __down_read_killable() (Kirill Tkhai) [Orabug: 28924205]
- locking/x86: Use named operands in rwsem.h (Miguel Bernal Marin) [Orabug: 28924205]
- locking/rwsem: Add down_read_killable() (Kirill Tkhai) [Orabug: 28924205]
- net: Introduce net_sem for protection of pernet_list (Kirill Tkhai) [Orabug: 28924205]
- net: Assign net to net_namespace_list in setup_net() (Kirill Tkhai) [Orabug: 28924205]
- net: Cleanup in copy_net_ns() (Kirill Tkhai) [Orabug: 28924205]
[4.14.35-1818.5.1]
- Revert 'aarch64: remove duplicate dtb in kernel rpm' (Jack Vogel)
[4.14.35-1818.5.0]
- oracleasm: Implement support for QUERY HANDLE operation (Martin K. Petersen) [Orabug: 28887237]
- oracleasm: Honor ASM_IFLAG_FORMAT_NOCHECK flag (Martin K. Petersen) [Orabug: 28887237]
- bpf: 32-bit RSH verification must truncate input before the ALU op (Jann Horn) [Orabug: 28861785] {CVE-2018-18445}
- aarch64: remove duplicate dtb in kernel rpm (Eric Saint-Etienne) [Orabug: 28672035]
- scsi: lpfc: Correct MDS diag and nvmet configuration (James Smart) [Orabug: 28432993]
- uek-rpm: Run 'make olddefconfig' to get latest x86 config values (Victor Erminpour) [Orabug: 28845157]
- hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:447! (Mike Kravetz) [Orabug: 28886647]
- ext4: update i_disksize if direct write past ondisk size (Eryu Guan) [Orabug: 28869428]
- ext4: protect i_disksize update by i_data_sem in direct write path (Eryu Guan) [Orabug: 28869428]
- config: disable xfs online scrub in uek5 (Darrick J. Wong) [Orabug: 28890254]
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28884433] {CVE-2018-1000204}
- random: fix crng_ready() test (Theodore Ts'o) [Orabug: 28863713] {CVE-2018-1108} {CVE-2018-1108}
- proc: do not access cmdline nor environ from file-backed areas (Willy Tarreau) [Orabug: 28863722] {CVE-2018-1120} {CVE-2018-1120}
- vhost: correctly check the iova range when waking virtqueue (Jason Wang) [Orabug: 28892623] {CVE-2018-1118}
- xfs: don't call xfs_da_shrink_inode with NULL bp (Eric Sandeen) [Orabug: 28893785] {CVE-2018-13094}
- ALSA: rawmidi: Change resized buffers atomically (Takashi Iwai) [Orabug: 28893798] {CVE-2018-10902}
- mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (Andrea Arcangeli) [Orabug: 28899818]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | < 4.14.35-1818.5.4.el7uek |
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | < 4.14.35-1818.5.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | < 4.14.35-1818.5.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | < 4.14.35-1818.5.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | < 4.14.35-1818.5.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | < 4.14.35-1818.5.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | < 4.14.35-1818.5.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | < 4.14.35-1818.5.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | < 4.14.35-1818.5.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | < 4.14.35-1818.5.4.el7uek |
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | < 4.14.35-1818.5.4.el7uek |
- ID
- ELSA-2018-4304
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2018-4304.html
- Published
-
2018-12-11T00:00:00
(5 years ago) - Modified
-
2018-12-11T00:00:00
(5 years ago) - Rights
- Copyright 2018 Oracle, Inc.
- Other Advisories
-
- ALAS-2018-1133
- ALAS-2019-1279
- ALAS2-2018-1133
- ALAS2-2019-1279
- ALAS2-2020-1480
- DSA-4308-1
- ELSA-2018-3083
- ELSA-2018-4288
- ELSA-2018-4299
- ELSA-2018-4300
- ELSA-2018-4301
- ELSA-2018-4307
- ELSA-2019-2029
- ELSA-2019-4316
- ELSA-2019-4509
- FEDORA-2018-0edb45d9db
- FEDORA-2018-1621b2204a
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-1e033dc308
- FEDORA-2018-2645eb8dab
- FEDORA-2018-2a0f8b2c9d
- FEDORA-2018-2c6bd93875
- FEDORA-2018-2ee3411cb8
- FEDORA-2018-2f6df9abfb
- FEDORA-2018-3857a8b41a
- FEDORA-2018-49bda79bd5
- FEDORA-2018-4ca01704a2
- FEDORA-2018-50075276e8
- FEDORA-2018-537c8312fc
- FEDORA-2018-5904d0794d
- FEDORA-2018-59e4747e0f
- FEDORA-2018-6367a17aa3
- FEDORA-2018-6e8c330d50
- FEDORA-2018-79d7c3d2df
- FEDORA-2018-8422d94975
- FEDORA-2018-8484550fff
- FEDORA-2018-87ba0312c2
- FEDORA-2018-884a105c04
- FEDORA-2018-8ce90c8b24
- FEDORA-2018-93af520878
- FEDORA-2018-93c2e74446
- FEDORA-2018-94315e9a6b
- FEDORA-2018-9d0e4e40b5
- FEDORA-2018-9f4381d8c4
- FEDORA-2018-a0914af224
- FEDORA-2018-ac3b4c7605
- FEDORA-2018-b57db4753c
- FEDORA-2018-b68776e5b0
- FEDORA-2018-b997780dca
- FEDORA-2018-bb7aab12cb
- FEDORA-2018-bf60ec1389
- FEDORA-2018-c0a1284064
- FEDORA-2018-c449dc1c9c
- FEDORA-2018-ca0e10fc6e
- FEDORA-2018-cc812838fb
- FEDORA-2018-cf76003e1f
- FEDORA-2018-d77cc41f35
- FEDORA-2018-d82a45d9ab
- FEDORA-2018-d92fde52d7
- FEDORA-2018-db0d3e157e
- FEDORA-2018-ddbaca855e
- FEDORA-2018-e71875c4aa
- FEDORA-2018-e820fccd83
- FEDORA-2018-e8f793bbfc
- FEDORA-2018-f1b818a5c9
- FEDORA-2018-f55c305488
- FEDORA-2018-f8cba144ae
- FEDORA-2019-164946aa7f
- FEDORA-2019-16de0047d4
- FEDORA-2019-196ab64d65
- FEDORA-2019-1b986880ea
- FEDORA-2019-1e8a4c6958
- FEDORA-2019-20a89ca9af
- FEDORA-2019-337484d88b
- FEDORA-2019-3da64f3e61
- FEDORA-2019-4002b91800
- FEDORA-2019-48b34fc991
- FEDORA-2019-509c133845
- FEDORA-2019-65c6d11eba
- FEDORA-2019-7462acf8ba
- FEDORA-2019-7bdeed7fc5
- FEDORA-2019-7d3500d712
- FEDORA-2019-8169b57f28
- FEDORA-2019-8219efa9f6
- FEDORA-2019-87e7046631
- FEDORA-2019-94dc902948
- FEDORA-2019-96b31a9602
- FEDORA-2019-a6cd583a8d
- FEDORA-2019-aabdaa013d
- FEDORA-2019-b0f7a7b74b
- FEDORA-2019-be9add5b77
- FEDORA-2019-c36afa818c
- FEDORA-2019-ce2933b003
- FEDORA-2019-e6bf55e821
- FEDORA-2019-f812c9fb22
- RHSA-2018:3083
- RHSA-2018:3096
- RHSA-2019:2029
- RHSA-2019:2043
- SSA:2019-030-01
- SSA:2020-295-01
- SUSE-SU-2018:1048-1
- SUSE-SU-2018:1173-1
- SUSE-SU-2018:1173-2
- SUSE-SU-2018:1217-1
- SUSE-SU-2018:1761-1
- SUSE-SU-2018:1762-1
- SUSE-SU-2018:1772-1
- SUSE-SU-2018:1816-1
- SUSE-SU-2018:1855-1
- SUSE-SU-2018:1855-2
- SUSE-SU-2018:2092-1
- SUSE-SU-2018:3688-1
- SUSE-SU-2018:3689-1
- SUSE-SU-2018:3746-1
- SUSE-SU-2018:3773-1
- SUSE-SU-2018:3869-1
- SUSE-SU-2018:3934-1
- SUSE-SU-2018:3961-1
- SUSE-SU-2018:4069-1
- SUSE-SU-2018:4072-1
- SUSE-SU-2018:4127-1
- SUSE-SU-2018:4153-1
- SUSE-SU-2018:4157-1
- SUSE-SU-2018:4195-1
- SUSE-SU-2018:4208-1
- SUSE-SU-2018:4238-1
- SUSE-SU-2019:0095-1
- SUSE-SU-2019:0224-1
- SUSE-SU-2019:0439-1
- SUSE-SU-2019:1289-1
- SUSE-SU-2022:1651-1
- SUSE-SU-2022:1668-1
- SUSE-SU-2022:1686-1
- SUSE-SU-2022:2077-1
- SUSE-SU-2022:2082-1
- SUSE-SU-2022:2111-1
- SUSE-SU-2023:0416-1
- USN-3619-1
- USN-3619-2
- USN-3630-1
- USN-3630-2
- USN-3632-1
- USN-3695-1
- USN-3695-2
- USN-3696-1
- USN-3696-2
- USN-3697-1
- USN-3697-2
- USN-3698-1
- USN-3698-2
- USN-3846-1
- USN-3847-1
- USN-3847-2
- USN-3847-3
- USN-3848-1
- USN-3848-2
- USN-3849-1
- USN-3849-2
- USN-4578-1
- USN-4579-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2018-4304 | http://linux.oracle.com/errata/ELSA-2018-4304.html | |
CVE | CVE-2018-5848 | http://linux.oracle.com/cve/CVE-2018-5848.html | |
CVE | CVE-2018-10322 | http://linux.oracle.com/cve/CVE-2018-10322.html | |
CVE | CVE-2018-18710 | http://linux.oracle.com/cve/CVE-2018-18710.html | |
CVE | CVE-2018-7755 | http://linux.oracle.com/cve/CVE-2018-7755.html | |
CVE | CVE-2018-8043 | http://linux.oracle.com/cve/CVE-2018-8043.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux | python-perf | < 4.14.35-1818.5.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux | perf | < 4.14.35-1818.5.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux | kernel-uek | < 4.14.35-1818.5.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools | < 4.14.35-1818.5.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs | < 4.14.35-1818.5.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-tools-libs-devel | < 4.14.35-1818.5.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | oraclelinux | kernel-uek-headers | < 4.14.35-1818.5.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux | kernel-uek-doc | < 4.14.35-1818.5.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-devel | < 4.14.35-1818.5.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug | < 4.14.35-1818.5.4.el7uek | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux | kernel-uek-debug-devel | < 4.14.35-1818.5.4.el7uek | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |