1. Home
  2. Security Advisories
  3. Oracle Linux
  4. ELSA-2019-3832

[ELSA-2019-3832] kernel security update

Severity Important
Affected Packages 20
CVEs 3
Info Packages References Vulnerabilities

[4.18.0-147.0.2_1.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]

[4.18.0-147.0.2_1]
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [x86] x86/tsx: Add config options to set tsx=on|off|auto (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/tsx: Add 'auto' option to the tsx= cmdline parameter (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/cpu: Add a 'tsx=' cmdline option with TSX disabled by default (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [x86] x86/cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] Revert 'KVM: x86/mmu: Zap only the relevant pages when removing a memslot' (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [zstream] switch to zstream (Frantisek Hrbata)

Package Affected Version
pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/perf?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-8.1 < 4.18.0-147.0.2.el8_1
ID
ELSA-2019-3832
Severity
important
URL
https://linux.oracle.com/errata/ELSA-2019-3832.html
Published
2019-11-22T00:00:00
(4 years ago)
Modified
2019-11-22T00:00:00
(4 years ago)
Rights
Copyright 2019 Oracle, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-8.1 oraclelinux python3-perf < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/perf?distro=oraclelinux-8.1 oraclelinux perf < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel?distro=oraclelinux-8.1 oraclelinux kernel < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-8.1 oraclelinux kernel-tools < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-8.1 oraclelinux kernel-tools-libs < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-8.1 oraclelinux kernel-tools-libs-devel < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-8.1 oraclelinux kernel-modules < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-8.1 oraclelinux kernel-modules-extra < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-8.1 oraclelinux kernel-headers < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-8.1 oraclelinux kernel-doc < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-8.1 oraclelinux kernel-devel < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-8.1 oraclelinux kernel-debug < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-8.1 oraclelinux kernel-debug-modules < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-8.1 oraclelinux kernel-debug-modules-extra < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-8.1 oraclelinux kernel-debug-devel < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-8.1 oraclelinux kernel-debug-core < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-8.1 oraclelinux kernel-cross-headers < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-8.1 oraclelinux kernel-core < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-8.1 oraclelinux kernel-abi-whitelists < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
Affected pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-8.1 oraclelinux bpftool < 4.18.0-147.0.2.el8_1 oraclelinux-8.1
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date