[ELSA-2019-4628] Unbreakable Enterprise kernel security update
[4.14.35-1844.4.5.2]
- x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk) [Orabug: 29721848] {CVE-2019-11091}
- x86/speculation/mds: Make mds_mitigation mutable after init (Konrad Rzeszutek Wilk) [Orabug: 29721835] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
[4.14.35-1844.4.5.1]
- x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Konrad Rzeszutek Wilk) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add boot option to enable MDS protection only while in idle (Boris Ostrovsky) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Move arch_smt_update() call to after mitigation decisions (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh Poimboeuf) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation: Add MDS vulnerability documentation (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation: Move L1TF to separate directory (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/msr-index: Cleanup bit defines (Thomas Gleixner) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
file (Will Deacon) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/cpu: Sanitize FAM6_ATOM naming (Peter Zijlstra) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Simplify the CPU bug detection logic (Dominik Brodowski) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- tools include: Adopt linux/bits.h (Arnaldo Carvalho de Melo) [Orabug: 29526899] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
| Package | Affected Version |
|---|---|
 pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7
|
< 4.14.35-1844.4.5.2.el7uek |
|
pkg:rpm/oraclelinux/perf?distro=oraclelinux-7
|
< 4.14.35-1844.4.5.2.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7
|
< 4.14.35-1844.4.5.2.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7
|
< 4.14.35-1844.4.5.2.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7
|
< 4.14.35-1844.4.5.2.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7
|
< 4.14.35-1844.4.5.2.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7
|
< 4.14.35-1844.4.5.2.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7
|
< 4.14.35-1844.4.5.2.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7
|
< 4.14.35-1844.4.5.2.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7
|
< 4.14.35-1844.4.5.2.el7uek |
|
pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7
|
< 4.14.35-1844.4.5.2.el7uek |
- ID
- ELSA-2019-4628
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2019-4628.html
- Published
-
2019-05-14T00:00:00
(5 years ago) - Modified
-
2019-05-14T00:00:00
(5 years ago) - Rights
- Copyright 2019 Oracle, Inc.
- Other Advisories
-
-
ALAS-2019-1205
-
ALAS-2019-1260
-
ALAS2-2019-1205
-
ALAS2-2019-1274
-
ALPINE:CVE-2018-12126
-
ALPINE:CVE-2018-12127
-
ALPINE:CVE-2018-12130
-
ALPINE:CVE-2019-11091
-
DSA-4444-1
-
DSA-4447-1
-
ELSA-2019-1167
-
ELSA-2019-1168
-
ELSA-2019-1169
-
ELSA-2019-1175
-
ELSA-2019-1177
-
ELSA-2019-1178
-
ELSA-2019-1180
-
ELSA-2019-1181
-
ELSA-2019-4629
-
ELSA-2019-4630
-
ELSA-2019-4636
-
ELSA-2019-4637
-
ELSA-2019-4640
-
ELSA-2019-4643
-
ELSA-2019-4669
-
ELSA-2019-4672
-
ELSA-2019-4675
-
ELSA-2019-4702
-
ELSA-2019-4714
-
ELSA-2019-4732
-
FEDORA-2019-021c968423
-
FEDORA-2019-0332a96d31
-
FEDORA-2019-057d691fd4
-
FEDORA-2019-124a241044
-
FEDORA-2019-15e141c6a7
-
FEDORA-2019-1689d3fe07
-
FEDORA-2019-1f5832fc0e
-
FEDORA-2019-2e12bd3a9a
-
FEDORA-2019-3d7105bd2a
-
FEDORA-2019-41e28660ae
-
FEDORA-2019-48b34fc991
-
FEDORA-2019-4c91a2f76e
-
FEDORA-2019-52a8f5468e
-
FEDORA-2019-5f105dd2b6
-
FEDORA-2019-640f8d8dd1
-
FEDORA-2019-6458474bf2
-
FEDORA-2019-6817686c4d
-
FEDORA-2019-69c132b061
-
FEDORA-2019-6bda4c81f4
-
FEDORA-2019-6c3d89b3d0
-
FEDORA-2019-6e146a714c
-
FEDORA-2019-7a3fc17778
-
FEDORA-2019-7aecfe1c4b
-
FEDORA-2019-7ec378191e
-
FEDORA-2019-8169b57f28
-
FEDORA-2019-83858fc57b
-
FEDORA-2019-865bb16900
-
FEDORA-2019-8846a1a5a2
-
FEDORA-2019-899ef6056c
-
FEDORA-2019-914542e05c
-
FEDORA-2019-9210998aaa
-
FEDORA-2019-97380355ae
-
FEDORA-2019-9d3fe6fd5b
-
FEDORA-2019-a570a92d5a
-
FEDORA-2019-a95015e60f
-
FEDORA-2019-aeda234b68
-
FEDORA-2019-b2dfb13daf
-
FEDORA-2019-b318b2c6f3
-
FEDORA-2019-c03eda3cc6
-
FEDORA-2019-c36afa818c
-
FEDORA-2019-cbb732f760
-
FEDORA-2019-e3010166bd
-
FEDORA-2019-e37c348348
-
FEDORA-2019-e6bf55e821
-
FEDORA-2019-e9de40d53f
-
FEDORA-2019-f40bd7826f
-
FEDORA-2019-f910d35647
-
FEDORA-2020-2a5cdd665c
-
FEDORA-2020-2d9a75fadb
-
FEDORA-2020-c2d89d14d0
-
FEDORA-2020-fe00e12580
-
FREEBSD:FBE10A8A-05A1-11EA-9DFA-F8B156AC3FF9
-
GLSA-202003-56
-
openSUSE-SU-2019:1402-1
-
openSUSE-SU-2019:1403-1
-
openSUSE-SU-2019:1404-1
-
openSUSE-SU-2019:1405-1
-
openSUSE-SU-2019:1468-1
-
openSUSE-SU-2019:1505-1
-
openSUSE-SU-2019:1805-1
-
openSUSE-SU-2019:1806-1
-
RHSA-2019:1167
-
RHSA-2019:1168
-
RHSA-2019:1169
-
RHSA-2019:1174
-
RHSA-2019:1175
-
RHSA-2019:1176
-
RHSA-2019:1177
-
RHSA-2019:1178
-
RHSA-2019:1180
-
RHSA-2019:1181
-
SUSE-SU-2019:1235-1
-
SUSE-SU-2019:1236-1
-
SUSE-SU-2019:1238-1
-
SUSE-SU-2019:1239-1
-
SUSE-SU-2019:1240-1
-
SUSE-SU-2019:1241-1
-
SUSE-SU-2019:1242-1
-
SUSE-SU-2019:1243-1
-
SUSE-SU-2019:1244-1
-
SUSE-SU-2019:1245-1
-
SUSE-SU-2019:1248-1
-
SUSE-SU-2019:1268-1
-
SUSE-SU-2019:1269-1
-
SUSE-SU-2019:1272-1
-
SUSE-SU-2019:1287-1
-
SUSE-SU-2019:1289-1
-
SUSE-SU-2019:1296-1
-
SUSE-SU-2019:1313-1
-
SUSE-SU-2019:1347-1
-
SUSE-SU-2019:1348-1
-
SUSE-SU-2019:1349-1
-
SUSE-SU-2019:1356-1
-
SUSE-SU-2019:1371-1
-
SUSE-SU-2019:1423-1
-
SUSE-SU-2019:1438-1
-
SUSE-SU-2019:1452-1
-
SUSE-SU-2019:1490-1
-
SUSE-SU-2019:1547-1
-
SUSE-SU-2019:1550-1
-
SUSE-SU-2019:1909-1
-
SUSE-SU-2019:1910-1
-
SUSE-SU-2019:1954-1
-
SUSE-SU-2019:2430-1
-
SUSE-SU-2019:2753-1
-
SUSE-SU-2019:2769-1
-
SUSE-SU-2020:1255-1
-
SUSE-SU-2020:1275-1
-
USN-3977-1
-
USN-3977-2
-
USN-3977-3
-
USN-3978-1
-
USN-3979-1
-
USN-3980-1
-
USN-3980-2
-
USN-3981-1
-
USN-3981-2
-
USN-3982-1
-
USN-3982-2
-
USN-3983-1
-
USN-3983-2
-
USN-3984-1
-
USN-3985-1
-
USN-3985-2
-
VMSA-2019-0008.2
-
XSA-297
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2019-4628 |
|
|
| CVE | CVE-2018-12126 |
|
|
| CVE | CVE-2018-12130 |
|
|
| CVE | CVE-2018-12127 |
|
|
| CVE | CVE-2019-11091 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux |
python-perf
|
< 4.14.35-1844.4.5.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux |
perf
|
< 4.14.35-1844.4.5.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek?distro=oraclelinux-7 | oraclelinux |
kernel-uek
|
< 4.14.35-1844.4.5.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-tools?distro=oraclelinux-7 | oraclelinux |
kernel-uek-tools
|
< 4.14.35-1844.4.5.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs?distro=oraclelinux-7 | oraclelinux |
kernel-uek-tools-libs
|
< 4.14.35-1844.4.5.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-tools-libs-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-tools-libs-devel
|
< 4.14.35-1844.4.5.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-headers?distro=oraclelinux-7 | oraclelinux |
kernel-uek-headers
|
< 4.14.35-1844.4.5.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-doc?distro=oraclelinux-7 | oraclelinux |
kernel-uek-doc
|
< 4.14.35-1844.4.5.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-devel
|
< 4.14.35-1844.4.5.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug
|
< 4.14.35-1844.4.5.2.el7uek | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-uek-debug-devel?distro=oraclelinux-7 | oraclelinux |
kernel-uek-debug-devel
|
< 4.14.35-1844.4.5.2.el7uek | oraclelinux-7 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |