Описание
ELSA-2018-4288: Unbreakable Enterprise kernel security update (IMPORTANT)
[4.1.12-124.22.4]
- Revert commit 8bd274934987 ('block: fix bdi vs gendisk lifetime mismatch') (Ashish Samant) [Orabug: 28968102]
- KVM/x86: Add IBPB support (Ashok Raj) [Orabug: 28703712]
- x86/intel/spectre_v2: Remove unnecessary retp_compiler() test (Boris Ostrovsky) [Orabug: 28814570]
- x86/intel/spectre_v4: Deprecate spec_store_bypass_disable=userspace (Boris Ostrovsky) [Orabug: 28814570]
- x86/speculation: x86_spec_ctrl_set needs to be called unconditionally (Boris Ostrovsky) [Orabug: 28814570]
- x86/speculation: Drop unused DISABLE_IBRS_CLOBBER macro (Boris Ostrovsky) [Orabug: 28814570]
- x86/intel/spectre_v4: Keep SPEC_CTRL_SSBD when IBRS is in use (Boris Ostrovsky) [Orabug: 28814570]
[4.1.12-124.22.3]
- net: net_failover: fix typo in net_failover_slave_register() (Liran Alon) [Orabug: 28122104]
- virtio_net: Extend virtio to use VF datapath when available (Sridhar Samudrala) [Orabug: 28122104]
- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar Samudrala) [Orabug: 28122104]
- net: Introduce net_failover driver (Sridhar Samudrala) [Orabug: 28122104]
- net: Introduce generic failover module (Sridhar Samudrala) [Orabug: 28122104]
- net: introduce lower state changed info structure for LAG lowers (Jiri Pirko) [Orabug: 28122104]
- net: introduce change lower state notifier (Jiri Pirko) [Orabug: 28122104]
- net: add info struct for LAG changeupper (Jiri Pirko) [Orabug: 28122104]
- net: add possibility to pass information about upper device via notifier (Jiri Pirko) [Orabug: 28122104]
- net: Check CHANGEUPPER notifier return value (Ido Schimmel) [Orabug: 28122104]
- net: introduce change upper device notifier change info (Jiri Pirko) [Orabug: 28122104]
- x86/bugs: rework x86_spec_ctrl_set to make its changes explicit (Daniel Jordan) [Orabug: 28271063]
- x86/bugs: rename ssbd_ibrs_selected to ssbd_userspace_selected (Daniel Jordan) [Orabug: 28271063]
- x86/bugs: always use x86_spec_ctrl_base or _priv when setting spec ctrl MSR (Daniel Jordan) [Orabug: 28271063]
- xen-blkfront: fix kernel panic with negotiate_mq error path (Manjunath Patil) [Orabug: 28798861]
- scsi: lpfc: Correct MDS diag and nvmet configuration (James Smart) [Orabug: 28855939]
- scsi: virtio_scsi: let host do exception handling (Paolo Bonzini) [Orabug: 28856913]
- net/rds: Fix endless RNR situation (Venkat Venkatsubra) [Orabug: 28857027]
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect() (Alexander Potapenko) [Orabug: 28892656] {CVE-2018-1000204}
- cdrom: fix improper type cast, which can leat to information leak. (Young_X) [Orabug: 28929767] {CVE-2018-16658} {CVE-2018-10940} {CVE-2018-18710}
Обновленные пакеты
Oracle Linux 6
Oracle Linux x86_64
kernel-uek
4.1.12-124.22.4.el6uek
kernel-uek-debug
4.1.12-124.22.4.el6uek
kernel-uek-debug-devel
4.1.12-124.22.4.el6uek
kernel-uek-devel
4.1.12-124.22.4.el6uek
kernel-uek-doc
4.1.12-124.22.4.el6uek
kernel-uek-firmware
4.1.12-124.22.4.el6uek
Oracle Linux 7
Oracle Linux x86_64
kernel-uek
4.1.12-124.22.4.el7uek
kernel-uek-debug
4.1.12-124.22.4.el7uek
kernel-uek-debug-devel
4.1.12-124.22.4.el7uek
kernel-uek-devel
4.1.12-124.22.4.el7uek
kernel-uek-doc
4.1.12-124.22.4.el7uek
kernel-uek-firmware
4.1.12-124.22.4.el7uek
Связанные CVE
Связанные уязвимости
ELSA-2018-4301: Unbreakable Enterprise kernel security update (IMPORTANT)
ELSA-2018-4300: Unbreakable Enterprise kernel security update (IMPORTANT)
** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit."
Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit.
Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit.