-
Wed Jun 06 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.15.4.el7uek]
- x86/bugs/IBRS: Keep SSBD mitigation in effect if spectre_v2=ibrs is selected (Mihai Carabas)
- fs/pstore: update the backend parameter in pstore module (Wang Long) [Orabug: 27994372]
- kvm: vmx: Reinstate support for CPUs without virtual NMI (Paolo Bonzini) [Orabug: 28041210]
- dm crypt: add big-endian variant of plain64 IV (Milan Broz) [Orabug: 28043932]
- x86/bugs: Rename SSBD_NO to SSB_NO (Konrad Rzeszutek Wilk) [Orabug: 28063992] {CVE-2018-3639}
- KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD (Tom Lendacky) [Orabug: 28063992] [Orabug: 28069548] {CVE-2018-3639}
- x86/speculation, KVM: Implement support for VIRT_SPEC_CTRL/LS_CFG (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs: Rework spec_ctrl base and mask logic (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs: Expose x86_spec_ctrl_base directly (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs: Unify x86_spec_ctrl_{set_guest,restore_host} (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639}
- x86/speculation: Rework speculative_store_bypass_update() (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/speculation: Add virtualized speculative store bypass disable support (Tom Lendacky) [Orabug: 28063992] {CVE-2018-3639}
- x86/bugs, KVM: Extend speculation control for VIRT_SPEC_CTRL (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/speculation: Handle HT correctly on AMD (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/cpufeatures: Add FEATURE_ZEN (Thomas Gleixner) [Orabug: 28063992] {CVE-2018-3639}
- x86/cpu/AMD: Fix erratum 1076 (CPB bit) (Borislav Petkov) [Orabug: 28063992] {CVE-2018-3639}
-
Fri May 25 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.15.3.el7uek]
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] {CVE-2018-1000199}
- Revert "perf/hwbp: Simplify the perf-hwbp code, fix documentation" (Brian Maly) [Orabug: 27947602]
-
Tue May 22 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.15.2.el7uek]
- KVM: SVM: Move spec control call after restore of GS (Thomas Gleixner) {CVE-2018-3639}
- x86/bugs: Fix the parameters alignment and missing void (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Make cpu_show_common() static (Jiri Kosina) {CVE-2018-3639}
- x86/bugs: Fix __ssb_select_mitigation() return type (Jiri Kosina) {CVE-2018-3639}
- Documentation/spec_ctrl: Do some minor cleanups (Borislav Petkov) {CVE-2018-3639}
- proc: Use underscores for SSBD in 'status' (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Rename _RDS to _SSBD (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/speculation: Make "seccomp" the default mode for Speculative Store Bypass (Kees Cook) {CVE-2018-3639}
- seccomp: Move speculation migitation control to arch code (Thomas Gleixner) {CVE-2018-3639}
- seccomp: Add filter flag to opt-out of SSB mitigation (Kees Cook) {CVE-2018-3639}
- seccomp: Use PR_SPEC_FORCE_DISABLE (Thomas Gleixner) {CVE-2018-3639}
- prctl: Add force disable speculation (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- seccomp: Enable speculation flaw mitigations (Kees Cook) {CVE-2018-3639}
- proc: Provide details on speculation flaw mitigations (Kees Cook) {CVE-2018-3639}
- nospec: Allow getting/setting on non-current task (Kees Cook) {CVE-2018-3639}
- x86/bugs/IBRS: Disable SSB (RDS) if IBRS is sslected for spectre_v2. (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/speculation: Add prctl for Speculative Store Bypass mitigation (Thomas Gleixner) {CVE-2018-3639}
- x86: thread_info.h: move RDS from index 5 to 23 (Mihai Carabas) {CVE-2018-3639}
- x86/process: Allow runtime control of Speculative Store Bypass (Thomas Gleixner) {CVE-2018-3639}
- prctl: Add speculation control prctls (Thomas Gleixner) {CVE-2018-3639}
- x86/speculation: Create spec-ctrl.h to avoid include hell (Thomas Gleixner) {CVE-2018-3639}
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/intel: Set proper CPU features and setup RDS (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable mitigation (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/cpufeatures: Add X86_FEATURE_RDS (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Expose /sys/../spec_store_bypass (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/cpu/intel: Add Knights Mill to Intel family (Piotr Luc) {CVE-2018-3639}
- x86/cpu: Rename Merrifield2 to Moorefield (Andy Shevchenko) {CVE-2018-3639}
- x86/bugs, KVM: Support the combination of guest and host IBRS (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/IBRS: Warn if IBRS is enabled during boot. (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/IBRS: Use variable instead of defines for enabling IBRS (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Concentrate bug reporting into a separate function (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs: Concentrate bug detection into a separate function (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/bugs/IBRS: Turn on IBRS in spectre_v2_select_mitigation (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- x86/msr: Add SPEC_CTRL_IBRS.. (Konrad Rzeszutek Wilk) {CVE-2018-3639}
- scsi: libfc: Revisit kref handling (Hannes Reinecke)
- scsi: libfc: reset exchange manager during LOGO handling (Hannes Reinecke)
- scsi: libfc: send LOGO for PLOGI failure (Hannes Reinecke)
- scsi: libfc: Issue PRLI after a PRLO has been received (Hannes Reinecke)
- libfc: Update rport reference counting (Hannes Reinecke)
- amd/kvm: do not intercept new MSRs for spectre v2 mitigation (Elena Ufimtseva)
- RDS: null pointer dereference in rds_atomic_free_op (Mohamed Ghannam) [Orabug: 27422832] {CVE-2018-5333}
- ACPI: sbshc: remove raw pointer from printk() message (Greg Kroah-Hartman) [Orabug: 27501257] {CVE-2018-5750}
- futex: Prevent overflow by strengthen input validation (Li Jinyue) [Orabug: 27539548] {CVE-2018-6927}
- net: ipv4: add support for ECMP hash policy choice (Venkat Venkatsubra) [Orabug: 27547114]
- net: ipv4: Consider failed nexthops in multipath routes (David Ahern) [Orabug: 27547114]
- ipv4: L3 hash-based multipath (Peter Nørlund) [Orabug: 27547114]
- dm: fix race between dm_get_from_kobject() and __dm_destroy() (Hou Tao) [Orabug: 27677556] {CVE-2017-18203}
- NFS: only invalidate dentrys that are clearly invalid. (NeilBrown) [Orabug: 27870824]
- net: Improve handling of failures on link and route dumps (David Ahern) [Orabug: 27959177]
- mm/mempolicy: fix use after free when calling get_mempolicy (zhong jiang) [Orabug: 27963519] {CVE-2018-10675}
- drm: udl: Properly check framebuffer mmap offsets (Greg Kroah-Hartman) [Orabug: 27963530] {CVE-2018-8781}
- xfs: set format back to extents if xfs_bmap_extents_to_btree (Eric Sandeen) [Orabug: 27963576] {CVE-2018-10323}
- Revert "mlx4: change the ICM table allocations to lowest needed size" (Håkon Bugge) [Orabug: 27980030]
- Bluetooth: Prevent stack info leak from the EFS element. (Ben Seri) [Orabug: 28030514] {CVE-2017-1000410} {CVE-2017-1000410}
-
Tue May 08 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.15.1.el7uek]
- netfilter: nfnetlink_cthelper: Add missing permission checks (Kevin Cernekee) [Orabug: 27260771] {CVE-2017-17448}
- netlink: Add netns check on taps (Kevin Cernekee) [Orabug: 27260799] {CVE-2017-17449}
- KVM: Fix stack-out-of-bounds read in write_mmio (Wanpeng Li) [Orabug: 27290606] {CVE-2017-17741} {CVE-2017-17741}
- xprtrdma: Detect unreachable NFS/RDMA servers more reliably (Chuck Lever) [Orabug: 27587008]
- sunrpc: Export xprt_force_disconnect() (Chuck Lever) [Orabug: 27587008]
- sunrpc: Allow xprt->ops->timer method to sleep (Chuck Lever) [Orabug: 27587008]
- KVM: nVMX: fix guest CR4 loading when emulating L2 to L1 exit (Haozhong Zhang) [Orabug: 27720128]
- x86/microcode: probe CPU features on microcode update (Ankur Arora) [Orabug: 27878230]
- x86/microcode: microcode_write() should not reference boot_cpu_data (Ankur Arora) [Orabug: 27878230]
- x86/cpufeatures: use cpu_data in init_scattered_cpuid_flags() (Ankur Arora) [Orabug: 27878230]
- mm/pagewalk.c: report holes in hugetlb ranges (Jann Horn) [Orabug: 27913118] {CVE-2017-16994}
- KEYS: don't let add_key() update an uninstantiated key (David Howells) [Orabug: 27913330] {CVE-2017-15299}
- drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl() (Murray McAllister) [Orabug: 27913367] {CVE-2017-7294}
- vmscan: Support multiple kswapd threads per node (Buddy Lumpkin) [Orabug: 27913411]
- tcp: don't use F-RTO on non-recurring timeouts (Yuchung Cheng) [Orabug: 27901860]
- net/rds: ib: Release correct number of frags (Håkon Bugge) [Orabug: 27924161]
- crypto: rng - Remove old low-level rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116}
- crypto: drbg - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116}
- crypto: ansi_cprng - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116}
- crypto: krng - Convert to new rng interface (Herbert Xu) [Orabug: 27926676] {CVE-2017-15116}
- RDS: Heap OOB write in rds_message_alloc_sgs() (Mohamed Ghannam) [Orabug: 27934066] {CVE-2018-5332}
- net: Fix double free and memory corruption in get_net_ns_by_id() (Eric W. Biederman) [Orabug: 27934789] {CVE-2017-15129}
-
Fri May 04 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.14.5.el7uek]
- vhost/scsi: fix reuse of &vq->iov[out] in response (Benjamin Coddington) [Orabug: 27928330]
-
Thu May 03 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.14.4.el7uek]
- kernel.spec: add requires system-release for OL7 (Brian Maly) [Orabug: 27955380]
- x86/kernel/traps.c: fix trace_die_notifier return value (Kris Van Hees) {CVE-2018-8897}
- x86/entry/64: Dont use IST entry for #BP stack (Andy Lutomirski) {CVE-2018-8897}
- kvm/x86: fix icebp instruction handling (gregkh@linuxfoundation.org) {CVE-2018-1087}
-
Mon Apr 30 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.14.3.el7uek]
- perf/hwbp: Simplify the perf-hwbp code, fix documentation (Linus Torvalds) [Orabug: 27947602] {CVE-2018-100199}
-
Mon Apr 23 2018 Brian Maly <brian.maly@oracle.com> [4.1.12-124.14.2.el7uek]
- scsi: iscsi_tcp: set BDI_CAP_STABLE_WRITES when data digest enabled (Jianchao Wang) [Orabug: 27726302]
- block: fix bio_will_gap() for first bvec with offset (Ming Lei) [Orabug: 27775588]
- block: relax check on sg gap (Ming Lei) [Orabug: 27775588]
- block: don't optimize for non-cloned bio in bio_get_last_bvec() (Ming Lei) [Orabug: 27775588]
- block: merge: get the 1st and last bvec via helpers (Ming Lei) [Orabug: 27775588]
- block: get the 1st and last bvec via helpers (Ming Lei) [Orabug: 27775588]
- block: check virt boundary in bio_will_gap() (Ming Lei) [Orabug: 27775588]
- block: bio: introduce helpers to get the 1st and last bvec (Ming Lei) [Orabug: 27775588]
- Failing to send a CLOSE if file is opened WRONLY and server reboots on a 4.x mount (Olga Kornievskaia) [Orabug: 27848303]
- ext4: add validity checks for bitmap block numbers (Theodore Ts'o) [Orabug: 27854373] {CVE-2018-1093} {CVE-2018-1093}
- ocfs2: Take inode cluster lock before moving reflinked inode from orphan dir (Ashish Samant) [Orabug: 27869411]
- Input: gtco - fix potential out-of-bound access (Dmitry Torokhov) [Orabug: 27869844] {CVE-2017-16643}
- Input: ims-psu - check if CDC union descriptor is sane (Dmitry Torokhov) [Orabug: 27870333] {CVE-2017-16645}
- vfio/pci: Virtualize Maximum Payload Size (Alex Williamson)
- vfio-pci: Virtualize PCIe & AF FLR (Alex Williamson)
- uek-rpm: Disable DMA CMA (Jianchao Wang) [Orabug: 27892359]
- nvme-pci: fix multiple ctrl removal scheduling (Rakesh Pandit) [Orabug: 27892359]
- nvme-pci: Fix nvme queue cleanup if IRQ setup fails (Jianchao Wang) [Orabug: 27892359]
- nvme/pci: Fix stuck nvme reset (Keith Busch) [Orabug: 27892359]
- nvme: don't schedule multiple resets (Keith Busch) [Orabug: 27892359]
- blk-mq: fix use-after-free in blk_mq_free_tag_set() (Junichi Nomura) [Orabug: 27892359]
- USB: core: prevent malicious bNumInterfaces overflow (Alan Stern) [Orabug: 27895909]
- driver core: platform: fix race condition with driver_override (Adrian Salido) [Orabug: 27897874] {CVE-2017-12146}
- usb/core: usb_alloc_dev(): fix setting of ->portnum (Nicolai Stange) [Orabug: 27908746]
-
Thu Apr 12 2018 Jack Vogel <jack.vogel@oracle.com> [4.1.12-124.14.1.el7uek]
- ctf: drop the run-as-root error (Nick Alcock) [Orabug: 27852654]
- rds: Node crashes when trace buffer is opened (Ka-Cheong Poon) [Orabug: 27846191]
- xfs: fix accidental reversion of aa6a6227435cb (Darrick J. Wong) [Orabug: 27845869]
-
Tue Apr 10 2018 Jack Vogel <jack.vogel@oracle.com> [4.1.12-124.13.1.el7uek]
- net: cdc_ether: fix divide by 0 on bad descriptors (Bjørn Mork) [Orabug: 27841392] {CVE-2017-16649}
- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27841944] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191}
- Revert "sysctl: Drop reference added by grab_header in proc_sys_readdir" (Jack Vogel)