[ol8_baseos_latest] kernel-debug-core-4.18.0-193.14.3.el8_2.x86_64

The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system.  The kernel handles the basic functions
of the operating system:  memory allocation, process allocation, device
input and output, etc.

This variant of the kernel has numerous debugging options enabled.
It should only be installed when trying to gather additional information
on kernel bugs, as some of these options impact performance noticably.

Changelog (Show File list) (Show related packages)

• Wed Jul 29 2020 Kevin Lyons <kevin.x.lyons@oracle.com> [4.18.0-193.14.3.el8_2.OL8]

  - Oracle Linux certificates (Kevin Lyons)
  - Disable signing for aarch64 (Ilya Okomin)
  - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
  - Update x509.genkey [Orabug: 24817676]
  - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7

• Mon Jul 20 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.14.3.el8_2]

  - Reverse keys order for dual-signing (Frantisek Hrbata) [1837433 1837434] {CVE-2020-10713}

• Sun Jul 19 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.14.2.el8_2]

  - [kernel] Move to dual-signing to split signing keys up better (pjones) [1837433 1837434] {CVE-2020-10713}
  - [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837433 1837434] {CVE-2020-10713}
  - [acpi] ACPI: configfs: Disallow loading ACPI tables when locked down (Lenny Szubowicz) [1852968 1852969] {CVE-2020-15780}
  - [firmware] efi: Restrict efivar_ssdt_load when the kernel is locked down (Lenny Szubowicz) [1852948 1852949] {CVE-2019-20908}

• Mon Jul 13 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.14.1.el8_2]

  - [md] dm mpath: add DM device name to Failing/Reinstating path log messages (Mike Snitzer) [1852050 1822975]
  - [md] dm mpath: enhance queue_if_no_path debugging (Mike Snitzer) [1852050 1822975]
  - [md] dm mpath: restrict queue_if_no_path state machine (Mike Snitzer) [1852050 1822975]
  - [md] dm mpath: simplify __must_push_back (Mike Snitzer) [1852050 1822975]
  - [md] dm: use DMDEBUG macros now that they use pr_debug variants (Mike Snitzer) [1852050 1822975]
  - [include] dm: use dynamic debug instead of compile-time config option (Mike Snitzer) [1852050 1822975]
  - [md] dm mpath: switch paths in dm_blk_ioctl() code path (Mike Snitzer) [1852050 1822975]
  - [md] dm multipath: use updated MPATHF_QUEUE_IO on mapping for bio-based mpath (Mike Snitzer) [1852050 1822975]
  - [md] dm: bump version of core and various targets (Mike Snitzer) [1852050 1822975]
  - [md] dm mpath: Add timeout mechanism for queue_if_no_path (Mike Snitzer) [1852050 1822975]
  - [md] dm mpath: use true_false for bool variable (Mike Snitzer) [1852050 1822975]
  - [md] dm mpath: remove harmful bio-based optimization (Mike Snitzer) [1852050 1822975]
  - [scsi] scsi: libiscsi: fall back to sendmsg for slab pages (Maurizio Lombardi) [1852048 1825775]
  - [s390] s390/mm: fix panic in gup_fast on large pud (Philipp Rudo) [1853336 1816980]

• Tue Jul 07 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.13.1.el8_2]

  - [x86] x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (Lenny Szubowicz) [1846180 1824005]

• Thu Jul 02 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.12.1.el8_2]

  - [net] openvswitch: simplify the ovs_dp_cmd_new (Eelco Chaudron) [1851235 1819202]
  - [net] openvswitch: fix possible memleak on destroy flow-table (Eelco Chaudron) [1851235 1819202]
  - [net] openvswitch: add likely in flow_lookup (Eelco Chaudron) [1851235 1819202]
  - [net] openvswitch: simplify the flow_hash (Eelco Chaudron) [1851235 1819202]
  - [net] openvswitch: optimize flow-mask looking up (Eelco Chaudron) [1851235 1819202]
  - [net] openvswitch: optimize flow mask cache hash collision (Eelco Chaudron) [1851235 1819202]
  - [net] openvswitch: shrink the mask array if necessary (Eelco Chaudron) [1851235 1819202]
  - [net] openvswitch: convert mask list in mask array (Eelco Chaudron) [1851235 1819202]
  - [net] openvswitch: add flow-mask cache for performance (Eelco Chaudron) [1851235 1819202]
  - [net] netfilter: nf_tables: use-after-free in dynamic operations (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: add missing ->release_ops() in error path of newrule() (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nft_compat: use .release_ops and remove list of extension (Phil Sutter) [1845164 1757933]
  - [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
  - [pci] PCI: pciehp: Fix MSI interrupt race (Myron Stowe) [1852045 1779610]
  - [kernel] smp: Allow smp_call_function_single_async() to insert locked csd (Peter Xu) [1851406 1830014]
  - [x86] kvm: Clean up host's steal time structure (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
  - [x86] kvm: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
  - [virt] x86/kvm: Cache gfn to pfn translation (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
  - [virt] x86/kvm: Introduce kvm_(un)map_gfn() (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
  - [x86] kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (Jon Maloy) [1795128 1813987] {CVE-2019-3016}

• Fri Jun 26 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.11.1.el8_2]

  - [net] netfilter: conntrack: fix infinite loop on rmmod (Florian Westphal) [1851005 1832381]
  - [net] netfilter: conntrack: allow insertion of clashing entries (Florian Westphal) [1851003 1821404]
  - [net] netfilter: conntrack: split resolve_clash function (Florian Westphal) [1851003 1821404]
  - [net] netfilter: conntrack: place confirm-bit setting in a helper (Florian Westphal) [1851003 1821404]
  - [net] netfilter: never get/set skb->tstamp (Florian Westphal) [1851003 1821404]
  - [net] netfilter: conntrack: remove two args from resolve_clash (Florian Westphal) [1851003 1821404]
  - [net] netfilter: conntrack: tell compiler to not inline nf_ct_resolve_clash (Florian Westphal) [1851003 1821404]
  - [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843440 1843441] {CVE-2020-10757}
  - [x86] x86/vector: Remove warning on managed interrupt migration (Peter Xu) [1848545 1812331]
  - [s390] s390/cio: fix virtio-ccw DMA without PV (Philipp Rudo) [1842620 1814787]

• Fri Jun 19 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.10.1.el8_2]

  - [misc] dma-mapping: zero memory returned from dma_alloc_* (Philipp Rudo) [1847453 1788928]
  - [nvme] nvme-multipath: fix crash in nvme_mpath_clear_ctrl_paths (Gopal Tiwari) [1846405 1781927]
  - [net] netfilter: nf_tables: fix infinite loop when expr is not available (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: autoload modules from the abort path (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: remove WARN and add NLA_STRING upper limits (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: store transaction list locally while requesting module (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: use-after-free in failing rule with bound set (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nft_meta: skip EAGAIN if nft_meta_bridge is not a module (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: force module load in case select_ops() returns -EAGAIN (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: add nft_expr_type_request_module() (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: bogus EBUSY in helper removal from transaction (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: fix set double-free in abort path (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nft_compat: don't use refcount_inc on newly allocated entry (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: unbind set in rule from commit path (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nft_compat: destroy function must not have side effects (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nft_compat: make lists per netns (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nft_compat: use refcnt_t type for nft_xt reference count (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: fix suspicious RCU usage in nft_chain_stats_replace() (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: asynchronous release (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: split set destruction in deactivate and destroy phase (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: flow event notifier must use transaction mutex (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: use dedicated mutex to guard transactions (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: avoid global info storage (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: take module reference when starting a batch (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: make valid_genid callback mandatory (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nf_tables: add and use helper for module autoload (Phil Sutter) [1845164 1757933]
  - [net] netfilter: nat: never update the UDP checksum when it's 0 (Guillaume Nault) [1847128 1794714]
  - [x86] x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches (Waiman Long) [1847395 1847396] {CVE-2020-10768}
  - [x86] x86/speculation: Prevent rogue cross-process SSBD shutdown (Waiman Long) [1847357 1847358] {CVE-2020-10766}
  - [x86] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS (Waiman Long) [1847378 1847379] {CVE-2020-10767}
  - [x86] x86/speculation: Add support for STIBP always-on preferred mode (Waiman Long) [1847378 1847379] {CVE-2020-10767}
  - [x86] x86/speculation: Change misspelled STIPB to STIBP (Waiman Long) [1847378 1847379] {CVE-2020-10767}
  - [powerpc] powerpc/pseries/ddw: Extend upper limit for huge DMA window for persistent memory (Steve Best) [1842406 1817596]

• Sun Jun 14 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.9.1.el8_2]

  - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844073 1844031] {CVE-2020-12654}
  - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844049 1844039] {CVE-2020-12653}
  - [netdrv] net/mlx5: FPGA, support network cards with standalone FPGA (Alaa Hleihel) [1843544 1789380]
  - [mm] hugetlbfs: don't retry when pool page allocations start to fail (Rafael Aquini) [1835789 1727288]
  - [mm] mm, compaction: raise compaction priority after it withdrawns (Rafael Aquini) [1835789 1727288]
  - [mm] mm, reclaim: cleanup should_continue_reclaim() (Rafael Aquini) [1835789 1727288]
  - [mm] mm, reclaim: make should_continue_reclaim perform dryrun detection (Rafael Aquini) [1835789 1727288]
  - [kernel] exit: panic before exit_mm() on global init exit (Oleg Nesterov) [1821378 1808944]
  - [documentation] x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}
  - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}
  - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}
  - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}
  - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}

• Mon Jun 08 2020 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-193.8.1.el8_2]

  - [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
  - [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
  - [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
  - [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
  - [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1837309 1837310] {CVE-2020-12888}
  - [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1837309 1837310] {CVE-2020-12888}