-
Wed Nov 20 2019 Alan Steinberg <alan.steinberg@oracle.com> [4.18.0-147.0.3.el8_1.OL8]
- Oracle Linux certificates (Alexey Petrenko)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
-
Mon Nov 11 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-147.0.3.el8_1]
- [drm] drm/i915/cmdparser: Fix jump whitelist clearing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
-
Sun Nov 03 2019 Frantisek Hrbata <fhrbata@redhat.com> [4.18.0-147.0.2.el8_1]
- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1766056 1756805] {CVE-2019-0154}
- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756871 1756873] {CVE-2019-0155}
- [x86] x86/tsx: Add config options to set tsx=on|off|auto (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/tsx: Add "auto" option to the tsx= cmdline parameter (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [base] x86/speculation/taa: Add sysfs reporting for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/speculation/taa: Add mitigation for TSX Async Abort (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/cpu: Add a helper function x86_read_arch_cap_msr() (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [x86] x86/msr: Add the IA32_TSX_CTRL MSR (Josh Poimboeuf) [1766550 1766551] {CVE-2019-11135}
- [documentation] Documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [x86] x86/cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [x86] x86: Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] KVM: x86/mmu: Reintroduce fast invalidate/zap for flushing memslot (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] Revert "KVM: x86/mmu: Zap only the relevant pages when removing a memslot" (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [kvm] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1698416 1690344] {CVE-2018-12207}
- [zstream] switch to zstream (Frantisek Hrbata)
-
Thu Sep 26 2019 Herton R. Krzesinski <herton@redhat.com> [4.18.0-147.el8]
- [x86] perf/x86/intel: Fix spurious NMI on fixed counter (Michael Petlan) [1755110]
- [x86] perf/x86/intel: Fix race in intel_pmu_disable_event() (Michael Petlan) [1755110]
- [netdrv] drivers: tap.c: fix wrong backport causing WARN_ON_ONCE(1) in skb_flow_dissect() (Davide Caratti) [1750711]
- [virt] KVM: coalesced_mmio: add bounds checking (Bandan Das) [1746804] {CVE-2019-14821}
-
Tue Sep 24 2019 Herton R. Krzesinski <herton@redhat.com> [4.18.0-146.el8]
- [fs] gfs2: clear buf_in_tr when ending a transaction in sweep_bh_for_rgrps (Robert S Peterson) [1750939]
- [s390] kvm: s390: kvm_s390_vm_start_migration: check dirty_bitmap before using it as target for memset() (Thomas Huth) [1753260]
- [fs] cifs: fix credits leak for SMB1 oplock breaks (Leif Sahlberg) [1752243]
-
Wed Sep 18 2019 Herton R. Krzesinski <herton@redhat.com> [4.18.0-145.el8]
- [iommu] iommu/amd: Add support for X2APIC IOMMU interrupts (Suravee Suthikulpanit) [1734842]
- [vhost] vhost: make sure log_num < in_num (Eugenio Perez) [1750882] {CVE-2019-14835}
-
Thu Sep 12 2019 Herton R. Krzesinski <herton@redhat.com> [4.18.0-144.el8]
- [md] Revert "[md] dm: eliminate 'split_discard_bios' flag from DM target interface" (Mike Snitzer) [1749929]
- [md] Revert "[md] dm: make sure to obey max_io_len_target_boundary" (Mike Snitzer) [1749929]
- [pci] PCI: Restore Resizable BAR size bits correctly for 1MB BARs (Myron Stowe) [1717760]
- [net] netfilter: nft_fib_netdev: Terminate rule eval if protocol=IPv6 and ipv6 module is disabled (Phil Sutter) [1743945]
- [net] netfilter: bridge: Drops IPv6 packets if IPv6 module is not loaded (Phil Sutter) [1743945]
- [drm] drm/qxl: get vga ioports (Gerd Hoffmann) [1728936]
- [drm] drm/i915: Call dma_set_max_seg_size() in i915_driver_hw_probe() (Lyude Paul) [1724363]
-
Mon Sep 09 2019 Herton R. Krzesinski <herton@redhat.com> [4.18.0-143.el8]
- [net] netfilter: nft_set: fix allocation size overflow in privsize callback. (Florian Westphal) [1746338]
- [net] net: route dump netlink NLM_F_MULTI flag missing (Stefano Brivio) [1745971]
- [net] sched: pfifo_fast: fix wrong dereference in pfifo_fast_enqueue (Davide Caratti) [1745390]
- [net] sched: pfifo_fast: fix wrong dereference when qdisc is reset (Davide Caratti) [1745387]
- [scsi] scsi: vmw_pscsi: Fix use-after-free in pvscsi_queue_lck() (David Milburn) [1746597]
-
Fri Sep 06 2019 Herton R. Krzesinski <herton@redhat.com> [4.18.0-142.el8]
- [drm] drm/virtio: use virtio_max_dma_size (Gerd Hoffmann) [1739291]
- [mm] hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (Rafael Aquini) [1706088]
- [powerpc] kvm: ppc: book3s: Enable XIVE native capability only if OPAL has required functions [BZ1744884] (David Gibson) [1744884]
- [scsi] scsi: lpfc: Fix oops when fewer hdwqs than cpus (Dick Kennedy) [1745731]
- [scsi] scsi: lpfc: Limit xri count for kdump environment (Dick Kennedy) [1745731]
- [scsi] scsi: lpfc: Mitigate high memory pre-allocation by SCSI-MQ (Dick Kennedy) [1745731]
- [scsi] scsi: qla2xxx: Fix hardirq-unsafe locking (Himanshu Madhani) [1719941]
- [x86] Revert "[x86] x86/kexec/64: Prevent kexec from 5-level paging to a 4-level only kernel" (Baoquan He) [1669088]
- [x86] Revert "[x86] x86/boot: Add xloadflags bits to check for 5-level paging support" (Baoquan He) [1669088]
-
Fri Aug 30 2019 Herton R. Krzesinski <herton@redhat.com> [4.18.0-141.el8]
- [wireless] mwifiex: fix 802.11n/WPA detection (Jarod Wilson) [1714476] {CVE-2019-3846}