Name: | kernel |
---|---|
Version: | 4.18.0 |
Release: | 193.14.3.el8_2 |
Architecture: | x86_64 |
Group: | System Environment/Kernel |
Size: | 0 |
License: | GPLv2 and Redistributable, no modification permitted |
RPM: | kernel-4.18.0-193.14.3.el8_2.x86_64.rpm |
Source RPM: | kernel-4.18.0-193.14.3.el8_2.src.rpm |
Build Date: | Thu Jul 30 2020 |
Build Host: | jenkins-10-147-72-125-c0965034-9ac1-44f0-bff6-98bec5b66adb.appad1iad.osdevelopmeniad.oraclevcn.com |
Vendor: | Oracle America |
URL: | http://www.kernel.org/ |
Summary: | The Linux kernel, based on version 4.18.0, heavily modified with backports |
Description: | This is the package which provides the Linux kernel for Red Hat Enterprise Linux. It is based on upstream Linux at version 4.18.0 and maintains kABI compatibility of a set of approved symbols, however it is heavily modified with backports and fixes pulled from newer upstream Linux kernel releases. This means this is not a 4.18.0 kernel anymore: it includes several components which come from newer upstream linux versions, while maintaining a well tested and stable core. Some of the components/backports that may be pulled in are: changes like updates to the core kernel (eg.: scheduler, cgroups, memory management, security fixes and features), updates to block layer, supported filesystems, major driver updates for supported hardware in Red Hat Enterprise Linux, enhancements for enterprise customers, etc. |
- Oracle Linux certificates (Kevin Lyons) - Disable signing for aarch64 (Ilya Okomin) - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 <= 15-2.0.3.el7
- Reverse keys order for dual-signing (Frantisek Hrbata) [1837433 1837434] {CVE-2020-10713}
- [kernel] Move to dual-signing to split signing keys up better (pjones) [1837433 1837434] {CVE-2020-10713} - [crypto] pefile: Tolerate other pefile signatures after first (Lenny Szubowicz) [1837433 1837434] {CVE-2020-10713} - [acpi] ACPI: configfs: Disallow loading ACPI tables when locked down (Lenny Szubowicz) [1852968 1852969] {CVE-2020-15780} - [firmware] efi: Restrict efivar_ssdt_load when the kernel is locked down (Lenny Szubowicz) [1852948 1852949] {CVE-2019-20908}
- [md] dm mpath: add DM device name to Failing/Reinstating path log messages (Mike Snitzer) [1852050 1822975] - [md] dm mpath: enhance queue_if_no_path debugging (Mike Snitzer) [1852050 1822975] - [md] dm mpath: restrict queue_if_no_path state machine (Mike Snitzer) [1852050 1822975] - [md] dm mpath: simplify __must_push_back (Mike Snitzer) [1852050 1822975] - [md] dm: use DMDEBUG macros now that they use pr_debug variants (Mike Snitzer) [1852050 1822975] - [include] dm: use dynamic debug instead of compile-time config option (Mike Snitzer) [1852050 1822975] - [md] dm mpath: switch paths in dm_blk_ioctl() code path (Mike Snitzer) [1852050 1822975] - [md] dm multipath: use updated MPATHF_QUEUE_IO on mapping for bio-based mpath (Mike Snitzer) [1852050 1822975] - [md] dm: bump version of core and various targets (Mike Snitzer) [1852050 1822975] - [md] dm mpath: Add timeout mechanism for queue_if_no_path (Mike Snitzer) [1852050 1822975] - [md] dm mpath: use true_false for bool variable (Mike Snitzer) [1852050 1822975] - [md] dm mpath: remove harmful bio-based optimization (Mike Snitzer) [1852050 1822975] - [scsi] scsi: libiscsi: fall back to sendmsg for slab pages (Maurizio Lombardi) [1852048 1825775] - [s390] s390/mm: fix panic in gup_fast on large pud (Philipp Rudo) [1853336 1816980]
- [x86] x86/efi: Allocate e820 buffer before calling efi_exit_boot_service (Lenny Szubowicz) [1846180 1824005]
- [net] openvswitch: simplify the ovs_dp_cmd_new (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: fix possible memleak on destroy flow-table (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: add likely in flow_lookup (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: simplify the flow_hash (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: optimize flow-mask looking up (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: optimize flow mask cache hash collision (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: shrink the mask array if necessary (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: convert mask list in mask array (Eelco Chaudron) [1851235 1819202] - [net] openvswitch: add flow-mask cache for performance (Eelco Chaudron) [1851235 1819202] - [net] netfilter: nf_tables: use-after-free in dynamic operations (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: add missing ->release_ops() in error path of newrule() (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: use .release_ops and remove list of extension (Phil Sutter) [1845164 1757933] - [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [pci] PCI: pciehp: Fix MSI interrupt race (Myron Stowe) [1852045 1779610] - [kernel] smp: Allow smp_call_function_single_async() to insert locked csd (Peter Xu) [1851406 1830014] - [x86] kvm: Clean up host's steal time structure (Jon Maloy) [1795128 1813987] {CVE-2019-3016} - [x86] kvm: Make sure KVM_VCPU_FLUSH_TLB flag is not missed (Jon Maloy) [1795128 1813987] {CVE-2019-3016} - [virt] x86/kvm: Cache gfn to pfn translation (Jon Maloy) [1795128 1813987] {CVE-2019-3016} - [virt] x86/kvm: Introduce kvm_(un)map_gfn() (Jon Maloy) [1795128 1813987] {CVE-2019-3016} - [x86] kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (Jon Maloy) [1795128 1813987] {CVE-2019-3016}
- [net] netfilter: conntrack: fix infinite loop on rmmod (Florian Westphal) [1851005 1832381] - [net] netfilter: conntrack: allow insertion of clashing entries (Florian Westphal) [1851003 1821404] - [net] netfilter: conntrack: split resolve_clash function (Florian Westphal) [1851003 1821404] - [net] netfilter: conntrack: place confirm-bit setting in a helper (Florian Westphal) [1851003 1821404] - [net] netfilter: never get/set skb->tstamp (Florian Westphal) [1851003 1821404] - [net] netfilter: conntrack: remove two args from resolve_clash (Florian Westphal) [1851003 1821404] - [net] netfilter: conntrack: tell compiler to not inline nf_ct_resolve_clash (Florian Westphal) [1851003 1821404] - [x86] mm: Fix mremap not considering huge pmd devmap (Rafael Aquini) [1843440 1843441] {CVE-2020-10757} - [x86] x86/vector: Remove warning on managed interrupt migration (Peter Xu) [1848545 1812331] - [s390] s390/cio: fix virtio-ccw DMA without PV (Philipp Rudo) [1842620 1814787]
- [misc] dma-mapping: zero memory returned from dma_alloc_* (Philipp Rudo) [1847453 1788928] - [nvme] nvme-multipath: fix crash in nvme_mpath_clear_ctrl_paths (Gopal Tiwari) [1846405 1781927] - [net] netfilter: nf_tables: fix infinite loop when expr is not available (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: autoload modules from the abort path (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: remove WARN and add NLA_STRING upper limits (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: store transaction list locally while requesting module (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: use-after-free in failing rule with bound set (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_meta: skip EAGAIN if nft_meta_bridge is not a module (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: force module load in case select_ops() returns -EAGAIN (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: add nft_expr_type_request_module() (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: bogus EBUSY in helper removal from transaction (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: fix set double-free in abort path (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: don't use refcount_inc on newly allocated entry (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: unbind set in rule from commit path (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: destroy function must not have side effects (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: make lists per netns (Phil Sutter) [1845164 1757933] - [net] netfilter: nft_compat: use refcnt_t type for nft_xt reference count (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: fix suspicious RCU usage in nft_chain_stats_replace() (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: asynchronous release (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: split set destruction in deactivate and destroy phase (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: flow event notifier must use transaction mutex (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: use dedicated mutex to guard transactions (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: avoid global info storage (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: take module reference when starting a batch (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: make valid_genid callback mandatory (Phil Sutter) [1845164 1757933] - [net] netfilter: nf_tables: add and use helper for module autoload (Phil Sutter) [1845164 1757933] - [net] netfilter: nat: never update the UDP checksum when it's 0 (Guillaume Nault) [1847128 1794714] - [x86] x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches (Waiman Long) [1847395 1847396] {CVE-2020-10768} - [x86] x86/speculation: Prevent rogue cross-process SSBD shutdown (Waiman Long) [1847357 1847358] {CVE-2020-10766} - [x86] x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS (Waiman Long) [1847378 1847379] {CVE-2020-10767} - [x86] x86/speculation: Add support for STIBP always-on preferred mode (Waiman Long) [1847378 1847379] {CVE-2020-10767} - [x86] x86/speculation: Change misspelled STIPB to STIBP (Waiman Long) [1847378 1847379] {CVE-2020-10767} - [powerpc] powerpc/pseries/ddw: Extend upper limit for huge DMA window for persistent memory (Steve Best) [1842406 1817596]
- [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() (Jarod Wilson) [1844073 1844031] {CVE-2020-12654} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() (Jarod Wilson) [1844049 1844039] {CVE-2020-12653} - [netdrv] net/mlx5: FPGA, support network cards with standalone FPGA (Alaa Hleihel) [1843544 1789380] - [mm] hugetlbfs: don't retry when pool page allocations start to fail (Rafael Aquini) [1835789 1727288] - [mm] mm, compaction: raise compaction priority after it withdrawns (Rafael Aquini) [1835789 1727288] - [mm] mm, reclaim: cleanup should_continue_reclaim() (Rafael Aquini) [1835789 1727288] - [mm] mm, reclaim: make should_continue_reclaim perform dryrun detection (Rafael Aquini) [1835789 1727288] - [kernel] exit: panic before exit_mm() on global init exit (Oleg Nesterov) [1821378 1808944] - [documentation] x86/speculation: Add Ivy Bridge to affected list (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [documentation] x86/speculation: Add SRBDS vulnerability and mitigation documentation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/cpu: Add 'table' argument to cpu_matches() (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543} - [x86] x86/cpu: Add a steppings field to struct x86_cpu_id (Josh Poimboeuf) [1827191 1827192] {CVE-2020-0543}
- [vfio] vfio-pci: Invalidate mmaps and block MMIO access on disabled memory (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio-pci: Fault mmaps to enable vma tracking (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio/type1: Support faulting PFNMAP vmas (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio/pci: call irq_bypass_unregister_producer() before freeing irq (Alex Williamson) [1837309 1837310] {CVE-2020-12888} - [vfio] vfio_pci: Enable memory accesses before calling pci_map_rom (Alex Williamson) [1837309 1837310] {CVE-2020-12888}