Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-10455

kernel update [RHEL7.4 3.10.0-693.11.6.el7]

Details

    • 3
    • 9223372036854775807

    Description

      Security Fix(es):

      An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

      Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.

      Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)

      Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)

      Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)

      Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.

      References

      https://access.redhat.com/security/vulnerabilities/speculativeexecution
      https://access.redhat.com/security/cve/CVE-2017-5753
      https://access.redhat.com/security/cve/CVE-2017-5715
      https://access.redhat.com/security/cve/CVE-2017-5754

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-10563 kernel update [RHEL7.4 3.10.0-693.17.1.el7]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-10301 kernel update [RHEL7.4 3.10.0-693.11.1.el7]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            [LU-10455] kernel update [RHEL7.4 3.10.0-693.11.6.el7]
            pjones Peter Jones added a comment -

            Landed for 2.11

            pjones Peter Jones added a comment - Landed for 2.11
            gerrit Gerrit Updater added a comment -

            Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/30734/
            Subject: LU-10455 kernel: kernel update RHEL7.4 [3.10.0-693.11.6.el7]
            Project: fs/lustre-release
            Branch: master
            Current Patch Set:
            Commit: ac24d42d44e651a5e1cea7c9477ace2b1eba198a

            gerrit Gerrit Updater added a comment - Oleg Drokin (oleg.drokin@intel.com) merged in patch https://review.whamcloud.com/30734/ Subject: LU-10455 kernel: kernel update RHEL7.4 [3.10.0-693.11.6.el7] Project: fs/lustre-release Branch: master Current Patch Set: Commit: ac24d42d44e651a5e1cea7c9477ace2b1eba198a
            tgeerdes Trent Geerdes (Inactive) added a comment -

            Is there a timeline when this would be included in a release version?

            tgeerdes Trent Geerdes (Inactive) added a comment - Is there a timeline when this would be included in a release version?
            gerrit Gerrit Updater added a comment -

            James Nunez (james.a.nunez@intel.com) uploaded a new patch: https://review.whamcloud.com/30783
            Subject: LU-10455 kernel: Test Only Revert kernel update RHEL7.4
            Project: fs/lustre-release
            Branch: b2_10
            Current Patch Set: 1
            Commit: bfaa1f572b05aa5a0721d92b714cbc3c77ec4ab4

            gerrit Gerrit Updater added a comment - James Nunez (james.a.nunez@intel.com) uploaded a new patch: https://review.whamcloud.com/30783 Subject: LU-10455 kernel: Test Only Revert kernel update RHEL7.4 Project: fs/lustre-release Branch: b2_10 Current Patch Set: 1 Commit: bfaa1f572b05aa5a0721d92b714cbc3c77ec4ab4
            gerrit Gerrit Updater added a comment -

            John L. Hammond (john.hammond@intel.com) merged in patch https://review.whamcloud.com/30735/
            Subject: LU-10455 kernel: kernel update RHEL7.4 [3.10.0-693.11.6.el7]
            Project: fs/lustre-release
            Branch: b2_10
            Current Patch Set:
            Commit: 812416bfdeca0b50ba9e251c40a2188ff31345bd

            gerrit Gerrit Updater added a comment - John L. Hammond (john.hammond@intel.com) merged in patch https://review.whamcloud.com/30735/ Subject: LU-10455 kernel: kernel update RHEL7.4 [3.10.0-693.11.6.el7] Project: fs/lustre-release Branch: b2_10 Current Patch Set: Commit: 812416bfdeca0b50ba9e251c40a2188ff31345bd
            gerrit Gerrit Updater added a comment -

            Bob Glossman (bob.glossman@intel.com) uploaded a new patch: https://review.whamcloud.com/30735
            Subject: LU-10455 kernel: kernel update RHEL7.4 [3.10.0-693.11.6.el7]
            Project: fs/lustre-release
            Branch: b2_10
            Current Patch Set: 1
            Commit: 10eae1d28d852fa3505df2e39b4c3c9ea6e73ec6

            gerrit Gerrit Updater added a comment - Bob Glossman (bob.glossman@intel.com) uploaded a new patch: https://review.whamcloud.com/30735 Subject: LU-10455 kernel: kernel update RHEL7.4 [3.10.0-693.11.6.el7] Project: fs/lustre-release Branch: b2_10 Current Patch Set: 1 Commit: 10eae1d28d852fa3505df2e39b4c3c9ea6e73ec6
            gerrit Gerrit Updater added a comment -

            Bob Glossman (bob.glossman@intel.com) uploaded a new patch: https://review.whamcloud.com/30734
            Subject: LU-10455 kernel: kernel update RHEL7.4 [3.10.0-693.11.6.el7]
            Project: fs/lustre-release
            Branch: master
            Current Patch Set: 1
            Commit: 331ce26d45fa1e3671a23912ba5cf64089ebc7cb

            gerrit Gerrit Updater added a comment - Bob Glossman (bob.glossman@intel.com) uploaded a new patch: https://review.whamcloud.com/30734 Subject: LU-10455 kernel: kernel update RHEL7.4 [3.10.0-693.11.6.el7] Project: fs/lustre-release Branch: master Current Patch Set: 1 Commit: 331ce26d45fa1e3671a23912ba5cf64089ebc7cb

            People

              bogl Bob Glossman (Inactive)
              bogl Bob Glossman (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: