[LU-11255] kernel update [SLES12 SP3 4.4.143-94.47.1] Created: 15/Aug/18  Updated: 02/Jan/19  Resolved: 01/Sep/18

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.12.0, Lustre 2.10.6

Type: Bug Priority: Major
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Related
is related to LU-11173 kernel update [SLES12 SP3 4.4.140-94.... Resolved
is related to LU-11412 kernel update [SLES12 SP3 4.4.155-94.... Resolved
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.143-94.47.1 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-5390 aka "SegmentSmack": Linux kernel could be forced to make
    very expensive calls to tcp_collapse_ofo_queue() and
    tcp_prune_ofo_queue() for every incoming packet which can lead to a
    denial of service (bnc#1102340).
  • CVE-2018-14734: drivers/infiniband/core/ucma.c in the Linux kernel
    allowed ucma_leave_multicast to access a certain data structure after a
    cleanup step in ucma_process_join, which allowed attackers to cause a
    denial of service (use-after-free) (bnc#1103119).
  • CVE-2017-18344: The timer_create syscall implementation in
    kernel/time/posix-timers.c didn't properly validate the
    sigevent->sigev_notify field, which lead to out-of-bounds access in the
    show_timer function (called when /proc/$PID/timers is read). This
    allowed userspace applications to read arbitrary kernel memory (on a
    kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE)
    (bnc#1102851 bnc#1103580).
  • CVE-2018-3620: Local attackers on baremetal systems could use
    speculative code patterns on hyperthreaded processors to read data
    present in the L1 Datacache used by other hyperthreads on the same CPU
    core, potentially leaking sensitive data. (bnc#1087081).
  • CVE-2018-3646: Local attackers in virtualized guest systems could use
    speculative code patterns on hyperthreaded processors to read data
    present in the L1 Datacache used by other hyperthreads on the same CPU
    core, potentially leaking sensitive data, even from other virtual
    machines or the host system. (bnc#1089343).

For fixed non-security bugs, please refer to:
http://lists.suse.com/pipermail/sle-security-updates/2018-August/004414.html

 Comments   
Comment by Gerrit Updater [ 23/Aug/18 ]

Jian Yu (yujian@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/33065
Subject: LU-11255 kernel: kernel update [SLES12 SP3 4.4.143-94.47]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 01509453455a90c0fad886e1c878d06673dcaadd

Comment by Gerrit Updater [ 24/Aug/18 ]

Jian Yu (yujian@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/33076
Subject: LU-11255 kernel: kernel update [SLES12 SP3 4.4.143-94.47]
Project: fs/lustre-release
Branch: b2_10
Current Patch Set: 1
Commit: d1fb6330faa037dcfb67ad4070f26ded0ba5af0c

Comment by Gerrit Updater [ 01/Sep/18 ]

Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/33065/
Subject: LU-11255 kernel: kernel update [SLES12 SP3 4.4.143-94.47]
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 1a52fde2e8c2c5b13ed3d1b8f81055a6e352a671

Comment by Peter Jones [ 01/Sep/18 ]

Landed for 2.12

Generated at Sat Feb 10 02:42:18 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.