[LU-12307] kernel update [SLES12 SP3 4.4.178-94.91.2] Created: 16/May/19  Updated: 30/Jun/19  Resolved: 30/Jun/19

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-12139 kernel update [SLES12 SP3 4.4.176-94.... Resolved
is related to LU-12498 kernel update [SLES12 SP3 4.4.180-94.... Resolved
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.178 to receive various security and bugfixes.

Four new speculative execution issues have been identified in Intel CPUs. (bsc#1111331)

  • CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
  • CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
  • CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

This kernel update contains software mitigations, utilizing CPU microcode updates shipped in parallel.

For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736

The following security issues fixed:

  • CVE-2018-5814: Multiple race condition errors when handling probe,
    disconnect, and rebind operations could be exploited to trigger a
    use-after-free condition or a NULL pointer dereference by sending
    multiple USB over IP packets (bnc#1096480).
  • CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the
    SG_IO ioctl (bsc#1096728)
  • CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated
    instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current
    privilege(CPL) level while emulating unprivileged instructions. An
    unprivileged guest user/process could use this flaw to potentially
    escalate privileges inside guest (bnc#1097104).
  • CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect
    calls, which made it easier for attackers to conduct Spectre-v2 attacks
    against paravirtual guests (bnc#1105348).
  • CVE-2019-9503: A brcmfmac frame validation bypass was fixed
    (bnc#1132828).
  • CVE-2019-3882: A flaw was fixed in the vfio interface implementation
    that permitted violation of the user's locked memory limit. If a device
    is bound to a vfio driver, such as vfio-pci, and the local attacker is
    administratively granted ownership of the device, it may cause a system
    memory exhaustion and thus a denial of service (DoS). Versions 3.10,
    4.14 and 4.18 are vulnerable (bnc#1131416 bnc#1131427).

For fixed non-security bugs, please refer to http://lists.suse.com/pipermail/sle-security-updates/2019-May/005462.html.

 Comments   
Comment by Gerrit Updater [ 18/May/19 ]

Jian Yu (yujian@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/34898
Subject: LU-12307 kernel: kernel update [SLES12 SP3 4.4.178-94.91]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: d66b8ccdb9404b02ee702a732f7178c462d6021b

Comment by Jian Yu [ 30/Jun/19 ]

New kernel update is in LU-12498.

Generated at Sat Feb 10 02:51:25 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.