[LU-12308] kernel update [SLES12 SP4 4.12.14-95.16.1] Created: 16/May/19  Updated: 30/Jun/19  Resolved: 30/Jun/19

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Jian Yu Assignee: Jian Yu
Resolution: Won't Fix Votes: 0
Labels: None

Issue Links:
Related
is related to LU-12138 kernel update [SLES12 SP4 4.12.14-95.... Resolved
is related to LU-12494 kernel update [SLES12 SP4 4.12.14-95.... Resolved
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various
security and bugfixes.

Four new speculative execution information leak issues have been
identified in Intel CPUs. (bsc#1111331)

  • CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
  • CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
  • CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
  • CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory
    (MDSUM)

This kernel update contains software mitigations for these issues, which
also utilize CPU microcode updates shipped in parallel.

For more information on this set of vulnerabilities, check out
https://www.suse.com/support/kb/doc/?id=7023736

The following security bugs were fixed:

  • CVE-2018-16880: A flaw was found in the handle_rx() function in the
    vhost_net driver. A malicious virtual guest, under specific conditions,
    could trigger an out-of-bounds write in a kmalloc-8 slab on a virtual
    host which may lead to a kernel memory corruption and a system panic.
    Due to the nature of the flaw, privilege escalation cannot be fully
    ruled out. (bnc#1122767).
  • CVE-2019-3882: A flaw was found in the vfio interface implementation
    that permitted violation of the user's locked memory limit. If a device
    is bound to a vfio driver, such as vfio-pci, and the local attacker is
    administratively granted ownership of the device, it may cause a system
    memory exhaustion and thus a denial of service (DoS). (bnc#1131416
    bnc#1131427).
  • CVE-2019-9003: Attackers could trigger a
    drivers/char/ipmi/ipmi_msghandler.c use-after-free and OOPS by arranging
    for certain simultaneous execution of the code, as demonstrated by a
    "service ipmievd restart" loop (bnc#1126704).
  • CVE-2019-9500: A brcmfmac heap buffer overflow in brcmf_wowl_nd_results
    was fixed. (bnc#1132681).
  • CVE-2019-9503: A brcmfmac frame validation bypass was fixed.
    (bnc#1132828).

The following non-security bugs were fixed: http://lists.suse.com/pipermail/sle-security-updates/2019-May/005457.html

 Comments   
Comment by Gerrit Updater [ 18/May/19 ]

Jian Yu (yujian@whamcloud.com) uploaded a new patch: https://review.whamcloud.com/34899
Subject: LU-12308 kernel: kernel update SLES12 SP4 [4.12.14-95.16.1]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 7144271c3cc48f1d636334ccb1f61ef547cc3e4a

Comment by Jian Yu [ 30/Jun/19 ]

New kernel update is in LU-12494.

Generated at Sat Feb 10 02:51:26 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.