kernel security update

2019-11-1400:00:00

linux.oracle.com

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

JSON

[3.10.0-1062.4.2.OL7]

Oracle Linux certificates (Alexey Petrenko)
Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected])
Update x509.genkey [Orabug: 24817676]
[3.10.0-1062.4.2]
[drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756815 1756816] {CVE-2019-0154}
[drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756815 1756816] {CVE-2019-0154}
[drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
[drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
[drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
[drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
[drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
[drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
[drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
[drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
[drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
[drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
[x86] tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766539 1766540] {CVE-2019-11135}
[documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
[x86] tsx: Add ‘auto’ option to the tsx= cmdline parameter (Waiman Long) [1766539 1766540] {CVE-2019-11135}
[x86] speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
[x86] speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
[x86] cpu: Add a ‘tsx=’ cmdline option with TSX disabled by default (Waiman Long) [1766539 1766540] {CVE-2019-11135}
[x86] cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766539 1766540] {CVE-2019-11135}
[x86] msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766539 1766540] {CVE-2019-11135}
[documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
[virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}

OSVersionArchitecturePackageVersionFilename
oracle linux7srckernel< 3.10.0-1062.4.2.el7kernel-3.10.0-1062.4.2.el7.src.rpm
oracle linux7x86_64bpftool< 3.10.0-1062.4.2.el7bpftool-3.10.0-1062.4.2.el7.x86_64.rpm
oracle linux7x86_64kernel< 3.10.0-1062.4.2.el7kernel-3.10.0-1062.4.2.el7.x86_64.rpm
oracle linux7noarchkernel-abi-whitelists< 3.10.0-1062.4.2.el7kernel-abi-whitelists-3.10.0-1062.4.2.el7.noarch.rpm
oracle linux7x86_64kernel-debug< 3.10.0-1062.4.2.el7kernel-debug-3.10.0-1062.4.2.el7.x86_64.rpm
oracle linux7x86_64kernel-debug-devel< 3.10.0-1062.4.2.el7kernel-debug-devel-3.10.0-1062.4.2.el7.x86_64.rpm
oracle linux7x86_64kernel-devel< 3.10.0-1062.4.2.el7kernel-devel-3.10.0-1062.4.2.el7.x86_64.rpm
oracle linux7noarchkernel-doc< 3.10.0-1062.4.2.el7kernel-doc-3.10.0-1062.4.2.el7.noarch.rpm
oracle linux7x86_64kernel-headers< 3.10.0-1062.4.2.el7kernel-headers-3.10.0-1062.4.2.el7.x86_64.rpm
oracle linux7x86_64kernel-tools< 3.10.0-1062.4.2.el7kernel-tools-3.10.0-1062.4.2.el7.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
oracle linux	7	src	kernel	< 3.10.0-1062.4.2.el7	kernel-3.10.0-1062.4.2.el7.src.rpm
oracle linux	7	x86_64	bpftool	< 3.10.0-1062.4.2.el7	bpftool-3.10.0-1062.4.2.el7.x86_64.rpm
oracle linux	7	x86_64	kernel	< 3.10.0-1062.4.2.el7	kernel-3.10.0-1062.4.2.el7.x86_64.rpm
oracle linux	7	noarch	kernel-abi-whitelists	< 3.10.0-1062.4.2.el7	kernel-abi-whitelists-3.10.0-1062.4.2.el7.noarch.rpm
oracle linux	7	x86_64	kernel-debug	< 3.10.0-1062.4.2.el7	kernel-debug-3.10.0-1062.4.2.el7.x86_64.rpm
oracle linux	7	x86_64	kernel-debug-devel	< 3.10.0-1062.4.2.el7	kernel-debug-devel-3.10.0-1062.4.2.el7.x86_64.rpm
oracle linux	7	x86_64	kernel-devel	< 3.10.0-1062.4.2.el7	kernel-devel-3.10.0-1062.4.2.el7.x86_64.rpm
oracle linux	7	noarch	kernel-doc	< 3.10.0-1062.4.2.el7	kernel-doc-3.10.0-1062.4.2.el7.noarch.rpm
oracle linux	7	x86_64	kernel-headers	< 3.10.0-1062.4.2.el7	kernel-headers-3.10.0-1062.4.2.el7.x86_64.rpm
oracle linux	7	x86_64	kernel-tools	< 3.10.0-1062.4.2.el7	kernel-tools-3.10.0-1062.4.2.el7.x86_64.rpm