(RHSA-2018:2388) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646)

Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting these issues.

Bug Fix(es):

• Due to a bug in a CPU’s speculative execution engine, the CPU could previously leak data from other processes on the system, including passwords, encryption keys, or other sensitive information. With this update, the kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Expoline for IBM z Systems. As a result, data leak no longer occurs under the described circumstances. (BZ#1577761)