(RHSA-2018:2772) Important: kernel-alt security and bug fix update

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

• kernel: Infoleak/use-after-free in __oom_reap_task_mm function in mm/oom_kill.c (CVE-2017-18202)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Previously, on certain little-endian variants of IBM Power Systems, there was no “sysfs spec_store_bypass” file. As a consequence, there was no way to indicate the Speculative Store Bypass Disable (SSBD) mitigation status. This update adds infrastructure code into the kernel to create the /sys/devices/system/cpu/vulnerabilities/* files. As a result, sysfs spec_store_bypass shows whether the SSBD mitigation is disabled or enabled. (BZ#1602340)

• Previously, the kernel architectures for IBM z Systems were missing support to display the status of the Spectre v2 mitigations. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file did not exist. With this update, the kernel now shows the status in the above mentioned file and as a result, the file now reports either “Vulnerable” or “Mitigation: execute trampolines” message. (BZ#1619667)