-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2018:2390-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2018:2390 Issue date: 2018-08-14 CVE Names: CVE-2017-0861 CVE-2017-15265 CVE-2018-3620 CVE-2018-3646 CVE-2018-3693 CVE-2018-7566 CVE-2018-10901 CVE-2018-1000004 ==================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Desktop (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - noarch, x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, noarch, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 6) - i386, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bug Fix(es): * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 1501878 - CVE-2017-15265 kernel: Use-after-free in snd_seq_ioctl_create_port() 1535315 - CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service 1550142 - CVE-2018-7566 kernel: race condition in snd_seq_write() may lead to UAF or OOB-access 1563994 - CVE-2017-0861 kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation 1581650 - CVE-2018-3693 Kernel: speculative bounds check bypass store 1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF) 1601849 - CVE-2018-10901 kernel: kvm: vmx: host GDT limit corruption 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm ppc64: kernel-2.6.32-754.3.5.el6.ppc64.rpm kernel-bootwrapper-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.3.5.el6.ppc64.rpm kernel-devel-2.6.32-754.3.5.el6.ppc64.rpm kernel-headers-2.6.32-754.3.5.el6.ppc64.rpm perf-2.6.32-754.3.5.el6.ppc64.rpm perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm s390x: kernel-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debug-devel-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.3.5.el6.s390x.rpm kernel-devel-2.6.32-754.3.5.el6.s390x.rpm kernel-headers-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-devel-2.6.32-754.3.5.el6.s390x.rpm perf-2.6.32-754.3.5.el6.s390x.rpm perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm ppc64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm kernel-debuginfo-common-ppc64-2.6.32-754.3.5.el6.ppc64.rpm perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm python-perf-2.6.32-754.3.5.el6.ppc64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.ppc64.rpm s390x: kernel-debug-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-2.6.32-754.3.5.el6.s390x.rpm kernel-debuginfo-common-s390x-2.6.32-754.3.5.el6.s390x.rpm kernel-kdump-debuginfo-2.6.32-754.3.5.el6.s390x.rpm perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm python-perf-2.6.32-754.3.5.el6.s390x.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.s390x.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: kernel-2.6.32-754.3.5.el6.src.rpm i386: kernel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-devel-2.6.32-754.3.5.el6.i686.rpm kernel-headers-2.6.32-754.3.5.el6.i686.rpm perf-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm noarch: kernel-abi-whitelists-2.6.32-754.3.5.el6.noarch.rpm kernel-doc-2.6.32-754.3.5.el6.noarch.rpm kernel-firmware-2.6.32-754.3.5.el6.noarch.rpm x86_64: kernel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debug-devel-2.6.32-754.3.5.el6.i686.rpm kernel-debug-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm kernel-devel-2.6.32-754.3.5.el6.x86_64.rpm kernel-headers-2.6.32-754.3.5.el6.x86_64.rpm perf-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 6): i386: kernel-debug-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-2.6.32-754.3.5.el6.i686.rpm kernel-debuginfo-common-i686-2.6.32-754.3.5.el6.i686.rpm perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm python-perf-2.6.32-754.3.5.el6.i686.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.i686.rpm x86_64: kernel-debug-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm kernel-debuginfo-common-x86_64-2.6.32-754.3.5.el6.x86_64.rpm perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm python-perf-2.6.32-754.3.5.el6.x86_64.rpm python-perf-debuginfo-2.6.32-754.3.5.el6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2017-0861 https://access.redhat.com/security/cve/CVE-2017-15265 https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/cve/CVE-2018-3693 https://access.redhat.com/security/cve/CVE-2018-7566 https://access.redhat.com/security/cve/CVE-2018-10901 https://access.redhat.com/security/cve/CVE-2018-1000004 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBW3Me0NzjgjWX9erEAQhkDBAAjGcoEad9NOtCUJqgDcVHLArXg9OKAloW +BaoAYrYtzH3h9teocV6U3mYaxhwu2Cd13JlbKJsc8BLRzHUSZpwxjcsewCzjx2u dotwAksPej7L3U/U5YPSJ37r/OP+ni7trT1dtEmCI578QHFZB6+4/qK/1aYM+biQ EI0BoaSMV6RDo9u+U6zPgk8L7ugMhWs2PCXbtV7koyg563tasvo5jWlfVYNVD1fz cKTzsTwVQwirynWa2mvtaI+vaslYX3x9Zn6dJ2VEzpD4w6tU54/sViaetmLnSOir ZVdtkeO0pdEBO2YUr+Igc+ZOtLdGpzOjkQVQMBG+YE6bDdynYYFrxkPcNPeB1f1K 2bTNHA/FnirFDOII3JuYEqg8TXdh8NYRZ4a8rqchGo2JCeh5Q5LnhJDYWJv2HbTW TZUQY/nStRfWVpygQJV72GJENICnRVjjQ5D569KFBopnK0iXWLpxlf3dmp5Lvdg2 0rBVnnclfQCQVxZvOiZ3s0wkA9d0o7v4pDN2YgTRDlU4nzI3xE4jh0Sevsn4tVco ePUubCuxhjQfxJswBPoZA8Al3GGlSxOMKFHO6HscnnAh6YL5LVusx4PpJt4Y3tjW Vf8Rk4bFbn+M0RtVM+vnFGjWAr7w6iKvRya8y0LzElfAtpeedcnuxfJGtecT73IZ /6fv2MlabwY=kAUc -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce