-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:2387-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2387
Issue date:        2018-08-14
CVE Names:         CVE-2018-3620 CVE-2018-3639 CVE-2018-3646 
====================================================================
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.4) - ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* Modern operating systems implement virtualization of physical memory to
efficiently use available system resources and provide inter-domain
protection through access control and isolation. The L1TF issue was found
in the way the x86 microprocessor designs have implemented speculative
execution of instructions (a commonly used performance optimisation) in
combination with handling of page-faults caused by terminated virtual to
physical address resolving process. As a result, an unprivileged attacker
could use this flaw to read privileged memory of the kernel or other
processes and/or cross guest/host boundaries to read host memory by
conducting targeted cache side-channel attacks. (CVE-2018-3620,
CVE-2018-3646)

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting
CVE-2018-3620 and CVE-2018-3646 and Ken Johnson (Microsoft Security
Response Center) and Jann Horn (Google Project Zero) for reporting
CVE-2018-3639.

Bug Fix(es):

* Previously, configurations with the little-endian variant of IBM Power
Systems CPU architectures and Hard Disk Drives (HDD) designed according to
Nonvolatile Memory Express (NVMe) open standards, experienced crashes
during shutdown or reboot due to race conditions of CPUs. As a consequence,
the sysfs pseudo file system threw a stack trace report about an attempt to
create a duplicate entry in sysfs. This update modifies the source code so
that the irq_dispose_mapping() function is called first and the
msi_bitmap_free_hwirqs() function is called afterwards. As a result, the
race condition no longer appears in the described scenario. (BZ#1570510)

* When switching from the indirect branch speculation (IBRS) feature to the
retpolines feature, the IBRS state of some CPUs was sometimes not handled
correctly. Consequently, some CPUs were left with the IBRS Model-Specific
Register (MSR) bit set to 1, which could lead to performance issues. With
this update, the underlying source code has been fixed to clear the IBRS
MSR bits correctly, thus fixing the bug. (BZ#1586147)

* During a balloon reset, page pointers were not correctly initialized
after unmapping the memory. Consequently, on the VMware ESXi hypervisor
with "Fault Tolerance" and "ballooning" enabled, the following messages
repeatedly occurred in the kernel log:

[3014611.640148] WARNING: at mm/vmalloc.c:1491 __vunmap+0xd3/0x100()
[3014611.640269] Trying to vfree() nonexistent vm area (ffffc90000697000)

With this update, the underlying source code has been fixed to initialize
page pointers properly. As a result, the mm/vmalloc.c warnings no longer
occur under the described circumstances. (BZ#1595600)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF)

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4):

Source:
kernel-3.10.0-693.37.4.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.37.4.el7.noarch.rpm
kernel-doc-3.10.0-693.37.4.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debug-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.37.4.el7.x86_64.rpm
kernel-devel-3.10.0-693.37.4.el7.x86_64.rpm
kernel-headers-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.37.4.el7.x86_64.rpm
perf-3.10.0-693.37.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
python-perf-3.10.0-693.37.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4):

x86_64:
kernel-debug-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.37.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
kernel-3.10.0-693.37.4.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.37.4.el7.noarch.rpm
kernel-doc-3.10.0-693.37.4.el7.noarch.rpm

ppc64:
kernel-3.10.0-693.37.4.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debug-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debug-devel-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.37.4.el7.ppc64.rpm
kernel-devel-3.10.0-693.37.4.el7.ppc64.rpm
kernel-headers-3.10.0-693.37.4.el7.ppc64.rpm
kernel-tools-3.10.0-693.37.4.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
kernel-tools-libs-3.10.0-693.37.4.el7.ppc64.rpm
perf-3.10.0-693.37.4.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
python-perf-3.10.0-693.37.4.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debug-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-devel-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-headers-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-tools-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-693.37.4.el7.ppc64le.rpm
perf-3.10.0-693.37.4.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
python-perf-3.10.0-693.37.4.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm

s390x:
kernel-3.10.0-693.37.4.el7.s390x.rpm
kernel-debug-3.10.0-693.37.4.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-693.37.4.el7.s390x.rpm
kernel-debug-devel-3.10.0-693.37.4.el7.s390x.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-693.37.4.el7.s390x.rpm
kernel-devel-3.10.0-693.37.4.el7.s390x.rpm
kernel-headers-3.10.0-693.37.4.el7.s390x.rpm
kernel-kdump-3.10.0-693.37.4.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-693.37.4.el7.s390x.rpm
kernel-kdump-devel-3.10.0-693.37.4.el7.s390x.rpm
perf-3.10.0-693.37.4.el7.s390x.rpm
perf-debuginfo-3.10.0-693.37.4.el7.s390x.rpm
python-perf-3.10.0-693.37.4.el7.s390x.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.s390x.rpm

x86_64:
kernel-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debug-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.37.4.el7.x86_64.rpm
kernel-devel-3.10.0-693.37.4.el7.x86_64.rpm
kernel-headers-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.37.4.el7.x86_64.rpm
perf-3.10.0-693.37.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
python-perf-3.10.0-693.37.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.4):

ppc64:
kernel-debug-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.37.4.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-693.37.4.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-693.37.4.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.37.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3620
https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/cve/CVE-2018-3646
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/L1TF

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW3M4idzjgjWX9erEAQigJg//W8NS9ZAq71IYQ/6q5hTZBUeg3RsIJL4U
OOCTlpLe3pH45ueU4Pm1HPopyyBHLGo988ZXPkH4z/jKW6txO3RDzf/blyWIwxwi
dr76FUaMMLUk0ASeGcisZppOt/6zwrp2tfn+TyiC3pK0K5nTp+WVO5xYy5iecXVX
96M3wIhCIlshYPc1/F8zdYuBFzpYgBnotag//FjyCQlhmOFcKtTRgyQrSuf1ZxnL
VNQ7UuVGjPWeF0w0OJrb6U7+pVrlwAvtwYkUjm/eFh/AszTe7uZ6C6mG8XAobDrl
SpxhyqMTcplrKxvl0S01xuezVbVo8RdoAtrW9+xseozknta4cu7RHe0ZSsonY/xN
RiAingIwsVde+g9KOv8jeleACBZu8mmJptkYbVb1IHPcp+1FzXXAkUc1i/oc7XBU
lIfe49O3L2GyhI+0hUwhbPuc51L8yHmpr39KM1irKIRWsY692n32LVns3L6Kr0tW
iWlhz4F2e5SNb2zlu3sMRQ4M0kf6JPX8VdRL1qMpfNoa9Ci4wYt+zP29//F6swji
uwu3+SVH5VTW9VzymSCaQl/gD0loWPKVLFrTF5M9Y9+cl0uXn7CoW2LUNB86PhRz
mMG+g2ZW9WbKcW/ERHofeii5WZGtsyA4FnUaWhzetfQIItEpmoobE9QVl0ar5GJ2
dsE8Ald7hA4=scjp
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce