-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: kernel security and bug fix update
Advisory ID:       RHSA-2018:2387-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:2387
Issue date:        2018-08-14
CVE Names:         CVE-2018-3620 CVE-2018-3639 CVE-2018-3646 
====================================================================
1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.4
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.4) - ppc64, ppc64le, x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* Modern operating systems implement virtualization of physical memory to
efficiently use available system resources and provide inter-domain
protection through access control and isolation. The L1TF issue was found
in the way the x86 microprocessor designs have implemented speculative
execution of instructions (a commonly used performance optimisation) in
combination with handling of page-faults caused by terminated virtual to
physical address resolving process. As a result, an unprivileged attacker
could use this flaw to read privileged memory of the kernel or other
processes and/or cross guest/host boundaries to read host memory by
conducting targeted cache side-channel attacks. (CVE-2018-3620,
CVE-2018-3646)

* An industry-wide issue was found in the way many modern microprocessor
designs have implemented speculative execution of Load & Store instructions
(a commonly used performance optimization). It relies on the presence of a
precisely-defined instruction sequence in the privileged code as well as
the fact that memory read from address to which a recent memory write has
occurred may see an older value and subsequently cause an update into the
microprocessor's data cache even for speculatively executed instructions
that never actually commit (retire). As a result, an unprivileged attacker
could use this flaw to read privileged memory by conducting targeted cache
side-channel attacks. (CVE-2018-3639)

Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting
CVE-2018-3620 and CVE-2018-3646 and Ken Johnson (Microsoft Security
Response Center) and Jann Horn (Google Project Zero) for reporting
CVE-2018-3639.

Bug Fix(es):

* Previously, configurations with the little-endian variant of IBM Power
Systems CPU architectures and Hard Disk Drives (HDD) designed according to
Nonvolatile Memory Express (NVMe) open standards, experienced crashes
during shutdown or reboot due to race conditions of CPUs. As a consequence,
the sysfs pseudo file system threw a stack trace report about an attempt to
create a duplicate entry in sysfs. This update modifies the source code so
that the irq_dispose_mapping() function is called first and the
msi_bitmap_free_hwirqs() function is called afterwards. As a result, the
race condition no longer appears in the described scenario. (BZ#1570510)

* When switching from the indirect branch speculation (IBRS) feature to the
retpolines feature, the IBRS state of some CPUs was sometimes not handled
correctly. Consequently, some CPUs were left with the IBRS Model-Specific
Register (MSR) bit set to 1, which could lead to performance issues. With
this update, the underlying source code has been fixed to clear the IBRS
MSR bits correctly, thus fixing the bug. (BZ#1586147)

* During a balloon reset, page pointers were not correctly initialized
after unmapping the memory. Consequently, on the VMware ESXi hypervisor
with "Fault Tolerance" and "ballooning" enabled, the following messages
repeatedly occurred in the kernel log:

[3014611.640148] WARNING: at mm/vmalloc.c:1491 __vunmap+0xd3/0x100()
[3014611.640269] Trying to vfree() nonexistent vm area (ffffc90000697000)

With this update, the underlying source code has been fixed to initialize
page pointers properly. As a result, the mm/vmalloc.c warnings no longer
occur under the described circumstances. (BZ#1595600)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass
1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF)

6. Package List:

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4):

Source:
kernel-3.10.0-693.37.4.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.37.4.el7.noarch.rpm
kernel-doc-3.10.0-693.37.4.el7.noarch.rpm

x86_64:
kernel-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debug-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.37.4.el7.x86_64.rpm
kernel-devel-3.10.0-693.37.4.el7.x86_64.rpm
kernel-headers-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.37.4.el7.x86_64.rpm
perf-3.10.0-693.37.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
python-perf-3.10.0-693.37.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4):

x86_64:
kernel-debug-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.37.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm

Red Hat Enterprise Linux Server EUS (v. 7.4):

Source:
kernel-3.10.0-693.37.4.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-693.37.4.el7.noarch.rpm
kernel-doc-3.10.0-693.37.4.el7.noarch.rpm

ppc64:
kernel-3.10.0-693.37.4.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debug-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debug-devel-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.37.4.el7.ppc64.rpm
kernel-devel-3.10.0-693.37.4.el7.ppc64.rpm
kernel-headers-3.10.0-693.37.4.el7.ppc64.rpm
kernel-tools-3.10.0-693.37.4.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
kernel-tools-libs-3.10.0-693.37.4.el7.ppc64.rpm
perf-3.10.0-693.37.4.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
python-perf-3.10.0-693.37.4.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debug-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-devel-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-headers-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-tools-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-693.37.4.el7.ppc64le.rpm
perf-3.10.0-693.37.4.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
python-perf-3.10.0-693.37.4.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm

s390x:
kernel-3.10.0-693.37.4.el7.s390x.rpm
kernel-debug-3.10.0-693.37.4.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-693.37.4.el7.s390x.rpm
kernel-debug-devel-3.10.0-693.37.4.el7.s390x.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-693.37.4.el7.s390x.rpm
kernel-devel-3.10.0-693.37.4.el7.s390x.rpm
kernel-headers-3.10.0-693.37.4.el7.s390x.rpm
kernel-kdump-3.10.0-693.37.4.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-693.37.4.el7.s390x.rpm
kernel-kdump-devel-3.10.0-693.37.4.el7.s390x.rpm
perf-3.10.0-693.37.4.el7.s390x.rpm
perf-debuginfo-3.10.0-693.37.4.el7.s390x.rpm
python-perf-3.10.0-693.37.4.el7.s390x.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.s390x.rpm

x86_64:
kernel-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debug-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debug-devel-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.37.4.el7.x86_64.rpm
kernel-devel-3.10.0-693.37.4.el7.x86_64.rpm
kernel-headers-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-libs-3.10.0-693.37.4.el7.x86_64.rpm
perf-3.10.0-693.37.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
python-perf-3.10.0-693.37.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional EUS (v. 7.4):

ppc64:
kernel-debug-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-693.37.4.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-693.37.4.el7.ppc64.rpm
perf-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-693.37.4.el7.ppc64le.rpm
perf-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-693.37.4.el7.x86_64.rpm
perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2018-3620
https://access.redhat.com/security/cve/CVE-2018-3639
https://access.redhat.com/security/cve/CVE-2018-3646
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/L1TF

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW3M4idzjgjWX9erEAQigJg//W8NS9ZAq71IYQ/6q5hTZBUeg3RsIJL4U
OOCTlpLe3pH45ueU4Pm1HPopyyBHLGo988ZXPkH4z/jKW6txO3RDzf/blyWIwxwi
dr76FUaMMLUk0ASeGcisZppOt/6zwrp2tfn+TyiC3pK0K5nTp+WVO5xYy5iecXVX
96M3wIhCIlshYPc1/F8zdYuBFzpYgBnotag//FjyCQlhmOFcKtTRgyQrSuf1ZxnL
VNQ7UuVGjPWeF0w0OJrb6U7+pVrlwAvtwYkUjm/eFh/AszTe7uZ6C6mG8XAobDrl
SpxhyqMTcplrKxvl0S01xuezVbVo8RdoAtrW9+xseozknta4cu7RHe0ZSsonY/xN
RiAingIwsVde+g9KOv8jeleACBZu8mmJptkYbVb1IHPcp+1FzXXAkUc1i/oc7XBU
lIfe49O3L2GyhI+0hUwhbPuc51L8yHmpr39KM1irKIRWsY692n32LVns3L6Kr0tW
iWlhz4F2e5SNb2zlu3sMRQ4M0kf6JPX8VdRL1qMpfNoa9Ci4wYt+zP29//F6swji
uwu3+SVH5VTW9VzymSCaQl/gD0loWPKVLFrTF5M9Y9+cl0uXn7CoW2LUNB86PhRz
mMG+g2ZW9WbKcW/ERHofeii5WZGtsyA4FnUaWhzetfQIItEpmoobE9QVl0ar5GJ2
dsE8Ald7hA4=scjp
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2018-2387:01 Important: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 7.4 Extended Update Support

Summary

The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646)
* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639)
Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646 and Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639.
Bug Fix(es):
* Previously, configurations with the little-endian variant of IBM Power Systems CPU architectures and Hard Disk Drives (HDD) designed according to Nonvolatile Memory Express (NVMe) open standards, experienced crashes during shutdown or reboot due to race conditions of CPUs. As a consequence, the sysfs pseudo file system threw a stack trace report about an attempt to create a duplicate entry in sysfs. This update modifies the source code so that the irq_dispose_mapping() function is called first and the msi_bitmap_free_hwirqs() function is called afterwards. As a result, the race condition no longer appears in the described scenario. (BZ#1570510)
* When switching from the indirect branch speculation (IBRS) feature to the retpolines feature, the IBRS state of some CPUs was sometimes not handled correctly. Consequently, some CPUs were left with the IBRS Model-Specific Register (MSR) bit set to 1, which could lead to performance issues. With this update, the underlying source code has been fixed to clear the IBRS MSR bits correctly, thus fixing the bug. (BZ#1586147)
* During a balloon reset, page pointers were not correctly initialized after unmapping the memory. Consequently, on the VMware ESXi hypervisor with "Fault Tolerance" and "ballooning" enabled, the following messages repeatedly occurred in the kernel log:
[3014611.640148] WARNING: at mm/vmalloc.c:1491 __vunmap+0xd3/0x100() [3014611.640269] Trying to vfree() nonexistent vm area (ffffc90000697000)
With this update, the underlying source code has been fixed to initialize page pointers properly. As a result, the mm/vmalloc.c warnings no longer occur under the described circumstances. (BZ#1595600)



Summary


Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.

References

https://access.redhat.com/security/cve/CVE-2018-3620 https://access.redhat.com/security/cve/CVE-2018-3639 https://access.redhat.com/security/cve/CVE-2018-3646 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/L1TF

Package List

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4):
Source: kernel-3.10.0-693.37.4.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-693.37.4.el7.noarch.rpm kernel-doc-3.10.0-693.37.4.el7.noarch.rpm
x86_64: kernel-3.10.0-693.37.4.el7.x86_64.rpm kernel-debug-3.10.0-693.37.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.37.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.37.4.el7.x86_64.rpm kernel-devel-3.10.0-693.37.4.el7.x86_64.rpm kernel-headers-3.10.0-693.37.4.el7.x86_64.rpm kernel-tools-3.10.0-693.37.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.37.4.el7.x86_64.rpm perf-3.10.0-693.37.4.el7.x86_64.rpm perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm python-perf-3.10.0-693.37.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4):
x86_64: kernel-debug-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.37.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.37.4.el7.x86_64.rpm perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: kernel-3.10.0-693.37.4.el7.src.rpm
noarch: kernel-abi-whitelists-3.10.0-693.37.4.el7.noarch.rpm kernel-doc-3.10.0-693.37.4.el7.noarch.rpm
ppc64: kernel-3.10.0-693.37.4.el7.ppc64.rpm kernel-bootwrapper-3.10.0-693.37.4.el7.ppc64.rpm kernel-debug-3.10.0-693.37.4.el7.ppc64.rpm kernel-debug-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm kernel-debug-devel-3.10.0-693.37.4.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.37.4.el7.ppc64.rpm kernel-devel-3.10.0-693.37.4.el7.ppc64.rpm kernel-headers-3.10.0-693.37.4.el7.ppc64.rpm kernel-tools-3.10.0-693.37.4.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm kernel-tools-libs-3.10.0-693.37.4.el7.ppc64.rpm perf-3.10.0-693.37.4.el7.ppc64.rpm perf-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm python-perf-3.10.0-693.37.4.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
ppc64le: kernel-3.10.0-693.37.4.el7.ppc64le.rpm kernel-bootwrapper-3.10.0-693.37.4.el7.ppc64le.rpm kernel-debug-3.10.0-693.37.4.el7.ppc64le.rpm kernel-debug-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.37.4.el7.ppc64le.rpm kernel-devel-3.10.0-693.37.4.el7.ppc64le.rpm kernel-headers-3.10.0-693.37.4.el7.ppc64le.rpm kernel-tools-3.10.0-693.37.4.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm kernel-tools-libs-3.10.0-693.37.4.el7.ppc64le.rpm perf-3.10.0-693.37.4.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm python-perf-3.10.0-693.37.4.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
s390x: kernel-3.10.0-693.37.4.el7.s390x.rpm kernel-debug-3.10.0-693.37.4.el7.s390x.rpm kernel-debug-debuginfo-3.10.0-693.37.4.el7.s390x.rpm kernel-debug-devel-3.10.0-693.37.4.el7.s390x.rpm kernel-debuginfo-3.10.0-693.37.4.el7.s390x.rpm kernel-debuginfo-common-s390x-3.10.0-693.37.4.el7.s390x.rpm kernel-devel-3.10.0-693.37.4.el7.s390x.rpm kernel-headers-3.10.0-693.37.4.el7.s390x.rpm kernel-kdump-3.10.0-693.37.4.el7.s390x.rpm kernel-kdump-debuginfo-3.10.0-693.37.4.el7.s390x.rpm kernel-kdump-devel-3.10.0-693.37.4.el7.s390x.rpm perf-3.10.0-693.37.4.el7.s390x.rpm perf-debuginfo-3.10.0-693.37.4.el7.s390x.rpm python-perf-3.10.0-693.37.4.el7.s390x.rpm python-perf-debuginfo-3.10.0-693.37.4.el7.s390x.rpm
x86_64: kernel-3.10.0-693.37.4.el7.x86_64.rpm kernel-debug-3.10.0-693.37.4.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm kernel-debug-devel-3.10.0-693.37.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.37.4.el7.x86_64.rpm kernel-devel-3.10.0-693.37.4.el7.x86_64.rpm kernel-headers-3.10.0-693.37.4.el7.x86_64.rpm kernel-tools-3.10.0-693.37.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm kernel-tools-libs-3.10.0-693.37.4.el7.x86_64.rpm perf-3.10.0-693.37.4.el7.x86_64.rpm perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm python-perf-3.10.0-693.37.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.4):
ppc64: kernel-debug-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm kernel-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm kernel-debuginfo-common-ppc64-3.10.0-693.37.4.el7.ppc64.rpm kernel-tools-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm kernel-tools-libs-devel-3.10.0-693.37.4.el7.ppc64.rpm perf-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm python-perf-debuginfo-3.10.0-693.37.4.el7.ppc64.rpm
ppc64le: kernel-debug-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm kernel-debug-devel-3.10.0-693.37.4.el7.ppc64le.rpm kernel-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm kernel-debuginfo-common-ppc64le-3.10.0-693.37.4.el7.ppc64le.rpm kernel-tools-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm kernel-tools-libs-devel-3.10.0-693.37.4.el7.ppc64le.rpm perf-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm python-perf-debuginfo-3.10.0-693.37.4.el7.ppc64le.rpm
x86_64: kernel-debug-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm kernel-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-693.37.4.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-693.37.4.el7.x86_64.rpm perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm python-perf-debuginfo-3.10.0-693.37.4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/


Severity
Advisory ID: RHSA-2018:2387-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2018:2387
Issued Date: : 2018-08-14
CVE Names: CVE-2018-3620 CVE-2018-3639 CVE-2018-3646

Topic

An update for kernel is now available for Red Hat Enterprise Linux 7.4Extended Update Support.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.


Topic


 

Relevant Releases Architectures

Red Hat Enterprise Linux ComputeNode EUS (v. 7.4) - noarch, x86_64

Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.4) - x86_64

Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, ppc64, ppc64le, s390x, x86_64

Red Hat Enterprise Linux Server Optional EUS (v. 7.4) - ppc64, ppc64le, x86_64


Bugs Fixed

1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

1585005 - CVE-2018-3646 Kernel: hw: cpu: L1 terminal fault (L1TF)


Related News