[El-errata] ELSA-2018-1854 Important: Oracle Linux 6 kernel security and bug fix update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Jun 26 13:19:28 PDT 2018
Oracle Linux Security Advisory ELSA-2018-1854
http://linux.oracle.com/errata/ELSA-2018-1854.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
kernel-2.6.32-754.el6.i686.rpm
kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
kernel-debug-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-devel-2.6.32-754.el6.i686.rpm
kernel-doc-2.6.32-754.el6.noarch.rpm
kernel-firmware-2.6.32-754.el6.noarch.rpm
kernel-headers-2.6.32-754.el6.i686.rpm
perf-2.6.32-754.el6.i686.rpm
python-perf-2.6.32-754.el6.i686.rpm
x86_64:
kernel-2.6.32-754.el6.x86_64.rpm
kernel-abi-whitelists-2.6.32-754.el6.noarch.rpm
kernel-debug-2.6.32-754.el6.x86_64.rpm
kernel-debug-devel-2.6.32-754.el6.i686.rpm
kernel-debug-devel-2.6.32-754.el6.x86_64.rpm
kernel-devel-2.6.32-754.el6.x86_64.rpm
kernel-doc-2.6.32-754.el6.noarch.rpm
kernel-firmware-2.6.32-754.el6.noarch.rpm
kernel-headers-2.6.32-754.el6.x86_64.rpm
perf-2.6.32-754.el6.x86_64.rpm
python-perf-2.6.32-754.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/kernel-2.6.32-754.el6.src.rpm
Description of changes:
[2.6.32-754.el6.OL6]
- Update genkey [bug 25599697]
[2.6.32-754.el6]
- [powerpc] 64s: Add support for a store forwarding barrier at kernel
entry/exit (Mauricio Oliveira) [1581053] {CVE-2018-3639}
- [x86] amd: Disable AMD SSBD mitigation in a VM (Waiman Long) [1580360]
- [x86] spec_ctrl: Fix late microcode problem with AMD (Waiman Long)
[1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Clean up entry code & remove unused APIs (Waiman
Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Mask off SPEC_CTRL MSR bits that are managed by
kernel (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: add support for SSBD to RHEL IBRS entry/exit macros
(Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Rename _RDS to _SSBD (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] speculation: Add prctl for Speculative Store Bypass mitigation
(Waiman Long) [1566899] {CVE-2018-3639}
- [x86] process: Allow runtime control of Speculative Store Bypass
(Waiman Long) [1566899] {CVE-2018-3639}
- [kernel] prctl: Add speculation control prctls (Waiman Long) [1566899]
{CVE-2018-3639}
- [x86] kvm: Expose the RDS bit to the guest (Waiman Long) [1566899]
{CVE-2018-3639}
- [x86] bugs/AMD: Add support to disable RDS on Fam(15, 16, 17)h if
requested (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Sync up RDS setting with IBRS code (Waiman Long)
[1566899] {CVE-2018-3639}
- [x86] bugs: Provide boot parameters for the spec_store_bypass_disable
mitigation (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Expose the /sys/../spec_store_bypass and
X86_BUG_SPEC_STORE_BYPASS (Waiman Long) [1566899] {CVE-2018-3639}
- [x86] bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
(Waiman Long) [1566899] {CVE-2018-3639}
- [x86] spec_ctrl: Use separate PCP variables for IBRS entry and exit
(Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpu/intel: Knight Mill and Moorefield update to intel-family.h
(Waiman Long) [1566899] {CVE-2018-3639}
- [x86] speculation: Update Speculation Control microcode blacklist
(Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
(Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Clean up Spectre v2 related CPUID flags (Waiman
Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Add AMD feature bits for Speculation Control
(Waiman Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Add Intel feature bits for Speculation (Waiman
Long) [1566899] {CVE-2018-3639}
- [x86] cpufeatures: Add CPUID_7_EDX CPUID leaf (Waiman Long) [1566899]
{CVE-2018-3639}
- [x86] cpu: Fill in feature word 13, CPUID_8000_0008_EBX (Waiman Long)
[1566899] {CVE-2018-3639}
- [x86] Extend RH cpuinfo to 10 extra words (Waiman Long) [1566899]
{CVE-2018-3639}
- [x86] invpcid: Enable 'noinvpcid' boot parameter for X86_32 (Waiman
Long) [1560494]
- [x86] dumpstack_32: Fix kernel panic in dump_trace (Waiman Long) [1577351]
- [fs] gfs2: For fs_freeze, do a log flush and flush the ail1 list
(Robert S Peterson) [1569148]
- [net] dccp: check sk for closed state in dccp_sendmsg() (Stefano
Brivio) [1576586] {CVE-2018-1130}
- [net] ipv6: dccp: add missing bind_conflict to dccp_ipv6_mapped
(Stefano Brivio) [1576586] {CVE-2018-1130}
[2.6.32-753.el6]
- [x86] vm86-32: Properly set up vm86-32 stack for task switching
(Waiman Long) [1572865]
- [x86] spec_ctrl: Enable IBRS and RSB stuffing in 32-bit interrupts
(Waiman Long) [1571362]
- [x86] entry/32: Fix regressions in 32-bit debug exception (Waiman
Long) [1571362]
[2.6.32-752.el6]
- [x86] kpti/kexec: fix wrong page address in clear_page (Dave Young)
[1572487]
- [fs] fix WARNING in rmdir() (Miklos Szeredi) [1282117]
- [net] sctp: label accepted/peeled off sockets (Marcelo Leitner) [1571357]
- [net] security: export security_sk_clone (Marcelo Leitner) [1571357]
[2.6.32-751.el6]
- [md] dm thin: fix regression that caused discards to be disabled if
passdown was (Mike Snitzer) [1569377]
- [s390] configs: enable auto expoline support (Hendrik Brueckner) [1554959]
- [s390] correct nospec auto detection init order (Hendrik Brueckner)
[1554959]
- [s390] add sysfs attributes for spectre (Hendrik Brueckner) [1554959]
- [s390] report spectre mitigation via syslog (Hendrik Brueckner) [1554959]
- [s390] add automatic detection of the spectre defense (Hendrik
Brueckner) [1554959]
- [s390] move nobp parameter functions to nospec-branch.c (Hendrik
Brueckner) [1554959]
- [s390] do not bypass BPENTER for interrupt system calls (Hendrik
Brueckner) [1554959]
- [s390] Replace IS_ENABLED(EXPOLINE_*) with
IS_ENABLED(CONFIG_EXPOLINE_*) (Hendrik Brueckner) [1554959]
- [s390] introduce execute-trampolines for branches (Hendrik Brueckner)
[1554959]
- [s390] run user space and KVM guests with modified branch prediction
(Hendrik Brueckner) [1554959]
- [s390] add optimized array_index_mask_nospec (Hendrik Brueckner) [1554959]
- [s390] scrub registers on kernel entry and KVM exit (Hendrik
Brueckner) [1554959]
- [s390] align and prepare spectre mitigation for upstream commits
(Hendrik Brueckner) [1554959]
- [x86] xen: do not use xen_info on HVM, set pv_info name to "Xen HVM"
(Vitaly Kuznetsov) [1568241]
- [net] sctp: verify size of a new chunk in _sctp_make_chunk() (Stefano
Brivio) [1551908] {CVE-2018-5803}
[2.6.32-750.el6]
- [fs] fuse: fix punching hole with unaligned end (Miklos Szeredi)
[1387473] {CVE-2017-15121}
- [documentation] kdump: fix documentation about panic_on_warn to match
rhel6 (Pingfan Liu) [1555196]
- [fs] Provide sane values for nlink (Leif Sahlberg) [1554342]
[2.6.32-749.el6]
- [powerpc] pseries: Restore default security feature flags on setup
(Mauricio Oliveira) [1561788]
- [powerpc] Move default security feature flags (Mauricio Oliveira)
[1561788]
- [powerpc] pseries: Fix clearing of security feature flags (Mauricio
Oliveira) [1561788]
- [powerpc] 64s: Wire up cpu_show_spectre_v2() (Mauricio Oliveira) [1561788]
- [powerpc] 64s: Wire up cpu_show_spectre_v1() (Mauricio Oliveira) [1561788]
- [powerpc] pseries: Use the security flags in pseries_setup_rfi_flush()
(Mauricio Oliveira) [1561788]
- [powerpc] 64s: Enhance the information in cpu_show_meltdown()
(Mauricio Oliveira) [1561788]
- [powerpc] 64s: Move cpu_show_meltdown() (Mauricio Oliveira) [1561788]
- [powerpc] pseries: Set or clear security feature flags (Mauricio
Oliveira) [1561788]
- [powerpc] Add security feature flags for Spectre/Meltdown (Mauricio
Oliveira) [1561788]
- [powerpc] pseries: Add new H_GET_CPU_CHARACTERISTICS flags (Mauricio
Oliveira) [1561788]
- [lib] seq: Add seq_buf_printf() (Mauricio Oliveira) [1561788]
- [powerpc] rfi-flush: Call setup_rfi_flush() after LPM migration
(Mauricio Oliveira) [1561786]
- [powerpc] rfi-flush: Differentiate enabled and patched flush types
(Mauricio Oliveira) [1561786]
- [powerpc] rfi-flush: Always enable fallback flush on pseries (Mauricio
Oliveira) [1561786]
- [powerpc] rfi-flush: Make it possible to call setup_rfi_flush() again
(Mauricio Oliveira) [1561786]
- [powerpc] rfi-flush: Move the logic to avoid a redo into the debugfs
code (Mauricio Oliveira) [1561786]
- [x86] pti/32: Don't use trampoline stack on Xen PV (Waiman Long) [1562725]
- [x86] pti: Use boot_cpu_has(X86_FEATURE_PTI_SUPPORT) for early call
sites (Waiman Long) [1562725]
- [x86] pti: Set X86_FEATURE_PTI_SUPPORT early (Waiman Long) [1562725]
- [x86] pti: Rename X86_FEATURE_NOPTI to X86_FEATURE_PTI_SUPPORT (Waiman
Long) [1562725]
- [x86] pti/32: Fix setup_trampoline_page_table() bug (Waiman Long)
[1562725]
- [x86] entry: Remove extra argument in call instruction (Waiman Long)
[1562552]
- [x86] syscall: Fix ia32_ptregs handling bug in 64-bit kernel (Waiman
Long) [1557562 1562552]
- [x86] efi/64: Align efi_pgd on even page boundary (Waiman Long) [1558845]
- [x86] pgtable/pae: Revert "Use separate kernel PMDs for user
page-table" (Waiman Long) [1558845]
- [x86] pgtable/pae: Revert "Unshare kernel PMDs when PTI is enabled"
(Waiman Long) [1558845]
- [x86] mm: Dump both kernel & user page tables at fault (Waiman Long)
[1558845]
- [x86] entry/32: Fix typo in PARANOID_EXIT_TO_KERNEL_MODE (Waiman Long)
[1558845]
[2.6.32-748.el6]
- [mm] fold arch_randomize_brk into ARCH_HAS_ELF_RANDOMIZE (Bhupesh
Sharma) [1494380]
- [mm] brk: fix min_brk lower bound computation for COMPAT_BRK (Bhupesh
Sharma) [1494380]
- [mm] split ET_DYN ASLR from mmap ASLR (Bhupesh Sharma) [1494380]
- [s390] redefine randomize_et_dyn for ELF_ET_DYN_BASE (Bhupesh Sharma)
[1494380]
- [mm] expose arch_mmap_rnd when available (Bhupesh Sharma) [1494380]
- [s390] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380]
- [s390] mmap: randomize mmap base for bottom up direction (Bhupesh
Sharma) [1494380]
- [powerpc] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380]
- [x86] standardize mmap_rnd() usage (Bhupesh Sharma) [1494380]
- [fs] binfmt_elf: create Kconfig variable for PIE randomization
(Bhupesh Sharma) [1494380]
- [fs] binfmt_elf: PIE: make PF_RANDOMIZE check comment more accurate
(Bhupesh Sharma) [1494380]
- [fs] binfmt_elf: fix PIE execution with randomization disabled
(Bhupesh Sharma) [1494380]
- [acpi] acpica: Support calling _REG methods within ACPI interpreter
(Lenny Szubowicz) [1522849]
- [acpi] acpica: Function to test if ACPI interpreter already entered
(Lenny Szubowicz) [1522849]
- [acpi] acpica: Function to test if ACPI mutex held by this thread
(Lenny Szubowicz) [1522849]
[2.6.32-747.el6]
- [fs] gfs2: Check for the end of metadata in trunc_dealloc (Robert S
Peterson) [1559928]
- [fs] gfs2: clear journal live bit in gfs2_log_flush (Robert S
Peterson) [1559928]
- [netdrv] vmxnet3: fix tx data ring copy for variable size (Neil
Horman) [1530378]
- [mm] account skipped entries to avoid looping in find_get_pages (Dave
Wysochanski) [1559386]
- [powerpc] pseries: Support firmware disable of RFI flush (Mauricio
Oliveira) [1554631]
- [powerpc] pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper
(Mauricio Oliveira) [1554631]
- [powerpc] 64s: Allow control of RFI flush via debugfs (Mauricio
Oliveira) [1554630]
- [powerpc] 64s: Improve RFI L1-D cache flush fallback (Mauricio
Oliveira) [1554630]
- [powerpc] 64s: Wire up cpu_show_meltdown() (Mauricio Oliveira) [1554630]
[2.6.32-746.el6]
- [dm] fix race between dm_get_from_kobject() and __dm_destroy() (Mike
Snitzer) [1551999] {CVE-2017-18203}
- [x86] pti: Disable kaiser_add_mapping if X86_FEATURE_NOPTI (Waiman
Long) [1557562]
- [x86] irq/ioapic: Check for valid irq_cfg pointer in
smp_irq_move_cleanup_interrupt (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] kexec/64: Clear control page after PGD init (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] efi/64: Fix potential PTI data corruption problem (Waiman Long)
[1550599] {CVE-2017-5754}
- [ipmi] pick up slave address from SMBIOS on an ACPI device (Tony
Camuso) [1484525]
- [ipmi] fix watchdog timeout set on reboot (Tony Camuso) [1484525]
- [ipmi] fix watchdog hang on panic waiting for ipmi response (Tony
Camuso) [1484525]
- [ipmi] use smi_num for init_name (Tony Camuso) [1484525]
- [ipmi] move platform device creation earlier in the initialization
(Tony Camuso) [1484525]
- [ipmi] clean up printks (Tony Camuso) [1484525]
- [ipmi] cleanup error return (Tony Camuso) [1484525]
- [md] raid0: apply base queue limits *before* disk_stack_limits (Xiao
Ni) [1417294]
- [md] raid0: update queue parameter in a safer location (Xiao Ni) [1417294]
- [md] raid0: conditional mddev->queue access to suit dm-raid (Xiao Ni)
[1417294]
- [md] raid0: access mddev->queue (request queue member) conditionally
because it is not set when accessed from dm-raid (Xiao Ni) [1417294]
[2.6.32-745.el6]
- [x86] pti/mm: Fix machine check with PTI on old AMD CPUs (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] pti/mm: Enable PAGE_GLOBAL if not affected by Meltdown (Waiman
Long) [1550599] {CVE-2017-5754}
- [x86] retpoline: Avoid retpolines for built-in __init functions
(Waiman Long) [1550599] {CVE-2017-5754}
- [x86] kexec/32: Allocate 8k PGD for PTI (Waiman Long) [1550599]
{CVE-2017-5754}
- [x86] spec_ctrl: Patch out lfence on old 32-bit CPUs (Waiman Long)
[1550599] {CVE-2017-5754}
- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
fixup (Jarod Wilson) [1548432] {CVE-2017-13166}
- [scsi] lpfc: Fix crash from memory alloc at interrupt level with
GFP_KERNEL set (Dick Kennedy) [1540706]
[2.6.32-744.el6]
- [dm] io: fix duplicate bio completion due to missing ref count
(Mikulas Patocka) [1334224]
- [fs] gfs2: Reduce contention on gfs2_log_lock (Robert S Peterson)
[1399822]
- [fs] gfs2: Inline function meta_lo_add (Robert S Peterson) [1399822]
- [fs] gfs2: Switch tr_touched to flag in transaction (Robert S
Peterson) [1399822]
[2.6.32-743.el6]
- [v4l] media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic
(Jarod Wilson) [1548432] {CVE-2017-13166}
- [kernel] cgroup: initialize xattr before calling d_instantiate()
(Aristeu Rozanski) [1533523]
- [fs] ext*: Don't clear SGID when inheriting ACLs (Andreas Grunbacher)
[1473482]
- [fs] gfs2: writeout truncated pages (Robert S Peterson) [1331076]
- [fs] export __block_write_full_page (Robert S Peterson) [1331076]
- [scsi] mark queue as PREEMPT_ONLY before setting quiesce (Ming Lei)
[1462959]
- [block] call blk_queue_enter() before allocating request (Ming Lei)
[1462959]
- [block] introduce blk_queue_enter() (Ming Lei) [1462959]
- [mm] shmem: replace_page must flush_dcache and others (Waiman Long)
[1412337]
- [mm] shmem: replace page if mapping excludes its zone (Waiman Long)
[1412337]
- [x86] cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2
microcodes (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] spec_ctrl/32: Enable IBRS processing on kernel entries & exits
(Waiman Long) [1550599] {CVE-2017-5754}
- [x86] spec_ctrl/32: Stuff RSB on kernel entry (Waiman Long) [1550599]
{CVE-2017-5754}
- [x86] pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32 (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] pti/32: Add a PAE specific version of __pti_set_user_pgd (Waiman
Long) [1550599] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Support PAE page table dumping (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] pgtable/pae: Use separate kernel PMDs for user page-table
(Waiman Long) [1550599] {CVE-2017-5754}
- [x86] mm/pae: Populate valid user PGD entries (Waiman Long) [1550599]
{CVE-2017-5754}
- [x86] pti: Enable x86-32 for kaiser.c (Waiman Long) [1550599]
{CVE-2017-5754}
- [x86] pti: Disable PCID handling in x86-32 TLB flushing code (Waiman
Long) [1550599] {CVE-2017-5754}
- [x86] pgtable: Disable user PGD poisoning for PAE (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] pgtable: Move more PTI functions out of pgtable_64.h (Waiman
Long) [1550599] {CVE-2017-5754}
- [x86] pgtable: Move pgdp kernel/user conversion functions to pgtable.h
(Waiman Long) [1550599] {CVE-2017-5754}
- [x86] pgtable/32: Allocate 8k page-tables when PTI is enabled (Waiman
Long) [1550599] {CVE-2017-5754}
- [x86] pgtable/pae: Unshare kernel PMDs when PTI is enabled (Waiman
Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Handle debug exception similar to NMI (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] entry/32: Add PTI cr3 switch to non-NMI entry/exit points
(Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Add PTI cr3 switches to NMI handler code (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI (Waiman
Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Enable the use of trampoline stack (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] entry/32: Change INT80 to be an interrupt gate (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] entry/32: Handle Entry from Kernel-Mode on Entry-Stack (Waiman
Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Leave the kernel via trampoline stack (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] entry/32: Enter the kernel via trampoline stack (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] entry/32: Restore segments before int registers (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] entry/32: Split off return-to-kernel path (Waiman Long)
[1550599] {CVE-2017-5754}
- [x86] entry/32: Unshare NMI return path (Waiman Long) [1550599]
{CVE-2017-5754}
- [x86] entry/32: Put ESPFIX code into a macro (Waiman Long) [1550599]
{CVE-2017-5754}
- [x86] entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler
(Waiman Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Rename TSS_sysenter_sp0 to TSS_entry_stack (Waiman
Long) [1550599] {CVE-2017-5754}
- [x86] pti: Add X86_FEATURE_NOPTI to permanently disable PTI (Waiman
Long) [1550599] {CVE-2017-5754}
- [x86] entry/32: Simplify and fix up the SYSENTER stack #DB/NMI fixup
(Waiman Long) [1550599] {CVE-2017-5754}
- [x86] doublefault: Set the right gs register for doublefault (Waiman
Long) [1550599] {CVE-2017-5754}
- [x86] syscall: int80 must not clobber r12-15 (Waiman Long) [1550599]
{CVE-2017-5754}
- [x86] syscall: change ia32_syscall() to create the full register frame
in ia32_do_call() (Waiman Long) [1550599] {CVE-2017-5754}
- [x86] cve: Make all Meltdown/Spectre percpu variables available to
x86-32 (Waiman Long) [1550599] {CVE-2017-5754}
[2.6.32-742.el6]
- [mm] prevent /proc/sys/vm/percpu_pagelist_fraction divide-by-zero
(Dave Anderson) [1405879]
- [fs] proc: Resolve performance issues with multiple /proc/stat reads
(Prarit Bhargava) [1544565]
- [fs] nfs: fix pnfs direct write memory leak (Scott Mayhew) [1536900]
- [fs] dcache: prevent multiple shrink_dcache_parent() on the same
dentry (Miklos Szeredi) [1269288]
- [fs] fifo: do not restart open() if it already found a partner (Miklos
Szeredi) [1482983]
- [audit] reinstate check for failed execve (Denys Vlasenko) [1488822]
- [perf] x86/intel/uncore: Make PCI and MSR uncore independent (Jiri
Olsa) [1427324]
- [perf] fix perf_event_comm() vs. exec() assumption (Jiri Olsa) [1478980]
- [lib] prevent BUG in kfree() due to memory exhaustion in
__sg_alloc_table() (Larry Woodman) [1454453]
- [kernel] sched/core: Rework rq->clock update skips (Lauro Ramos
Venancio) [1212959]
- [kernel] sched: Remove useless code in yield_to() (Lauro Ramos
Venancio) [1212959]
- [kernel] sched: Set skip_clock_update in yield_task_fair() (Lauro
Ramos Venancio) [1212959]
- [kernel] sched, rt: Update rq clock when unthrottling of an otherwise
idle CPU (Lauro Ramos Venancio) [1212959]
- [kernel] lockdep: Fix lock_is_held() on recursion (Lauro Ramos
Venancio) [1212959]
- [x86] skip check for spurious faults for non-present faults (Daniel
Vacek) [1495167]
- [x86] mm: Fix boot crash caused by incorrect loop count calculation in
sync_global_pgds() (Daniel Vacek) [1495167]
- [fs] gfs2: Defer deleting inodes under memory pressure (Andreas
Grunbacher) [1255872]
- [fs] gfs2: gfs2_clear_inode, gfs2_delete_inode: Put glocks
asynchronously (Andreas Grunbacher) [1255872]
- [fs] gfs2: Get rid of gfs2_set_nlink (Andreas Grunbacher) [1255872]
- [fs] add set_nlink() (Andreas Grunbacher) [1255872]
- [fs] gfs2: gfs2_glock_get: Wait on freeing glocks (Andreas Grunbacher)
[1255872]
- [fs] gfs2: gfs2_create_inode: Keep glock across iput (Andreas
Grunbacher) [1255872]
- [fs] gfs2: Clean up glock work enqueuing (Andreas Grunbacher) [1255872]
- [fs] gfs2: Protect gl->gl_object by spin lock (Andreas Grunbacher)
[1255872]
- [fs] gfs2: Get rid of flush_delayed_work in gfs2_clear_inode (Andreas
Grunbacher) [1255872]
- [fs] revert "gfs2: Wait for iopen glock dequeues" (Andreas Grunbacher)
[1255872]
- [fs] gfs2: Fixup to "Clear gl_object if gfs2_create_inode fails"
(Andreas Grunbacher) [1506281]
- [scsi] dual scan thread bug fix (Ewan Milne) [1508512]
- [scsi] fix our current target reap infrastructure (Ewan Milne) [1508512]
- [scsi] bnx2fc: Fix check in SCSI completion handler for timed out
request (Chad Dupuis) [1538168]
[2.6.32-741.el6]
- [net] netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
(Florian Westphal) [1543091] {CVE-2017-18017}
- [net] netfilter: xt_TCPMSS: fix handling of malformed TCP header and
options (Florian Westphal) [1543091] {CVE-2017-18017}
- [net] netfilter: xt_TCPMSS: SYN packets are allowed to contain data
(Florian Westphal) [1543091] {CVE-2017-18017}
- [net] sctp: return error if the asoc has been peeled off in
sctp_wait_for_sndbuf (Hangbin Liu) [1470559]
- [net] sctp: use the right sk after waking up from wait_buf sleep
(Hangbin Liu) [1470559]
- [net] sctp: do not free asoc when it is already dead in sctp_sendmsg
(Hangbin Liu) [1470559]
- [net] packet: Allow packets with only a header (but no payload)
(Lorenzo Bianconi) [1535024]
- [net] packet: make packet too small warning match condition (Lorenzo
Bianconi) [1535024]
- [net] packet: bail out of packet_snd() if L2 header creation fails
(Lorenzo Bianconi) [1535024]
- [net] packet: make packet_snd fail on len smaller than l2 header
(Lorenzo Bianconi) [1535024]
- [net] bonding: discard lowest hash bit for 802.3ad layer3+4 (Hangbin
Liu) [1532167]
- [net] revert "net: use lib/percpu_counter API for fragmentation mem
accounting" (Jesper Brouer) [1508504]
- [scsi] lpfc: fix pci hot plug crash in list_add call (Dick Kennedy)
[1542773]
- [scsi] hpsa: update driver version (Joseph Szczypek) [1541517]
- [scsi] hpsa: correct resets on retried commands (Joseph Szczypek)
[1541517]
- [scsi] hpsa: rescan later if reset in progress (Joseph Szczypek) [1541517]
[2.6.32-740.el6]
- [x86] retpoline/hyperv: Convert assembler indirect jumps (Waiman Long)
[1535645]
- [x86] spec_ctrl: Upgrade GCC retpoline warning to an error for brew
builds (Waiman Long) [1535645]
- [x86] retpoline: Don't use kernel indirect thunks in vsyscalls (Waiman
Long) [1535645]
- [x86] spec_ctrl: Add a read-only retp_enabled debugfs knob (Waiman
Long) [1535645]
- [x86] spec_ctrl: detect unretpolined modules (Waiman Long) [1535645]
- [x86] retpoline/ACPI: Convert indirect jump in wakeup code (Waiman
Long) [1535645]
- [x86] retpoline/efi: Convert stub indirect calls & jumps (Waiman Long)
[1535645]
- [watchdog] hpwdt: remove indirect call in drivers/watchdog/hpwdt.c
(Waiman Long) [1535645]
- [x86] spec_ctrl: cleanup __ptrace_may_access (Waiman Long) [1535645]
- [x86] bugs: Drop one "mitigation" from dmesg (Waiman Long) [1535645]
- [x86] spec_ctrl: fix ptrace IBPB optimization (Waiman Long) [1535645]
- [x86] spec_ctrl: Avoid returns in IBRS-disabled regions (Waiman Long)
[1535645]
- [x86] spectre/meltdown: avoid the vulnerability directory to weaken
kernel security (Waiman Long) [1535645]
- [x86] spec_ctrl: Update spec_ctrl.txt and kernel-parameters.txt
(Waiman Long) [1535645]
- [x86] Use IBRS for firmware update path (Waiman Long) [1535645]
- [x86] spec_ctrl: stuff RSB on context switch with SMEP enabled (Waiman
Long) [1535645]
- [x86] spec_ctrl: use upstream RSB stuffing function (Waiman Long)
[1535645]
- [x86] spec_ctrl: add ibrs_enabled=3 (ibrs_user) (Waiman Long) [1535645]
- [x86] spec_ctrl: Integrate IBRS with retpoline (Waiman Long) [1535645]
- [x86] spec_ctrl: print features changed by microcode loading (Waiman
Long) [1535645]
- [x86] spec_ctrl: refactor the init and microcode loading paths (Waiman
Long) [1535645]
- [x86] spec_ctrl: move initialization of X86_FEATURE_IBPB_SUPPORT
(Waiman Long) [1535645]
- [x86] spec_ctrl: remove SPEC_CTRL_PCP_IBPB bit (Waiman Long) [1535645]
- [x86] spec_ctrl: remove ibrs_enabled variable (Waiman Long) [1535645]
- [x86] spec_ctrl: add ibp_disabled variable (Waiman Long) [1535645]
- [x86] spec_ctrl: add X86_FEATURE_IBP_DISABLE (Waiman Long) [1535645]
- [x86] spec_ctrl: remove IBP disable for AMD model 0x16 (Waiman Long)
[1535645]
- [x86] spec_ctrl: remove performance measurements from documentation
(Waiman Long) [1535645]
- [x86] spec_ctrl: make ipbp_enabled read-only (Waiman Long) [1535645]
- [x86] spec_ctrl: remove ibpb_enabled=2 mode (Waiman Long) [1535645]
- [x86] spec_ctrl: Enable spec_ctrl functions for x86-32 (Waiman Long)
[1535645]
- [x86] spec_ctrl: move vmexit rmb in the last branch before IBRS
(Waiman Long) [1535645]
- [x86] spec_ctrl: satisfy the barrier like semantics of IBRS (Waiman
Long) [1535645]
- [x86] spectre_v1: Mark it as mitigated (Waiman Long) [1535645]
- [x86] pti: Do not enable PTI on CPUs which are not vulnerable to
Meltdown (Waiman Long) [1535645]
- [x86] mce: Make machine check speculation protected (Waiman Long)
[1535645]
- [x86] retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
(Waiman Long) [1535645]
- [x86] retpoline: Fill return stack buffer on vmexit (Waiman Long)
[1535645]
- [x86] retpoline/irq32: Convert assembler indirect jumps (Waiman Long)
[1535645]
- [x86] retpoline/checksum32: Convert assembler indirect jumps (Waiman
Long) [1535645]
- [x86] retpoline/entry: Convert entry assembler indirect (Waiman Long)
[1535645]
- [x86] retpoline/crypto: Convert crypto assembler indirect jumps
(Waiman Long) [1535645]
- [x86] spectre: Add boot time option to select Spectre v2 mitigation
(Waiman Long) [1535645]
- [x86] retpoline: Add initial retpoline support (Waiman Long) [1535645]
- [x86] cpu: Implement CPU vulnerabilites sysfs functions (Waiman Long)
[1535645]
- [base] sysfs/cpu: Add vulnerability folder (Waiman Long) [1535645]
- [x86] cpufeatures: Add X86_BUG_SPECTRE_V(12) (Waiman Long) [1535645]
- [x86] pti: Add the pti= cmdline option and documentation (Waiman Long)
[1535645]
- [x86] cpufeatures: Add X86_BUG_CPU_MELTDOWN (Waiman Long) [1535645]
- [x86] pti: Rename CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION (Waiman
Long) [1535645]
- [x86] cpu: Expand cpufeature facility to include cpu bugs (Waiman
Long) [1535645]
- [x86] cpu: Merge bugs.c and bugs_64.c (Waiman Long) [1535645]
- [x86] cpu/intel: Introduce macros for Intel family numbers (Waiman
Long) [1535645]
- [x86] alternatives: Add missing 'n' at end of ALTERNATIVE inline asm
(Waiman Long) [1535645]
- [x86] alternatives: Fix alt_max_short macro to really be a max()
(Waiman Long) [1535645]
- [x86] asm: Make asm/alternative.h safe from assembly (Waiman Long)
[1535645]
- [x86] alternatives: Document macros (Waiman Long) [1535645]
- [x86] alternatives: Fix ALTERNATIVE_2 padding generation properly
(Waiman Long) [1535645]
- [x86] alternatives: Add instruction padding (Waiman Long) [1535645]
- [x86] alternative: Add header guards to asm/alternative-asm.h (Waiman
Long) [1535645]
- [x86] alternative: Use .pushsection/.popsection (Waiman Long) [1535645]
- [x86] copy_user_generic: Optimize copy_user_generic with CPU erms
feature (Waiman Long) [1535645]
- [x86] Make .altinstructions bit size neutral (Waiman Long) [1535645]
[2.6.32-739.el6]
- [powerpc] spinlock: add gmb memory barrier (Mauricio Oliveira) [1538543]
- [powerpc] prevent Meltdown attack with L1-D$ flush (Mauricio Oliveira)
[1538543]
- [s390] vtime: turn BP on when going idle (Hendrik Brueckner) [1538542]
- [s390] cpuinfo: show facilities as reported by stfle (Hendrik
Brueckner) [1538542]
- [s390] kconfigs: turn off SHARED_KERNEL support for s390 (Hendrik
Brueckner) [1538542]
- [s390] add ppa to system call and program check path (Hendrik
Brueckner) [1538542]
- [s390] spinlock: add gmb memory barrier (Hendrik Brueckner) [1538542]
- [s390] introduce CPU alternatives (Hendrik Brueckner) [1538542]
[2.6.32-738.el6]
- [x86] pti: Rework the trampoline stack switching code (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] pti: Disable interrupt before trampoline stack switching (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Fix XEN PV boot failure (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late
microcode update (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas
functional (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns
to userland (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] Revert "entry: Use retpoline for syscall's indirect calls"
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level()
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/dump_pagetables: Add page table directory (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] entry: Remove unneeded nmi_userspace code (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED
per-cpu section (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm/kaiser: convert userland visible "kpti" name to "pti" (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel gs has
been restored (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and
IBPB_SUPPORT are missing (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519796]
{CVE-2017-5715}
- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle()
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and
noibrs_cmdline (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519796]
{CVE-2017-5715}
- [x86] spec_ctrl: allow the IBP disable feature to be toggled at
runtime (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: always initialize save_reg in
ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on syscall (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: disable global pages by default with KAISER (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] Revert "mm/kaiser: Disable global pages by default with KAISER"
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] entry: Use retpoline for syscall's indirect calls (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] syscall: Clear unused extra registers on 32-bit compatible
syscall entrance (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] spec_ctrl: consolidate the spec control boot detection (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] Remove __cpuinitdata from some data & function (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519796]
{CVE-2017-5715}
- [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] mm: Set IBPB upon context switch (Waiman Long) [1519796]
{CVE-2017-5715}
- [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519796]
{CVE-2017-5715}
- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] enter: Use IBRS on syscall and interrupts (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline
(Waiman Long) [1519796] {CVE-2017-5715}
- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and
ibrs (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long)
[1519796] {CVE-2017-5715}
- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long)
[1519796] {CVE-2017-5715}
- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] svm: Set IBPB when running a different VCPU (Waiman Long)
[1519796] {CVE-2017-5715}
- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long)
[1519796] {CVE-2017-5715}
- [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long)
[1519796] {CVE-2017-5715}
- [kvm] x86: clear registers on VM exit (Waiman Long) [1519796]
{CVE-2017-5715}
- [x86] kvm: Pad RSB on VM transition (Waiman Long) [1519796]
{CVE-2017-5715}
- [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519796]
{CVE-2017-5715}
- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not
available (Waiman Long) [1519796] {CVE-2017-5715}
- [x86] feature: Report presence of IBPB and IBRS control (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] feature: Enable the x86 feature to control Speculation (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519796]
{CVE-2017-5715}
- [x86] microcode: Share native MSR accessing variants (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long)
[1519796] {CVE-2017-5715}
- [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman
Long) [1519796] {CVE-2017-5715}
- [x86] entry: Further simplify the paranoid_exit code (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] entry: Remove trampoline check from paranoid entry path (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] entry: Don't switch to trampoline stack in paranoid_exit (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] entry: Simplify trampoline stack restore code (Waiman Long)
[1519802] {CVE-2017-5754}
- [misc] locking/barriers: prevent speculative execution based on
Coverity scan results (Waiman Long) [1519789] {CVE-2017-5753}
- [fs] udf: prevent speculative execution (Waiman Long) [1519789]
{CVE-2017-5753}
- [fs] prevent speculative execution (Waiman Long) [1519789] {CVE-2017-5753}
- [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519789]
{CVE-2017-5753}
- [netdrv] p54: prevent speculative execution (Waiman Long) [1519789]
{CVE-2017-5753}
- [netdrv] carl9170: prevent speculative execution (Waiman Long)
[1519789] {CVE-2017-5753}
- [media] uvcvideo: prevent speculative execution (Waiman Long)
[1519789] {CVE-2017-5753}
- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
(Waiman Long) [1519789] {CVE-2017-5753}
- [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long)
[1519789] {CVE-2017-5753}
- [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman
Long) [1519789] {CVE-2017-5753}
- [x86] Fix typo preventing msr_set/clear_bit from having an effect
(Waiman Long) [1519789] {CVE-2017-5753}
- [x86] Add another set of MSR accessor functions (Waiman Long)
[1519789] {CVE-2017-5753}
- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add "kaiser" and "nokaiser" boot options (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit
kernel (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm: If INVPCID is available, use it to flush global mappings
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: use PCID feature to make user and kernel switches
faster (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm/kaiser: enable kaiser in build (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen
PV (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add Kconfig (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: stack trampoline (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: add a function to check for KAISER being enabled
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: map virtually-addressed performance monitoring
buffers (Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch)
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519802]
{CVE-2017-5754}
- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman
Long) [1519802] {CVE-2017-5754}
- [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] increase robusteness of bad_iret fixup handler (Waiman Long)
[1519802] {CVE-2017-5754}
- [x86] mm: Check if PUD is large when validating a kernel address
(Waiman Long) [1519802] {CVE-2017-5754}
- [x86] Separate out entry text section (Waiman Long) [1519802]
{CVE-2017-5754}
- [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long)
[1519802] {CVE-2017-5754}
- [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE()
(Waiman Long) [1519802] {CVE-2017-5754}
- [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel
header (Waiman Long) [1519802] {CVE-2017-5754}
[2.6.32-737.el6]
- [hv] netvsc: get rid of completion timeouts (Vitaly Kuznetsov) [1538592]
- [fs] gfs2: Special case the rindex in gfs2_write_alloc_required()
(Andrew Price) [1384184]
- [scsi] scsi_dh_alua: fix race condition that causes multipath to hang
(Mike Snitzer) [1500192]
- [virtio] virtio-pci: fix leaks of msix_affinity_masks (Jason Wang)
[1281754]
- [fs] sunrpc: avoid warning in gss_key_timeout (J. Bruce Fields) [1456594]
- [fs] sunrpc: fix RCU handling of gc_ctx field (J. Bruce Fields) [1456594]
[2.6.32-736.el6]
- [drm] nouveau/disp/nv50-: execute supervisor on its own workqueue (Ben
Skeggs) [1468825]
- [net] bluetooth: Prevent uninitialized data (Gopal Tiwari) [1519626]
{CVE-2017-1000410}
- [scsi] storvsc: do not assume SG list is continuous when doing bounce
buffers (for 4.1 and prior) (Cathy Avery) [1533175]
[2.6.32-735.el6]
- [x86] tighten /dev/mem with zeroing reads (Bruno Eduardo de Oliveira
Meneguele) [1449676] {CVE-2017-7889}
- [char] /dev/mem: make size_inside_page() logic straight (Bruno Eduardo
de Oliveira Meneguele) [1449676] {CVE-2017-7889}
- [char] /dev/mem: cleanup unxlate_dev_mem_ptr() calls (Bruno Eduardo de
Oliveira Meneguele) [1449676] {CVE-2017-7889}
- [char] /dev/mem: introduce size_inside_page() (Bruno Eduardo de
Oliveira Meneguele) [1449676] {CVE-2017-7889}
- [char] /dev/mem: remove redundant test on len (Bruno Eduardo de
Oliveira Meneguele) [1449676] {CVE-2017-7889}
- [scsi] lpfc: Null pointer dereference when log_verbose is set to
0xffffffff (Dick Kennedy) [1538340]
[2.6.32-734.el6]
- [netdrv] bnx2x: prevent crash when accessing PTP with interface down
(Michal Schmidt) [1518669]
- [hv] vss: Operation timeouts should match host expectation (Mohammed
Gamal) [1511431]
- [hv] utils: reduce HV_UTIL_NEGO_TIMEOUT timeout (Mohammed Gamal) [1511431]
- [hv] utils: Check VSS daemon is listening before a hot backup
(Mohammed Gamal) [1511431]
- [hv] utils: Continue to poll VSS channel after handling requests
(Mohammed Gamal) [1511431]
- [md] dm: clear all discard attributes in queue_limits when discards
are disabled (Mike Snitzer) [1433297]
- [md] dm: discard support requires all targets in a table support
discards (Mike Snitzer) [1433297]
- [net] dccp: use-after-free in DCCP code (Stefano Brivio) [1520817]
{CVE-2017-8824}
- [net] tcp: fix tcp_trim_head() (Paolo Abeni) [1274139]
- [net] sctp: fix src address selection if using secondary addresses for
ipv6 (Xin Long) [1445919]
- [net] sctp: deny peeloff operation on asocs with threads sleeping on
it (Hangbin Liu) [1470559]
- [net] sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Hangbin Liu) [1470559]
- [net] tcp: fix race during timewait sk creation (Florian Westphal)
[1205025]
[2.6.32-733.el6]
- [fs] sunrpc: Revert "sunrpc: always treat the invalid cache as
unexpired" (Thiago Becker) [1532786]
- [net] dma: fix memory leak in dma_pin_iocvec_pages (Sabrina Dubroca)
[1459263]
- [s390] qeth: check not more than 16 SBALEs on the completion queue
(Hendrik Brueckner) [1520860]
- [s390] fix transactional execution control register handling (Hendrik
Brueckner) [1520862]
- [mm] prevent concurrent unmap_mapping_range() on the same inode
(Miklos Szeredi) [1408108]
[2.6.32-732.el6]
- [mm] add cpu_relax() to "dont return 0 too early" patch (Ian Kent)
[988988]
- [mm] don't return 0 too early from find_get_pages() (Ian Kent) [988988]
- [crypto] cryptd: Add cryptd_max_cpu_qlen module parameter (Jon
Maxwell) [1503322]
- [s390] cpcmd,vmcp: avoid GFP_DMA allocations (Hendrik Brueckner) [1496105]
- [fs] gfs2: Withdraw for IO errors writing to the journal or statfs
(Robert S Peterson) [1505956]
- [netdrv] ixgbe: Fix incorrect bitwise operations of PTP Rx timestamp
flags (Ken Cox) [1523856]
[2.6.32-731.el6]
- [kernel] fix __wait_on_atomic_t() to call the action func if the
counter != 0 (David Howells) [1418631]
- [fs] fscache: fix dead object requeue (David Howells) [1333592 1418631]
- [fs] fscache: clear outstanding writes when disabling a cookie (David
Howells) [1418631]
- [fs] fscache: initialise stores_lock in netfs cookie (David Howells)
[1418631]
- [fs] cachefiles: fix attempt to read i_blocks after deleting file
(David Howells) [1418631]
- [fs] cachefiles: fix race between inactivating and culling a cache
object (David Howells) [1418631]
- [fs] fscache: make check_consistency callback return int (David
Howells) [1418631]
- [fs] fscache: wake write waiter after invalidating writes (David
Howells) [1418631]
- [fs] cachefiles: provide read-and-reset release counters for
cachefilesd (David Howells) [1418631]
- [s390] disassembler: increase show_code buffer size (Hendrik
Brueckner) [1516654]
- [fs] sunrpc: remove BUG_ONs checking RPC_IS_QUEUED (Dave Wysochanski)
[1424630]
- [fs] nfsv4.1: nfs4_fl_prepare_ds must be careful about reporting
success (Scott Mayhew) [1205448]
- [fs] cifs: add ratelimit for the log entry that causes a lockup (Leif
Sahlberg) [1494999]
- [fs] nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields)
[1447168]
[2.6.32-730.el6]
- [scsi] avoid a permanent stop of the scsi device's request queue (Ewan
Milne) [1513455]
- [fs] bio: more bio_map_user_iov() leak fixes (Ming Lei) [1503590]
{CVE-2017-12190}
- [fs] bio: fix unbalanced page refcounting in bio_map_user_iov (Ming
Lei) [1503590] {CVE-2017-12190}
[2.6.32-729.el6]
- [scsi] bnx2fc: Fix hung task messages when a cleanup response is not
received during abort (Chad Dupuis) [1504260]
[2.6.32-728.el6]
- [mm] introduce dedicated WQ_MEM_RECLAIM workqueue to do
lru_add_drain_all (Waiman Long) [1463754]
- [netdrv] cxgb4: Clear On FLASH config file after a FW upgrade (Arjun
Vynipadath) [1446952]
- [netdrv] chelsio : Fixes the issue seen on initiator while stopping
the target (Sai Vemuri) [1442097]
- [netdrv] be2net: Fix UE detection logic for BE3 (Ivan Vecera) [1437991]
- [netdrv] cxgb4vf: don't offload Rx checksums for IPv6 fragments
(Davide Caratti) [1427036]
- [scsi] qla2xxx: Get mutex lock before checking optrom_state (Himanshu
Madhani) [1408549]
[2.6.32-727.el6]
- [net] sctp: do not loose window information if in rwnd_over (Marcelo
Leitner) [1492220]
- [net] sctp: fix recovering from 0 win with small data chunks (Marcelo
Leitner) [1492220]
[2.6.32-726.el6]
- [s390] qdio: clear DSCI prior to scanning multiple input queues
(Hendrik Brueckner) [1467962]
[2.6.32-725.el6]
- [s390] zfcp: fix erp_action use-before-initialize in REC action trace
(Hendrik Brueckner) [1497000]
- [ipmi] create hardware-independent softdep for ipmi_devintf (Tony
Camuso) [1457915]
[2.6.32-724.el6]
- [fs] nfsd: reorder nfsd_cache_match to check more powerful
discriminators first (Thiago Becker) [1435787]
- [fs] nfsd: split DRC global spinlock into per-bucket locks (Thiago
Becker) [1435787]
- [fs] nfsd: convert num_drc_entries to an atomic_t (Thiago Becker)
[1435787]
- [fs] nfsd: remove the cache_hash list (Thiago Becker) [1435787]
- [fs] nfsd: convert the lru list into a per-bucket thing (Thiago
Becker) [1435787]
- [fs] nfsd: clean up drc cache in preparation for global spinlock
elimination (Thiago Becker) [1435787]
[2.6.32-723.el6]
- [hv] vmbus: Fix error code returned by vmbus_post_msg() (Vitaly
Kuznetsov) [1491846]
- [hv] vmbus: Increase the time between retries in vmbus_post_msg()
(Vitaly Kuznetsov) [1491846]
- [hv] vmbus: Raise retry/wait limits in vmbus_post_msg() (Vitaly
Kuznetsov) [1491846]
- [hv] vmbus: Reduce the delay between retries in vmbus_post_msg()
(Vitaly Kuznetsov) [1491846]
[2.6.32-722.el6]
- [scsi] be2iscsi: fix bad extern declaration (Maurizio Lombardi) [1497152]
- [kernel] mqueue: fix a use-after-free in sys_mq_notify() (Davide
Caratti) [1476124] {CVE-2017-11176}
[2.6.32-721.el6]
- [char] ipmi: use rcu lock around call to intf->handlers->sender()
(Tony Camuso) [1466034]
- [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio)
[1481943] {CVE-2017-1000111}
- [net] packet: fix overflow in check for tp_frame_nr (Stefano Brivio)
[1484946] {CVE-2017-7308}
- [net] packet: fix overflow in check for tp_reserve (Stefano Brivio)
[1484946] {CVE-2017-7308}
- [fs] binfmt_elf.c:load_elf_binary(): return -EINVAL on zero-length
mappings (Petr Matousek) [1492961] {CVE-2017-1000253}
- [fs] binfmt_elf.c: fix bug in loading of PIE binaries (Petr Matousek)
[1492961] {CVE-2017-1000253}
[2.6.32-720.el6]
- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide
Caratti) [1488340] {CVE-2017-14106}
- [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti)
[1488340] {CVE-2017-14106}
- [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
(Matteo Croce) [1477006] {CVE-2017-7542}
- [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Matteo
Croce) [1477006] {CVE-2017-7542}
- [net] udp: consistently apply ufo or fragmentation (Davide Caratti)
[1481529] {CVE-2017-1000112}
- [net] ipv6: Should use consistent conditional judgement for ip6
fragment between __ip6_append_data and ip6_finish_output (Davide
Caratti) [1481529] {CVE-2017-1000112}
- [net] ipv4: Should use consistent conditional judgement for ip
fragment in __ip_append_data and ip_finish_output (Davide Caratti)
[1481529] {CVE-2017-1000112}
[2.6.32-719.el6]
- [fs] nfs: don't disconnect open-owner on NFS4ERR_BAD_SEQID (Dave
Wysochanski) [1459636]
- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil
Horman) [1490062] {CVE-2017-1000251}
[2.6.32-718.el6]
- [fs] sunrpc: always treat the invalid cache as unexpired (Thiago
Becker) [1477288]
- [fs] sunrpc: xpt_auth_cache should be ignored when expired (Thiago
Becker) [1477288]
[2.6.32-717.el6]
- [video] efifb: allow user to disable write combined mapping (Dave
Airlie) [1465097]
[2.6.32-716.el6]
- [netdrv] sfc: tx ring can only have 2048 entries for all EF10 NICs
(Jarod Wilson) [1441773]
- [netdrv] brcmfmac: fix possible buffer overflow in
brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474782] {CVE-2017-7541}
- [scsi] lpfc: fix "integer constant too large" error on 32bit archs
(Maurizio Lombardi) [1441169]
- [scsi] lpfc: version 11.0.1.6 is 11.0.0.6 with no_hba_reset patches
(Maurizio Lombardi) [1441169]
- [scsi] lpfc: Vport creation is failing with "Link Down" error
(Maurizio Lombardi) [1441169]
- [scsi] lpfc: Fix panic on BFS configuration (Maurizio Lombardi) [1441169]
- [scsi] lpfc: Fix eh_deadline setting for sli3 adapters (Maurizio
Lombardi) [1441169]
- [scsi] lpfc: Correct panics with eh_timeout and eh_deadline (Maurizio
Lombardi) [1441169]
[2.6.32-715.el6]
- [x86] fix /proc/mtrr with base/size more than 44bits (Jerome Marchand)
[1466530]
[2.6.32-714.el6]
- [fs] gfs2: clear gl_object when deleting an inode in gfs2_delete_inode
(Robert S Peterson) [1464541]
- [fs] gfs2: clear gl_object if gfs2_create_inode fails (Robert S
Peterson) [1464541]
- [fs] gfs2: set gl_object in inode lookup only after block type check
(Robert S Peterson) [1464541]
- [fs] gfs2: introduce helpers for setting and clearing gl_object
(Robert S Peterson) [1464541]
[2.6.32-713.el6]
- [net] ipv6: Fix leak in ipv6_gso_segment() (Sabrina Dubroca) [1459951]
{CVE-2017-9074}
- [net] gre: fix a possible skb leak (Sabrina Dubroca) [1459951]
{CVE-2017-9074}
- [net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()
(Sabrina Dubroca) [1459951] {CVE-2017-9074}
- [net] ipv6: Check ip6_find_1stfragopt() return value properly (Sabrina
Dubroca) [1459951] {CVE-2017-9074}
- [net] ipv6: Prevent overrun when parsing v6 header options (Sabrina
Dubroca) [1459951] {CVE-2017-9074}
[2.6.32-712.el6]
- [mm] backport upstream large stack guard patch to RHEL6 (Larry
Woodman) [1464237 1452730] {CVE-2017-1000364}
- [mm] revert "enlarge stack guard gap" (Larry Woodman) [1452730]
{CVE-2017-1000364}
- [mm] revert "allow JVM to implement its own stack guard pages" (Larry
Woodman) [1464237]
[2.6.32-711.el6]
- [fs] sunrpc: Handle EADDRNOTAVAIL on connection failures (Dave
Wysochanski) [1459978]
- [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan
Milne) [1452358]
[2.6.32-710.el6]
- [mm] allow JVM to implement its own stack guard pages (Larry Woodman)
[1464237]
- [mm] enlarge stack guard gap (Larry Woodman) [1452730] {CVE-2017-1000364}
[2.6.32-709.el6]
- [netdrv] bnxt_en: Update to firmware interface spec 1.5.1 (Jonathan
Toppins) [1439450]
- [netdrv] bnxt_en: Added support for Secure Firmware Update (Jonathan
Toppins) [1439450]
- [netdrv] bnxt_en: Add support for firmware updates for additional
processors (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Update firmware spec. to 1.3.0 (Jonathan Toppins)
[1439450]
- [netdrv] bnxt_en: Add support for updating flash more securely
(Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Request firmware reset after successful firwmare
update (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Add hwrm_send_message_silent() (Jonathan Toppins)
[1439450]
- [netdrv] bnxt_en: Add installed-package firmware version reporting via
Ethtool GDRVINFO (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Reset embedded processor after applying firmware
upgrade (Jonathan Toppins) [1439450]
- [netdrv] bnxt_en: Add support for upgrading APE/NC-SI firmware via
Ethtool FLASHDEV (Jonathan Toppins) [1439450]
- [net] sctp: do not inherit ipv6_(mc|ac|fl)_list from parent (Florian
Westphal) [1455612] {CVE-2017-9075}
- [net] ipv6/dccp: do not inherit ipv6_mc_list from parent (Florian
Westphal) [1455612] {CVE-2017-9076 CVE-2017-9077}
- [net] dccp/tcp: do not inherit mc_list from parent (Florian Westphal)
[1455612] {CVE-2017-8890}
- [net] ipv6: nullify ipv6_ac_list and ipv6_fl_list when creating new
socket (Florian Westphal) [1455612]
[2.6.32-708.el6]
- [fs] sunrpc: Enable the keepalive option for TCP sockets (Dave
Wysochanski) [1458421]
- [mm] mempolicy.c: fix error handling in set_mempolicy and mbind (Bruno
E. O. Meneguele) [1443539] {CVE-2017-7616}
- [s390] zfcp: fix use-after-"free" in FC ingress path after TMF
(Hendrik Brueckner) [1421762]
- [scsi] scsi_transport_srp: Fix a race condition (Don Dutile) [1417305]
- [scsi] scsi_transport_srp: Introduce srp_wait_for_queuecommand() (Don
Dutile) [1417305]
- [block] make blk_cleanup_queue() wait until request_fn finished (Don
Dutile) [1417305]
[2.6.32-707.el6]
- [kernel] audit: acquire creds selectively to reduce atomic op overhead
(Paul Moore) [1454847]
- [s390] kernel: initial cr0 bits (Hendrik Brueckner) [1445326]
- [s390] zfcp: do not trace pure benign residual HBA responses at
default level (Hendrik Brueckner) [1421760]
- [s390] zfcp: fix rport unblock race with LUN recovery (Hendrik
Brueckner) [1421761]
[2.6.32-706.el6]
- [netdrv] ixgbe: fix setup_fc for x550em (Ken Cox) [1442030]
- [scsi] bnx2fc: fix race condition in bnx2fc_get_host_stats() (Maurizio
Lombardi) [1393672]
[2.6.32-705.el6]
- [fs] nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce
Fields) [1446755] {CVE-2017-7895}
- [fs] nfsd4: minor NFSv2/v3 write decoding cleanup (J. Bruce Fields)
[1446755] {CVE-2017-7895}
- [perf] fix concurrent sys_perf_event_open() vs move_group race (Jiri
Olsa) [1434751] {CVE-2017-6001}
- [perf] remove confusing comment and move put_ctx() (Jiri Olsa)
[1434751] {CVE-2017-6001}
- [perf] restructure perf syscall point of no return (Jiri Olsa)
[1434751] {CVE-2017-6001}
- [perf] fix move_group() order (Jiri Olsa) [1434751] {CVE-2017-6001}
- [perf] generalize event->group_flags (Jiri Olsa) [1434751] {CVE-2017-6001}
- [scsi] libfc: quarantine timed out xids (Chris Leech) [1431440]
[2.6.32-704.el6]
- [fs] sunrpc: Ensure that we wait for connections to complete before
retrying (Dave Wysochanski) [1448170]
- [net] ipv6: check raw payload size correctly in ioctl (Jamie
Bainbridge) [1441909]
[2.6.32-703.el6]
- [fs] nfsv4: fix getacl ERANGE for some ACL buffer sizes (J. Bruce
Fields) [869942]
- [fs] nfsv4: fix getacl head length estimation (J. Bruce Fields) [869942]
[2.6.32-702.el6]
- [fs] xfs: handle array index overrun in xfs_dir2_leaf_readbuf()
(Carlos Maiolino) [1440361]
- [net] ping: implement proper locking (Jakub Sitnicki) [1438999]
{CVE-2017-2671}
- [net] tcp: avoid infinite loop in tcp_splice_read() (Davide Caratti)
[1430578] {CVE-2017-6214}
- [net] ipv6: ip6_fragment: fix headroom tests and skb leak (Hannes
Frederic Sowa) [1412331]
[2.6.32-701.el6]
- [x86] vmalloc_sync: avoid syncing vmalloc area on crashing cpu
(Pingfan Liu) [1146727]
- [kernel] audit: plug cred memory leak in audit_filter_rules (Richard
Guy Briggs) [1434560]
[2.6.32-700.el6]
- [mm] hugetlb: check for pte NULL pointer in page_check_address()
(Herton R. Krzesinski) [1431508]
- [netdrv] be2net: Fix endian issue in logical link config command (Ivan
Vecera) [1436527]
- [crypto] mpi: Fix NULL ptr dereference in mpi_powm() (Mateusz Guzik)
[1398456] {CVE-2016-8650}
- [fs] aio: properly check iovec sizes (Mateusz Guzik) [1337517]
{CVE-2015-8830}
- [fs] vfs: make AIO use the proper rw_verify_area() area helpers
(Mateusz Guzik) [1337535] {CVE-2012-6701}
[2.6.32-699.el6]
- [scsi] lpfc: update for rhel6 11.0.0.6 (Maurizio Lombardi) [1429881]
- [scsi] lpfc: The lpfc driver does not issue RFF_ID and RFT_ID in the
correct sequence (Maurizio Lombardi) [1429881]
[2.6.32-698.el6]
- [sched] fair: Rework throttle_count sync (Jiri Olsa) [1250762]
- [sched] fair: Reorder cgroup creation code (Jiri Olsa) [1250762]
- [sched] fair: Initialize throttle_count for new task-groups lazily
(Jiri Olsa) [1250762]
- [sched] fair: Do not announce throttled next buddy in
dequeue_task_fair() (Jiri Olsa) [1250762]
[2.6.32-697.el6]
- [block] fix use-after-free in seq file (Denys Vlasenko) [1418549]
{CVE-2016-7910}
- [firmware] Replacing the chelsio firmware (t4,t5)fw-1.15.37.0 (Sai
Vemuri) [1425749]
- [kernel] genirq: Avoid taking sparse_irq_lock for non-existent irqs
(Dave Wysochanski) [1360930]
- [tty] n_hdlc: get rid of racy n_hdlc.tbuf (Herton R. Krzesinski)
[1429918] {CVE-2017-2636}
More information about the El-errata
mailing list