Red Hat Product Errata RHSA-2018:2216 - Security Advisory
Issued:
2018-07-17
Updated:
2018-07-17

RHSA-2018:2216 - Security Advisory

Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, and Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

  • An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, x86 AMD)

Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting this issue.

Bug Fix(es):

  • When switching from the indirect branch speculation (IBRS) feature to the retpolines feature, the IBRS state of some CPUs was sometimes not handled correctly. Consequently, some CPUs were left with the IBRS Model-Specific Register (MSR) bit set to 1, which could lead to performance issues. With this update, the underlying source code has been fixed to clear the IBRS MSR bits correctly, thus fixing the bug. (BZ#1586145)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux Server - AUS 7.2 x86_64
  • Red Hat Enterprise Linux Server - TUS 7.2 x86_64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.2 x86_64

Fixes

  • BZ - 1566890 - CVE-2018-3639 hw: cpu: speculative store bypass

Red Hat Enterprise Linux Server - AUS 7.2

SRPM
kernel-3.10.0-327.71.1.el7.src.rpm SHA-256: 45f534e14c7118ca21b96b48aa6ecdfb172730e3f1f3567183ce11027c57d9d2
x86_64
kernel-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: dff158a62db0228d0821e4e209fc2ef521a60e140fb1a2a68e526eebe3bafee0
kernel-abi-whitelists-3.10.0-327.71.1.el7.noarch.rpm SHA-256: cadef9d9aa15fd3a779aedefb8fec918095c875f4520e49f4fdf37b581fe73a6
kernel-debug-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1e2671114a837a8eacf3f98aebb42996a8b763583fd345ac9b69d66b14f3fbc9
kernel-debug-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 990e53a275bdf985eff4ca50bf5da2b1464579065150e806c93c56a33174ca13
kernel-debug-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 990e53a275bdf985eff4ca50bf5da2b1464579065150e806c93c56a33174ca13
kernel-debug-devel-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1c9e06e9a438a82564b56c8f0ecfa8181c14dd27352d4c660ae2e2babd43b460
kernel-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 7c58a818cc256ccfb808e4bab8ff8d3b59003b64718deba96ad9820d893971f4
kernel-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 7c58a818cc256ccfb808e4bab8ff8d3b59003b64718deba96ad9820d893971f4
kernel-debuginfo-common-x86_64-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 45862fbba0dc8cf29d9c7db413cfaf9c29dbf893240c605da94369a8cf33c60b
kernel-debuginfo-common-x86_64-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 45862fbba0dc8cf29d9c7db413cfaf9c29dbf893240c605da94369a8cf33c60b
kernel-devel-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: d4536d1df246d66a863e6d78eee3813c4d1b9b0471d46e30eaa3a11c4e571545
kernel-doc-3.10.0-327.71.1.el7.noarch.rpm SHA-256: d44933dd4911018537f1319e0841651365a8bb2b06da5c8e78a00dc7e9ad128c
kernel-headers-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 79f700a0612bf5bb3636bb2bba6bf3102984c3365779e51d3e79cbf50a257f63
kernel-tools-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 0b1d60be18547e899647c5fbb7d97f1c3c70ef09f7d74af25977bc393d692e18
kernel-tools-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 86342555990bd51a1a79eb421f0fa00f27c38c7765d1d1eff777abdde4905be8
kernel-tools-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 86342555990bd51a1a79eb421f0fa00f27c38c7765d1d1eff777abdde4905be8
kernel-tools-libs-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1827c6f863c81de7adcdd39afd88b2d69e7aeaf3d1078958fd58f82bdca42e62
kernel-tools-libs-devel-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: c5d353424b5bc52c86ceccacf0e48417c0b258db48c8ca12f639be6324438dc4
perf-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 97d7ffe5fb1f77e0475647a963c5835d5f997085728edd78ace514e46472fba9
perf-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1b78d428f558ec135e95aaa8efddbd4b412d3c4b7fbd7a6c67639fc9fa7c1785
perf-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1b78d428f558ec135e95aaa8efddbd4b412d3c4b7fbd7a6c67639fc9fa7c1785
python-perf-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: e018661176fbec2732174e641c3850e921ecea61894b6f2855873624b156da9e
python-perf-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 609bddc38b5d9f6fea79dc4123670ee6fa91a12b281c13016eb30333fdf700df
python-perf-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 609bddc38b5d9f6fea79dc4123670ee6fa91a12b281c13016eb30333fdf700df

Red Hat Enterprise Linux Server - TUS 7.2

SRPM
kernel-3.10.0-327.71.1.el7.src.rpm SHA-256: 45f534e14c7118ca21b96b48aa6ecdfb172730e3f1f3567183ce11027c57d9d2
x86_64
kernel-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: dff158a62db0228d0821e4e209fc2ef521a60e140fb1a2a68e526eebe3bafee0
kernel-abi-whitelists-3.10.0-327.71.1.el7.noarch.rpm SHA-256: cadef9d9aa15fd3a779aedefb8fec918095c875f4520e49f4fdf37b581fe73a6
kernel-debug-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1e2671114a837a8eacf3f98aebb42996a8b763583fd345ac9b69d66b14f3fbc9
kernel-debug-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 990e53a275bdf985eff4ca50bf5da2b1464579065150e806c93c56a33174ca13
kernel-debug-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 990e53a275bdf985eff4ca50bf5da2b1464579065150e806c93c56a33174ca13
kernel-debug-devel-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1c9e06e9a438a82564b56c8f0ecfa8181c14dd27352d4c660ae2e2babd43b460
kernel-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 7c58a818cc256ccfb808e4bab8ff8d3b59003b64718deba96ad9820d893971f4
kernel-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 7c58a818cc256ccfb808e4bab8ff8d3b59003b64718deba96ad9820d893971f4
kernel-debuginfo-common-x86_64-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 45862fbba0dc8cf29d9c7db413cfaf9c29dbf893240c605da94369a8cf33c60b
kernel-debuginfo-common-x86_64-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 45862fbba0dc8cf29d9c7db413cfaf9c29dbf893240c605da94369a8cf33c60b
kernel-devel-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: d4536d1df246d66a863e6d78eee3813c4d1b9b0471d46e30eaa3a11c4e571545
kernel-doc-3.10.0-327.71.1.el7.noarch.rpm SHA-256: d44933dd4911018537f1319e0841651365a8bb2b06da5c8e78a00dc7e9ad128c
kernel-headers-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 79f700a0612bf5bb3636bb2bba6bf3102984c3365779e51d3e79cbf50a257f63
kernel-tools-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 0b1d60be18547e899647c5fbb7d97f1c3c70ef09f7d74af25977bc393d692e18
kernel-tools-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 86342555990bd51a1a79eb421f0fa00f27c38c7765d1d1eff777abdde4905be8
kernel-tools-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 86342555990bd51a1a79eb421f0fa00f27c38c7765d1d1eff777abdde4905be8
kernel-tools-libs-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1827c6f863c81de7adcdd39afd88b2d69e7aeaf3d1078958fd58f82bdca42e62
kernel-tools-libs-devel-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: c5d353424b5bc52c86ceccacf0e48417c0b258db48c8ca12f639be6324438dc4
perf-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 97d7ffe5fb1f77e0475647a963c5835d5f997085728edd78ace514e46472fba9
perf-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1b78d428f558ec135e95aaa8efddbd4b412d3c4b7fbd7a6c67639fc9fa7c1785
perf-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1b78d428f558ec135e95aaa8efddbd4b412d3c4b7fbd7a6c67639fc9fa7c1785
python-perf-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: e018661176fbec2732174e641c3850e921ecea61894b6f2855873624b156da9e
python-perf-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 609bddc38b5d9f6fea79dc4123670ee6fa91a12b281c13016eb30333fdf700df
python-perf-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 609bddc38b5d9f6fea79dc4123670ee6fa91a12b281c13016eb30333fdf700df

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.2

SRPM
kernel-3.10.0-327.71.1.el7.src.rpm SHA-256: 45f534e14c7118ca21b96b48aa6ecdfb172730e3f1f3567183ce11027c57d9d2
x86_64
kernel-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: dff158a62db0228d0821e4e209fc2ef521a60e140fb1a2a68e526eebe3bafee0
kernel-abi-whitelists-3.10.0-327.71.1.el7.noarch.rpm SHA-256: cadef9d9aa15fd3a779aedefb8fec918095c875f4520e49f4fdf37b581fe73a6
kernel-debug-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1e2671114a837a8eacf3f98aebb42996a8b763583fd345ac9b69d66b14f3fbc9
kernel-debug-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 990e53a275bdf985eff4ca50bf5da2b1464579065150e806c93c56a33174ca13
kernel-debug-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 990e53a275bdf985eff4ca50bf5da2b1464579065150e806c93c56a33174ca13
kernel-debug-devel-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1c9e06e9a438a82564b56c8f0ecfa8181c14dd27352d4c660ae2e2babd43b460
kernel-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 7c58a818cc256ccfb808e4bab8ff8d3b59003b64718deba96ad9820d893971f4
kernel-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 7c58a818cc256ccfb808e4bab8ff8d3b59003b64718deba96ad9820d893971f4
kernel-debuginfo-common-x86_64-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 45862fbba0dc8cf29d9c7db413cfaf9c29dbf893240c605da94369a8cf33c60b
kernel-debuginfo-common-x86_64-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 45862fbba0dc8cf29d9c7db413cfaf9c29dbf893240c605da94369a8cf33c60b
kernel-devel-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: d4536d1df246d66a863e6d78eee3813c4d1b9b0471d46e30eaa3a11c4e571545
kernel-doc-3.10.0-327.71.1.el7.noarch.rpm SHA-256: d44933dd4911018537f1319e0841651365a8bb2b06da5c8e78a00dc7e9ad128c
kernel-headers-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 79f700a0612bf5bb3636bb2bba6bf3102984c3365779e51d3e79cbf50a257f63
kernel-tools-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 0b1d60be18547e899647c5fbb7d97f1c3c70ef09f7d74af25977bc393d692e18
kernel-tools-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 86342555990bd51a1a79eb421f0fa00f27c38c7765d1d1eff777abdde4905be8
kernel-tools-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 86342555990bd51a1a79eb421f0fa00f27c38c7765d1d1eff777abdde4905be8
kernel-tools-libs-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1827c6f863c81de7adcdd39afd88b2d69e7aeaf3d1078958fd58f82bdca42e62
kernel-tools-libs-devel-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: c5d353424b5bc52c86ceccacf0e48417c0b258db48c8ca12f639be6324438dc4
perf-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 97d7ffe5fb1f77e0475647a963c5835d5f997085728edd78ace514e46472fba9
perf-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1b78d428f558ec135e95aaa8efddbd4b412d3c4b7fbd7a6c67639fc9fa7c1785
perf-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 1b78d428f558ec135e95aaa8efddbd4b412d3c4b7fbd7a6c67639fc9fa7c1785
python-perf-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: e018661176fbec2732174e641c3850e921ecea61894b6f2855873624b156da9e
python-perf-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 609bddc38b5d9f6fea79dc4123670ee6fa91a12b281c13016eb30333fdf700df
python-perf-debuginfo-3.10.0-327.71.1.el7.x86_64.rpm SHA-256: 609bddc38b5d9f6fea79dc4123670ee6fa91a12b281c13016eb30333fdf700df

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.