Synopsis

Important: kernel security and bug fix update

Type/Severity

Security Advisory: Important

Topic

An update for kernel is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• A flaw was found in the implementation of the "fill buffer", a mechanism used by modern CPUs when a cache-miss is made on L1 CPU cache. If an attacker can generate a load operation that would create a page fault, the execution will continue speculatively with incorrect data from the fill buffer while the data is fetched from higher level caches. This response time can be measured to infer data in the fill buffer. (CVE-2018-12130)
  
• Modern Intel microprocessors implement hardware-level micro-optimizations to improve the performance of writing data back to CPU caches. The write operation is split into STA (STore Address) and STD (STore Data) sub-operations. These sub-operations allow the processor to hand-off address generation logic into these sub-operations for optimized writes. Both of these sub-operations write to a shared distributed processor structure called the 'processor store buffer'. As a result, an unprivileged attacker could use this flaw to read private data resident within the CPU's processor store buffer. (CVE-2018-12126)
  
• Microprocessors use a ‘load port’ subcomponent to perform load operations from memory or IO. During a load operation, the load port receives data from the memory or IO subsystem and then provides the data to the CPU registers and operations in the CPU’s pipelines. Stale load operations results are stored in the 'load port' table until overwritten by newer operations. Certain load-port operations triggered by an attacker can be used to reveal data about previous stale requests leaking data back to the attacker via a timing side-channel. (CVE-2018-12127)
  
• Uncacheable memory on some microprocessors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. (CVE-2019-11091)
  

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• rwsem in inconsistent state leading system to hung (BZ#1690320)
  
• iscsi driver can block reboot/shutdown (BZ#1693340)
  
• ovl_create can return positive retval and crash the host (BZ#1696289)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

• Red Hat Enterprise Linux Server - AUS 7.3 x86_64
• Red Hat Enterprise Linux Server - TUS 7.3 x86_64
• Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3 ppc64le
• Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.3 x86_64

Fixes

• BZ - 1646781 - CVE-2018-12126 hardware: Microarchitectural Store Buffer Data Sampling (MSBDS)
• BZ - 1646784 - CVE-2018-12130 hardware: Microarchitectural Fill Buffer Data Sampling (MFBDS)
• BZ - 1667782 - CVE-2018-12127 hardware: Micro-architectural Load Port Data Sampling - Information Leak (MLPDS)
• BZ - 1705312 - CVE-2019-11091 hardware: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

CVEs

• CVE-2018-12126
• CVE-2018-12127
• CVE-2018-12130
• CVE-2019-11091

References

• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/security/vulnerabilities/mds

Red Hat Enterprise Linux Server - AUS 7.3

SRPM
kernel-3.10.0-514.64.2.el7.src.rpm	SHA-256: 06b651a7f514a12b0c55221b142901cb9407f3a74301e13d5d1544671eae1018
x86_64
kernel-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 7f38176ec7ae746b63a09feffff3b89e310d37e7199306115368c6c99c0ecd3d
kernel-abi-whitelists-3.10.0-514.64.2.el7.noarch.rpm	SHA-256: 6f367958d411dbe4da6ddbf638ccb8b3581f8e2fd2e37bda1ca0dff0cc84d675
kernel-debug-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 4771ed24bcb24db8515161cdd98bb391bcad25677203bf3fee26a10d9eb9dc1d
kernel-debug-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: c44950a5a2f79719c687ef00f89a018451f8f1364595c519c4df3eabdfb8ec4e
kernel-debug-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: c44950a5a2f79719c687ef00f89a018451f8f1364595c519c4df3eabdfb8ec4e
kernel-debug-devel-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 91818e10a09f857706814e13bc7819bd08e7e60ae7485b347f74f5ad2c13a24b
kernel-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 2815b7e65a73bc1f5be9ac4f0afe8648e76937f192ac65a2497abfe246b93152
kernel-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 2815b7e65a73bc1f5be9ac4f0afe8648e76937f192ac65a2497abfe246b93152
kernel-debuginfo-common-x86_64-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 3ffdfaf64a61301ec6add660a94c55a1ac6bbeb1bb8a70bb4a193b7a8c3449cb
kernel-debuginfo-common-x86_64-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 3ffdfaf64a61301ec6add660a94c55a1ac6bbeb1bb8a70bb4a193b7a8c3449cb
kernel-devel-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 090ac33b4250c2b848849341a469b4c5313eabab3a437c25aa83c91bc53fceb9
kernel-doc-3.10.0-514.64.2.el7.noarch.rpm	SHA-256: ff13bd286d8258ad03a835e16f4d59a086b61f2a7e1481c2135f293a46560d8f
kernel-headers-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 8a34aafea302f985563019e62bddac8171f5090fd05d580f3cf5c89680984f33
kernel-tools-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 060b90a2f9864add72eff975ddf3f623a0f476f77ec167d3c78dd4b15aa55540
kernel-tools-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 5716a890f2c1b7085fe52aa34e5bc9f9290ec62cabef6c7d4a4f87d6e6bf023a
kernel-tools-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 5716a890f2c1b7085fe52aa34e5bc9f9290ec62cabef6c7d4a4f87d6e6bf023a
kernel-tools-libs-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: a15d5ad0a45f6cb7778ede7750f8cc9f22b8b7ca51ef1860a98bc25ea33810b9
kernel-tools-libs-devel-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 38847c6c3eddf8f56915b4ab59f1bb66f892517a158ec3e013bbee41c7e233c7
perf-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 4c8cdd862cb7d0ee8ae9a930888dc9d282512d9463fefe666daa4a627bf088c0
perf-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 91675f7f91b2b823d7e932b4526e56e522e17027c5bec8cf511d73c03570d3a2
perf-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 91675f7f91b2b823d7e932b4526e56e522e17027c5bec8cf511d73c03570d3a2
python-perf-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 6fd37c09ca298e629e0d3165d79caa721186f2149a6e93ea413addb5c695e5e5
python-perf-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 6a0f8b9ee1ea7aa469098948e8cc2e0937a2dc3251005eeec4ff2c5d7671d9c6
python-perf-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 6a0f8b9ee1ea7aa469098948e8cc2e0937a2dc3251005eeec4ff2c5d7671d9c6

Red Hat Enterprise Linux Server - TUS 7.3

SRPM
kernel-3.10.0-514.64.2.el7.src.rpm	SHA-256: 06b651a7f514a12b0c55221b142901cb9407f3a74301e13d5d1544671eae1018
x86_64
kernel-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 7f38176ec7ae746b63a09feffff3b89e310d37e7199306115368c6c99c0ecd3d
kernel-abi-whitelists-3.10.0-514.64.2.el7.noarch.rpm	SHA-256: 6f367958d411dbe4da6ddbf638ccb8b3581f8e2fd2e37bda1ca0dff0cc84d675
kernel-debug-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 4771ed24bcb24db8515161cdd98bb391bcad25677203bf3fee26a10d9eb9dc1d
kernel-debug-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: c44950a5a2f79719c687ef00f89a018451f8f1364595c519c4df3eabdfb8ec4e
kernel-debug-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: c44950a5a2f79719c687ef00f89a018451f8f1364595c519c4df3eabdfb8ec4e
kernel-debug-devel-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 91818e10a09f857706814e13bc7819bd08e7e60ae7485b347f74f5ad2c13a24b
kernel-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 2815b7e65a73bc1f5be9ac4f0afe8648e76937f192ac65a2497abfe246b93152
kernel-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 2815b7e65a73bc1f5be9ac4f0afe8648e76937f192ac65a2497abfe246b93152
kernel-debuginfo-common-x86_64-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 3ffdfaf64a61301ec6add660a94c55a1ac6bbeb1bb8a70bb4a193b7a8c3449cb
kernel-debuginfo-common-x86_64-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 3ffdfaf64a61301ec6add660a94c55a1ac6bbeb1bb8a70bb4a193b7a8c3449cb
kernel-devel-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 090ac33b4250c2b848849341a469b4c5313eabab3a437c25aa83c91bc53fceb9
kernel-doc-3.10.0-514.64.2.el7.noarch.rpm	SHA-256: ff13bd286d8258ad03a835e16f4d59a086b61f2a7e1481c2135f293a46560d8f
kernel-headers-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 8a34aafea302f985563019e62bddac8171f5090fd05d580f3cf5c89680984f33
kernel-tools-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 060b90a2f9864add72eff975ddf3f623a0f476f77ec167d3c78dd4b15aa55540
kernel-tools-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 5716a890f2c1b7085fe52aa34e5bc9f9290ec62cabef6c7d4a4f87d6e6bf023a
kernel-tools-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 5716a890f2c1b7085fe52aa34e5bc9f9290ec62cabef6c7d4a4f87d6e6bf023a
kernel-tools-libs-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: a15d5ad0a45f6cb7778ede7750f8cc9f22b8b7ca51ef1860a98bc25ea33810b9
kernel-tools-libs-devel-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 38847c6c3eddf8f56915b4ab59f1bb66f892517a158ec3e013bbee41c7e233c7
perf-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 4c8cdd862cb7d0ee8ae9a930888dc9d282512d9463fefe666daa4a627bf088c0
perf-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 91675f7f91b2b823d7e932b4526e56e522e17027c5bec8cf511d73c03570d3a2
perf-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 91675f7f91b2b823d7e932b4526e56e522e17027c5bec8cf511d73c03570d3a2
python-perf-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 6fd37c09ca298e629e0d3165d79caa721186f2149a6e93ea413addb5c695e5e5
python-perf-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 6a0f8b9ee1ea7aa469098948e8cc2e0937a2dc3251005eeec4ff2c5d7671d9c6
python-perf-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 6a0f8b9ee1ea7aa469098948e8cc2e0937a2dc3251005eeec4ff2c5d7671d9c6

Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3

SRPM
kernel-3.10.0-514.64.2.el7.src.rpm	SHA-256: 06b651a7f514a12b0c55221b142901cb9407f3a74301e13d5d1544671eae1018
ppc64le
kernel-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 38a39d1ae5c7399f18391f3330fe5c4a549b03f3f2e7566f1ee5380946b3b498
kernel-abi-whitelists-3.10.0-514.64.2.el7.noarch.rpm	SHA-256: 6f367958d411dbe4da6ddbf638ccb8b3581f8e2fd2e37bda1ca0dff0cc84d675
kernel-bootwrapper-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 191a54d990c92b1cad05378290095aba986e26592fccc8770a5e36c89d514215
kernel-debug-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: b70a959268b944859089c6db67e6f74581d88d8f4ca55862a77e21ffc988fa8d
kernel-debug-debuginfo-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 57a3d093fec6752f19e72dde1b459165174d5ede89d67424f680d6e26b2e9260
kernel-debug-debuginfo-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 57a3d093fec6752f19e72dde1b459165174d5ede89d67424f680d6e26b2e9260
kernel-debug-devel-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 7e5ec807ca2ad99771a62f80e90525be43aac134fc31fada6c352f9665f871b0
kernel-debuginfo-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 43bdb8ab12bad4faad9c0592c5425e3efcea23889ccda160856b4f3ab30f364c
kernel-debuginfo-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 43bdb8ab12bad4faad9c0592c5425e3efcea23889ccda160856b4f3ab30f364c
kernel-debuginfo-common-ppc64le-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 69fab4a902ac8b4a4004b804ee5c536dbde1f7527e9da5e0c345d36cd981f6c0
kernel-debuginfo-common-ppc64le-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 69fab4a902ac8b4a4004b804ee5c536dbde1f7527e9da5e0c345d36cd981f6c0
kernel-devel-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: cbb265ccce2bc55b827835b53a898d3819d854a0992c9a389a556a7d404c18bf
kernel-doc-3.10.0-514.64.2.el7.noarch.rpm	SHA-256: ff13bd286d8258ad03a835e16f4d59a086b61f2a7e1481c2135f293a46560d8f
kernel-headers-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 0ff4c55d73d073753054e76dbf3608b5c12b266c774e8d71e8e784aeec3a2766
kernel-tools-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 68768f72a1fec4d3fb568a0e1fcde22212d8c93dabdfbf92937bb5e402da7229
kernel-tools-debuginfo-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 585950e0b98ec438d5c8c35ac69e42d3add6d78028cee6484ab2a0282d6ad19b
kernel-tools-debuginfo-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 585950e0b98ec438d5c8c35ac69e42d3add6d78028cee6484ab2a0282d6ad19b
kernel-tools-libs-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 56665e40dc74df2013f98df9f2ec4c001481649f548e9353148d3e6572510302
kernel-tools-libs-devel-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 9c99491e1fcfbfb679c0ba747b9b706b06f0cfaf1c2d4a1458c15d0c1c77b9c3
perf-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: da6e58001401c2a61fe8d3fdc6c73cf11243af410a2db5a2a64c3e3bbbec3925
perf-debuginfo-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 661576ab7b89160e727ac3eafde0385851506953a0e11aa8021167a6cf3420d2
perf-debuginfo-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: 661576ab7b89160e727ac3eafde0385851506953a0e11aa8021167a6cf3420d2
python-perf-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: eed51998e8ac2dbf0065b22215b93262b1f402c864d0318c641f5a97ac69a8c6
python-perf-debuginfo-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: cae6b7c87bf684882bb80269435ef19a13585c42c2a6afe0116e6681389e8d40
python-perf-debuginfo-3.10.0-514.64.2.el7.ppc64le.rpm	SHA-256: cae6b7c87bf684882bb80269435ef19a13585c42c2a6afe0116e6681389e8d40

Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.3

SRPM
x86_64
kernel-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 7f38176ec7ae746b63a09feffff3b89e310d37e7199306115368c6c99c0ecd3d
kernel-debug-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 4771ed24bcb24db8515161cdd98bb391bcad25677203bf3fee26a10d9eb9dc1d
kernel-debug-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: c44950a5a2f79719c687ef00f89a018451f8f1364595c519c4df3eabdfb8ec4e
kernel-debug-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: c44950a5a2f79719c687ef00f89a018451f8f1364595c519c4df3eabdfb8ec4e
kernel-debug-devel-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 91818e10a09f857706814e13bc7819bd08e7e60ae7485b347f74f5ad2c13a24b
kernel-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 2815b7e65a73bc1f5be9ac4f0afe8648e76937f192ac65a2497abfe246b93152
kernel-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 2815b7e65a73bc1f5be9ac4f0afe8648e76937f192ac65a2497abfe246b93152
kernel-debuginfo-common-x86_64-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 3ffdfaf64a61301ec6add660a94c55a1ac6bbeb1bb8a70bb4a193b7a8c3449cb
kernel-debuginfo-common-x86_64-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 3ffdfaf64a61301ec6add660a94c55a1ac6bbeb1bb8a70bb4a193b7a8c3449cb
kernel-devel-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 090ac33b4250c2b848849341a469b4c5313eabab3a437c25aa83c91bc53fceb9
kernel-headers-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 8a34aafea302f985563019e62bddac8171f5090fd05d580f3cf5c89680984f33
kernel-tools-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 060b90a2f9864add72eff975ddf3f623a0f476f77ec167d3c78dd4b15aa55540
kernel-tools-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 5716a890f2c1b7085fe52aa34e5bc9f9290ec62cabef6c7d4a4f87d6e6bf023a
kernel-tools-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 5716a890f2c1b7085fe52aa34e5bc9f9290ec62cabef6c7d4a4f87d6e6bf023a
kernel-tools-libs-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: a15d5ad0a45f6cb7778ede7750f8cc9f22b8b7ca51ef1860a98bc25ea33810b9
kernel-tools-libs-devel-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 38847c6c3eddf8f56915b4ab59f1bb66f892517a158ec3e013bbee41c7e233c7
perf-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 4c8cdd862cb7d0ee8ae9a930888dc9d282512d9463fefe666daa4a627bf088c0
perf-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 91675f7f91b2b823d7e932b4526e56e522e17027c5bec8cf511d73c03570d3a2
perf-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 91675f7f91b2b823d7e932b4526e56e522e17027c5bec8cf511d73c03570d3a2
python-perf-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 6fd37c09ca298e629e0d3165d79caa721186f2149a6e93ea413addb5c695e5e5
python-perf-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 6a0f8b9ee1ea7aa469098948e8cc2e0937a2dc3251005eeec4ff2c5d7671d9c6
python-perf-debuginfo-3.10.0-514.64.2.el7.x86_64.rpm	SHA-256: 6a0f8b9ee1ea7aa469098948e8cc2e0937a2dc3251005eeec4ff2c5d7671d9c6