[ol7_latest] kernel-uek-devel-4.14.35-1818.3.3.el7uek.aarch64

Name:	kernel-uek-devel
Version:	4.14.35
Release:	1818.3.3.el7uek
Architecture:	aarch64
Group:	System Environment/Kernel
Size:	64225142
License:	GPLv2
RPM:	kernel-uek-devel-4.14.35-1818.3.3.el7uek.aarch64.rpm
Source RPM:	kernel-uek-4.14.35-1818.3.3.el7uek.src.rpm
Build Date:	Mon Sep 24 2018
Build Host:	ca-buildarm01.us.oracle.com
Vendor:	Oracle America
URL:	http://www.kernel.org/
Summary:	Development package for building kernel modules to match the kernel
Description:	This package provides kernel headers and makefiles sufficient to build modules against the kernel package.

Changelog (Show File list) (Show related packages)

Mon Sep 24 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.3.3.el7uek]

- net: net_failover: fix typo in net_failover_slave_register() (Liran Alon)  [Orabug: 28122110]  
- virtio_net: Extend virtio to use VF datapath when available (Sridhar Samudrala)  [Orabug: 28122110]  
- virtio_net: Introduce VIRTIO_NET_F_STANDBY feature bit (Sridhar Samudrala)  [Orabug: 28122110]  
- net: Introduce net_failover driver (Sridhar Samudrala)  [Orabug: 28122110]  
- net: Introduce generic failover module (Sridhar Samudrala)  [Orabug: 28122110]  
- IB/ipoib: Improve filtering log message (Yuval Shaia)  [Orabug: 28655435]  
- IB/ipoib: Fix wrong update of arp_blocked counter (Yuval Shaia)  [Orabug: 28655435]  
- IB/ipoib: Update RX counters after ACL filtering (Yuval Shaia)  [Orabug: 28655435]  
- IB/ipoib: Filter RX packets before adding pseudo header (Yuval Shaia)  [Orabug: 28655435]  
- dm crypt: add middle-endian variant of plain64 IV (Konrad Rzeszutek Wilk)  [Orabug: 28604629]  
- uek-rpm: Disable deprecated CONFIG_ACPI_PROCFS_POWER (Victor Erminpour)  [Orabug: 28644322]  
- net/rds: Fix call to sleeping function in a non-sleeping context (Håkon Bugge)  [Orabug: 28657397]  
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status (Scott Bauer)  [Orabug: 28664499]  {CVE-2018-16658} 
- ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (Seunghun Han)  [Orabug: 28664576]  {CVE-2017-13695} 
- usb: xhci: do not create and register shared_hcd when USB3.0 is disabled (Tung Nguyen)  [Orabug: 28677854]

Mon Sep 17 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.3.2.el7uek]

- hwmon: (k10temp) Display both Tctl and Tdie (Guenter Roeck)  [Orabug: 28143470]  
- hwmon: (k10temp) Use API function to access System Management Network (Guenter Roeck)  [Orabug: 28143470]  
- hwmon: (k10temp) Fix reading critical temperature register (Guenter Roeck)  [Orabug: 28143470]  
- hwmon: (k10temp) Add temperature offset for Ryzen 2700X (Guenter Roeck)  [Orabug: 28143470]  
- hwmon: (k10temp) Add support for temperature offsets (Guenter Roeck)  [Orabug: 28143470]  
- hwmon: (k10temp) Add support for family 17h (Guenter Roeck)  [Orabug: 28143470]  
- hwmon: (k10temp) Move chip specific code into probe function (Guenter Roeck)  [Orabug: 28143470]  
- net/rds: make the source code clean (Zhu Yanjun)  [Orabug: 28607913]  
- net/rds: Use rdma_read_gids to get connection SGID/DGID in IPv6 (Zhu Yanjun)  [Orabug: 28607913]  
- net/rds: Use rdma_read_gids to read connection GIDs (Parav Pandit)  [Orabug: 28607913]  
- posix-timers: Sanitize overrun handling (Thomas Gleixner)  [Orabug: 28642970]  {CVE-2018-12896} 
- crypto: ccp - Add support for new CCP/PSP device ID (Tom Lendacky)  [Orabug: 28584386]  
- crypto: ccp - Support register differences between PSP devices (Tom Lendacky)  [Orabug: 28584386]  
- crypto: ccp - Remove unused #defines (Tom Lendacky)  [Orabug: 28584386]  
- crypto: ccp - Add psp enabled message when initialization succeeds (Tom Lendacky)  [Orabug: 28584386]  
- crypto: ccp - Fix command completion detection race (Tom Lendacky)  [Orabug: 28584386]  
- iommu/amd: Add support for IOMMU XT mode (Suravee Suthikulpanit)  [Orabug: 28584386]  
- iommu/amd: Add support for higher 64-bit IOMMU Control Register (Suravee Suthikulpanit)  [Orabug: 28584386]  
- x86: irq_remapping: Move irq remapping mode enum (Suravee Suthikulpanit)  [Orabug: 28584386]  
- x86/CPU/AMD: Fix LLC ID bit-shift calculation (Suravee Suthikulpanit)  [Orabug: 28584386]  
- x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available (Suravee Suthikulpanit)  [Orabug: 28584386]  
- x86/CPU/AMD: Calculate last level cache ID from number of sharing threads (Suravee Suthikulpanit)  [Orabug: 28584386]  
- x86/CPU: Rename intel_cacheinfo.c to cacheinfo.c (Borislav Petkov)  [Orabug: 28584386]  
- perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id (Suravee Suthikulpanit)  [Orabug: 28584386]  
- x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present (Borislav Petkov)  [Orabug: 28584386]

Tue Sep 11 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.3.1.el7uek]

- arm64: vdso: fix clock_getres for 4GiB-aligned res (Mark Rutland)  [Orabug: 28603375]  
- locking/qrwlock: Prevent slowpath writers getting held up by fastpath (Will Deacon)  [Orabug: 28605196]  
- locking/qrwlock, arm64: Move rwlock implementation over to qrwlocks (Will Deacon)  [Orabug: 28605196]  
- locking/qrwlock: Use atomic_cond_read_acquire() when spinning in qrwlock (Will Deacon)  [Orabug: 28605196]  
- locking/atomic: Add atomic_cond_read_acquire() (Will Deacon)  [Orabug: 28605196]  
- rds: CVE-2018-7492: Fix NULL pointer dereference in __rds_rdma_map (Håkon Bugge)  [Orabug: 28565429]  {CVE-2018-7492} 
- irqchip/irq-bcm2836: Add support for DT interrupt polarity (Stefan Wahren)  [Orabug: 28596168]  
- dt-bindings/bcm2836-l1-intc: Add interrupt polarity support (Stefan Wahren)  [Orabug: 28596168]  
- dt-bindings/bcm283x: Define polarity of per-cpu interrupts (Stefan Wahren)  [Orabug: 28596168]  
- x86/spec_ctrl: Only set SPEC_CTRL_IBRS_FIRMWARE if IBRS is actually in use (Patrick Colp)  [Orabug: 28610695]

Tue Sep 04 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.2.2.el7uek]

- x86/xen: Calculate __max_logical_packages on PV domains (Prarit Bhargava)  [Orabug: 28476586]  
- x86/entry/64: Remove %ebx handling from error_entry/exit (Andy Lutomirski)  [Orabug: 28402921]  {CVE-2018-14678} 
- x86/pti: Don't report XenPV as vulnerable (Jiri Kosina)  [Orabug: 28476680]  
- x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (Andi Kleen)  [Orabug: 28488807]  {CVE-2018-3620} 
- x86/speculation/l1tf: Suggest what to do on systems with too much RAM (Vlastimil Babka)  [Orabug: 28488807]  {CVE-2018-3620} 
- x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (Vlastimil Babka)  [Orabug: 28488807]  {CVE-2018-3620} 
- x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit (Vlastimil Babka)  [Orabug: 28488807]  {CVE-2018-3620} 
- x86/speculation/l1tf: Exempt zeroed PTEs from inversion (Sean Christopherson)  [Orabug: 28488807]  {CVE-2018-3620} 
- x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Guenter Roeck)  [Orabug: 28488807]  {CVE-2018-3620} 
- x86/spectre: Add missing family 6 check to microcode check (Andi Kleen)  [Orabug: 28488807]  {CVE-2018-3620} 
- KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled (Thomas Gleixner)  [Orabug: 28488807]  {CVE-2018-3646} 
- x86/microcode: Allow late microcode loading with SMT disabled (Josh Poimboeuf)  [Orabug: 28488807]  {CVE-2018-3620} 
- PCI: Add ACS quirk for Ampere root ports (Feng Kan)  [Orabug: 28525940]  
- xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE (Darrick J. Wong)  [Orabug: 28573020]  
- uek-rpm: Disable F2FS in the UEK5 config (Victor Erminpour)  [Orabug: 28577123]

Mon Aug 27 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.2.1.el7uek]

- CVE-2018-15471 XSA-270 Linux netback driver OOB access in hash handling (Jan Beulich)  [Orabug: 28460239]  {CVE-2018-15471} 
- x86/paravirt: Fix spectre-v2 mitigations for paravirt guests (Peter Zijlstra)  [Orabug: 28474644]  
- sym53c8xx: fix NULL pointer dereference panic in sym_int_sir() in sym_hipd.c (George Kennedy)  [Orabug: 28481892]  
- xen-netfront: fix warn message as irq device name has '/' (Xiao Liang)  [Orabug: 28515370]  
- xen-netfront: fix queue name setting (Vitaly Kuznetsov)  [Orabug: 28515370]  
- uek-rpm: Enable MPLS suppoprt (Victor Erminpour)  [Orabug: 28550407]  
- x86/spectrev2: Don't set mode to SPECTRE_V2_NONE when retpoline is available. (Boris Ostrovsky)  [Orabug: 28544532]

Fri Aug 17 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.2.0.el7uek]

- uek-rpm: Show UEK Release Number in RPM summary (Victor Erminpour)  [Orabug: 28328975]  
- uek-rpm: aarch64: enable building SHA3 algorithms (Henry Willard)  [Orabug: 28067833]  
- uek-rpm: config-debug: Turn off torture testing by default (Knut Omang)  [Orabug: 28261889]  
- nfsd: give out fewer session slots as limit approaches (J. Bruce Fields)  [Orabug: 28427496]  
- nfsd: increase DRC cache limit (J. Bruce Fields)  [Orabug: 28427496]  
- scsi: libsas: defer ata device eh commands to libata (Jason Yan)  [Orabug: 28459683]  {CVE-2018-10021} 
- Fix up non-directory creation in SGID directories (Linus Torvalds)  [Orabug: 28459475]  {CVE-2018-13405} 
- rds: Avoid compiler warning in ib_send.c (Knut Omang)  [Orabug: 28465601]  
- uek-rpm: Enable perf stripped binary (Victor Erminpour)  [Orabug: 28469291]  
- qla2xxx: Update the version to 10.00.00.07-k1. (Giridhar Malavali)  [Orabug: 28497114]  
- qla2xxx: Utilize complete local DMA buffer for DIF PI inforamtion. (Giridhar Malavali)  [Orabug: 28497114]  
- qla2xxx: Correction to total data segment count when local DMA buffers used for DIF PI. (Giridhar Malavali)  [Orabug: 28497114]  
- fuse: don't keep dead fuse_conn at fuse_fill_super(). (Tetsuo Handa)  [Orabug: 28434194]  
- fuse: fix control dir setup and teardown (Miklos Szeredi)  [Orabug: 28434194]  
- fuse: fix congested state leak on aborted connections (Tejun Heo)  [Orabug: 28434194]  
- fuse: Allow fully unprivileged mounts (Eric W. Biederman)  [Orabug: 28434194]  
- fuse: Ensure posix acls are translated outside of init_user_ns (Eric W. Biederman)  [Orabug: 28434194]  
- fuse: define the filesystem as untrusted (Mimi Zohar)  [Orabug: 28434194]  
- ima: fail file signature verification on non-init mounted filesystems (Mimi Zohar)  [Orabug: 28434194]  
- fuse: add writeback documentation (Miklos Szeredi)  [Orabug: 28434194]  
- fuse: honor AT_STATX_FORCE_SYNC (Miklos Szeredi)  [Orabug: 28434194]  
- fuse: honor AT_STATX_DONT_SYNC (Miklos Szeredi)  [Orabug: 28434194]  
- fuse: Restrict allow_other to the superblock's namespace or a descendant (Seth Forshee)  [Orabug: 28434194]  
- fuse: Support fuse filesystems outside of init_user_ns (Eric W. Biederman)  [Orabug: 28434194]  
- fuse: Fail all requests with invalid uids or gids (Eric W. Biederman)  [Orabug: 28434194]  
- fuse: Remove the buggy retranslation of pids in fuse_dev_do_read (Eric W. Biederman)  [Orabug: 28434194]  
- fuse: return -ECONNABORTED on /dev/fuse read after abort (Szymon Lukasz)  [Orabug: 28434194]  
- fuse: atomic_o_trunc should truncate pagecache (Miklos Szeredi)  [Orabug: 28434194]  
- fs: fuse: account fuse_inode slab memory as reclaimable (Johannes Weiner)  [Orabug: 28434194]

Mon Aug 13 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.1.6.el7uek]

- ipv4: frags: handle possible skb truesize change (Eric Dumazet)  [Orabug: 28481663]  {CVE-2018-5391}

Mon Aug 13 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.1.5.el7uek]

- inet: frag: enforce memory limits earlier (Eric Dumazet)  [Orabug: 28481663]  {CVE-2018-5391} 
- init/main.c: reorder boot_cpu_state_init/smp_prepare_boot_cpu (Mihai Carabas)  [Orabug: 28491890]

Fri Aug 10 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.1.4.el7uek]

- x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (Prarit Bhargava)  [Orabug: 28390134]  
- x86/mm/kmmio: Make the tracer robust against L1TF (Andi Kleen)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/mm/pat: Make set_memory_np() L1TF safe (Andi Kleen)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert (Andi Kleen)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Invert all not present mappings (Andi Kleen)  [Orabug: 28442418]  {CVE-2018-3620} 
- cpu/hotplug: Fix SMT supported evaluation (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry (Paolo Bonzini)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry (Paolo Bonzini)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation: Simplify sysfs report of VMX L1TF vulnerability (Paolo Bonzini)  [Orabug: 28442418]  {CVE-2018-3620} 
- Documentation/l1tf: Remove Yonah processors from not vulnerable list (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr() (Nicolai Stange)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d (Nicolai Stange)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86: Don't include linux/irq.h from asm/hardirq.h (Nicolai Stange)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d (Nicolai Stange)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush() (Nicolai Stange)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond' (Nicolai Stange)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush() (Nicolai Stange)  [Orabug: 28442418]  {CVE-2018-3646} 
- KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR (Paolo Bonzini)  [Orabug: 28442418]  {CVE-2018-3646} 
- cpu/hotplug: detect SMT disabled by BIOS (Josh Poimboeuf)  [Orabug: 28442418]  {CVE-2018-3620} 
- Documentation/l1tf: Fix typos (Tony Luck)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content (Nicolai Stange)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures (Jiri Kosina)  [Orabug: 28442418]  {CVE-2018-3620} 
- Documentation: Add section about CPU vulnerabilities (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/bugs, kvm: Introduce boot-time control of L1TF mitigations (Jiri Kosina)  [Orabug: 28442418]  {CVE-2018-3646} 
- cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- cpu/hotplug: Expose SMT control init function (Jiri Kosina)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/kvm: Allow runtime control of L1D flush (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/kvm: Serialize L1D flush parameter setter (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/kvm: Add static key for flush always (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/kvm: Move l1tf setup function (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/l1tf: Handle EPT disabled state proper (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/kvm: Drop L1TF MSR list approach (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/litf: Introduce vmx status variable (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- cpu/hotplug: Online siblings when SMT control is turned on (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required (Konrad Rzeszutek Wilk)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs (Konrad Rzeszutek Wilk)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting (Konrad Rzeszutek Wilk)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/KVM/VMX: Add find_msr() helper function (Konrad Rzeszutek Wilk)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers (Konrad Rzeszutek Wilk)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/KVM/VMX: Add L1D flush logic (Paolo Bonzini)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/KVM/VMX: Add L1D MSR based flush (Paolo Bonzini)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/KVM/VMX: Add L1D flush algorithm (Paolo Bonzini)  [Orabug: 28442418]  {CVE-2018-3646} 
- x86/KVM/VMX: Add module argument for L1TF mitigation (Konrad Rzeszutek Wilk)  [Orabug: 28442418]  {CVE-2018-3646} {CVE-2018-3646} 
- x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present (Konrad Rzeszutek Wilk)  [Orabug: 28442418]  {CVE-2018-3646} 
- KVM: X86: Provide a capability to disable PAUSE intercepts (Wanpeng Li)  [Orabug: 28442418]  {CVE-2018-3646} 
- KVM: X86: Provide a capability to disable HLT intercepts (Wanpeng Li)  [Orabug: 28442418]  {CVE-2018-3646} 
- KVM: X86: Provide a capability to disable MWAIT intercepts (Wanpeng Li)  [Orabug: 28442418]  {CVE-2018-3646} 
- cpu/hotplug: Boot HT siblings at least once (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- Revert "x86/apic: Ignore secondary threads if nosmt=force" (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (Michal Hocko)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Protect PAE swap entries against L1TF (Vlastimil Babka)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (Borislav Petkov)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/cpufeatures: Add detection of L1D cache flush support. (Konrad Rzeszutek Wilk)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Extend 64bit swap file size limit (Vlastimil Babka)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/apic: Ignore secondary threads if nosmt=force (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/cpu/AMD: Evaluate smp_num_siblings early (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (Borislav Petkov)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/cpu/intel: Evaluate smp_num_siblings early (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/cpu/topology: Provide detect_extended_topology_early() (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/cpu/common: Provide detect_ht_early() (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/cpu/AMD: Remove the pointless detect_ht() call (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/cpu: Remove the pointless CPU printout (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- cpu/hotplug: Provide knobs to control SMT (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- cpu/hotplug: Split do_cpu_down() (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- cpu/hotplug: Make bringup/teardown of smp threads symmetric (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/topology: Provide topology_smt_supported() (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/smp: Provide topology_is_primary_thread() (Thomas Gleixner)  [Orabug: 28442418]  {CVE-2018-3620} 
- sched/smt: Update sched_smt_present at runtime (Peter Zijlstra)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/bugs: Move the l1tf function and define pr_fmt properly (Konrad Rzeszutek Wilk)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Limit swap file size to MAX_PA/2 (Andi Klein)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings (Andi Kleen)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Add sysfs reporting for l1tf (Andi Klein)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Make sure the first page is always reserved (Andi Klein)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation (Andi Klein)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Protect swap entries against L1TF (Linus Torvalds)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Change order of offset/type in swap entry (Linus Torvalds)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT (Andi Klein)  [Orabug: 28442418]  {CVE-2018-3620} 
- x86/mm: Limit mmap() of /dev/mem to valid physical addresses (Craig Bergstrom)  [Orabug: 28442418]  {CVE-2018-3620} {CVE-2018-3620} 
- x86/mm: Prevent non-MAP_FIXED mapping across DEFAULT_MAP_WINDOW border (Kirill A. Shutemov)  [Orabug: 28442418]  {CVE-2018-3620} {CVE-2018-3620}

Tue Aug 07 2018 Jack Vogel <jack.vogel@oracle.com> [4.14.35-1818.1.3.el7uek]

- tcp: add tcp_ooo_try_coalesce() helper (Eric Dumazet)  [Orabug: 28453849]  {CVE-2018-5390} 
- tcp: call tcp_drop() from tcp_data_queue_ofo() (Eric Dumazet)  [Orabug: 28453849]  {CVE-2018-5390} 
- tcp: detect malicious patterns in tcp_collapse_ofo_queue() (Eric Dumazet)  [Orabug: 28453849]  {CVE-2018-5390} 
- tcp: avoid collapses in tcp_prune_queue() if possible (Eric Dumazet)  [Orabug: 28453849]  {CVE-2018-5390} 
- tcp: free batches of packets in tcp_prune_ofo_queue() (Eric Dumazet)  [Orabug: 28453849]  {CVE-2018-5390}