-
Tue Jun 11 2019 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.28.3.el7uek]
- Add CVE numbers for CVE-2019-11477 CVE-2019-11478 CVE-2019-11479 (Chuck Anderson) [Orabug: 29890820] {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479} {CVE-2019-11477} {CVE-2019-11478} {CVE-2019-11479}
- tcp: fix fack_count accounting on tcp_shift_skb_data() (Joao Martins) [Orabug: 29890820]
- tcp: enforce tcp_min_snd_mss in tcp_mtu_probing() (Eric Dumazet) [Orabug: 29886598]
-
Sat Jun 08 2019 Jack Vogel <jack.vogel@oracle.com> [4.1.12-124.28.2.el7uek]
- tcp: add tcp_min_snd_mss sysctl (Eric Dumazet) [Orabug: 29884306]
- tcp: tcp_fragment() should apply sane memory limits (Eric Dumazet) [Orabug: 29884306]
- tcp: limit payload size of sacked skbs (Eric Dumazet) [Orabug: 29884306]
-
Mon Jun 03 2019 Brian Maly <brian.maly@oracle.com> [4.1.12-124.28.1.el7uek]
- hugetlbfs: don't retry when pool page allocations start to fail (Mike Kravetz) [Orabug: 29324267]
- x86/speculation: RSB stuffing with retpoline on Skylake+ cpus (William Roche) [Orabug: 29660924]
- x86/speculation: reformatting RSB overwrite macro (William Roche) [Orabug: 29660924]
- x86/speculation: Dynamic enable and disable of RSB stuffing with IBRS&!SMEP (William Roche) [Orabug: 29660924]
- x86/speculation: STUFF_RSB dynamic enable (William Roche) [Orabug: 29660924]
- int3 handler better address space detection on interrupts (William Roche) [Orabug: 29660924]
- repairing out-of-tree build functionality (Mark Nicholson) [Orabug: 29755100]
- ext4: fix false negatives *and* false positives in ext4_check_descriptors() (Shuning Zhang) [Orabug: 29797007]
-
Tue May 28 2019 Brian Maly <brian.maly@oracle.com> [4.1.12-124.27.3.el7uek]
- ocfs2: fix ocfs2 read inode data panic in ocfs2_iget (Shuning Zhang) [Orabug: 29233739]
- Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer (Marcel Holtmann) [Orabug: 29526426] {CVE-2019-3459}
- Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt (Marcel Holtmann) [Orabug: 29526426] {CVE-2019-3459}
- HID: debug: fix the ring buffer implementation (Vladis Dronov) [Orabug: 29629481] {CVE-2019-3819} {CVE-2019-3819}
- scsi: target: iscsi: Use hex2bin instead of a re-implementation (Vincent Pelletier) [Orabug: 29778875] {CVE-2018-14633} {CVE-2018-14633}
- scsi: libsas: fix a race condition when smp task timeout (Jason Yan) [Orabug: 29783225] {CVE-2018-20836}
- scsi: megaraid_sas: return error when create DMA pool failed (Jason Yan) [Orabug: 29783254] {CVE-2019-11810}
- Bluetooth: hidp: fix buffer overflow (Young Xiao) [Orabug: 29786786] {CVE-2011-1079} {CVE-2019-11884}
- x86/speculation/mds: Add 'mitigations=' support for MDS (Kanth Ghatraju) [Orabug: 29791046]
- net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock(). (Mao Wenan) [Orabug: 29802785] {CVE-2019-11815}
-
Wed May 22 2019 Brian Maly <brian.maly@oracle.com> [4.1.12-124.27.2.el7uek]
- x86/speculation/mds: Check for the right microcode before setting mitigation (Kanth Ghatraju) [Orabug: 29797118]
- vxlan: test dev->flags & IFF_UP before accessing vxlan->dev->dev_addr (Venkat Venkatsubra) [Orabug: 29710939]
- vxlan: test dev->flags & IFF_UP before calling gro_cells_receive() (Eric Dumazet) [Orabug: 29710939]
- nvme: allow timed-out ios to retry (James Smart) [Orabug: 29301607]
- rds: Introduce a pool of worker threads for connection management (Håkon Bugge) [Orabug: 29391909]
- rds: Use rds_conn_path cp_wq when applicable (Håkon Bugge) [Orabug: 29391909]
- rds: ib: Implement proper cm_id compare (Håkon Bugge) [Orabug: 29391909]
- Revert "net/rds: prevent RDS connections using stale ARP entries" (Håkon Bugge) [Orabug: 29391909]
- rds: ib: Flush ARP cache when needed (Håkon Bugge) [Orabug: 29391909]
- rds: Add simple heuristics to determine connect delay (Håkon Bugge) [Orabug: 29391909]
- rds: Fix one-sided connect (Håkon Bugge) [Orabug: 29391909]
- rds: Consolidate and align ftrace related to connection management (Håkon Bugge) [Orabug: 29391909]
- rds: ib: Fix gratuitous ARP storm (Håkon Bugge) [Orabug: 29391909]
- IB/mlx4: Increase the timeout for CM cache (Håkon Bugge) [Orabug: 29391909]
- kvm/speculation: Allow KVM guests to use SSBD even if host does not (Alejandro Jimenez) [Orabug: 29423804]
- x86/speculation: Keep enhanced IBRS on when spec_store_bypass_disable=on is used (Alejandro Jimenez) [Orabug: 29423804]
- x86/speculation: Clean up enhanced IBRS checks in bugs_64.c (Alejandro Jimenez) [Orabug: 29423804]
- mm: thp: relax __GFP_THISNODE for MADV_HUGEPAGE mappings (Andrea Arcangeli) [Orabug: 29510356]
- bnxt_en: Reset device on RX buffer errors. (Michael Chan) [Orabug: 29651238]
- x86/mitigations: Fix the test for Xen PV guest (Boris Ostrovsky) [Orabug: 29774291]
- x86/speculation/mds: Fix verw usage to use memory operand (Kanth Ghatraju) [Orabug: 29791036] {CVE-2018-12127} {CVE-2018-12130}
-
Mon May 13 2019 Brian Maly <brian.maly@oracle.com> [4.1.12-124.27.1.el7uek]
- scsi: libfc: sanitize E_D_TOV and R_A_TOV setting (Hannes Reinecke) [Orabug: 25933179]
- scsi: libfc: use configured rport E_D_TOV (Hannes Reinecke) [Orabug: 25933179]
- scsi: libfc: additional debugging messages (Hannes Reinecke) [Orabug: 25933179]
- scsi: libfc: don't advance state machine for incoming FLOGI (Hannes Reinecke) [Orabug: 25933179]
- scsi: libfc: Do not login if the port is already started (Hannes Reinecke) [Orabug: 25933179]
- scsi: libfc: Do not drop down to FLOGI for fc_rport_login() (Hannes Reinecke) [Orabug: 25933179]
- scsi: libfc: Do not take rdata->rp_mutex when processing a -FC_EX_CLOSED ELS response. (Chad Dupuis) [Orabug: 25933179]
- scsi: libfc: Fixup disc_mutex handling (Hannes Reinecke) [Orabug: 25933179]
- xve: arm ud tx cq to generate completion interrupts (Ajaykumar Hotchandani) [Orabug: 28267050]
- net: sched: run ingress qdisc without locks (Alexei Starovoitov) [Orabug: 29395374]
- bnxt_en: Fix typo in firmware message timeout logic. (Michael Chan) [Orabug: 29412112]
- bnxt_en: Wait longer for the firmware message response to complete. (Michael Chan) [Orabug: 29412112]
- mm,vmscan: Make unregister_shrinker() no-op if register_shrinker() failed. (Tetsuo Handa) [Orabug: 29456281]
- X.509: Handle midnight alternative notation in GeneralizedTime (David Howells) [Orabug: 29460344] {CVE-2015-5327}
- X.509: Support leap seconds (David Howells) [Orabug: 29460344] {CVE-2015-5327}
- X.509: Fix the time validation [ver #2] (David Howells) [Orabug: 29460344] {CVE-2015-5327} {CVE-2015-5327}
- be2net: enable new Kconfig items in kernel configs (Brian Maly) [Orabug: 29475071]
- benet: remove broken and unused macro (Lubomir Rintel) [Orabug: 29475071]
- be2net: don't flip hw_features when VXLANs are added/deleted (Davide Caratti) [Orabug: 29475071]
- be2net: Fix memory leak in be_cmd_get_profile_config() (Petr Oros) [Orabug: 29475071]
- be2net: Use Kconfig flag to support for enabling/disabling adapters (Petr Oros) [Orabug: 29475071]
- be2net: Mark expected switch fall-through (Gustavo A. R. Silva) [Orabug: 29475071]
- be2net: fix spelling mistake "seqence" -> "sequence" (Colin Ian King) [Orabug: 29475071]
- be2net: Update the driver version to 12.0.0.0 (Suresh Reddy) [Orabug: 29475071]
- be2net: gather debug info and reset adapter (only for Lancer) on a tx-timeout (Suresh Reddy) [Orabug: 29475071]
- be2net: move rss_flags field in rss_info to ensure proper alignment (Ivan Vecera) [Orabug: 29475071]
- be2net: re-order fields in be_error_recovert to avoid hole (Ivan Vecera) [Orabug: 29475071]
- be2net: remove unused tx_jiffies field from be_tx_stats (Ivan Vecera) [Orabug: 29475071]
- be2net: move txcp field in be_tx_obj to eliminate holes in the struct (Ivan Vecera) [Orabug: 29475071]
- be2net: reorder fields in be_eq_obj structure (Ivan Vecera) [Orabug: 29475071]
- be2net: remove unused old custom busy-poll fields (Ivan Vecera) [Orabug: 29475071]
- be2net: remove unused old AIC info (Ivan Vecera) [Orabug: 29475071]
- be2net: Fix error detection logic for BE3 (Suresh Reddy) [Orabug: 29475071]
- scsi: sd: Do not override max_sectors_kb sysfs setting (Martin K. Petersen) [Orabug: 29596510]
- USB: serial: io_ti: fix div-by-zero in set_termios (Johan Hovold) [Orabug: 29487834] {CVE-2017-18360}
- bnxt_en: Drop oversize TX packets to prevent errors. (Michael Chan) [Orabug: 29516462]
- x86/speculation: Read per-cpu value of x86_spec_ctrl_priv in x86_virt_spec_ctrl() (Alejandro Jimenez) [Orabug: 29526401]
- x86/speculation: Keep enhanced IBRS on when prctl is used for SSBD control (Alejandro Jimenez) [Orabug: 29526401]
- USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data (Hui Peng) [Orabug: 29605982] {CVE-2018-19985} {CVE-2018-19985}
- swiotlb: save io_tlb_used to local variable before leaving critical section (Dongli Zhang) [Orabug: 29637525]
- swiotlb: dump used and total slots when swiotlb buffer is full (Dongli Zhang) [Orabug: 29637525]
- x86/bugs, kvm: don't miss SSBD when IBRS is in use. (Quentin Casasnovas) [Orabug: 29642113]
- cifs: Fix use after free of a mid_q_entry (Shuning Zhang) [Orabug: 29654888]
- binfmt_elf: switch to new creds when switching to new mm (Linus Torvalds) [Orabug: 29677233] {CVE-2019-11190}
- x86/microcode: Don't return error if microcode update is not needed (Boris Ostrovsky) [Orabug: 29759756]
-
Wed May 08 2019 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.26.12.el7uek]
- x86/mds: Add empty commit for CVE-2019-11091 (Konrad Rzeszutek Wilk) [Orabug: 29721935] {CVE-2019-11091}
- x86/microcode: Add loader version file in debugfs (Boris Ostrovsky) [Orabug: 29754165]
- x86/microcode: Fix CPU synchronization routine (Borislav Petkov) [Orabug: 29754165]
- x86/microcode: Synchronize late microcode loading (Borislav Petkov) [Orabug: 29754165]
-
Tue Apr 23 2019 Chuck Anderson <chuck.anderson@oracle.com> [4.1.12-124.26.11.el7uek]
- x86/speculation: Support 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- cpu/speculation: Add 'mitigations=' cmdline option (Josh Poimboeuf) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off (Konrad Rzeszutek Wilk) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Fix comment (Boris Ostrovsky) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: update mds_mitigation to reflect debugfs configuration (Mihai Carabas) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: fix microcode late loading (Mihai Carabas) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add boot option to enable MDS protection only while in idle (Boris Ostrovsky) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Improve coverage for MDS vulnerability (Boris Ostrovsky) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add SMT warning message (Josh Poimboeuf) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mds=full,nosmt cmdline option (Josh Poimboeuf) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation: Add MDS vulnerability documentation (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation: Move L1TF to separate directory (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation mode VMWERV (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add debugfs for controlling MDS (Kanth Ghatraju) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add sysfs reporting for MDS (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mitigation control for MDS (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Clear CPU buffers on exit to user (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add mds_clear_cpu_buffers() (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests (Andi Kleen) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add BUG_MSBDS_ONLY (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation/mds: Add basic bug infrastructure for MDS (Andi Kleen) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127} {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Consolidate CPU whitelists (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/msr-index: Cleanup bit defines (Thomas Gleixner) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- Documentation/l1tf: Fix small spelling typo (Salvatore Bonaccorso) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
- x86/speculation: Simplify the CPU bug detection logic (Dominik Brodowski) [Orabug: 29526900] {CVE-2018-12126} {CVE-2018-12130} {CVE-2018-12127}
-
Fri Apr 19 2019 Brian Maly <brian.maly@oracle.com> [4.1.12-124.26.10.el7uek]
- x86/apic: Make arch_setup_hwirq NUMA node aware (Henry Willard) [Orabug: 29534769]
-
Tue Apr 16 2019 Brian Maly <brian.maly@oracle.com> [4.1.12-124.26.9.el7uek]
- KEYS: encrypted: fix buffer overread in valid_master_desc() (Eric Biggers) [Orabug: 29591025] {CVE-2017-13305}