- Issued:
- 2018-07-10
- Updated:
- 2018-07-10
RHBA-2018:2158 - kernel bug fix update
Synopsis
kernel bug fix update
Type/Severity
Bug Fix Advisory None
Topic
Updated kernel packages that fix various bugs are now available for Red Hat Enterprise Linux 7.4 Extended Update Support.
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
This update fixes the following bugs:
-
Previously, a live migration of a virtual machine from one host with updated firmware to another host without updated firmware resulted in incorrect kernel settings for Meltdown mitigations, which could leave the kernel vulnerable to Meltdown. With this fix, the firmware on the new physical host is re-scanned for updates after a live migration. As a result, the kernel uses the correct mitigation in the described scenario. (BZ#1570508)
-
Due to a bug in a CPU's speculative execution engine, the CPU could previously leak data from other processes on the system, including passwords, encryption keys, or other sensitive information. With this update, the kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Expoline for IBM z Systems. As a result, data leak no longer occurs under the described circumstances. (BZ#1577765)
-
Previously, microcode updates on 32 and 64-bit AMD and Intel architectures were not synchronized. As a consequence, it was not possible to apply the microcode updates. This fix adds the synchronization to the microcode updates so that processors of the stated architectures receive updates at the same time. As a result, microcode updates are now synchronized. (BZ#1578046)
-
With the iproute package version higher than 3.10.0-79.el7, using the ss command caused kernel to load the sctp_diag module, including also unintentional loading of the Stream Control Transmission Protocol (SCTP) protocol module. This unintentional loading could lead to performance issues and some other problems when using certain debugging tools. This update fixes the sock_diag netlink subsystem to request the sctp_diag module only if SCTP protocol was registered. As a result, ss no longer causes kernel to load the SCTP protocol module unintentionally. (BZ#1578271)
Users of kernel are advised to upgrade to these updated packages, which fix these bugs.
The system must be rebooted for this update to take effect.
Solution
Before applying this update, make sure all previously released errata relevant to your system have been applied.
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 7.4 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 7.4 | x86_64 |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 7.4 | ppc64le |
| Red Hat Enterprise Linux for Power, big endian - Extended Update Support | 7.4 | ppc64 |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 7.4 | s390x |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 7.4 | ppc64le |
| Red Hat Enterprise Linux Server - TUS | 7.4 | x86_64 |
| Red Hat Enterprise Linux Server - AUS | 7.4 | x86_64 |
| Red Hat Enterprise Linux EUS Compute Node | 7.4 | x86_64 |
Updated Packages
- kernel-debug-devel-3.10.0-693.35.1.el7.s390x.rpm
- kernel-3.10.0-693.35.1.el7.src.rpm
- python-perf-3.10.0-693.35.1.el7.s390x.rpm
- kernel-debuginfo-3.10.0-693.35.1.el7.ppc64le.rpm
- python-perf-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-devel-3.10.0-693.35.1.el7.s390x.rpm
- kernel-kdump-3.10.0-693.35.1.el7.s390x.rpm
- kernel-tools-libs-devel-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-bootwrapper-3.10.0-693.35.1.el7.ppc64.rpm
- python-perf-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-tools-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-devel-3.10.0-693.35.1.el7.x86_64.rpm
- perf-debuginfo-3.10.0-693.35.1.el7.s390x.rpm
- python-perf-3.10.0-693.35.1.el7.ppc64.rpm
- kernel-debug-3.10.0-693.35.1.el7.ppc64.rpm
- kernel-tools-libs-devel-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-debug-debuginfo-3.10.0-693.35.1.el7.s390x.rpm
- kernel-headers-3.10.0-693.35.1.el7.x86_64.rpm
- python-perf-debuginfo-3.10.0-693.35.1.el7.ppc64.rpm
- perf-3.10.0-693.35.1.el7.s390x.rpm
- kernel-debug-devel-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-debuginfo-common-ppc64-3.10.0-693.35.1.el7.ppc64.rpm
- kernel-debug-devel-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-debug-debuginfo-3.10.0-693.35.1.el7.ppc64.rpm
- perf-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-debuginfo-common-ppc64le-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-tools-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-debug-devel-3.10.0-693.35.1.el7.ppc64.rpm
- kernel-3.10.0-693.35.1.el7.ppc64.rpm
- kernel-bootwrapper-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-headers-3.10.0-693.35.1.el7.ppc64.rpm
- kernel-debug-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-debuginfo-common-x86_64-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-tools-debuginfo-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-tools-libs-devel-3.10.0-693.35.1.el7.ppc64.rpm
- kernel-devel-3.10.0-693.35.1.el7.ppc64.rpm
- kernel-kdump-devel-3.10.0-693.35.1.el7.s390x.rpm
- kernel-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-doc-3.10.0-693.35.1.el7.noarch.rpm
- kernel-debug-debuginfo-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-debuginfo-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-kdump-debuginfo-3.10.0-693.35.1.el7.s390x.rpm
- kernel-tools-3.10.0-693.35.1.el7.ppc64.rpm
- perf-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-debuginfo-3.10.0-693.35.1.el7.s390x.rpm
- kernel-debug-debuginfo-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-devel-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-tools-libs-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-debuginfo-3.10.0-693.35.1.el7.ppc64.rpm
- perf-debuginfo-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-tools-libs-3.10.0-693.35.1.el7.ppc64.rpm
- perf-debuginfo-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-tools-libs-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-headers-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-3.10.0-693.35.1.el7.s390x.rpm
- kernel-debuginfo-common-s390x-3.10.0-693.35.1.el7.s390x.rpm
- python-perf-debuginfo-3.10.0-693.35.1.el7.ppc64le.rpm
- python-perf-debuginfo-3.10.0-693.35.1.el7.s390x.rpm
- perf-debuginfo-3.10.0-693.35.1.el7.ppc64.rpm
- kernel-debug-3.10.0-693.35.1.el7.x86_64.rpm
- kernel-abi-whitelists-3.10.0-693.35.1.el7.noarch.rpm
- kernel-headers-3.10.0-693.35.1.el7.s390x.rpm
- kernel-tools-debuginfo-3.10.0-693.35.1.el7.ppc64le.rpm
- kernel-debug-3.10.0-693.35.1.el7.s390x.rpm
- kernel-tools-debuginfo-3.10.0-693.35.1.el7.ppc64.rpm
- perf-3.10.0-693.35.1.el7.ppc64.rpm
- python-perf-debuginfo-3.10.0-693.35.1.el7.x86_64.rpm
Fixes
(none)
CVEs
(none)
References
(none)
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.