FEDORA-2017-6f06be3fe9

security update in Fedora 25 for kernel

Status: stable 2 years ago

Rebase to 4.11.3

Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-6f06be3fe9

Comments 38

This update has been submitted for testing by labbott.

wfm - desktop 16GB Intel i7-3770 CPU using the Mate Desktop

karma: +1 critpath: +1 kernel regression: +1

LGTM

karma: +1 critpath: +1 kernel regression: +1

works for me

karma: +1

Works for me, x86_64 work station. Plasma DE, nVidia card/nouveau.

karma: +1 critpath: +1 kernel regression: +1

no regressions noted

karma: +1 critpath: +1

This update has been pushed to testing.

Haven't noticed any regressions on x86_64.

karma: +1 critpath: +1

no regressions noted x86_64 with nvidia card / driver.

karma: +1

critpath: +1 kernel regression: +1

Works as expected. Headless Dell R520 E5-2430.

karma: +1 critpath: +1 kernel regression: +1

works for me on T450s

karma: +1

works for me

karma: +1

Works for me, x86_64, GNOME (CPU: Intel Core2 Quad Q8400, GPU: AMD RV635, RAM: 6 GiB).

karma: +1 critpath: +1 kernel regression: +1

karma: +1

critpath: +1

LGTM, pass default and performance test

karma: +1

Works for me on a Raspberry Pi 2 with dual stack IPv4/IPv6, DO VM with dual stack

karma: +1 critpath: +1 #1452744: +1 #1452688: +1 #1452691: +1 #1452679: +1 #1450972: +1 kernel regression: +1
karma: +1 critpath: +1 kernel regression: +1

Working for me. Kernel regression tests successful on x86_64 VM.

karma: +1

The 4.11 kernel series has introduced intermittent suspend/resume issues on one of my laptops where it suspends successfully (or so it appears) and then fails to resume, and intermittent audio problems on another laptop where the sound doesn't work at all ("dummy output"). (For the latter, I saw another user reported the same against 4.10.17, but I haven't encountered it with that kernel.)

(Not cause to give negative karma for these, but the 4.11 kernel series also doesn't address regressions the 4.9 and 4.10 series introduced on these same machines, including sporadic kernel oopses triggered by Intel DRM that freeze the display [where 4.9 and earlier worked flawlessly], and a different laptop that intermittently fails to suspend properly [where 4.8 and earlier worked flawlessly], the workaround there being to set /sys/power/pm_async to 0. In my experience, it seems like recently each major release is a little more broken.)

karma: -1 critpath: -1

WFM on Thinkpad 13 (Skylake)

karma: +1 critpath: +1 kernel regression: +1

Looks good to me on Thinkpad T540p (i7-4900MQ). Seems to fix the MCE error messages reported in bug #924570 for me.

karma: +1 critpath: +1 kernel regression: +1

No problems on x86_64 or arm7hl.

The following bug is present in the 4.11 kernel (and has been since 4.10). https://bugzilla.kernel.org/show_bug.cgi?id=195661

This is fixed now via patch in the 4.12 kernel at: 0e9a709560dbcfbace8bf4019 ("ip6_tunnel, ip6_gre: fix setting of DSCP on encapsulated packets").

Is it possible to include this patch against 4.11?

karma: +1 critpath: +1 kernel regression: -1

Some services entered in failed state:

at-spi-dbus-bus systemd-coredump lvm2-lvmetad.socket

karma: +1 critpath: +1 kernel regression: -1

wfm hp laptop ( i dont suspend)

karma: +1 critpath: +1 kernel regression: +1
karma: +1 critpath: +1 kernel regression: +1

This update has been submitted for stable by labbott.

@dhgutteridge's bug is evident on my flex4-1470 as well but otherwise all the networking security fixes are working as expected.

karma: +1 critpath: +1 #1452744: +1 #1452688: +1 #1452691: +1 #1452679: +1 #1450972: +1

No regression noted, works for me

karma: +1 kernel regression: +1

This update has been pushed to stable.

works good for me

karma: +1 kernel regression: +1

https://bugzilla.redhat.com/show_bug.cgi?id=1446097 is still there and there is a regression of screen resolution during boot time! It's lowered to 1280x1024...

critpath: -1 kernel regression: -1

Works on Dell 7250. I can confirm the last comment of screen resolution. During boot, screen have low resolution and correctly change automatically after. Kernel regression script is OK.

karma: +1 critpath: +1 kernel regression: +1

I have an Asus UX306U laptop. This kernel upgrade caused the following symptoms:

  • Screen was at max brightness upon reboot, and could not be adjusted either by Fn keys (which had started working a few kernel upgrades ago), or by the Gnome screen brightness slider
  • The laptop did not suspend/sleep when the lid closed

I've downgraded to 4.10.15-200 to get around these problems.

Jun 4 09:53:41 xxxx kernel: wlan0: waiting for beacon from xx:xx:xx:xx:xx:xx

Jun 4 09:53:41 xxxx kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000004

Jun 4 09:53:41 xxxx kernel: IP: cfg80211_mlme_deauth+0xdc/0x1d0 [cfg80211]

Jun 4 09:53:41 xxxx kernel: PGD 0

Jun 4 09:53:41 xxxx kernel:

Jun 4 09:53:41 xxxx kernel: Oops: 0000 [#1] SMP

Jun 4 09:53:41 xxxx kernel: Modules linked in: xt_REDIRECT nf_nat_redirect iptable_nat nf_nat_ipv4 nf_nat xt_policy nf_conntrack_ipv4 nf_defrag_ipv4 ip6t_REJECT nf_reject_ipv6 xt_m ultiport nf_conntrack_ipv6 nf_defrag_ipv6 xt_conntrack nf_conntrack xt_TCPMSS ip6table_filter vboxpci(O) iptable_mangle ip6_tables vboxnetadp(O) vboxnetflt(O) vboxdrv(O) pata_pcmcia iT CO_wdt hp_wmi iTCO_vendor_support sparse_keymap ppdev snd_hda_codec_hdmi snd_hda_codec_analog snd_hda_codec_generic arc4 coretemp snd_hda_intel snd_hda_codec snd_hda_core joydev acpi_c pufreq tpm_infineon iwl4965 snd_hwdep snd_seq_dummy snd_seq_oss snd_seq_midi_event r592 snd_seq snd_seq_device iwlegacy snd_pcm_oss snd_mixer_oss snd_pcm mac80211 lpc_ich memstick yent a_socket nouveau cfg80211 snd_timer snd soundcore rfkill mxm_wmi i2c_algo_bit ttm drm_kms_helper

Jun 4 09:53:41 xxxx kernel: drm e1000e 8250_pci ptp pps_core irda hp_accel lis3lv02d shpchp wmi parport_pc parport tpm_tis video input_polldev tpm_tis_core tpm_rng tpm xfs libcrc32 c sdhci_pci sdhci mmc_core serio_raw firewire_ohci firewire_core crc_itu_t ata_generic pata_acpi loop(O)

Jun 4 09:53:41 xxxx kernel: CPU: 0 PID: 91 Comm: kworker/0:2 Tainted: G O 4.11.3-200.AES.f25g.x86_64 #1

Jun 4 09:53:41 xxxx kernel: Hardware name: Hewlett-Packard HP Compaq 8710w (GC124EA#ABB)/30C3, BIOS 68MAD Ver. F.20 12/07/2011

Jun 4 09:53:41 xxxx kernel: Workqueue: events cfg80211_conn_work [cfg80211]

Jun 4 09:53:41 xxxx kernel: task: ffff88013253a440 task.stack: ffffc9000094c000

Jun 4 09:53:41 xxxx kernel: RIP: 0010:cfg80211_mlme_deauth+0xdc/0x1d0 [cfg80211]

Jun 4 09:53:41 xxxx kernel: RSP: 0018:ffffc9000094fc98 EFLAGS: 00010246

Jun 4 09:53:41 xxxx kernel: RAX: ffff880134d7c8d0 RBX: ffff880123d33400 RCX: 0000000000000000

Jun 4 09:53:41 xxxx kernel: RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880135a20000

Jun 4 09:53:41 xxxx kernel: RBP: ffffc9000094fce8 R08: 0000000000000000 R09: 0000000000000003

Jun 4 09:53:41 xxxx kernel: R10: ffffc900009e7d70 R11: 0000000000000000 R12: ffff880134d7c8d0

Jun 4 09:53:41 xxxx kernel: R13: ffff880134d7c000 R14: 00000000ffffff95 R15: ffff880135a20000

Jun 4 09:53:41 xxxx kernel: FS: 0000000000000000(0000) GS:ffff88013bc00000(0000) knlGS:0000000000000000

Jun 4 09:53:41 xxxx kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033

Jun 4 09:53:41 xxxx kernel: CR2: 0000000000000004 CR3: 000000012cbac000 CR4: 00000000000006f0

Jun 4 09:53:41 xxxx kernel: Call Trace:

Jun 4 09:53:41 xxxx kernel: cfg80211_conn_do_work+0xf7/0x380 [cfg80211]

Jun 4 09:53:41 xxxx kernel: cfg80211_conn_work+0xc1/0x120 [cfg80211]

Jun 4 09:53:41 xxxx kernel: ? __schedule+0x3c0/0x8a0

Jun 4 09:53:41 xxxx kernel: process_one_work+0x197/0x450

Jun 4 09:53:41 xxxx kernel: worker_thread+0x4e/0x4a0

Jun 4 09:53:41 xxxx kernel: kthread+0x109/0x140

Jun 4 09:53:41 xxxx kernel: ? process_one_work+0x450/0x450

Jun 4 09:53:41 xxxx kernel: ? kthread_park+0x90/0x90

Jun 4 09:53:41 xxxx kernel: ret_from_fork+0x2c/0x40

Jun 4 09:53:41 xxxx kernel: Code: c6 66 66 66 66 90 48 8b 4d d0 65 48 33 0c 25 28 00 00 00 44 89 f0 0f 85 f8 00 00 00 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <0f> b7 4a 04 8b 32 8b b8 d0 00 00 00 89 ca 66 33 90 d4 00 00 00

Jun 4 09:53:41 xxxx kernel: RIP: cfg80211_mlme_deauth+0xdc/0x1d0 [cfg80211] RSP: ffffc9000094fc98

Jun 4 09:53:41 xxxx kernel: CR2: 0000000000000004

Jun 4 09:53:41 xxxx kernel: ---[ end trace 744889396399bf25 ]---

Tainted because of virtualbox modules. Still, 4.11.2 works.

kernel-4.11.3-200.fc25.x86_64 just gives me a blank screen with seemingly nothing happening (not responding to any keyboard input, no HDD activity) immediately after the GRUB menu disappears. I am not sure if I can gather any useful debug information from that state.

The previous kernel (kernel-4.10.17-200.fc25.x86_64) works fine, and I am using that version as a workaround for now.

This is an older desktop PC. The motherboard is ASRock Z68 Pro3 Gen3. It has been set up to boot in UEFI mode. My /boot partition is straight ext4 but the root filesystem is on an LVM2 volume.

The CPU is:

vendor_id   : GenuineIntel
cpu family  : 6
model       : 42
model name  : Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
stepping    : 7
microcode   : 0x29

lspci output:

00:00.0 Host bridge: Intel Corporation 2nd Generation Core Processor Family DRAM Controller (rev 09)
00:02.0 VGA compatible controller: Intel Corporation 2nd Generation Core Processor Family Integrated Graphics Controller (rev 09)
00:16.0 Communication controller: Intel Corporation 6 Series/C200 Series Chipset Family MEI Controller #1 (rev 04)
00:1a.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #2 (rev 05)
00:1b.0 Audio device: Intel Corporation 6 Series/C200 Series Chipset Family High Definition Audio Controller (rev 05)
00:1c.0 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 1 (rev b5)
00:1c.4 PCI bridge: Intel Corporation 82801 PCI Bridge (rev b5)
00:1c.5 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 6 (rev b5)
00:1c.6 PCI bridge: Intel Corporation 6 Series/C200 Series Chipset Family PCI Express Root Port 7 (rev b5)
00:1d.0 USB controller: Intel Corporation 6 Series/C200 Series Chipset Family USB Enhanced Host Controller #1 (rev 05)
00:1f.0 ISA bridge: Intel Corporation Z68 Express Chipset Family LPC Controller (rev 05)
00:1f.2 SATA controller: Intel Corporation 6 Series/C200 Series Chipset Family SATA AHCI Controller (rev 05)
00:1f.3 SMBus: Intel Corporation 6 Series/C200 Series Chipset Family SMBus Controller (rev 05)
02:00.0 PCI bridge: ASMedia Technology Inc. ASM1083/1085 PCIe to PCI Bridge (rev 01)
03:01.0 Multimedia controller: Philips Semiconductors SAA7146 (rev 01)
04:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06)
05:00.0 USB controller: Etron Technology, Inc. EJ168 USB 3.0 Host Controller (rev 01)

I can try to provide some more specific information if so requested.

karma: -1

critpath: -1

I ran into the same problem (a blank screen with seemingly nothing happening (not responding to any keyboard input, no HDD activity). I got my boot options updated to at least try to get more information, but ran out of time due to other obligations. I'll try to test some more tonight. Prior version (kernel-4.10.17-200.fc25.x86_64) works fine. In my case an HP desktop.

Similar CPU: vendor_id : GenuineIntel cpu family : 6 model : 58 model name : Intel(R) Core(TM) i5-3570 CPU @ 3.40GHz stepping : 9 microcode : 0x1c

dmidecode:

dmidecode 3.1

Getting SMBIOS data from sysfs. SMBIOS 2.7 present. 57 structures occupying 2419 bytes. Table at 0x000E9320.

Handle 0x0000, DMI type 0, 24 bytes BIOS Information Vendor: Hewlett-Packard Version: K01 v02.05 Release Date: 05/07/2012 Address: 0xF0000 Runtime Size: 64 kB ROM Size: 16 MB Characteristics: PCI is supported PNP is supported BIOS is upgradeable BIOS shadowing is allowed Boot from CD is supported Selectable boot is supported EDD is supported Print screen service is supported (int 5h) 8042 keyboard services are supported (int 9h) Serial services are supported (int 14h) Printer services are supported (int 17h) ACPI is supported USB legacy is supported BIOS boot specification is supported Function key-initiated network boot is supported Targeted content distribution is supported UEFI is supported BIOS Revision: 2.5

Handle 0x0001, DMI type 1, 27 bytes System Information Manufacturer: Hewlett-Packard Product Name: HP Compaq Elite 8300 SFF Version: Not Specified Wake-up Type: Power Switch Family: 103C_53307F G=D

karma: -1 critpath: -1

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+21
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Disabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 5

0+2 #1450972 CVE-2017-8890 kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c
0+2 #1452679 CVE-2017-9074 kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option
0+2 #1452688 CVE-2017-9076 kernel: net: IPv6 DCCP implementation mishandles inheritance
0+2 #1452691 CVE-2017-9075 kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
0+2 #1452744 CVE-2017-9077 kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance

Automated Test Results

Test Cases

-2+14 Test Case kernel regression