FEDORA-2018-22d5fa8a90 — security update for kernel

stable

kernel-4.14.11-300.fc27

FEDORA-2018-22d5fa8a90 created by jforbes 7 years ago for Fedora 27

The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures.

Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-22d5fa8a90

This update has been submitted for testing by jforbes.

7 years ago

emarci commented & provided feedback 7 years ago

karma

Works for me. At least you don't notice any performance regression on a desktop computer with that PTI patch, even though they are measurable (Firefox is about 2 to 3 % slower :( ).

Test Case kernel regression

imsedgar commented & provided feedback 7 years ago

karma

This kernel solves bug 1529132 for me.

Test Case kernel regression

g6avk commented & provided feedback 7 years ago

karma

Works for me.. Regression tests pass OK.
x86_64 work station, Plasma DE, X-server, nVidia card GTX 650 (GK107) /nouveau

Test Case kernel regression

This update has been pushed to testing.

7 years ago

This update has been submitted for batched by jforbes.

7 years ago

This update has been submitted for stable by jforbes.

7 years ago

jforbes edited this update.

7 years ago

alciregi commented & provided feedback 7 years ago

Why installing the RPMs I get

error: unpacking of archive failed on file /lib/modules/4.14.11-300.fc27.x86_64/vmlinuz;5a4d6a26: cpio: read failed - No such file or directory error: kernel-core-4.14.11-300.fc27.x86_64: install failed

alciregi commented & provided feedback 7 years ago

In addition, removing these RPMs, the directory /lib/modules/4.14.11-300.fc27.x86_64 is not deleted

This update has been pushed to stable.

7 years ago

nivag commented & provided feedback 7 years ago

karma

wfm: desktop 16GB Intel i7-3770 CPU, laptop 16GB Intel i7-3610QM CPU, laptop 8GB Intel i5-2520M CPU Lenovo T420 (this took an extremely long time to to the performance test), - all using the Mate Desktop Environment

Test Case kernel regression

nb provided feedback 7 years ago

karma

Test Case kernel regression

pbrobinson commented & provided feedback 7 years ago

karma

Works fine on RPi2/3, mustang, Jetson TK1, OrangePi PC, BBone Black, Panda-ES, CubieTruck and Hummingboard Gate

BZ#1530279 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857 kernel: various flaws [fedora-all]

BZ#1530274 CVE-2017-17857 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of invalid variable stack read operations

BZ#1530273 CVE-2017-17856 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging the lack of stack-pointer alignment enforcement

BZ#1530272 CVE-2017-17855 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging improper use of pointers in place of scalars

BZ#1530271 CVE-2017-17854 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging unrestricted integer values for pointer arithmetic

BZ#1530270 CVE-2017-17853 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging incorrect BPF_RSH signed bounds calculations

BZ#1530269 CVE-2017-17852 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of 32-bit ALU ops

BZ#1529125 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864 kernel: various flaws [fedora-all]

BZ#1529124 CVE-2017-17862 kernel: Improper logic pruning in bpf/verifier.c

BZ#1529123 CVE-2017-17863 kernel: integer overflow in static int check_alu_op function in bpf/verifier.c

BZ#1529120 CVE-2017-17864 kernel: information disclosure via pointer leak in kernel/bpf/verifier.c

proski provided feedback 7 years ago

karma

proski provided feedback 7 years ago

karma

billmcgonigle commented & provided feedback 7 years ago

karma

WFM on a Fedora Xen Dom0 & DomU (Xeon E5). I am doing CPU-heavy computations on the DomU and I am not seeing any performance penalty with this workload.

anonymous commented & provided feedback 7 years ago

This Version breaks bumblebeed.

bumblebeed[10830]: [ 619.495467] [ERROR]Module 'nvidia' is not found. Tested on: OS: Fedora release 27 (Twenty Seven) x86_64 Model: 80RU Lenovo ideapad 700-15ISK Kernel: 4.14.11-300.fc27.x86_64 Resolution: 1920x1080 DE: KDE CPU: Intel i5-6300HQ (4) @ 3.200GHz GPU: Intel HD Graphics 530 GPU: NVIDIA GeForce GTX 950M Memory: 2543MiB / 15834MiB

tenk commented & provided feedback 7 years ago

karma

./default/sysfs-perms FAIL

Asus X50LV CPU Duo T5250

Test Case kernel regression

boycottsystemd1 provided feedback 7 years ago

karma

fabash commented & provided feedback 7 years ago

karma

Works for me and Kernel regression test suite PASS

MSI Laptop GE60-2PC-Apache CPU: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz (8 cores) RAM: 4GB

I'm now seeing this in /proc/cpuinfo: bugs : cpu_insecure

Test Case kernel regression

fishnetinc commented & provided feedback 7 years ago

The 4.14.11 update tripped a few machine checks immediately after booting (below), prior to asking for the password for the encrypted disk system. After entering the password the system booted without problem. The checks were recorded in dmesg and syslog after boot, but mcelog shows nothing, as it had not yet started.

Downgrading to 4.11.8-300, no machine checks were flagged. The system has been running well for years without machine checks. I don't know whether there is a real (latent?) hardware problem or if the Meltdown fixes are causing false errors.

This is an older system; info from /proc/cpuinfo follows.

model name : Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz stepping : 7 microcode : 0x70a

kernel: mce: [Hardware Error]: Machine check events logged kernel: mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 5: f200001010000e0f kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 1 microcode 70a kernel: mce: [Hardware Error]: Machine check events logged kernel: mce: [Hardware Error]: CPU 2: Machine Check: 0 Bank 0: f200084000000800 kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 2 microcode 70a kernel: mce: [Hardware Error]: CPU 2: Machine Check: 0 Bank 5: f200000034000e0f kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 2 microcode 70a kernel: mce: [Hardware Error]: CPU 3: Machine Check: 0 Bank 5: f200000010000e0f kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 3 microcode 70a

anonymous commented 6 years ago

I have similar issue on 4.17.x Intel® Core™2 Quad CPU Q9550 @ 2.83GHz × 4 There is no any issue on windows 10 or Fedora 23.

[ 0.000000] microcode: microcode updated early to revision 0xa0b, date = 2010-09-28 [ 0.014283] mce: [Hardware Error]: PROCESSOR 0:1067a TIME 1532083217 SOCKET 0 APIC 0 microcode a0b [ 0.025033] mce: [Hardware Error]: PROCESSOR 0:1067a TIME 1532083217 SOCKET 0 APIC 2 microcode a0b [ 0.738431] microcode: sig=0x1067a, pf=0x10, revision=0xa0b [ 0.738464] microcode: Microcode Update Driver: v2.2.

Crash log: https://drive.google.com/open?id=12o4v-wzHHcfkCET-CxIkBFKN-L17qTbS

Please login to add feedback.

Metadata

Type

security

Karma

Signed

Content Type

RPM

Test Gating

None

Autopush Settings

Unstable by Karma

-3

Stable by Karma

disabled

Stable by Time

disabled

Dates

submitted

7 years ago

in testing

7 years ago

in stable

7 years ago

modified

7 years ago

Builds