stable

kernel-4.14.11-300.fc27

FEDORA-2018-22d5fa8a90 created by jforbes 7 years ago for Fedora 27

The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures.

Reboot Required
After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2018-22d5fa8a90

This update has been submitted for testing by jforbes.

7 years ago
User Icon emarci commented & provided feedback 7 years ago
karma

Works for me. At least you don't notice any performance regression on a desktop computer with that PTI patch, even though they are measurable (Firefox is about 2 to 3 % slower :( ).

User Icon imsedgar commented & provided feedback 7 years ago
karma

This kernel solves bug 1529132 for me.

User Icon g6avk commented & provided feedback 7 years ago
karma

Works for me.. Regression tests pass OK.
x86_64 work station, Plasma DE, X-server, nVidia card GTX 650 (GK107) /nouveau

This update has been pushed to testing.

7 years ago

This update has been submitted for batched by jforbes.

7 years ago

This update has been submitted for stable by jforbes.

7 years ago

jforbes edited this update.

7 years ago
User Icon alciregi commented & provided feedback 7 years ago

Why installing the RPMs I get

error: unpacking of archive failed on file /lib/modules/4.14.11-300.fc27.x86_64/vmlinuz;5a4d6a26: cpio: read failed - No such file or directory error: kernel-core-4.14.11-300.fc27.x86_64: install failed

User Icon alciregi commented & provided feedback 7 years ago

In addition, removing these RPMs, the directory /lib/modules/4.14.11-300.fc27.x86_64 is not deleted

This update has been pushed to stable.

7 years ago
User Icon nivag commented & provided feedback 7 years ago
karma

wfm: desktop 16GB Intel i7-3770 CPU, laptop 16GB Intel i7-3610QM CPU, laptop 8GB Intel i5-2520M CPU Lenovo T420 (this took an extremely long time to to the performance test), - all using the Mate Desktop Environment

User Icon nb provided feedback 7 years ago
karma
User Icon pbrobinson commented & provided feedback 7 years ago
karma

Works fine on RPi2/3, mustang, Jetson TK1, OrangePi PC, BBone Black, Panda-ES, CubieTruck and Hummingboard Gate

BZ#1530279 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857 kernel: various flaws [fedora-all]
BZ#1530274 CVE-2017-17857 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of invalid variable stack read operations
BZ#1530273 CVE-2017-17856 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging the lack of stack-pointer alignment enforcement
BZ#1530272 CVE-2017-17855 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging improper use of pointers in place of scalars
BZ#1530271 CVE-2017-17854 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging unrestricted integer values for pointer arithmetic
BZ#1530270 CVE-2017-17853 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging incorrect BPF_RSH signed bounds calculations
BZ#1530269 CVE-2017-17852 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of 32-bit ALU ops
BZ#1529125 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864 kernel: various flaws [fedora-all]
BZ#1529124 CVE-2017-17862 kernel: Improper logic pruning in bpf/verifier.c
BZ#1529123 CVE-2017-17863 kernel: integer overflow in static int check_alu_op function in bpf/verifier.c
BZ#1529120 CVE-2017-17864 kernel: information disclosure via pointer leak in kernel/bpf/verifier.c
User Icon proski provided feedback 7 years ago
karma
User Icon proski provided feedback 7 years ago
karma
User Icon billmcgonigle commented & provided feedback 7 years ago
karma

WFM on a Fedora Xen Dom0 & DomU (Xeon E5). I am doing CPU-heavy computations on the DomU and I am not seeing any performance penalty with this workload.

User Icon anonymous commented & provided feedback 7 years ago

This Version breaks bumblebeed.

bumblebeed[10830]: [ 619.495467] [ERROR]Module 'nvidia' is not found. Tested on: OS: Fedora release 27 (Twenty Seven) x86_64 Model: 80RU Lenovo ideapad 700-15ISK Kernel: 4.14.11-300.fc27.x86_64 Resolution: 1920x1080 DE: KDE CPU: Intel i5-6300HQ (4) @ 3.200GHz GPU: Intel HD Graphics 530 GPU: NVIDIA GeForce GTX 950M Memory: 2543MiB / 15834MiB

User Icon tenk commented & provided feedback 7 years ago
karma

./default/sysfs-perms FAIL

Asus X50LV CPU Duo T5250

karma
User Icon fabash commented & provided feedback 7 years ago
karma

Works for me and Kernel regression test suite PASS

MSI Laptop GE60-2PC-Apache CPU: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz (8 cores) RAM: 4GB

I'm now seeing this in /proc/cpuinfo: bugs : cpu_insecure

User Icon fishnetinc commented & provided feedback 7 years ago

The 4.14.11 update tripped a few machine checks immediately after booting (below), prior to asking for the password for the encrypted disk system. After entering the password the system booted without problem. The checks were recorded in dmesg and syslog after boot, but mcelog shows nothing, as it had not yet started.

Downgrading to 4.11.8-300, no machine checks were flagged. The system has been running well for years without machine checks. I don't know whether there is a real (latent?) hardware problem or if the Meltdown fixes are causing false errors.

This is an older system; info from /proc/cpuinfo follows.

model name : Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz stepping : 7 microcode : 0x70a

kernel: mce: [Hardware Error]: Machine check events logged kernel: mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 5: f200001010000e0f kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 1 microcode 70a kernel: mce: [Hardware Error]: Machine check events logged kernel: mce: [Hardware Error]: CPU 2: Machine Check: 0 Bank 0: f200084000000800 kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 2 microcode 70a kernel: mce: [Hardware Error]: CPU 2: Machine Check: 0 Bank 5: f200000034000e0f kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 2 microcode 70a kernel: mce: [Hardware Error]: CPU 3: Machine Check: 0 Bank 5: f200000010000e0f kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 3 microcode 70a

I have similar issue on 4.17.x Intel® Core™2 Quad CPU Q9550 @ 2.83GHz × 4 There is no any issue on windows 10 or Fedora 23.

[ 0.000000] microcode: microcode updated early to revision 0xa0b, date = 2010-09-28 [ 0.014283] mce: [Hardware Error]: PROCESSOR 0:1067a TIME 1532083217 SOCKET 0 APIC 0 microcode a0b [ 0.025033] mce: [Hardware Error]: PROCESSOR 0:1067a TIME 1532083217 SOCKET 0 APIC 2 microcode a0b [ 0.738431] microcode: sig=0x1067a, pf=0x10, revision=0xa0b [ 0.738464] microcode: Microcode Update Driver: v2.2.

Crash log: https://drive.google.com/open?id=12o4v-wzHHcfkCET-CxIkBFKN-L17qTbS


Please login to add feedback.

Metadata
Type
security
Karma
11
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
disabled
Stable by Time
disabled
Dates
submitted
7 years ago
in testing
7 years ago
in stable
7 years ago
modified
7 years ago
BZ#1529120 CVE-2017-17864 kernel: information disclosure via pointer leak in kernel/bpf/verifier.c
0
1
BZ#1529123 CVE-2017-17863 kernel: integer overflow in static int check_alu_op function in bpf/verifier.c
0
1
BZ#1529124 CVE-2017-17862 kernel: Improper logic pruning in bpf/verifier.c
0
1
BZ#1529125 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864 kernel: various flaws [fedora-all]
0
1
BZ#1530269 CVE-2017-17852 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of 32-bit ALU ops
0
1
BZ#1530270 CVE-2017-17853 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging incorrect BPF_RSH signed bounds calculations
0
1
BZ#1530271 CVE-2017-17854 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging unrestricted integer values for pointer arithmetic
0
1
BZ#1530272 CVE-2017-17855 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging improper use of pointers in place of scalars
0
1
BZ#1530273 CVE-2017-17856 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging the lack of stack-pointer alignment enforcement
0
1
BZ#1530274 CVE-2017-17857 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of invalid variable stack read operations
0
1
BZ#1530279 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857 kernel: various flaws [fedora-all]
0
1

Automated Test Results

Test Cases

-1 6 Test Case kernel regression