security update in Fedora 28 for kernel, kernel-headers, & 1 more

Status: stable 6 months ago

The 4.17.12 stable kernel update contains a number of important fixes across the tree.


Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-ca0e10fc6e

Comments 31

This update has been submitted for testing by jforbes.

works well (incl. nvidia driver from rpmfusion)

karma: +1 critpath: +1

System boot ok, no problems so far. ACPI Errors [#1609932] are gone.

Kernel test fails on ./default/cachedrop TestError: Can't free dentries and inodes

karma: +1 critpath: +1
karma: +1 critpath: +1

Kernel test fails on ./default/cachedrop TestError: Can't free dentries and inodes

That sounds scary..??

karma: +1 critpath: +1

This update has been pushed to testing.

works for me

karma: +1

Works for me.. The Default and Performance Regression tests pass OK.
AMD 965, x86_64 work station, Plasma DE, X-server, nVidia card GTX 650 (GK107) + nVidia RPM's from Negativo17. I did test with Nouveau after seeing all the commits, but after an hour or so I had the usual hard lockup.

karma: +1 critpath: +1

Works here (T450s, XS35GTv2, VM).

karma: +1 critpath: +1

Regression tests seem to be okay and system works just fine

karma: +1 critpath: +1

works fine

karma: +1

works for me on a T450s

karma: +1

This i686 kernel version functions normally. The default regression tests passed or were skipped.

karma: +1 critpath: +1

Works great on Lenovo T480 with dGPU! LGTM! =)

karma: +1

Looks good, system works fine, and kernel regression tests pass.

karma: +1 critpath: +1

Essentially same issues as with the 4.17.6 update, filed in BZ:

Lenovo Thinkpad P50, nouveau driver, using external dock: Doesn't recognize/use my second display, lots of flickering when booting.

karma: -1 critpath: -1

Looks good on VM here. 4.17.13 was just released ;)

karma: +1 critpath: +1

works for me on T460s

karma: +1

WFM on abt. 40 different machines, w/ RPMfusion's Nvidia stuff. Seems to fix the NFS misery of previous 4.17's.

karma: +1 critpath: +1

No regressions spotted.

karma: +1 critpath: +1

no regressions noted

karma: +1

ltm, pass default test

karma: +1

Works on Thinkpad T440s. Kernel regression test passed.

karma: +1 critpath: +1

This update has been submitted for batched by jforbes.

This update has been submitted for stable by jforbes.

This update has been pushed to stable.

4.17.14 is also out ;)

This is unstable for me: kernel-4.17.12-200.fc28.x86_64

I have pasted the log when I experienced a freeze. HP EliteBook 1030 G2

19:07:40 kernel: RIP: slab_free+0x16a/0x2e0 RSP: ffffb25345293bd0 19:07:40 kernel: Code: ff ff 84 c0 0f 84 f1 fe ff ff 44 0f b6 7c 24 1f 80 7c 24 4b 00 79 05 45 84 ff 74 7a 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 <0f> 0b e8 2f fc ff ff 85 c0 0f 85 c1 fe ff ff 48 8d 65 d8 5b 41 19:07:40 kernel: R13: 00003545dbcf0390 R14: 00003545dd8152e0 R15: 0000000000000000 19:07:40 kernel: R10: 0005bed1b40573f8 R11: 0000000000000293 R12: 0000000000000000 19:07:40 kernel: RBP: 00007f610abf8750 R08: 0000000000000000 R09: 0000000000800000 19:07:40 kernel: RDX: 0000000000000000 RSI: 00007f610abf8750 RDI: 0000000000000137 19:07:40 kernel: RAX: ffffffffffffffda RBX: 0000000000000137 RCX: 00007f6128047c57 19:07:40 kernel: RSP: 002b:00007f610abf8710 EFLAGS: 00000293 ORIG_RAX: 000000000000002f 19:07:40 kernel: RIP: 0033:0x7f6128047c57 19:07:40 kernel: entry_SYSCALL_64_after_hwframe+0x44/0xa9 19:07:40 kernel: Call Trace: 19:07:40 kernel: CR2: 00007f610708cd00 CR3: 00000001c0d52001 CR4: 00000000003606e0 19:07:40 kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 19:07:40 kernel: FS: 00007f610abf9700(0000) GS:ffff98ce87480000(0000) knlGS:0000000000000000 19:07:40 kernel: R13: ffffdfca08df38c0 R14: ffff98ce77ce3b00 R15: ffff98ce77ce3b00 19:07:40 kernel: R10: ffff98ce77ce3b00 R11: ffff98cda336bbea R12: ffff98ce7d4e1380 19:07:40 kernel: RBP: ffffb25345293c70 R08: 0000000000000001 R09: ffffffffa78284da 19:07:40 kernel: RDX: ffff98ce77ce3b00 RSI: ffffdfca08df38c0 RDI: ffff98ce7d4e1380 19:07:40 kernel: RAX: ffff98ce77ce3b00 RBX: ffff98ce77ce3b00 RCX: 0000000180100005 19:07:40 kernel: RSP: 0018:ffffb25345293bd0 EFLAGS: 00010246 19:07:40 kernel: RIP: 0010:slab_free+0x16a/0x2e0 19:07:40 kernel: Hardware name: HP HP EliteBook x360 1030 G2/827D, BIOS P80 Ver. 01.15 01/25/2018 19:07:40 kernel: CPU: 1 PID: 2730 Comm: Chrome_IOThread Not tainted 4.17.12-200.fc28.x86_64 #1 19:07:40 kernel: processor_thermal_device shpchp intel_pch_thermal intel_soc_dts_iosf intel_lpss wmi int3403_thermal intel_vbtn soc_button_array int340x_thermal_zone int3400_thermal pinctrl_sunrisepoint intel_hid pinctrl_intel sparse_keymap acpi_thermal_rel hp_wireless acpi_pad pcc_cpufreq hid_sensor_hub intel_ishtp_hid i915 rtsx_pci_sdmmc mmc_core i2c_algo_bit drm_kms_helper nvme drm nvme_core serio_raw crc32c_intel intel_ish_ipc rtsx_pci intel_ishtp i2c_hid video 19:07:40 kernel: Modules linked in: fuse rfcomm thunderbolt xt_CHECKSUM ipt_MASQUERADE nf_nat_masquerade_ipv4 tun nf_conntrack_netbios_ns nf_conntrack_broadcast xt_CT ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 xt_conntrack devlink ip_set nfnetlink ebtable_nat ebtable_broute bridge stp llc ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_mangle ip6table_raw ip6table_security iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack libcrc32c iptable_mangle iptable_raw iptable_security ebtable_filter ebtables ip6table_filter ip6_tables cmac bnep ipheth sunrpc vfat fat snd_soc_skl snd_soc_skl_ipc snd_hda_ext_core intel_rapl snd_soc_sst_dsp snd_soc_sst_ipc x86_pkg_temp_thermal snd_soc_acpi intel_powerclamp coretemp kvm_intel arc4 snd_soc_core kvm snd_hda_codec_hdmi snd_hda_codec_conexant 19:07:40 kernel: invalid opcode: 0000 [#1] SMP PTI 19:07:40 kernel: kernel BUG at mm/slub.c:296! 19:07:40 kernel: ------------[ cut here ]------------

Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

Does the system's basic functionality continue to work after this update?
#1609932 [Regression] ACPI Error: Result stack is empty!
#1611005 CVE-2018-14734 kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c
#1611007 CVE-2018-14734 kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c [fedora-all]
Test Case kernel regression
Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 3
unstable threshold: -3
submitted 6 months ago
in testing 6 months ago
in stable 6 months ago

Related Bugs 3

00 #1609932 [Regression] ACPI Error: Result stack is empty!
00 #1611005 CVE-2018-14734 kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c
00 #1611007 CVE-2018-14734 kernel: use-after-free in ucma_leave_multicast in drivers/infiniband/core/ucma.c [fedora-all]

Automated Test Results

Test Cases

00 Test Case kernel regression