FEDORA-2018-22d5fa8a90

security update in Fedora 27 for kernel

Status: stable 15 days ago

The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures.

Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

Comments 22

This update has been submitted for testing by jforbes.

Works for me. At least you don't notice any performance regression on a desktop computer with that PTI patch, even though they are measurable (Firefox is about 2 to 3 % slower :( ).

karma: +1 kernel regression: +1

This kernel solves bug 1529132 for me.

karma: +1 kernel regression: +1

Works for me.. Regression tests pass OK.
x86_64 work station, Plasma DE, X-server, nVidia card GTX 650 (GK107) /nouveau

karma: +1 kernel regression: +1

This update has been pushed to testing.

This update has been submitted for batched by jforbes.

This update has been submitted for stable by jforbes.

jforbes edited this update.

Why installing the RPMs I get

error: unpacking of archive failed on file /lib/modules/4.14.11-300.fc27.x86_64/vmlinuz;5a4d6a26: cpio: read failed - No such file or directory error: kernel-core-4.14.11-300.fc27.x86_64: install failed

In addition, removing these RPMs, the directory /lib/modules/4.14.11-300.fc27.x86_64 is not deleted

This update has been pushed to stable.

wfm: desktop 16GB Intel i7-3770 CPU, laptop 16GB Intel i7-3610QM CPU, laptop 8GB Intel i5-2520M CPU Lenovo T420 (this took an extremely long time to to the performance test), - all using the Mate Desktop Environment

karma: +1 kernel regression: +1

Works fine on RPi2/3, mustang, Jetson TK1, OrangePi PC, BBone Black, Panda-ES, CubieTruck and Hummingboard Gate

karma: +1 #1530279: +1 #1530274: +1 #1530273: +1 #1530272: +1 #1530271: +1 #1530270: +1 #1530269: +1 #1529125: +1 #1529124: +1 #1529123: +1 #1529120: +1

WFM on a Fedora Xen Dom0 & DomU (Xeon E5). I am doing CPU-heavy computations on the DomU and I am not seeing any performance penalty with this workload.

karma: +1

This Version breaks bumblebeed.

bumblebeed[10830]: [ 619.495467] [ERROR]Module 'nvidia' is not found. Tested on: OS: Fedora release 27 (Twenty Seven) x86_64 Model: 80RU Lenovo ideapad 700-15ISK Kernel: 4.14.11-300.fc27.x86_64 Resolution: 1920x1080 DE: KDE CPU: Intel i5-6300HQ (4) @ 3.200GHz GPU: Intel HD Graphics 530 GPU: NVIDIA GeForce GTX 950M Memory: 2543MiB / 15834MiB

./default/sysfs-perms FAIL

Asus X50LV CPU Duo T5250

karma: +1 kernel regression: -1

Works for me and Kernel regression test suite PASS

MSI Laptop GE60-2PC-Apache CPU: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz (8 cores) RAM: 4GB

I'm now seeing this in /proc/cpuinfo: bugs : cpu_insecure

karma: +1 kernel regression: +1

The 4.14.11 update tripped a few machine checks immediately after booting (below), prior to asking for the password for the encrypted disk system. After entering the password the system booted without problem. The checks were recorded in dmesg and syslog after boot, but mcelog shows nothing, as it had not yet started.

Downgrading to 4.11.8-300, no machine checks were flagged. The system has been running well for years without machine checks. I don't know whether there is a real (latent?) hardware problem or if the Meltdown fixes are causing false errors.

This is an older system; info from /proc/cpuinfo follows.

model name : Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz stepping : 7 microcode : 0x70a

kernel: mce: [Hardware Error]: Machine check events logged kernel: mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 5: f200001010000e0f kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 1 microcode 70a kernel: mce: [Hardware Error]: Machine check events logged kernel: mce: [Hardware Error]: CPU 2: Machine Check: 0 Bank 0: f200084000000800 kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 2 microcode 70a kernel: mce: [Hardware Error]: CPU 2: Machine Check: 0 Bank 5: f200000034000e0f kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 2 microcode 70a kernel: mce: [Hardware Error]: CPU 3: Machine Check: 0 Bank 5: f200000010000e0f kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 3 microcode 70a


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown.

-1 0 +1 Feedback Guidelines
#1530279 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857 kernel: various flaws [fedora-all]
#1530274 CVE-2017-17857 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of invalid variable stack read operations
#1530273 CVE-2017-17856 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging the lack of stack-pointer alignment enforcement
#1530272 CVE-2017-17855 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging improper use of pointers in place of scalars
#1530271 CVE-2017-17854 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging unrestricted integer values for pointer arithmetic
#1530270 CVE-2017-17853 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging incorrect BPF_RSH signed bounds calculations
#1530269 CVE-2017-17852 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of 32-bit ALU ops
#1529125 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864 kernel: various flaws [fedora-all]
#1529124 CVE-2017-17862 kernel: Improper logic pruning in bpf/verifier.c
#1529123 CVE-2017-17863 kernel: integer overflow in static int check_alu_op function in bpf/verifier.c
#1529120 CVE-2017-17864 kernel: information disclosure via pointer leak in kernel/bpf/verifier.c
Test Case kernel regression
Is the update generally functional?
Content Type
RPM
Status
stable
Test Gating Status
Tests not running
Submitted by
Update Type
security
Karma
+11
stable threshold: 3
unstable threshold: -3
Autopush
Disabled
Dates
submitted 15 days ago
in testing 15 days ago
in stable 15 days ago
modified 15 days ago

Related Bugs 11

0+1 #1530279 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857 kernel: various flaws [fedora-all]
0+1 #1530274 CVE-2017-17857 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of invalid variable stack read operations
0+1 #1530273 CVE-2017-17856 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging the lack of stack-pointer alignment enforcement
0+1 #1530272 CVE-2017-17855 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging improper use of pointers in place of scalars
0+1 #1530271 CVE-2017-17854 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging unrestricted integer values for pointer arithmetic
0+1 #1530270 CVE-2017-17853 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging incorrect BPF_RSH signed bounds calculations
0+1 #1530269 CVE-2017-17852 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of 32-bit ALU ops
0+1 #1529125 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864 kernel: various flaws [fedora-all]
0+1 #1529124 CVE-2017-17862 kernel: Improper logic pruning in bpf/verifier.c
0+1 #1529123 CVE-2017-17863 kernel: integer overflow in static int check_alu_op function in bpf/verifier.c
0+1 #1529120 CVE-2017-17864 kernel: information disclosure via pointer leak in kernel/bpf/verifier.c

Automated Test Results

Test Cases

-1+6 Test Case kernel regression