FEDORA-2018-22d5fa8a90

security update in Fedora 27 for kernel

Status: stable 11 months ago

The 4.14.11 stable kernel update contains a number of important fixes across the tree. This also includes the KPTI patches to mitigate the Meltdown vulnerability for x86 architectures.

Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

Comments 23

This update has been submitted for testing by jforbes.

Works for me. At least you don't notice any performance regression on a desktop computer with that PTI patch, even though they are measurable (Firefox is about 2 to 3 % slower :( ).

karma: +1 kernel regression: +1

This kernel solves bug 1529132 for me.

karma: +1 kernel regression: +1

Works for me.. Regression tests pass OK.
x86_64 work station, Plasma DE, X-server, nVidia card GTX 650 (GK107) /nouveau

karma: +1 kernel regression: +1

This update has been pushed to testing.

This update has been submitted for batched by jforbes.

This update has been submitted for stable by jforbes.

jforbes edited this update.

Why installing the RPMs I get

error: unpacking of archive failed on file /lib/modules/4.14.11-300.fc27.x86_64/vmlinuz;5a4d6a26: cpio: read failed - No such file or directory error: kernel-core-4.14.11-300.fc27.x86_64: install failed

In addition, removing these RPMs, the directory /lib/modules/4.14.11-300.fc27.x86_64 is not deleted

This update has been pushed to stable.

wfm: desktop 16GB Intel i7-3770 CPU, laptop 16GB Intel i7-3610QM CPU, laptop 8GB Intel i5-2520M CPU Lenovo T420 (this took an extremely long time to to the performance test), - all using the Mate Desktop Environment

karma: +1 kernel regression: +1

Works fine on RPi2/3, mustang, Jetson TK1, OrangePi PC, BBone Black, Panda-ES, CubieTruck and Hummingboard Gate

karma: +1 #1530279: +1 #1530274: +1 #1530273: +1 #1530272: +1 #1530271: +1 #1530270: +1 #1530269: +1 #1529125: +1 #1529124: +1 #1529123: +1 #1529120: +1

WFM on a Fedora Xen Dom0 & DomU (Xeon E5). I am doing CPU-heavy computations on the DomU and I am not seeing any performance penalty with this workload.

karma: +1

This Version breaks bumblebeed.

bumblebeed[10830]: [ 619.495467] [ERROR]Module 'nvidia' is not found. Tested on: OS: Fedora release 27 (Twenty Seven) x86_64 Model: 80RU Lenovo ideapad 700-15ISK Kernel: 4.14.11-300.fc27.x86_64 Resolution: 1920x1080 DE: KDE CPU: Intel i5-6300HQ (4) @ 3.200GHz GPU: Intel HD Graphics 530 GPU: NVIDIA GeForce GTX 950M Memory: 2543MiB / 15834MiB

./default/sysfs-perms FAIL

Asus X50LV CPU Duo T5250

karma: +1 kernel regression: -1

Works for me and Kernel regression test suite PASS

MSI Laptop GE60-2PC-Apache CPU: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz (8 cores) RAM: 4GB

I'm now seeing this in /proc/cpuinfo: bugs : cpu_insecure

karma: +1 kernel regression: +1

The 4.14.11 update tripped a few machine checks immediately after booting (below), prior to asking for the password for the encrypted disk system. After entering the password the system booted without problem. The checks were recorded in dmesg and syslog after boot, but mcelog shows nothing, as it had not yet started.

Downgrading to 4.11.8-300, no machine checks were flagged. The system has been running well for years without machine checks. I don't know whether there is a real (latent?) hardware problem or if the Meltdown fixes are causing false errors.

This is an older system; info from /proc/cpuinfo follows.

model name : Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz stepping : 7 microcode : 0x70a

kernel: mce: [Hardware Error]: Machine check events logged kernel: mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 5: f200001010000e0f kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 1 microcode 70a kernel: mce: [Hardware Error]: Machine check events logged kernel: mce: [Hardware Error]: CPU 2: Machine Check: 0 Bank 0: f200084000000800 kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 2 microcode 70a kernel: mce: [Hardware Error]: CPU 2: Machine Check: 0 Bank 5: f200000034000e0f kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 2 microcode 70a kernel: mce: [Hardware Error]: CPU 3: Machine Check: 0 Bank 5: f200000010000e0f kernel: mce: [Hardware Error]: TSC 0 kernel: mce: [Hardware Error]: PROCESSOR 0:10677 TIME 1515699617 SOCKET 0 APIC 3 microcode 70a

I have similar issue on 4.17.x Intel® Core™2 Quad CPU Q9550 @ 2.83GHz × 4 There is no any issue on windows 10 or Fedora 23.

[ 0.000000] microcode: microcode updated early to revision 0xa0b, date = 2010-09-28 [ 0.014283] mce: [Hardware Error]: PROCESSOR 0:1067a TIME 1532083217 SOCKET 0 APIC 0 microcode a0b [ 0.025033] mce: [Hardware Error]: PROCESSOR 0:1067a TIME 1532083217 SOCKET 0 APIC 2 microcode a0b [ 0.738431] microcode: sig=0x1067a, pf=0x10, revision=0xa0b [ 0.738464] microcode: Microcode Update Driver: v2.2.

Crash log: https://drive.google.com/open?id=12o4v-wzHHcfkCET-CxIkBFKN-L17qTbS


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1529120 CVE-2017-17864 kernel: information disclosure via pointer leak in kernel/bpf/verifier.c
#1529123 CVE-2017-17863 kernel: integer overflow in static int check_alu_op function in bpf/verifier.c
#1529124 CVE-2017-17862 kernel: Improper logic pruning in bpf/verifier.c
#1529125 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864 kernel: various flaws [fedora-all]
#1530269 CVE-2017-17852 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of 32-bit ALU ops
#1530270 CVE-2017-17853 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging incorrect BPF_RSH signed bounds calculations
#1530271 CVE-2017-17854 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging unrestricted integer values for pointer arithmetic
#1530272 CVE-2017-17855 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging improper use of pointers in place of scalars
#1530273 CVE-2017-17856 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging the lack of stack-pointer alignment enforcement
#1530274 CVE-2017-17857 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of invalid variable stack read operations
#1530279 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857 kernel: various flaws [fedora-all]
Test Case kernel regression
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+11
stable threshold: 3
unstable threshold: -3
Autopush
Disabled
Dates
submitted 11 months ago
in testing 11 months ago
in stable 11 months ago
modified 11 months ago

Related Bugs 11

0+1 #1529120 CVE-2017-17864 kernel: information disclosure via pointer leak in kernel/bpf/verifier.c
0+1 #1529123 CVE-2017-17863 kernel: integer overflow in static int check_alu_op function in bpf/verifier.c
0+1 #1529124 CVE-2017-17862 kernel: Improper logic pruning in bpf/verifier.c
0+1 #1529125 CVE-2017-17862 CVE-2017-17863 CVE-2017-17864 kernel: various flaws [fedora-all]
0+1 #1530269 CVE-2017-17852 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of 32-bit ALU ops
0+1 #1530270 CVE-2017-17853 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging incorrect BPF_RSH signed bounds calculations
0+1 #1530271 CVE-2017-17854 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging unrestricted integer values for pointer arithmetic
0+1 #1530272 CVE-2017-17855 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging improper use of pointers in place of scalars
0+1 #1530273 CVE-2017-17856 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging the lack of stack-pointer alignment enforcement
0+1 #1530274 CVE-2017-17857 kernel: bpf/verifier.c allows local users to cause a denial of service by leveraging mishandling of invalid variable stack read operations
0+1 #1530279 CVE-2017-17852 CVE-2017-17853 CVE-2017-17854 CVE-2017-17855 CVE-2017-17856 CVE-2017-17857 kernel: various flaws [fedora-all]

Automated Test Results

Test Cases

-1+6 Test Case kernel regression