ID

VAR-201801-0826

CVE

CVE-2017-5715

TITLE

CPU hardware utilizing speculative execution may be vulnerable to cache side-channel attacks

DESCRIPTION

Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CPU hardware utilizing speculative execution may be vulnerable to cache timing side-channel analysis. Two vulnerabilities are identified, known as "Variant 3a" and "Variant 4". CPUhardware is a set of firmware that runs in the CPU (Central Processing Unit) for managing and controlling the CPU. The Meltdown vulnerability exists in the CPU processor core, which \"melts\" the security boundary implemented by hardware, allowing low-privileged user-level applications to \"cross-border\" access to system-level memory, causing data leakage. The following products and versions are affected: ARM Cortex-R7; Cortex-R8; Cortex-A8; Cortex-A9; Cortex-A12; Intel Xeon CPU E5-1650 v3, v2, v4 versions; Xeon E3-1265l v2, v3, v4 Version; Xeon E3-1245 v2, v3, v5, v6 versions; Xeon X7542, etc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4188-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso May 01, 2018 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : linux CVE ID : CVE-2017-5715 CVE-2017-5753 CVE-2017-17975 CVE-2017-18193 CVE-2017-18216 CVE-2017-18218 CVE-2017-18222 CVE-2017-18224 CVE-2017-18241 CVE-2017-18257 CVE-2018-1065 CVE-2018-1066 CVE-2018-1068 CVE-2018-1092 CVE-2018-1093 CVE-2018-1108 CVE-2018-5803 CVE-2018-7480 CVE-2018-7566 CVE-2018-7740 CVE-2018-7757 CVE-2018-7995 CVE-2018-8087 CVE-2018-8781 CVE-2018-8822 CVE-2018-10323 CVE-2018-1000199 Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the "retpoline" compiler feature which allows indirect branches to be isolated from speculative execution. CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function. More use sites will be added over time. CVE-2017-17975 Tuba Yavuz reported a use-after-free flaw in the USBTV007 audio-video grabber driver. A local user could use this for denial of service by triggering failure of audio registration. CVE-2017-18193 Yunlei He reported that the f2fs implementation does not properly handle extent trees, allowing a local user to cause a denial of service via an application with multiple threads. CVE-2017-18216 Alex Chen reported that the OCFS2 filesystem failed to hold a necessary lock during nodemanager sysfs file operations, potentially leading to a null pointer dereference. A local user could use this for denial of service. CVE-2017-18218 Jun He reported a user-after-free flaw in the Hisilicon HNS ethernet driver. A local user could use this for denial of service. CVE-2017-18222 It was reported that the Hisilicon Network Subsystem (HNS) driver implementation does not properly handle ethtool private flags. A local user could use this for denial of service or possibly have other impact. CVE-2017-18224 Alex Chen reported that the OCFS2 filesystem omits the use of a semaphore and consequently has a race condition for access to the extent tree during read operations in DIRECT mode. A local user could use this for denial of service. CVE-2017-18241 Yunlei He reported that the f2fs implementation does not properly initialise its state if the "noflush_merge" mount option is used. A local user with access to a filesystem mounted with this option could use this to cause a denial of service. CVE-2017-18257 It was reported that the f2fs implementation is prone to an infinite loop caused by an integer overflow in the __get_data_block() function. A local user can use this for denial of service via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. CVE-2018-1065 The syzkaller tool found a NULL pointer dereference flaw in the netfilter subsystem when handling certain malformed iptables rulesets. A local user with the CAP_NET_RAW or CAP_NET_ADMIN capability (in any user namespace) could use this to cause a denial of service. Debian disables unprivileged user namespaces by default. CVE-2018-1066 Dan Aloni reported to Red Hat that the CIFS client implementation would dereference a null pointer if the server sent an invalid response during NTLMSSP setup negotiation. This could be used by a malicious server for denial of service. CVE-2018-1068 The syzkaller tool found that the 32-bit compatibility layer of ebtables did not sufficiently validate offset values. On a 64-bit kernel, a local user with the CAP_NET_ADMIN capability (in any user namespace) could use this to overwrite kernel memory, possibly leading to privilege escalation. Debian disables unprivileged user namespaces by default. CVE-2018-1092 Wen Xu reported that a crafted ext4 filesystem image would trigger a null dereference when mounted. A local user able to mount arbitrary filesystems could use this for denial of service. CVE-2018-1093 Wen Xu reported that a crafted ext4 filesystem image could trigger an out-of-bounds read in the ext4_valid_block_bitmap() function. A local user able to mount arbitrary filesystems could use this for denial of service. CVE-2018-1108 Jann Horn reported that crng_ready() does not properly handle the crng_init variable states and the RNG could be treated as cryptographically safe too early after system boot. CVE-2018-5803 Alexey Kodanev reported that the SCTP protocol did not range-check the length of chunks to be created. A local or remote user could use this to cause a denial of service. CVE-2018-7480 Hou Tao discovered a double-free flaw in the blkcg_init_queue() function in block/blk-cgroup.c. A local user could use this to cause a denial of service or have other impact. CVE-2018-7566 Fan LongFei reported a race condition in the ALSA (sound) sequencer core, between write and ioctl operations. This could lead to an out-of-bounds access or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. CVE-2018-7740 Nic Losby reported that the hugetlbfs filesystem's mmap operation did not properly range-check the file offset. A local user with access to files on a hugetlbfs filesystem could use this to cause a denial of service. CVE-2018-7757 Jason Yan reported a memory leak in the SAS (Serial-Attached SCSI) subsystem. A local user on a system with SAS devices could use this to cause a denial of service. CVE-2018-7995 Seunghun Han reported a race condition in the x86 MCE (Machine Check Exception) driver. This is unlikely to have any security impact. CVE-2018-8087 A memory leak flaw was found in the hwsim_new_radio_nl() function in the simulated radio testing tool driver for mac80211, allowing a local user to cause a denial of service. CVE-2018-8781 Eyal Itkin reported that the udl (DisplayLink) driver's mmap operation did not properly range-check the file offset. A local user with access to a udl framebuffer device could exploit this to overwrite kernel memory, leading to privilege escalation. CVE-2018-8822 Dr Silvio Cesare of InfoSect reported that the ncpfs client implementation did not validate reply lengths from the server. An ncpfs server could use this to cause a denial of service or remote code execution in the client. CVE-2018-10323 Wen Xu reported a NULL pointer dereference flaw in the xfs_bmapi_write() function triggered when mounting and operating a crafted xfs filesystem image. A local user able to mount arbitrary filesystems could use this for denial of service. CVE-2018-1000199 Andy Lutomirski discovered that the ptrace subsystem did not sufficiently validate hardware breakpoint settings. Local users can use this to cause a denial of service, or possibly for privilege escalation, on x86 (amd64 and i386) and possibly other architectures. For the stable distribution (stretch), these problems have been fixed in version 4.9.88-1. We recommend that you upgrade your linux packages. For the detailed security status of linux please refer to its security tracker page at: https://security-tracker.debian.org/tracker/linux Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlron7dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Se0xAAmR31jrqeEkJhgh7qvKplrko9N27l7FCCrrqsR0cBjKtIpwBkIdm6UxP2 8HBxqK5oy3sUP/ViHBtTUqFlRbLq4fC2DsuJGGqtBk46yML4QOEV2CXA1gyhfSzG ux5Z5nNkLDbzD7jPazbTwMusbQrDItojj6K5aoDVoRjjOpRHRViHv81kRU3KJytX 62f/vnEjxX0xkSOqLKXcUNDczLjcP2VxuKFb3si6w7YyCXq6XYhvoDch92QLJZfD qtDUCKs1sEgWLzhktcYyhck3NGujSfLZuSLGnZowqGqaAvx/lq0sTOliKuPpnG+I HztPR0iYQCuzsDgHbLlwGyuUnf446VRG+u/AP69qk0HqyWwCXqsTJ0rwMX04fXtR 7dR8Y1jbbXaH0+ai9V6c3zdz4UKH5rZOkpIIYSjCxVHUpE2cU4lFXYiWL/qJRBGV 150TtSgyAPBBBJa6cWgApXrHgriGEkZNscH2nmJfg2OBnDwnLJ4CvwNfij7daR8n RlGOlvgKYCI1Ob54kKqvvxQhDrhTiBhti8T64wd2MzsrKLIRdlyTpSrsqK8VIJyg ux1Y01sgA3JqS2XKL52ZTgCJhGkoX68+/se73P+jeRBP/tbNcXB2t2cE6gxIkiTX eZEUmnS5IeoEcr7cYKm3M9GZvBBrVeTaFra3vSgeGDUr0XL2Yu4= =uZGQ -----END PGP SIGNATURE----- . Relevant releases/architectures: Image Updates for RHV-H - noarch 3. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Security Fix(es): An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Note: This issue is present in hardware and cannot be fully fixed via software update. Please refer to References section for further information about this issue and the performance impact. Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important) Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. Red Hat would like to thank Google Project Zero for reporting these issues. 6.6) - x86_64 3. Description: Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm package provides the user-space component for running virtual machines that use KVM. (CVE-2017-5715) Note: This is the qemu-kvm side of the CVE-2017-5715 mitigation. Once all virtual machines have shut down, start them again for this update to take effect. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other domains, bypassing same-origin restrictions. Summary: An update for linux-firmware is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.2 Telco Extended Update Support, Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux ComputeNode EUS (v. 7.3) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch Red Hat Enterprise Linux Server E4S (v. 7.2) - noarch Red Hat Enterprise Linux Server EUS (v. 7.3) - noarch Red Hat Enterprise Linux Server TUS (v. 7.2) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - noarch 3. Description: The linux-firmware packages contain all of the firmware files that are required by various devices to operate. This update supersedes microcode provided by Red Hat with the CVE-2017-5715 (aSpectrea) CPU branch injection vulnerability mitigation. (Historically, Red Hat has provided updated microcode, developed by our microprocessor partners, as a customer convenience.) Further testing has uncovered problems with the microcode provided along with the aSpectrea mitigation that could lead to system instabilities. As a result, Red Hat is providing an microcode update that reverts to the last known good microcode version dated before 03 January 2018. Red Hat strongly recommends that customers contact their hardware provider for the latest microcode updates. IMPORTANT: Customers using Intel Skylake-, Broadwell-, and Haswell-based platforms must obtain and install updated microcode from their hardware vendor immediately. The "Spectre" mitigation requires both an updated kernel from Red Hat and updated microcode from your hardware vendor. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: linux-firmware-20170606-58.gitc990aae.el7_4.src.rpm noarch: iwl100-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl1000-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl105-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl135-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2000-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2030-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl3160-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl3945-firmware-15.32.2.9-58.el7_4.noarch.rpm iwl4965-firmware-228.61.2.24-58.el7_4.noarch.rpm iwl5000-firmware-8.83.5.1_1-58.el7_4.noarch.rpm iwl5150-firmware-8.24.2.2-58.el7_4.noarch.rpm iwl6000-firmware-9.221.4.1-58.el7_4.noarch.rpm iwl6000g2a-firmware-17.168.5.3-58.el7_4.noarch.rpm iwl6000g2b-firmware-17.168.5.2-58.el7_4.noarch.rpm iwl6050-firmware-41.28.5.1-58.el7_4.noarch.rpm iwl7260-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl7265-firmware-22.0.7.0-58.el7_4.noarch.rpm linux-firmware-20170606-58.gitc990aae.el7_4.noarch.rpm Red Hat Enterprise Linux ComputeNode EUS (v. 7.3): Source: linux-firmware-20160830-51.git7534e19.el7_3.src.rpm noarch: iwl100-firmware-39.31.5.1-51.el7_3.noarch.rpm iwl1000-firmware-39.31.5.1-51.el7_3.noarch.rpm iwl105-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl135-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl2000-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl2030-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl3160-firmware-22.0.7.0-51.el7_3.noarch.rpm iwl3945-firmware-15.32.2.9-51.el7_3.noarch.rpm iwl4965-firmware-228.61.2.24-51.el7_3.noarch.rpm iwl5000-firmware-8.83.5.1_1-51.el7_3.noarch.rpm iwl5150-firmware-8.24.2.2-51.el7_3.noarch.rpm iwl6000-firmware-9.221.4.1-51.el7_3.noarch.rpm iwl6000g2a-firmware-17.168.5.3-51.el7_3.noarch.rpm iwl6000g2b-firmware-17.168.5.2-51.el7_3.noarch.rpm iwl6050-firmware-41.28.5.1-51.el7_3.noarch.rpm iwl7260-firmware-22.0.7.0-51.el7_3.noarch.rpm iwl7265-firmware-22.0.7.0-51.el7_3.noarch.rpm linux-firmware-20160830-51.git7534e19.el7_3.noarch.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: linux-firmware-20170606-58.gitc990aae.el7_4.src.rpm noarch: iwl100-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl1000-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl105-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl135-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2000-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2030-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl3160-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl3945-firmware-15.32.2.9-58.el7_4.noarch.rpm iwl4965-firmware-228.61.2.24-58.el7_4.noarch.rpm iwl5000-firmware-8.83.5.1_1-58.el7_4.noarch.rpm iwl5150-firmware-8.24.2.2-58.el7_4.noarch.rpm iwl6000-firmware-9.221.4.1-58.el7_4.noarch.rpm iwl6000g2a-firmware-17.168.5.3-58.el7_4.noarch.rpm iwl6000g2b-firmware-17.168.5.2-58.el7_4.noarch.rpm iwl6050-firmware-41.28.5.1-58.el7_4.noarch.rpm iwl7260-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl7265-firmware-22.0.7.0-58.el7_4.noarch.rpm linux-firmware-20170606-58.gitc990aae.el7_4.noarch.rpm Red Hat Enterprise Linux Server AUS (v. 7.2): Source: linux-firmware-20150904-45.git6ebf5d5.el7_2.src.rpm noarch: iwl100-firmware-39.31.5.1-45.el7_2.noarch.rpm iwl1000-firmware-39.31.5.1-45.el7_2.noarch.rpm iwl105-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl135-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl2000-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl2030-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl3160-firmware-22.0.7.0-45.el7_2.noarch.rpm iwl3945-firmware-15.32.2.9-45.el7_2.noarch.rpm iwl4965-firmware-228.61.2.24-45.el7_2.noarch.rpm iwl5000-firmware-8.83.5.1_1-45.el7_2.noarch.rpm iwl5150-firmware-8.24.2.2-45.el7_2.noarch.rpm iwl6000-firmware-9.221.4.1-45.el7_2.noarch.rpm iwl6000g2a-firmware-17.168.5.3-45.el7_2.noarch.rpm iwl6000g2b-firmware-17.168.5.2-45.el7_2.noarch.rpm iwl6050-firmware-41.28.5.1-45.el7_2.noarch.rpm iwl7260-firmware-22.0.7.0-45.el7_2.noarch.rpm iwl7265-firmware-22.0.7.0-45.el7_2.noarch.rpm linux-firmware-20150904-45.git6ebf5d5.el7_2.noarch.rpm Red Hat Enterprise Linux Server E4S (v. 7.2): Source: linux-firmware-20150904-45.git6ebf5d5.el7_2.src.rpm noarch: iwl100-firmware-39.31.5.1-45.el7_2.noarch.rpm iwl1000-firmware-39.31.5.1-45.el7_2.noarch.rpm iwl105-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl135-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl2000-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl2030-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl3160-firmware-22.0.7.0-45.el7_2.noarch.rpm iwl3945-firmware-15.32.2.9-45.el7_2.noarch.rpm iwl4965-firmware-228.61.2.24-45.el7_2.noarch.rpm iwl5000-firmware-8.83.5.1_1-45.el7_2.noarch.rpm iwl5150-firmware-8.24.2.2-45.el7_2.noarch.rpm iwl6000-firmware-9.221.4.1-45.el7_2.noarch.rpm iwl6000g2a-firmware-17.168.5.3-45.el7_2.noarch.rpm iwl6000g2b-firmware-17.168.5.2-45.el7_2.noarch.rpm iwl6050-firmware-41.28.5.1-45.el7_2.noarch.rpm iwl7260-firmware-22.0.7.0-45.el7_2.noarch.rpm iwl7265-firmware-22.0.7.0-45.el7_2.noarch.rpm linux-firmware-20150904-45.git6ebf5d5.el7_2.noarch.rpm Red Hat Enterprise Linux Server TUS (v. 7.2): Source: linux-firmware-20150904-45.git6ebf5d5.el7_2.src.rpm noarch: iwl100-firmware-39.31.5.1-45.el7_2.noarch.rpm iwl1000-firmware-39.31.5.1-45.el7_2.noarch.rpm iwl105-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl135-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl2000-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl2030-firmware-18.168.6.1-45.el7_2.noarch.rpm iwl3160-firmware-22.0.7.0-45.el7_2.noarch.rpm iwl3945-firmware-15.32.2.9-45.el7_2.noarch.rpm iwl4965-firmware-228.61.2.24-45.el7_2.noarch.rpm iwl5000-firmware-8.83.5.1_1-45.el7_2.noarch.rpm iwl5150-firmware-8.24.2.2-45.el7_2.noarch.rpm iwl6000-firmware-9.221.4.1-45.el7_2.noarch.rpm iwl6000g2a-firmware-17.168.5.3-45.el7_2.noarch.rpm iwl6000g2b-firmware-17.168.5.2-45.el7_2.noarch.rpm iwl6050-firmware-41.28.5.1-45.el7_2.noarch.rpm iwl7260-firmware-22.0.7.0-45.el7_2.noarch.rpm iwl7265-firmware-22.0.7.0-45.el7_2.noarch.rpm linux-firmware-20150904-45.git6ebf5d5.el7_2.noarch.rpm Red Hat Enterprise Linux Server EUS (v. 7.3): Source: linux-firmware-20160830-51.git7534e19.el7_3.src.rpm noarch: iwl100-firmware-39.31.5.1-51.el7_3.noarch.rpm iwl1000-firmware-39.31.5.1-51.el7_3.noarch.rpm iwl105-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl135-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl2000-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl2030-firmware-18.168.6.1-51.el7_3.noarch.rpm iwl3160-firmware-22.0.7.0-51.el7_3.noarch.rpm iwl3945-firmware-15.32.2.9-51.el7_3.noarch.rpm iwl4965-firmware-228.61.2.24-51.el7_3.noarch.rpm iwl5000-firmware-8.83.5.1_1-51.el7_3.noarch.rpm iwl5150-firmware-8.24.2.2-51.el7_3.noarch.rpm iwl6000-firmware-9.221.4.1-51.el7_3.noarch.rpm iwl6000g2a-firmware-17.168.5.3-51.el7_3.noarch.rpm iwl6000g2b-firmware-17.168.5.2-51.el7_3.noarch.rpm iwl6050-firmware-41.28.5.1-51.el7_3.noarch.rpm iwl7260-firmware-22.0.7.0-51.el7_3.noarch.rpm iwl7265-firmware-22.0.7.0-51.el7_3.noarch.rpm linux-firmware-20160830-51.git7534e19.el7_3.noarch.rpm Red Hat Enterprise Linux Server (v. 7): Source: linux-firmware-20170606-58.gitc990aae.el7_4.src.rpm noarch: iwl100-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl1000-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl105-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl135-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2000-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2030-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl3160-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl3945-firmware-15.32.2.9-58.el7_4.noarch.rpm iwl4965-firmware-228.61.2.24-58.el7_4.noarch.rpm iwl5000-firmware-8.83.5.1_1-58.el7_4.noarch.rpm iwl5150-firmware-8.24.2.2-58.el7_4.noarch.rpm iwl6000-firmware-9.221.4.1-58.el7_4.noarch.rpm iwl6000g2a-firmware-17.168.5.3-58.el7_4.noarch.rpm iwl6000g2b-firmware-17.168.5.2-58.el7_4.noarch.rpm iwl6050-firmware-41.28.5.1-58.el7_4.noarch.rpm iwl7260-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl7265-firmware-22.0.7.0-58.el7_4.noarch.rpm linux-firmware-20170606-58.gitc990aae.el7_4.noarch.rpm Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7): Source: linux-firmware-20170606-58.gitc990aae.el7_4.src.rpm noarch: iwl100-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl1000-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl105-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl135-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2000-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2030-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl3160-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl3945-firmware-15.32.2.9-58.el7_4.noarch.rpm iwl4965-firmware-228.61.2.24-58.el7_4.noarch.rpm iwl5000-firmware-8.83.5.1_1-58.el7_4.noarch.rpm iwl5150-firmware-8.24.2.2-58.el7_4.noarch.rpm iwl6000-firmware-9.221.4.1-58.el7_4.noarch.rpm iwl6000g2a-firmware-17.168.5.3-58.el7_4.noarch.rpm iwl6000g2b-firmware-17.168.5.2-58.el7_4.noarch.rpm iwl6050-firmware-41.28.5.1-58.el7_4.noarch.rpm iwl7260-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl7265-firmware-22.0.7.0-58.el7_4.noarch.rpm linux-firmware-20170606-58.gitc990aae.el7_4.noarch.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: linux-firmware-20170606-58.gitc990aae.el7_4.src.rpm noarch: iwl100-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl1000-firmware-39.31.5.1-58.el7_4.noarch.rpm iwl105-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl135-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2000-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl2030-firmware-18.168.6.1-58.el7_4.noarch.rpm iwl3160-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl3945-firmware-15.32.2.9-58.el7_4.noarch.rpm iwl4965-firmware-228.61.2.24-58.el7_4.noarch.rpm iwl5000-firmware-8.83.5.1_1-58.el7_4.noarch.rpm iwl5150-firmware-8.24.2.2-58.el7_4.noarch.rpm iwl6000-firmware-9.221.4.1-58.el7_4.noarch.rpm iwl6000g2a-firmware-17.168.5.3-58.el7_4.noarch.rpm iwl6000g2b-firmware-17.168.5.2-58.el7_4.noarch.rpm iwl6050-firmware-41.28.5.1-58.el7_4.noarch.rpm iwl7260-firmware-22.0.7.0-58.el7_4.noarch.rpm iwl7265-firmware-22.0.7.0-58.el7_4.noarch.rpm linux-firmware-20170606-58.gitc990aae.el7_4.noarch.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/speculativeexecution https://access.redhat.com/security/cve/CVE-2017-5715 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2018 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFaXncBXlSAg2UNWIIRAtYfAKCfEHxjgLYls9QYIF/FrJPQWAu5mgCgkwVp auhGTN4XjBc6+TS+7HEUZvA= =zRtn -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3777-3 October 23, 2018 linux-azure vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-azure: Linux kernel for Microsoft Azure Cloud systems Details: USN-3777-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 %LTS. This update provides the corresponding updates for the Linux kernel for Azure Cloud systems. (CVE-2018-17182) It was discovered that the paravirtualization implementation in the Linux kernel did not properly handle some indirect calls, reducing the effectiveness of Spectre v2 mitigations for paravirtual guests. An attacker could use this to expose sensitive information. This flaw is known as Spectre. (CVE-2017-5715) It was discovered that a stack-based buffer overflow existed in the iSCSI target implementation of the Linux kernel. (CVE-2018-6554) It was discovered that a use-after-free vulnerability existed in the IRDA implementation in the Linux kernel. (CVE-2018-6555) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: linux-image-4.15.0-1025-azure 4.15.0-1025.26 linux-image-azure 4.15.0.1025.25 Ubuntu 16.04 LTS: linux-image-4.15.0-1025-azure 4.15.0-1025.26~16.04.1 linux-image-azure 4.15.0.1025.31 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Note: the current version of the following document is available here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: hpesbhf03805en_us Version: 4 HPESBHF03805 rev.4 - Certain HPE products using Microprocessors from Intel, AMD, and ARM, with Speculative Execution, Elevation of Privilege and Information Disclosure. NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2018-01-10 Last Updated: 2018-01-09 Potential Security Impact: Local: Disclosure of Information, Elevation of Privilege Source: Hewlett Packard Enterprise, Product Security Response Team VULNERABILITY SUMMARY On January 3 2018, side-channel security vulnerabilities involving speculative execution were publicly disclosed. These vulnerabilities may impact the listed HPE products, potentially leading to information disclosure and elevation of privilege. Mitigation and resolution of these vulnerabilities may call for both an operating system update, provided by the OS vendor, and a system ROM update from HPE. **Note:** * This issue takes advantage of techniques commonly used in many modern processor architectures. * For further information, microprocessor vendors have provided security advisories: - Intel: <https://security-center.intel.com/advisory.aspx?intelid=intel-sa-00088&langu geid=en-fr> - AMD: <http://www.amd.com/en/corporate/speculative-execution> - ARM: <https://developer.arm.com/support/security-update> References: - PSRT110634 - PSRT110633 - PSRT110632 - CVE-2017-5715 - aka Spectre, branch target injection - CVE-2017-5753 - aka Spectre, bounds check bypass - CVE-2017-5754 - aka Meltdown, rogue data cache load, memory access permission check performed after kernel memory read SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. - HPE ProLiant DL380 Gen10 Server prior to v1.28 - HPE ProLiant DL180 Gen10 Server prior to v1.28 - HPE ProLiant DL160 Gen10 Server prior to v1.28 - HPE ProLiant DL360 Gen10 Server prior to v1.28 - HPE ProLiant ML110 Gen10 Server prior to v1.28 - HPE ProLiant DL580 Gen10 Server prior to v1.28 - HPE ProLiant DL560 Gen10 Server prior to v1.28 - HPE ProLiant DL120 Gen10 Server prior to v1.28 - HPE ProLiant ML350 Gen10 Server prior to v1.28 - HPE ProLiant XL450 Gen10 Server prior to v1.28 - HPE ProLiant XL170r Gen10 Server prior to v1.28 - HPE ProLiant BL460c Gen10 Server Blade prior to v1.28 - HPE ProLiant XL230a Gen9 Server prior to v2.54 - HPE ProLiant XL230k Gen10 Server prior to v1.28 - HPE ProLiant XL730f Gen9 Server prior to v2.54 - HPE ProLiant XL740f Gen9 Server prior to v2.54 - HPE ProLiant XL750f Gen9 Server prior to v2.54 - HPE ProLiant XL170r Gen9 Server prior to v2.54 - HP ProLiant DL60 Gen9 Server prior to v2.54 - HPE ProLiant XL450 Gen9 Server prior to v2.54 - HP ProLiant DL160 Gen9 Server prior to v2.54 - HPE Apollo 4200 Gen9 Server prior to v2.54 - HP ProLiant BL460c Gen9 Server Blade prior to v2.54 - HP ProLiant ML110 Gen9 Server prior to v2.54 - HP ProLiant ML150 Gen9 Server prior to v2.54 - HPE ProLiant ML350 Gen9 Server prior to v2.54 - HP ProLiant DL380 Gen9 Server prior to v2.54 - HP ProLiant DL120 Gen9 Server prior to v2.54 - HPE ProLiant DL560 Gen9 Server prior to v2.54 - HPE ProLiant XL270d Gen9 Special Server prior to v2.54 - HP ProLiant BL660c Gen9 Server prior to v2.54 - HPE ProLiant m710x Server Cartridge prior to v1.60 - HPE ProLiant DL20 Gen9 Server prior to v2.52 - HPE ProLiant DL385 Gen10 Server prior to v1.04 - HPE Synergy 660 Gen9 Compute Module prior to v2.54 - HPE Synergy 480 Gen10 Compute Module prior to v1.28 - HPE Synergy 480 Gen9 Compute Module prior to v2.54 - HPE ProLiant ML30 Gen9 Server prior to v2.52 - HPE ProLiant XL190r Gen10 Server prior to v1.28 - HPE ProLiant XL250a Gen9 Server prior to v2.54 - HPE ProLiant XL190r Gen9 Server prior to v2.54 - HP ProLiant DL80 Gen9 Server prior to v2.54 - HPE ProLiant DL180 Gen9 Server prior to v2.54 - HPE ProLiant XL270d Gen9 Accelerator Tray 2U Configure-to-order Server prior to v2.54 - HPE ProLiant WS460c Gen9 Workstation prior to v2.54 - HPE ProLiant DL580 Gen9 Special Server prior to v2.54 - HPE Synergy 680 Gen9 Compute Modules prior to v2.54 - HPE ProLiant XL260a Gen9 Server prior to 1/22/2018 - HPE ProLiant m510 Server Cartridge prior to 1/22/2018 - HPE ProLiant m710p Server Cartridge prior to 12/12/2017 - HP ProLiant m350 Server Cartridge prior to 12/12/2017 - HP ProLiant m300 Server Cartridge prior to 12/12/2017 - HP ProLiant ML350e Gen8 Server prior to 12/12/2017 - HPE ProLiant ML350e Gen8 v2 Server prior to 12/12/2017 - HP ProLiant BL460c Gen8 Server prior to 12/12/2017 - HP ProLiant BL660c Gen8 Server prior to 12/12/2017 - HPE ProLiant SL4540 Gen8 1 Node Server prior to 12/12/2017 - HP ProLiant DL380e Gen8 Server prior to 12/12/2017 - HP ProLiant DL360e Gen8 Server prior to 12/12/2017 - HP ProLiant ML350p Gen8 Server prior to 12/12/2017 - HP ProLiant DL360p Gen8 Server prior to 12/12/2017 - HP ProLiant DL380p Gen8 Server prior to 12/12/2017 - HP ProLiant DL320e Gen8 Server prior to 12/12/2017 - HPE ProLiant DL320e Gen8 v2 Server prior to 12/12/2017 - HP ProLiant ML310e Gen8 Server prior to 12/12/2017 - HPE ProLiant ML310e Gen8 v2 Server prior to 12/12/2017 - HP ProLiant DL160 Gen8 Server prior to 12/12/2017 - HP ProLiant SL270s Gen8 Server prior to 12/12/2017 - HP ProLiant SL250s Gen8 Server prior to 12/12/2017 - HP ProLiant SL230s Gen8 Server prior to 12/12/2017 - HP ProLiant DL560 Gen8 Server prior to 12/12/2017 - HPE ProLiant SL210t Gen8 Server prior to 12/12/2017 - HP ProLiant DL580 Gen8 Server prior to 12/12/2017 (v1.98) - HP ProLiant ML10 Server prior to 12/12/2017 - HP ProLiant m710 Server Cartridge prior to 12/12/2017 (v1.60) - HPE Synergy Composer prior to 12/12/2017 - HPE Integrity Superdome X with BL920s Blades prior to 8.8.6 - HPE Superdome Flex Server prior to 2.3.110 - HP ProLiant DL360 Gen9 Server prior to v2.54 - HPE Synergy 620 Gen9 Compute Module prior to v2.54 - HPE ProLiant Thin Micro TM200 Server prior to 1/16/2017 - HPE ProLiant ML350 Gen10 Server prior to v1.28 - HP ProLiant BL420c Gen8 Server prior to 12/12/2017 - HPE ProLiant ML10 v2 Server prior to 12/12/2017 - HPE ProLiant MicroServer Gen8 prior to 12/12/2017 - HPE Synergy 660 Gen10 Compute Module prior to v1.28 BACKGROUND CVSS Base Metrics ================= Reference, CVSS V3 Score/Vector, CVSS V2 Score/Vector CVE-2017-5715 8.2 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N 6.8 (AV:A/AC:L/Au:N/C:C/I:P/A:N) CVE-2017-5753 5.0 CVSS:3.0/AV:A/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L 5.4 (AV:A/AC:M/Au:N/C:P/I:P/A:P) CVE-2017-5754 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 7.8 (AV:N/AC:L/Au:N/C:C/I:N/A:N) Information on CVSS is documented in HPE Customer Notice HPSN-2008-002 here: https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c01345499 RESOLUTION HPE has made the following system ROM updates which include an updated microcode to resolve the vulnerability: * HPE has provided a customer bulletin <https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00039267en_us> with specific instructions to obtain the udpated sytem ROM - Note: + CVE-2017-5715 requires that the System ROM be updated and a vendor supplied operating system update be applied as well. + For CVE-2017-5753, CVE-2017-5754 require only updates of a vendor supplied operating system. + HPE will continue to add additional products to the list. Not all listed products have updated system ROMs yet. Impacted products awaiting system ROM updates are marked TBS (to be supplied). HISTORY Version:1 (rev.1) - 4 January 2018 Initial release Version:2 (rev.2) - 5 January 2018 Added additional impacted products Version:3 (rev.3) - 10 January 2018 Added more impacted products Version:4 (rev.4) - 9 January 2018 Fixed product ID Third Party Security Patches: Third party security patches that are to be installed on systems running Hewlett Packard Enterprise (HPE) software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HPE Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hpe.com. Report: To report a potential security vulnerability for any HPE supported product: Web form: https://www.hpe.com/info/report-security-vulnerability Email: security-alert@hpe.com Subscribe: To initiate a subscription to receive future HPE Security Bulletin alerts via Email: http://www.hpe.com/support/Subscriber_Choice Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://www.hpe.com/support/Security_Bulletin_Archive Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HPE General Software HF = HPE Hardware and Firmware MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PV = ProCurve ST = Storage Software UX = HP-UX Copyright 2016 Hewlett Packard Enterprise Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits; damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett Packard Enterprise and the names of Hewlett Packard Enterprise products referenced herein are trademarks of Hewlett Packard Enterprise in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. This update provides mitigations for the i386 (CVE-2017-5753 only), amd64, ppc64el, and s390x architectures. On i386 and amd64 architectures, the IBRS and IBPB features are required to enable the kernel mitigations. Ubuntu is working with Intel and AMD to provide future microcode updates that implement IBRS and IBPB as they are made available. Ubuntu users with a processor from a different vendor should contact the vendor to identify necessary firmware updates. Ubuntu will provide corresponding QEMU updates in the future for users of self-hosted virtual environments in coordination with upstream QEMU. Ubuntu users in cloud environments should contact the cloud provider to confirm that the hypervisor has been updated to expose the new CPU features to virtual machines. On amd64 and i386, new CPU models that match the updated microcode features were added with an -IBRS suffix. Certain environments will require guests to be switched manually to the new CPU models after microcode updates have been applied to the host

IOT TAXONOMY

AFFECTED PRODUCTS