kernel-3.10.0-693.11.6.el7
エラータID: AXSA:2018-2509:01
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.
Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.
In this update mitigations for x86-64 architecture are provided.
Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important)
Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important)
Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important)
Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue.
Asianux would like to thank Google Project Zero for reporting these issues.
CVE-2017-5715
Systems with microprocessors utilizing speculative execution and
indirect branch prediction may allow unauthorized disclosure of
information to an attacker with local user access via a side-channel
analysis.
CVE-2017-5753
Systems with microprocessors utilizing speculative execution and
branch prediction may allow unauthorized disclosure of information to
an attacker with local user access via a side-channel analysis.
CVE-2017-5754
Systems with microprocessors utilizing speculative execution and
indirect branch prediction may allow unauthorized disclosure of
information to an attacker with local user access via a side-channel
analysis of the data cache.
Update packages.
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.
N/A
SRPMS
- kernel-3.10.0-693.11.6.el7.src.rpm
MD5: b132961c28079b3b523defe58b84539f
SHA-256: e2efaf792cb3bfe3b504884745012b8ab183cce0041fd02d7a4859850e5c7c56
Size: 88.92 MB
Asianux Server 7 for x86_64
- kernel-3.10.0-693.11.6.el7.x86_64.rpm
MD5: 7ffcf9eb64cc3b59ed5a4deeb6f2153e
SHA-256: 7af2a9053e8b6dacfb1fbba778cc4006383fae61f1088426e2d8ba157a42b09b
Size: 42.96 MB - kernel-abi-whitelists-3.10.0-693.11.6.el7.noarch.rpm
MD5: 8f695d5121dcf7c3db9451f119907e7e
SHA-256: afe5268f893ff75377400ac0b80921d71a07f2ef706a072d0e689b72f10be048
Size: 5.06 MB - kernel-debug-3.10.0-693.11.6.el7.x86_64.rpm
MD5: 0f369d13919cfb14b77c6641ae47973d
SHA-256: a464cdcfc7e9f1dec8b21c54c21e33d9942468cc485891b48656ee079be64fce
Size: 44.89 MB - kernel-debug-devel-3.10.0-693.11.6.el7.x86_64.rpm
MD5: ba38c204735e9da387bc166b4b978539
SHA-256: 8bba76e3864bb698d8824b5698dd1c1c3f54e12862fca94d905e1157698e2091
Size: 14.41 MB - kernel-devel-3.10.0-693.11.6.el7.x86_64.rpm
MD5: a31fcc62f69e499ad58d0a733071d269
SHA-256: 3a811634d3f04e07ba3eaa050df598cf76f046917acdb26abf75a030c2f33571
Size: 14.35 MB - kernel-doc-3.10.0-693.11.6.el7.noarch.rpm
MD5: bfd3f8027a6e8dfd6762985db93b6f48
SHA-256: a23a5e1eb0d8c1ab5d045b17fd59bef4207983180b3bdf53357aab882f93c025
Size: 16.23 MB - kernel-headers-3.10.0-693.11.6.el7.x86_64.rpm
MD5: bb129b8184a56a6de44813fb34a4db1f
SHA-256: 6c4665408c2496f6a4af613606e44589045d266689f3cbec2c94d5c8ab43f6d8
Size: 5.98 MB - kernel-tools-3.10.0-693.11.6.el7.x86_64.rpm
MD5: 48ff76d67513568996f9171301600b66
SHA-256: e875f0d7a86ae6e86e556a81473f5801bb03cfbee29c3d028072da09e4054c9d
Size: 5.14 MB - kernel-tools-libs-3.10.0-693.11.6.el7.x86_64.rpm
MD5: c3468df0013b3eec430f6eec21748d75
SHA-256: fe56b34326dd5d47bcf80b8a65f09d5b369289c62967645d572f38833aa43d9e
Size: 5.05 MB - perf-3.10.0-693.11.6.el7.x86_64.rpm
MD5: a8e84f66ea9ff26dc27422afb09ba1ae
SHA-256: dc70138f10e5af56ec41066ea5320189f7e493e71dab2fde2a7f41ab70dc8db1
Size: 6.45 MB - python-perf-3.10.0-693.11.6.el7.x86_64.rpm
MD5: d251238706a8a1eb3a880e8678cbe0bc
SHA-256: 6d12ae12d253fe6ab5f4cc153182d1ee07c76acb041f5cb8e9c14180b51e5389
Size: 5.14 MB