Upgrade rt kernel patch to CentOS7.6 3.10.0-957.12.2
New set of CVEs was reported against Intel CPUs: CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.
For these CVEs there are RH and CentOS updates available.
CVE-2018-12126:
Microarchitectural Store Buffer Data Sampling (MSBDS):
Store buffers on some microprocessors utilizing speculative
execution may allow an authenticated user to potentially
enable information disclosure via a side channel with local access.
A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12127:
Microarchitectural Load Port Data Sampling (MLPDS):
Load ports on some microprocessors utilizing speculative execution
may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. A list of impacted
products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2018-12130:
Microarchitectural Fill Buffer Data Sampling (MFBDS):
Fill buffers on some microprocessors utilizing speculative execution
may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. A list of impacted
products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
CVE-2019-11091:
Microarchitectural Data Sampling Uncacheable Memory(MDSUM):
Uncacheable memory on some microprocessors utilizing speculative
execution may allow an authenticated user to potentially enable
information disclosure via a side channel with local access.
A list of impacted products can be found here: https://www.intel.com/content/dam/www/public/us/en/documents/
corporate-information/SA00233-microcode-update-guidance_05132019.pdf
These are from the http://cve.mitre.org website.
These are the MDS security CVEs.
The patch is modified as follows:
1.Delete the 929-931 line of the arch/x86/kernel/cpu/cacheinfo.c
file,
because starlingx's Porting-Cacheinfo-from-Kernel-4.10.17.patch
removes the ici_cpuid4_info structure.
2.Except for the modification of the file in 1, the other patches
only modify the line number.
Reviewed: https:/ /review. opendev. org/663094 /git.openstack. org/cgit/ starlingx/ integ/commit/ ?id=d4aebcaf913 d3e53b45cac830c 7cfca0b2871bd8
Committed: https:/
Submitter: Zuul
Branch: master
commit d4aebcaf913d3e5 3b45cac830c7cfc a0b2871bd8
Author: zhiguo.zhang <email address hidden>
Date: Wed Jun 5 00:16:44 2019 +0800
Upgrade rt kernel patch to CentOS7.6 3.10.0-957.12.2
New set of CVEs was reported against Intel CPUs: CVE-2018-12126,
CVE-2018-12127, CVE-2018-12130 and CVE-2019-11091.
For these CVEs there are RH and CentOS updates available.
CVE-2018-12126: ectural Store Buffer Data Sampling (MSBDS): /www.intel. com/content/ dam/www/ public/ us/en/documents / information/ SA00233- microcode- update- guidance_ 05132019. pdf
Microarchit
Store buffers on some microprocessors utilizing speculative
execution may allow an authenticated user to potentially
enable information disclosure via a side channel with local access.
A list of impacted products can be found here:
https:/
corporate-
CVE-2018-12127: ectural Load Port Data Sampling (MLPDS): /www.intel. com/content/ dam/www/ public/ us/en/documents / information/ SA00233- microcode- update- guidance_ 05132019. pdf
Microarchit
Load ports on some microprocessors utilizing speculative execution
may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. A list of impacted
products can be found here:
https:/
corporate-
CVE-2018-12130: ectural Fill Buffer Data Sampling (MFBDS): /www.intel. com/content/ dam/www/ public/ us/en/documents / information/ SA00233- microcode- update- guidance_ 05132019. pdf
Microarchit
Fill buffers on some microprocessors utilizing speculative execution
may allow an authenticated user to potentially enable information
disclosure via a side channel with local access. A list of impacted
products can be found here:
https:/
corporate-
CVE-2019-11091: ectural Data Sampling Uncacheable Memory(MDSUM): /www.intel. com/content/ dam/www/ public/ us/en/documents / information/ SA00233- microcode- update- guidance_ 05132019. pdf
Microarchit
Uncacheable memory on some microprocessors utilizing speculative
execution may allow an authenticated user to potentially enable
information disclosure via a side channel with local access.
A list of impacted products can be found here:
https:/
corporate-
These are from the http:// cve.mitre. org website.
These are the MDS security CVEs.
The patch is modified as follows: kernel/ cpu/cacheinfo. c Cacheinfo- from-Kernel- 4.10.17. patch
1.Delete the 929-931 line of the arch/x86/
file,
because starlingx's Porting-
removes the ici_cpuid4_info structure.
2.Except for the modification of the file in 1, the other patches
only modify the line number.
Closes-Bug: 1830487 /review. opendev. org/663071 5b4fc3ab19d5399 86e77c8c0d3
Depends-On: https:/
Change-Id: I16ac63df21eeb8
Signed-off-by: zhiguo.zhang <email address hidden>