Affecting perf package, versions centos:7: <0:4.14.0-49.13.1.el7a || rhel:7: <0:4.14.0-49.13.1.el7a

Report new vulnerabilities
high severity
Do your applications use this vulnerable package? Test your applications


The kernel-alt packages provide the Linux kernel version 4.x. Security Fix(es): * kernel: Infoleak/use-after-free in __oom_reap_task_mm function in mm/oom_kill.c (CVE-2017-18202) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * Previously, on certain little-endian variants of IBM Power Systems, there was no “sysfs spec_store_bypass” file. As a consequence, there was no way to indicate the Speculative Store Bypass Disable (SSBD) mitigation status. This update adds infrastructure code into the kernel to create the /sys/devices/system/cpu/vulnerabilities/* files. As a result, sysfs spec_store_bypass shows whether the SSBD mitigation is disabled or enabled. (BZ#1602340) * Previously, the kernel architectures for IBM z Systems were missing support to display the status of the Spectre v2 mitigations. As a consequence, the /sys/devices/system/cpu/vulnerabilities/spectre_v2 file did not exist. With this update, the kernel now shows the status in the above mentioned file and as a result, the file now reports either "Vulnerable" or "Mitigation: execute trampolines" message. (BZ#1619667)

Snyk ID
09 Oct, 2018