ELSA-2022-7337

ULN >
Oracle Linux Errata repository >
ELSA-2022-7337

ELSA-2022-7337 - kernel security and bug fix update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2022-11-03

Description

[3.10.0-1160.80.1.0.1.OL7]
- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}

[3.10.0-1160.80.1.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)

[3.10.0-1160.80.1]
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (Dick Kennedy) [1969988]
- scsi: lpfc: Fix illegal memory access on Abort IOCBs (Dick Kennedy) [1969988]
- NFS: Fix extra call to dput() in nfs_prime_dcache (Benjamin Coddington) [2117856]

[3.10.0-1160.79.1]
- x86/speculation: Add LFENCE to RSB fill sequence (Rafael Aquini) [2115073] {CVE-2022-26373}
- x86/speculation: Protect against userspace-userspace spectreRSB (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: cope with spectre_v2=retpoline cmdline on retbleed-affected Intel CPUs (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- KVM: emulate: do not adjust size of fastop and setcc subroutines (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Disable RRSBA behavior (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kexec: Disable RET on kexec (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu/amd: Enumerate BTC_NO (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/common: Stamp out the stepping madness (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu/amd: Add Spectral Chicken (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Do IBPB fallback check only once (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add retbleed=ibpb (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Report Intel retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Enable STIBP for JMP2RET (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add AMD retbleed= boot parameter (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Report AMD retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Add magic AMD return-thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Use return-thunk in asm code (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/sev: Avoid using __x86_return_thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Fix SETcc emulation for return thunks (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86,objtool: Create .return_sites (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Undo return-thunk damage (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/retpoline: Use -mfunction-return (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Move RETPOLINE flags to word 11 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- objtool: Add ELF writing capability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Prepare asm files for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Prepare inline-asm for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Fix fastop function ELF metadata (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Move kvm_fastop_exception to .fixup section (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/vdso: Fix vDSO build if a retpoline is emitted (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Carve out CQM features retrieval (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Re-tabulate the X86_FEATURE definitions (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeature: Move processor tracing out of scattered features (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/alternatives: Cleanup DPRINTK macro (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}

[3.10.0-1160.78.1]
- net_sched: cls_route: remove from list when handle is 0 (Davide Caratti) [2121809] {CVE-2022-2588}

[3.10.0-1160.77.1]
- net/mlx5: Add Fast teardown support (Jay Shin) [2077711]
- net/mlx5: Free IRQs in shutdown path (Jay Shin) [2077711]
- net/mlx5: Change teardown with force mode failure message to warning (Jay Shin) [2077711]
- net/mlx5: Cancel health poll before sending panic teardown command (Jay Shin) [2077711]
- net/mlx5: Add fast unload support in shutdown flow (Jay Shin) [2077711]
- net/mlx5: Expose command polling interface (Jay Shin) [2077711]
- posix-timers: Remove remaining uses of tasklist_lock (Oleg Nesterov) [2115147]
- posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (Oleg Nesterov) [2115147]
- posix-cpu-timers: remove tasklist_lock in posix_cpu_clock_get() (Oleg Nesterov) [2115147]

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 7 (x86_64)	kernel-3.10.0-1160.80.1.0.1.el7.src.rpm	c79170c5d4072252a11e11ae6546cd944c5c1540bfdfc19e46553b5e0425e126	ELSA-2025-1281	ol7_x86_64_latest
	kernel-3.10.0-1160.80.1.0.1.el7.src.rpm	c79170c5d4072252a11e11ae6546cd944c5c1540bfdfc19e46553b5e0425e126	ELSA-2025-1281	ol7_x86_64_optional_latest
	kernel-3.10.0-1160.80.1.0.1.el7.src.rpm	c79170c5d4072252a11e11ae6546cd944c5c1540bfdfc19e46553b5e0425e126	ELSA-2025-1281	ol7_x86_64_u9_patch
	bpftool-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	58c0e00ed44eb5f28bb59adf6723e90d2742fa49d3dd9bb38cff76339ecdeb59	ELSA-2025-1281	ol7_x86_64_latest
	bpftool-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	58c0e00ed44eb5f28bb59adf6723e90d2742fa49d3dd9bb38cff76339ecdeb59	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	c5ad278f5955ff598ee3731ff94b29c5e84fdf1b3c0782703d43a83704594b6f	ELSA-2025-1281	ol7_x86_64_latest
	kernel-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	c5ad278f5955ff598ee3731ff94b29c5e84fdf1b3c0782703d43a83704594b6f	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-abi-whitelists-3.10.0-1160.80.1.0.1.el7.noarch.rpm	1b6404a37ab7776f2bb08720676ed69b4d92b83cc745836edf7cdc009cd31746	ELSA-2025-1281	ol7_x86_64_latest
	kernel-abi-whitelists-3.10.0-1160.80.1.0.1.el7.noarch.rpm	1b6404a37ab7776f2bb08720676ed69b4d92b83cc745836edf7cdc009cd31746	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-debug-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	897d16349e727f08a3bab1afd1960ed4036545ddeafdc9e428d6d36d341ad184	ELSA-2025-1281	ol7_x86_64_latest
	kernel-debug-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	897d16349e727f08a3bab1afd1960ed4036545ddeafdc9e428d6d36d341ad184	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-debug-devel-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	8c53145af53c12b30798e5fddb34d16d72fbc648db2e6aa4954b5fa5b2b49bf4	ELSA-2025-1281	ol7_x86_64_latest
	kernel-debug-devel-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	8c53145af53c12b30798e5fddb34d16d72fbc648db2e6aa4954b5fa5b2b49bf4	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-devel-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	ea6ae70afb06906c47c90f6039745dfe1fffb62f23f690bb55ea3af72fd72244	ELSA-2025-1281	ol7_x86_64_latest
	kernel-devel-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	ea6ae70afb06906c47c90f6039745dfe1fffb62f23f690bb55ea3af72fd72244	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-doc-3.10.0-1160.80.1.0.1.el7.noarch.rpm	6eff4788f959a88188e29f7680d20b4acc07679dc8235f3c24c84f28e5d389c3	ELSA-2025-1281	ol7_x86_64_latest
	kernel-doc-3.10.0-1160.80.1.0.1.el7.noarch.rpm	6eff4788f959a88188e29f7680d20b4acc07679dc8235f3c24c84f28e5d389c3	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-headers-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	d48171ba2891bc0115fcbed7819994f3e4c42d9c3d775daca9855a0b036ec651	ELSA-2025-1281	exadata_dbserver_21.2.18.0.0_x86_64_base
	kernel-headers-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	d48171ba2891bc0115fcbed7819994f3e4c42d9c3d775daca9855a0b036ec651	ELSA-2025-1281	exadata_dbserver_21.2.19.0.0_x86_64_base
	kernel-headers-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	d48171ba2891bc0115fcbed7819994f3e4c42d9c3d775daca9855a0b036ec651	ELSA-2025-1281	exadata_dbserver_22.1.5.0.0_x86_64_base
	kernel-headers-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	d48171ba2891bc0115fcbed7819994f3e4c42d9c3d775daca9855a0b036ec651	ELSA-2025-1281	exadata_dbserver_22.1.6.0.0_x86_64_base
	kernel-headers-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	d48171ba2891bc0115fcbed7819994f3e4c42d9c3d775daca9855a0b036ec651	ELSA-2025-1281	ol7_x86_64_latest
	kernel-headers-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	d48171ba2891bc0115fcbed7819994f3e4c42d9c3d775daca9855a0b036ec651	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-tools-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	92c6ea889c80393c3bd8c9dabda98516de7a50ad7231cd3679be99ddcb886524	ELSA-2025-1281	exadata_dbserver_21.2.18.0.0_x86_64_base
	kernel-tools-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	92c6ea889c80393c3bd8c9dabda98516de7a50ad7231cd3679be99ddcb886524	ELSA-2025-1281	exadata_dbserver_21.2.19.0.0_x86_64_base
	kernel-tools-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	92c6ea889c80393c3bd8c9dabda98516de7a50ad7231cd3679be99ddcb886524	ELSA-2025-1281	exadata_dbserver_22.1.5.0.0_x86_64_base
	kernel-tools-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	92c6ea889c80393c3bd8c9dabda98516de7a50ad7231cd3679be99ddcb886524	ELSA-2025-1281	exadata_dbserver_22.1.6.0.0_x86_64_base
	kernel-tools-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	92c6ea889c80393c3bd8c9dabda98516de7a50ad7231cd3679be99ddcb886524	ELSA-2025-1281	ol7_x86_64_latest
	kernel-tools-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	92c6ea889c80393c3bd8c9dabda98516de7a50ad7231cd3679be99ddcb886524	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-tools-libs-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	221401d31df7dd153f5814f4fc9438ac6b5be02358fa3b31ab983998e686ec39	ELSA-2025-1281	exadata_dbserver_21.2.18.0.0_x86_64_base
	kernel-tools-libs-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	221401d31df7dd153f5814f4fc9438ac6b5be02358fa3b31ab983998e686ec39	ELSA-2025-1281	exadata_dbserver_21.2.19.0.0_x86_64_base
	kernel-tools-libs-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	221401d31df7dd153f5814f4fc9438ac6b5be02358fa3b31ab983998e686ec39	ELSA-2025-1281	exadata_dbserver_22.1.5.0.0_x86_64_base
	kernel-tools-libs-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	221401d31df7dd153f5814f4fc9438ac6b5be02358fa3b31ab983998e686ec39	ELSA-2025-1281	exadata_dbserver_22.1.6.0.0_x86_64_base
	kernel-tools-libs-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	221401d31df7dd153f5814f4fc9438ac6b5be02358fa3b31ab983998e686ec39	ELSA-2025-1281	ol7_x86_64_latest
	kernel-tools-libs-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	221401d31df7dd153f5814f4fc9438ac6b5be02358fa3b31ab983998e686ec39	ELSA-2025-1281	ol7_x86_64_u9_patch
	kernel-tools-libs-devel-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	62101990d55804ff13ee3419429c5a2984e790608b21d619dde6adc5876598f5	ELSA-2025-1281	ol7_x86_64_optional_latest
	perf-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	2beb012ad19bffd3787bddf6af276d476b53347c3e7092337cb9c6f605f8416f	ELSA-2025-20019	ol7_x86_64_latest
	perf-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	2beb012ad19bffd3787bddf6af276d476b53347c3e7092337cb9c6f605f8416f	ELSA-2025-20019	ol7_x86_64_u9_patch
	python-perf-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	dd47fb3240f18733f9ce82722ad3fab2d28f6d3d287c693aa1d24b34c9f3e757	ELSA-2025-20019	ol7_x86_64_latest
	python-perf-3.10.0-1160.80.1.0.1.el7.x86_64.rpm	dd47fb3240f18733f9ce82722ad3fab2d28f6d3d287c693aa1d24b34c9f3e757	ELSA-2025-20019	ol7_x86_64_u9_patch

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691