ELSA-2022-7337

ELSA-2022-7337 - kernel security and bug fix update

Type:SECURITY
Severity:IMPORTANT
Release Date:2022-11-03

Description


[3.10.0-1160.80.1.0.1.OL7]
- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}

[3.10.0-1160.80.1.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)

[3.10.0-1160.80.1]
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (Dick Kennedy) [1969988]
- scsi: lpfc: Fix illegal memory access on Abort IOCBs (Dick Kennedy) [1969988]
- NFS: Fix extra call to dput() in nfs_prime_dcache (Benjamin Coddington) [2117856]

[3.10.0-1160.79.1]
- x86/speculation: Add LFENCE to RSB fill sequence (Rafael Aquini) [2115073] {CVE-2022-26373}
- x86/speculation: Protect against userspace-userspace spectreRSB (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: cope with spectre_v2=retpoline cmdline on retbleed-affected Intel CPUs (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- KVM: emulate: do not adjust size of fastop and setcc subroutines (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Disable RRSBA behavior (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kexec: Disable RET on kexec (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu/amd: Enumerate BTC_NO (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/common: Stamp out the stepping madness (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu/amd: Add Spectral Chicken (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Do IBPB fallback check only once (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add retbleed=ibpb (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Report Intel retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Enable STIBP for JMP2RET (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add AMD retbleed= boot parameter (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Report AMD retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Add magic AMD return-thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Use return-thunk in asm code (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/sev: Avoid using __x86_return_thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Fix SETcc emulation for return thunks (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86,objtool: Create .return_sites (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Undo return-thunk damage (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/retpoline: Use -mfunction-return (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Move RETPOLINE flags to word 11 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- objtool: Add ELF writing capability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Prepare asm files for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Prepare inline-asm for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Fix fastop function ELF metadata (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Move kvm_fastop_exception to .fixup section (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/vdso: Fix vDSO build if a retpoline is emitted (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Carve out CQM features retrieval (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Re-tabulate the X86_FEATURE definitions (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeature: Move processor tracing out of scattered features (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/alternatives: Cleanup DPRINTK macro (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}

[3.10.0-1160.78.1]
- net_sched: cls_route: remove from list when handle is 0 (Davide Caratti) [2121809] {CVE-2022-2588}

[3.10.0-1160.77.1]
- net/mlx5: Add Fast teardown support (Jay Shin) [2077711]
- net/mlx5: Free IRQs in shutdown path (Jay Shin) [2077711]
- net/mlx5: Change teardown with force mode failure message to warning (Jay Shin) [2077711]
- net/mlx5: Cancel health poll before sending panic teardown command (Jay Shin) [2077711]
- net/mlx5: Add fast unload support in shutdown flow (Jay Shin) [2077711]
- net/mlx5: Expose command polling interface (Jay Shin) [2077711]
- posix-timers: Remove remaining uses of tasklist_lock (Oleg Nesterov) [2115147]
- posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (Oleg Nesterov) [2115147]
- posix-cpu-timers: remove tasklist_lock in posix_cpu_clock_get() (Oleg Nesterov) [2115147]


Related CVEs


CVE-2022-2588
CVE-2022-26373
CVE-2022-23816
CVE-2022-29901
CVE-2022-23825
CVE-2022-29900

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (x86_64) kernel-3.10.0-1160.80.1.0.1.el7.src.rpm27bc1ac064b11dac5a1ed5fdb5359e2d-
bpftool-3.10.0-1160.80.1.0.1.el7.x86_64.rpmcb580cd6e27a6d3a1f5537c0a45a79e0-
kernel-3.10.0-1160.80.1.0.1.el7.x86_64.rpm4318cbfd81499b27fdaab32fd4b8560a-
kernel-abi-whitelists-3.10.0-1160.80.1.0.1.el7.noarch.rpm38fbaa456e3ef88b5b517325bddbb2ae-
kernel-debug-3.10.0-1160.80.1.0.1.el7.x86_64.rpm596b73c8282a674b25ea3e7ce8835c70-
kernel-debug-devel-3.10.0-1160.80.1.0.1.el7.x86_64.rpm44c5d9c56dee9d6b686b5125c1bfbba8-
kernel-devel-3.10.0-1160.80.1.0.1.el7.x86_64.rpm9c6e784f2d8732b3a6486d8c85239fb9-
kernel-doc-3.10.0-1160.80.1.0.1.el7.noarch.rpm967632bdf3cbcfbc80f09a7a64fc2878-
kernel-headers-3.10.0-1160.80.1.0.1.el7.x86_64.rpmd7b3ce6afc54c071d539a07feaf6275c-
kernel-tools-3.10.0-1160.80.1.0.1.el7.x86_64.rpma03a96e0e7db8b6d7c74a8a7a64f8b68-
kernel-tools-libs-3.10.0-1160.80.1.0.1.el7.x86_64.rpmc638d6f9f9ce34040a352e457b223d76-
kernel-tools-libs-devel-3.10.0-1160.80.1.0.1.el7.x86_64.rpm65c191a962f2b2e769f726d52e48f11b-
perf-3.10.0-1160.80.1.0.1.el7.x86_64.rpm75b21f06fb54512f3c1c766816340ff5-
python-perf-3.10.0-1160.80.1.0.1.el7.x86_64.rpmcce73b3f36d9bffe64d8b316eb295519-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete