Stay Connected:

ELSA-2022-9199

ELSA-2022-9199 - Unbreakable Enterprise kernel security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2022-03-08

Description


[5.4.17-2136.304.4.4]
- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921646]
- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921646]
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921646]
- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921646]
- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921646]
- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921646]
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921646]
- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921646]
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921646]
- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921646]
- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921646]
- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921646]
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921646]
- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921646]
- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921646]
- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921646]
- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921646]
- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921646]
- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921646]
- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921646]
- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921646]
- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921646]
- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921646]
- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921646]
- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921646]
- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921646]
- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921646]
- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921646]
- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921646]
- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921646]
- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921646]
- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921646]
- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33922121] {CVE-2021-26341}
- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}
- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33926314]


Related CVEs


CVE-2021-26341

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 7 (aarch64) kernel-uek-5.4.17-2136.304.4.4.el7uek.src.rpm3c186e400766e9aafcf9b7ff07579337d9f9cdf9f596211459ec8f12f232c997ELSA-2025-20190ol7_aarch64_UEKR6
kernel-uek-5.4.17-2136.304.4.4.el7uek.aarch64.rpme1b282e7ef8b5c0c87c65b87685af8d3f3f7dad761e65459956e6153c3cfc4aeELSA-2025-20190ol7_aarch64_UEKR6
kernel-uek-debug-5.4.17-2136.304.4.4.el7uek.aarch64.rpm0437a40e9096ae688ce9e999ebf400d0fd6dc24d9196d5466fe42e05614f113fELSA-2025-20190ol7_aarch64_UEKR6
kernel-uek-debug-devel-5.4.17-2136.304.4.4.el7uek.aarch64.rpm12e1a22e191dfcc285f1a404b65ed4a6bed3f0d9d2f02b5162d4227175767497ELSA-2025-20190ol7_aarch64_UEKR6
kernel-uek-devel-5.4.17-2136.304.4.4.el7uek.aarch64.rpm363daad1388955587c5554068a1f98eb39f35fc1c2eefe03bb4f92a7818b5c97ELSA-2025-20190ol7_aarch64_UEKR6
kernel-uek-doc-5.4.17-2136.304.4.4.el7uek.noarch.rpm76e874c5de179b23606db7c3e106b5131be1fb20ae6079ea6960895e3b30b7d1ELSA-2025-20190ol7_aarch64_UEKR6
kernel-uek-tools-5.4.17-2136.304.4.4.el7uek.aarch64.rpme4de48626def5f2e145ae80dcdd0fed9cc71469f4be62c428cfab941061c6da9ELSA-2025-20190ol7_aarch64_UEKR6
kernel-uek-tools-libs-5.4.17-2136.304.4.4.el7uek.aarch64.rpm7ddc23d8fa1f28035734331766e4e3dd0a7b614659249abdf51959503c37be7eELSA-2025-20019ol7_aarch64_UEKR6
perf-5.4.17-2136.304.4.4.el7uek.aarch64.rpm97fb40a114ffcee5075b4ce21c4b6ed3be402e6058c411d1a63f473cb7e89795ELSA-2025-20019ol7_aarch64_UEKR6
python-perf-5.4.17-2136.304.4.4.el7uek.aarch64.rpmabcb93587a7562938a924683581cd7839ff9059bdd4173a0bd719b77f78fbd69ELSA-2025-20019ol7_aarch64_UEKR6
Oracle Linux 7 (x86_64) kernel-uek-5.4.17-2136.304.4.4.el7uek.src.rpm3c186e400766e9aafcf9b7ff07579337d9f9cdf9f596211459ec8f12f232c997ELSA-2025-20190ol7_x86_64_UEKR6
kernel-uek-5.4.17-2136.304.4.4.el7uek.x86_64.rpm3c1de9515d953f54c4678c3ca368317357d2490a91bbbd9778598cd210ae87cfELSA-2025-20190ol7_x86_64_UEKR6
kernel-uek-debug-5.4.17-2136.304.4.4.el7uek.x86_64.rpm8643d5e21256634d8065b3efcca8352ce164b04da23e4ecc614a9048eb0ae5ccELSA-2025-20190ol7_x86_64_UEKR6
kernel-uek-debug-devel-5.4.17-2136.304.4.4.el7uek.x86_64.rpm38d0b053dd3bdad1640abe26dfb2d7a2d3a52a3b93dd3c1665a04c1a7b75be94ELSA-2025-20190ol7_x86_64_UEKR6
kernel-uek-devel-5.4.17-2136.304.4.4.el7uek.x86_64.rpmb9ccb48b1dd4b09c42998487ddbf7589abec8a4c2271e8775d1b0b9133a0b1f9ELSA-2025-20190ol7_x86_64_UEKR6
kernel-uek-doc-5.4.17-2136.304.4.4.el7uek.noarch.rpm76e874c5de179b23606db7c3e106b5131be1fb20ae6079ea6960895e3b30b7d1ELSA-2025-20190ol7_x86_64_UEKR6
kernel-uek-tools-5.4.17-2136.304.4.4.el7uek.x86_64.rpm0dd8c8320478db313c2439feca3b18b6a3bbe27d9723f87a42cf4b1ddc8ca578ELSA-2025-20190ol7_x86_64_UEKR6
Oracle Linux 8 (aarch64) kernel-uek-5.4.17-2136.304.4.4.el8uek.src.rpmff43ca0aea17cd292c938bb8c7d89d4b32dcfca23a1bd46cf045fe2733e8e9be-ol8_aarch64_baseos_latest
kernel-uek-5.4.17-2136.304.4.4.el8uek.src.rpmff43ca0aea17cd292c938bb8c7d89d4b32dcfca23a1bd46cf045fe2733e8e9be-ol8_aarch64_u5_baseos_patch
kernel-uek-5.4.17-2136.304.4.4.el8uek.aarch64.rpm7ae25cf56bd3f4a1f4d07ec4925ba1549faeca0dad723a646fee7962d66805cd-ol8_aarch64_baseos_latest
kernel-uek-5.4.17-2136.304.4.4.el8uek.aarch64.rpm7ae25cf56bd3f4a1f4d07ec4925ba1549faeca0dad723a646fee7962d66805cd-ol8_aarch64_u5_baseos_patch
kernel-uek-debug-5.4.17-2136.304.4.4.el8uek.aarch64.rpma67145170b33dd2dbb6484b022a220aa837d296843ffb7cb3907bafcb0100b20-ol8_aarch64_baseos_latest
kernel-uek-debug-5.4.17-2136.304.4.4.el8uek.aarch64.rpma67145170b33dd2dbb6484b022a220aa837d296843ffb7cb3907bafcb0100b20-ol8_aarch64_u5_baseos_patch
kernel-uek-debug-devel-5.4.17-2136.304.4.4.el8uek.aarch64.rpm90f93cc3585b3a47e3c95d56d393d1d3098ee0c0997d076c3cd83a0725e33388-ol8_aarch64_baseos_latest
kernel-uek-debug-devel-5.4.17-2136.304.4.4.el8uek.aarch64.rpm90f93cc3585b3a47e3c95d56d393d1d3098ee0c0997d076c3cd83a0725e33388-ol8_aarch64_u5_baseos_patch
kernel-uek-devel-5.4.17-2136.304.4.4.el8uek.aarch64.rpmeaf1eea00e0c23572bbc383cfb97125284fd8f8f897f5ef37b2d551b7925b90c-ol8_aarch64_baseos_latest
kernel-uek-devel-5.4.17-2136.304.4.4.el8uek.aarch64.rpmeaf1eea00e0c23572bbc383cfb97125284fd8f8f897f5ef37b2d551b7925b90c-ol8_aarch64_u5_baseos_patch
kernel-uek-doc-5.4.17-2136.304.4.4.el8uek.noarch.rpm6d5a2a10e47e0b22430fb0e6388ff7258db251dbf3a51a84bf58d8dbaedfd5d9-ol8_aarch64_baseos_latest
kernel-uek-doc-5.4.17-2136.304.4.4.el8uek.noarch.rpm6d5a2a10e47e0b22430fb0e6388ff7258db251dbf3a51a84bf58d8dbaedfd5d9-ol8_aarch64_u5_baseos_patch
Oracle Linux 8 (x86_64) kernel-uek-5.4.17-2136.304.4.4.el8uek.src.rpmff43ca0aea17cd292c938bb8c7d89d4b32dcfca23a1bd46cf045fe2733e8e9be-ol8_x86_64_UEKR6
kernel-uek-5.4.17-2136.304.4.4.el8uek.x86_64.rpmea41b0eddc2ff0cb3f3aa6053f7847d7dfb812425cfa88d62880cd31161b66c8-ol8_x86_64_UEKR6
kernel-uek-debug-5.4.17-2136.304.4.4.el8uek.x86_64.rpm007a4c54bbe9cf6b3b3019f48688761cc16cf098cbbb0c2e885f09a83ea318fb-ol8_x86_64_UEKR6
kernel-uek-debug-devel-5.4.17-2136.304.4.4.el8uek.x86_64.rpmdb22093c1377b6980ae31234a31c2b92d6f62d70ce78becc531a771d577e8482-ol8_x86_64_UEKR6
kernel-uek-devel-5.4.17-2136.304.4.4.el8uek.x86_64.rpmdef34a951f6456b988d3d035a3368ae7671b0b52c4765a3476de80f915fe5aeb-ol8_x86_64_UEKR6
kernel-uek-doc-5.4.17-2136.304.4.4.el8uek.noarch.rpm6d5a2a10e47e0b22430fb0e6388ff7258db251dbf3a51a84bf58d8dbaedfd5d9-ol8_x86_64_UEKR6



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights