Type: | SECURITY |
Severity: | IMPORTANT |
Release Date: | 2022-03-08 |
[5.4.17-2136.304.4.4]
- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921646]
- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921646]
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921646]
- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921646]
- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921646]
- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921646]
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921646]
- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921646]
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921646]
- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921646]
- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921646]
- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921646]
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921646]
- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921646]
- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921646]
- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921646]
- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921646]
- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921646]
- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921646]
- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921646]
- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921646]
- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921646]
- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921646]
- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921646]
- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921646]
- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921646]
- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921646]
- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921646]
- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921646]
- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921646]
- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921646]
- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921646]
- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33922121] {CVE-2021-26341}
- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}
- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33922121] {CVE-2021-26341}
- bpf: Add kconfig knob for disabling unpriv bpf by default (Daniel Borkmann) [Orabug: 33926314]
CVE-2021-26341 |
Release/Architecture | Filename | MD5sum | Superseded By Advisory |
Oracle Linux 7 (aarch64) | kernel-uek-5.4.17-2136.304.4.4.el7uek.src.rpm | aa7f82376bac14aee086dc244adfdd6b | - |
kernel-uek-5.4.17-2136.304.4.4.el7uek.aarch64.rpm | 2dd0552e65be45faafad26fa6b17cdd9 | - | |
kernel-uek-debug-5.4.17-2136.304.4.4.el7uek.aarch64.rpm | dd06a5ad2b8320eb529087a482a0c90f | - | |
kernel-uek-debug-devel-5.4.17-2136.304.4.4.el7uek.aarch64.rpm | 5463728cb72968ff990a3c0d2a179b49 | - | |
kernel-uek-devel-5.4.17-2136.304.4.4.el7uek.aarch64.rpm | ae5e3d95fe1f9a2b3cc0b6f523d48ebb | - | |
kernel-uek-doc-5.4.17-2136.304.4.4.el7uek.noarch.rpm | 69952d93203baa80d997cb94a9717fd6 | - | |
kernel-uek-tools-5.4.17-2136.304.4.4.el7uek.aarch64.rpm | 7ff08f6c6d676f63ec251c4803bc36c9 | - | |
kernel-uek-tools-libs-5.4.17-2136.304.4.4.el7uek.aarch64.rpm | 270290d29d21dbe292a6959c862877c1 | - | |
perf-5.4.17-2136.304.4.4.el7uek.aarch64.rpm | e1e3486f0a71519b063fc13e50691a9f | - | |
python-perf-5.4.17-2136.304.4.4.el7uek.aarch64.rpm | 70fe1c1c924e937fdcf0461016b2b66b | - | |
Oracle Linux 7 (x86_64) | kernel-uek-5.4.17-2136.304.4.4.el7uek.src.rpm | aa7f82376bac14aee086dc244adfdd6b | - |
kernel-uek-5.4.17-2136.304.4.4.el7uek.x86_64.rpm | 153bfe6f9cee3bd450d9b8f0a2be0af2 | - | |
kernel-uek-debug-5.4.17-2136.304.4.4.el7uek.x86_64.rpm | 60a56683c34915793f7996cbfe16c6ea | - | |
kernel-uek-debug-devel-5.4.17-2136.304.4.4.el7uek.x86_64.rpm | d9703d52685f898b0432050eb5e9737a | - | |
kernel-uek-devel-5.4.17-2136.304.4.4.el7uek.x86_64.rpm | f15654ad94d26db7155b16853e76e904 | - | |
kernel-uek-doc-5.4.17-2136.304.4.4.el7uek.noarch.rpm | 69952d93203baa80d997cb94a9717fd6 | - | |
kernel-uek-tools-5.4.17-2136.304.4.4.el7uek.x86_64.rpm | 0162e3e300be36d4f774bcf3d6505cfb | - | |
Oracle Linux 8 (x86_64) | kernel-uek-5.4.17-2136.304.4.4.el8uek.src.rpm | c10c27b71195956a2dbbbeb8ea263727 | - |
kernel-uek-5.4.17-2136.304.4.4.el8uek.x86_64.rpm | d8382f8f45566f96e92ef188578c781d | - | |
kernel-uek-debug-5.4.17-2136.304.4.4.el8uek.x86_64.rpm | 7bb6c651f098cca8c0899cf83840252e | - | |
kernel-uek-debug-devel-5.4.17-2136.304.4.4.el8uek.x86_64.rpm | dc696af14b8afa131d68a974bfc5a9c2 | - | |
kernel-uek-devel-5.4.17-2136.304.4.4.el8uek.x86_64.rpm | bd0a84210512083d875dac02b21ab17a | - | |
kernel-uek-doc-5.4.17-2136.304.4.4.el8uek.noarch.rpm | ad8c7e9f294d7989e57139cd31f17dec | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team