ELSA-2022-9273
- ULN >
- Oracle Linux Errata repository >
- ELSA-2022-9273
ELSA-2022-9273 - Unbreakable Enterprise kernel security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2022-04-11 |
Description
[5.4.17-2136.306.1.3]
- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34053807] {CVE-2022-1158}
[5.4.17-2136.306.1.2]
- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34045203]
[5.4.17-2136.306.1.1]
- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34035701] {CVE-2022-1016}
- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34035682]
[5.4.17-2136.306.1]
- sr9700: sanity check for packet length (Brian Maly) [Orabug: 33962705] {CVE-2022-26966}
- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) [Orabug: 33835787] {CVE-2021-22600}
- KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains (Krish Sadhukhan) [Orabug: 33921125]
- x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains (Krish Sadhukhan) [Orabug: 33921125]
- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940519]
- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958154] {CVE-2022-24448}
- Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug: 33958240]
- Revert 'btrfs: fix metadata reservation for fallocate that leads to transaction aborts' (Srikanth C S) [Orabug: 33958240]
- ovl: fix WARN_ON nlink drop to zero (Miklos Szeredi) [Orabug: 33687076]
- panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33740420]
- printk: Drop console_sem during panic (Stephen Brennan) [Orabug: 33740420]
- printk: Avoid livelock with heavy printk during panic (Stephen Brennan) [Orabug: 33740420]
- printk: disable optimistic spin during panic (Stephen Brennan) [Orabug: 33740420]
- printk: Add panic_in_progress helper (Stephen Brennan) [Orabug: 33740420]
- sched: Put vcpu preemption idle check into a SCHED_FEAT. (chris hyser) [Orabug: 33806261]
- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820776]
- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840432] {CVE-2022-22942}
- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}
- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}
- ACPI: sysfs: copy ACPI data using io memory copying (Colin Ian King) [Orabug: 33876016]
- Enable CONFIG_DM_DUST and nano for UEK6 (Gulam Mohamed) [Orabug: 33897851]
- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33900748]
- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910799]
- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}
- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}
- bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33919430]
- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925471]
- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921736] {CVE-2022-23960}
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921736] {CVE-2022-23960}
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921736] {CVE-2022-23960}
- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921736] {CVE-2022-23960}
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33941936] {CVE-2021-26401}
- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33917127]
- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}
- ovl: fix WARN_ON nlink drop to zero (Miklos Szeredi) [Orabug: 33687076]
- panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33740420]
- printk: Drop console_sem during panic (Stephen Brennan) [Orabug: 33740420]
- printk: Avoid livelock with heavy printk during panic (Stephen Brennan) [Orabug: 33740420]
- printk: disable optimistic spin during panic (Stephen Brennan) [Orabug: 33740420]
- printk: Add panic_in_progress helper (Stephen Brennan) [Orabug: 33740420]
- sched: Put vcpu preemption idle check into a SCHED_FEAT. (chris hyser) [Orabug: 33806261]
- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820776]
- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840432] {CVE-2022-22942}
- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}
- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}
- ACPI: sysfs: copy ACPI data using io memory copying (Colin Ian King) [Orabug: 33876016]
- Enable CONFIG_DM_DUST and nano for UEK6 (Gulam Mohamed) [Orabug: 33897851]
- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33900748]
- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910799]
- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}
- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}
- bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33919430]
- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925471]
- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921736]
- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921736]
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921736]
- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921736]
- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921736]
- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921736]
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921736]
- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921736]
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921736]
- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921736]
- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921736]
- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921736]
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921736]
- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921736]
- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921736]
- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921736]
- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921736]
- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921736]
- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921736]
- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921736]
- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921736]
- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921736]
- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921736]
- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736]
- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921736]
- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921736]
- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921736]
- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921736]
- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921736]
- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921736]
- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921736]
- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921736]
- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341}
- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341}
- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33941936] {CVE-2021-26341}
- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33941936] {CVE-2021-26341}
- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33941936] {CVE-2021-26341}
- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26341}
- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26341}
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33941936] {CVE-2021-26341}
- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33917127]
- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33941936] {CVE-2021-26341}
- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341}
- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341}
- rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820760]
- rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820760]
- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820760]
Related CVEs
| CVE-2021-26341 |
| CVE-2021-26401 |
| CVE-2022-23960 |
| CVE-2020-36516 |
| CVE-2022-26966 |
| CVE-2022-1016 |
| CVE-2022-1158 |
| CVE-2021-22600 |
| CVE-2022-0617 |
| CVE-2022-24448 |
| CVE-2022-22942 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
| Oracle Linux 7 (aarch64) | kernel-uek-5.4.17-2136.306.1.3.el7uek.src.rpm | 1941e8bbb1247b78ac6e750752b0a8aa | - |
| kernel-uek-5.4.17-2136.306.1.3.el7uek.aarch64.rpm | 27056e092a334eacf8e58104898f4a0f | - | |
| kernel-uek-debug-5.4.17-2136.306.1.3.el7uek.aarch64.rpm | 784d784f94eefd43c5c0d36c99de77aa | - | |
| kernel-uek-debug-devel-5.4.17-2136.306.1.3.el7uek.aarch64.rpm | 9146e546be5830ac60b3f63059ea78bd | - | |
| kernel-uek-devel-5.4.17-2136.306.1.3.el7uek.aarch64.rpm | 7cb5c8f6c9cc78fc748beede6823f604 | - | |
| kernel-uek-doc-5.4.17-2136.306.1.3.el7uek.noarch.rpm | 2299a1942f5339de83769590a00fba44 | - | |
| kernel-uek-tools-5.4.17-2136.306.1.3.el7uek.aarch64.rpm | 95b902ac02bb7deaa5a5ef74837b0e92 | - | |
| kernel-uek-tools-libs-5.4.17-2136.306.1.3.el7uek.aarch64.rpm | 6773a7353125809852c4eaa400c12536 | - | |
| perf-5.4.17-2136.306.1.3.el7uek.aarch64.rpm | 727ca02cb9acda1164b042406151cc1c | - | |
| python-perf-5.4.17-2136.306.1.3.el7uek.aarch64.rpm | 401f305b5275634c85489e5f276e1562 | - | |
| Oracle Linux 7 (x86_64) | kernel-uek-5.4.17-2136.306.1.3.el7uek.src.rpm | 1941e8bbb1247b78ac6e750752b0a8aa | - |
| kernel-uek-5.4.17-2136.306.1.3.el7uek.x86_64.rpm | 0b13408a5f9697c4c24808efb959a864 | - | |
| kernel-uek-debug-5.4.17-2136.306.1.3.el7uek.x86_64.rpm | 88d086f8cc13aa02540fbb535a76ed93 | - | |
| kernel-uek-debug-devel-5.4.17-2136.306.1.3.el7uek.x86_64.rpm | 4348ff82dce58592bd2329a34a80fa63 | - | |
| kernel-uek-devel-5.4.17-2136.306.1.3.el7uek.x86_64.rpm | c03b950d4cba5590ade51c957d17612f | - | |
| kernel-uek-doc-5.4.17-2136.306.1.3.el7uek.noarch.rpm | 2299a1942f5339de83769590a00fba44 | - | |
| kernel-uek-tools-5.4.17-2136.306.1.3.el7uek.x86_64.rpm | 192568327316cde9c3090c3d2f9ce665 | - | |
| Oracle Linux 8 (aarch64) | kernel-uek-5.4.17-2136.306.1.3.el8uek.src.rpm | d627848cf89d83e951c5d23f1fb5f64e | - |
| kernel-uek-5.4.17-2136.306.1.3.el8uek.aarch64.rpm | 15004a21c26a15d09e5f595b86c19f8e | - | |
| kernel-uek-debug-5.4.17-2136.306.1.3.el8uek.aarch64.rpm | 6b73a4a9ed67164dacff175aaeb5396c | - | |
| kernel-uek-debug-devel-5.4.17-2136.306.1.3.el8uek.aarch64.rpm | 86b7ed30fce7dbbe0b992d6b9a386463 | - | |
| kernel-uek-devel-5.4.17-2136.306.1.3.el8uek.aarch64.rpm | 535b2894721a2ddfdbd09ce8388b8af5 | - | |
| kernel-uek-doc-5.4.17-2136.306.1.3.el8uek.noarch.rpm | 3439ee5c301ac3d90a5dbc174906b096 | - | |
| Oracle Linux 8 (x86_64) | kernel-uek-5.4.17-2136.306.1.3.el8uek.src.rpm | d627848cf89d83e951c5d23f1fb5f64e | - |
| kernel-uek-5.4.17-2136.306.1.3.el8uek.x86_64.rpm | f2b77ef557c9b6a6928f3d0033664808 | - | |
| kernel-uek-debug-5.4.17-2136.306.1.3.el8uek.x86_64.rpm | a2b4a5517b8041612d3a2013198895c6 | - | |
| kernel-uek-debug-devel-5.4.17-2136.306.1.3.el8uek.x86_64.rpm | 6bb4751a2ebd73d71c950c8dd383b285 | - | |
| kernel-uek-devel-5.4.17-2136.306.1.3.el8uek.x86_64.rpm | 63f0ea41b46021651bd1e38deaee5d7a | - | |
| kernel-uek-doc-5.4.17-2136.306.1.3.el8uek.noarch.rpm | 3439ee5c301ac3d90a5dbc174906b096 | - | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
