ELSA-2022-9590

ELSA-2022-9590 - Unbreakable Enterprise kernel security update

Type:SECURITY
Severity:IMPORTANT
Release Date:2022-07-12

Description


[5.15.0-0.30.20]
- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652}
- x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}


Related CVEs


CVE-2022-1652
CVE-2022-23816
CVE-2022-29901

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) kernel-uek-5.15.0-0.30.20.el8uek.src.rpm543834a0bb38178b5d205b235c0ed212-
bpftool-5.15.0-0.30.20.el8uek.aarch64.rpm74500dda7b75abdb9ae318d192fdb648-
kernel-uek-5.15.0-0.30.20.el8uek.aarch64.rpm080eda2adac876fa6454b320da919db7-
kernel-uek-core-5.15.0-0.30.20.el8uek.aarch64.rpm0837c9345e3c4d668adb1514d51286f0-
kernel-uek-debug-5.15.0-0.30.20.el8uek.aarch64.rpmbc1973ab12a14e19d3bc139034fe98dd-
kernel-uek-debug-core-5.15.0-0.30.20.el8uek.aarch64.rpm1c1765488f7fc1141dd8a0314018ae67-
kernel-uek-debug-devel-5.15.0-0.30.20.el8uek.aarch64.rpm5d526fb7d5fbc21920206a9dd3bfc0e1-
kernel-uek-debug-modules-5.15.0-0.30.20.el8uek.aarch64.rpm96c0492774fd6f5bea15d98c9da62262-
kernel-uek-debug-modules-extra-5.15.0-0.30.20.el8uek.aarch64.rpm80f549431d6c08938a7cc0b53165613d-
kernel-uek-devel-5.15.0-0.30.20.el8uek.aarch64.rpm1e0be5f56b479e9f7f112d0d99882fc4-
kernel-uek-doc-5.15.0-0.30.20.el8uek.noarch.rpmed6f2b65f761ea6f5e324ca2d4e68036-
kernel-uek-modules-5.15.0-0.30.20.el8uek.aarch64.rpm90f405f3e553a839478f040868ec65e4-
kernel-uek-modules-extra-5.15.0-0.30.20.el8uek.aarch64.rpm9d6e303b6999ff0709594ff606405676-
Oracle Linux 8 (x86_64) kernel-uek-5.15.0-0.30.20.el8uek.src.rpm543834a0bb38178b5d205b235c0ed212-
bpftool-5.15.0-0.30.20.el8uek.x86_64.rpm1a5d9bd8f3423ecad4fd1d540e9c8a2a-
kernel-uek-5.15.0-0.30.20.el8uek.x86_64.rpmb277b1c56e9aadde2ac7d7f4a415ca6f-
kernel-uek-core-5.15.0-0.30.20.el8uek.x86_64.rpm87798661f384973149f08bb3c9a33595-
kernel-uek-debug-5.15.0-0.30.20.el8uek.x86_64.rpm7257e911c49776ac3be0231ba1c0a002-
kernel-uek-debug-core-5.15.0-0.30.20.el8uek.x86_64.rpmce6c234b25634410cdedb392a43b8e8c-
kernel-uek-debug-devel-5.15.0-0.30.20.el8uek.x86_64.rpmf1ab19403dc3a5e007796673e66187b3-
kernel-uek-debug-modules-5.15.0-0.30.20.el8uek.x86_64.rpmc558e68ee54a74a172a4f4c067e66dc5-
kernel-uek-debug-modules-extra-5.15.0-0.30.20.el8uek.x86_64.rpmc14d5efa642170443fafb9e97c3befc9-
kernel-uek-devel-5.15.0-0.30.20.el8uek.x86_64.rpm96d4d1a6512521cb744373bd8aa0e6ef-
kernel-uek-doc-5.15.0-0.30.20.el8uek.noarch.rpmed6f2b65f761ea6f5e324ca2d4e68036-
kernel-uek-modules-5.15.0-0.30.20.el8uek.x86_64.rpmc1583525a373b53638613982629612e1-
kernel-uek-modules-extra-5.15.0-0.30.20.el8uek.x86_64.rpm5f840e0761ae00e9de8fc42ebfd64388-
Oracle Linux 9 (aarch64) kernel-uek-5.15.0-0.30.20.el9uek.src.rpmb44bde3c8b09d56fdc920c1fcf415c0c-
bpftool-5.15.0-0.30.20.el9uek.aarch64.rpm2b9074812f818b305bf81042f6f360eb-
kernel-uek-5.15.0-0.30.20.el9uek.aarch64.rpm4c63dc5025cff30963aee21a87ce298e-
kernel-uek-core-5.15.0-0.30.20.el9uek.aarch64.rpm6ac10da8d6fd1bc1ec90954f6e361483-
kernel-uek-debug-5.15.0-0.30.20.el9uek.aarch64.rpm817ff2aad38e6c266826ab4f01117df7-
kernel-uek-debug-core-5.15.0-0.30.20.el9uek.aarch64.rpmcf1ab231b8ce2ae118ea1df9dc604c87-
kernel-uek-debug-devel-5.15.0-0.30.20.el9uek.aarch64.rpm7e73bfc6e8679ba91da2c775eceb2535-
kernel-uek-debug-modules-5.15.0-0.30.20.el9uek.aarch64.rpm838086d019bda5d8ac5d7010c62272de-
kernel-uek-debug-modules-extra-5.15.0-0.30.20.el9uek.aarch64.rpm7e1446d4dc6d166259fce0d0ac872609-
kernel-uek-devel-5.15.0-0.30.20.el9uek.aarch64.rpm8e6b6c5c6f2a35c6a498a2e95dcaf531-
kernel-uek-doc-5.15.0-0.30.20.el9uek.noarch.rpmeeeeb77e2eeb20d81bce8561608241e0-
kernel-uek-modules-5.15.0-0.30.20.el9uek.aarch64.rpmd46a75bc775455521a449593ceae2cab-
kernel-uek-modules-extra-5.15.0-0.30.20.el9uek.aarch64.rpm7fd71b609bbe6bb2b125f159db4c55b1-
Oracle Linux 9 (x86_64) kernel-uek-5.15.0-0.30.20.el9uek.src.rpmb44bde3c8b09d56fdc920c1fcf415c0c-
bpftool-5.15.0-0.30.20.el9uek.x86_64.rpm15107d9279b6bf3345c3c0ee3939e18c-
kernel-uek-5.15.0-0.30.20.el9uek.x86_64.rpm8af0517e2e21dd04f8b2bb0e0823556f-
kernel-uek-core-5.15.0-0.30.20.el9uek.x86_64.rpmeb4e780ecfe9a2ac6e236d71a142abc5-
kernel-uek-debug-5.15.0-0.30.20.el9uek.x86_64.rpmb5fefe78f6e656cbc9b2acbf9ad545de-
kernel-uek-debug-core-5.15.0-0.30.20.el9uek.x86_64.rpm0463a19a6fca6e1485e68b1c45219975-
kernel-uek-debug-devel-5.15.0-0.30.20.el9uek.x86_64.rpm016151039874db93b9f66eec9beca23e-
kernel-uek-debug-modules-5.15.0-0.30.20.el9uek.x86_64.rpm114b0c03e5d8eba90fe5c887cc4b3901-
kernel-uek-debug-modules-extra-5.15.0-0.30.20.el9uek.x86_64.rpmecc16e64108b1f705d11b09f0442dc22-
kernel-uek-devel-5.15.0-0.30.20.el9uek.x86_64.rpm47fb9eddf8809a51940f5eecee16a425-
kernel-uek-doc-5.15.0-0.30.20.el9uek.noarch.rpmeeeeb77e2eeb20d81bce8561608241e0-
kernel-uek-modules-5.15.0-0.30.20.el9uek.x86_64.rpmacb8f61d414380b70ea8594ffd84c89a-
kernel-uek-modules-extra-5.15.0-0.30.20.el9uek.x86_64.rpm46cef0bf2ba847bd3b656dfddf31dca0-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete