ELSA-2022-9590

ULN >
Oracle Linux Errata repository >
ELSA-2022-9590

ELSA-2022-9590 - Unbreakable Enterprise kernel security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2022-07-12

Description

[5.15.0-0.30.20]
- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652}
- x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}

Related CVEs

CVE-2022-1652

CVE-2022-23816

CVE-2022-29901

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	kernel-uek-5.15.0-0.30.20.el8uek.src.rpm	543834a0bb38178b5d205b235c0ed212	-
	bpftool-5.15.0-0.30.20.el8uek.aarch64.rpm	74500dda7b75abdb9ae318d192fdb648	-
	kernel-uek-5.15.0-0.30.20.el8uek.aarch64.rpm	080eda2adac876fa6454b320da919db7	-
	kernel-uek-core-5.15.0-0.30.20.el8uek.aarch64.rpm	0837c9345e3c4d668adb1514d51286f0	-
	kernel-uek-debug-5.15.0-0.30.20.el8uek.aarch64.rpm	bc1973ab12a14e19d3bc139034fe98dd	-
	kernel-uek-debug-core-5.15.0-0.30.20.el8uek.aarch64.rpm	1c1765488f7fc1141dd8a0314018ae67	-
	kernel-uek-debug-devel-5.15.0-0.30.20.el8uek.aarch64.rpm	5d526fb7d5fbc21920206a9dd3bfc0e1	-
	kernel-uek-debug-modules-5.15.0-0.30.20.el8uek.aarch64.rpm	96c0492774fd6f5bea15d98c9da62262	-
	kernel-uek-debug-modules-extra-5.15.0-0.30.20.el8uek.aarch64.rpm	80f549431d6c08938a7cc0b53165613d	-
	kernel-uek-devel-5.15.0-0.30.20.el8uek.aarch64.rpm	1e0be5f56b479e9f7f112d0d99882fc4	-
	kernel-uek-doc-5.15.0-0.30.20.el8uek.noarch.rpm	ed6f2b65f761ea6f5e324ca2d4e68036	-
	kernel-uek-modules-5.15.0-0.30.20.el8uek.aarch64.rpm	90f405f3e553a839478f040868ec65e4	-
	kernel-uek-modules-extra-5.15.0-0.30.20.el8uek.aarch64.rpm	9d6e303b6999ff0709594ff606405676	-

Oracle Linux 8 (x86_64)	kernel-uek-5.15.0-0.30.20.el8uek.src.rpm	543834a0bb38178b5d205b235c0ed212	-
	bpftool-5.15.0-0.30.20.el8uek.x86_64.rpm	1a5d9bd8f3423ecad4fd1d540e9c8a2a	-
	kernel-uek-5.15.0-0.30.20.el8uek.x86_64.rpm	b277b1c56e9aadde2ac7d7f4a415ca6f	-
	kernel-uek-core-5.15.0-0.30.20.el8uek.x86_64.rpm	87798661f384973149f08bb3c9a33595	-
	kernel-uek-debug-5.15.0-0.30.20.el8uek.x86_64.rpm	7257e911c49776ac3be0231ba1c0a002	-
	kernel-uek-debug-core-5.15.0-0.30.20.el8uek.x86_64.rpm	ce6c234b25634410cdedb392a43b8e8c	-
	kernel-uek-debug-devel-5.15.0-0.30.20.el8uek.x86_64.rpm	f1ab19403dc3a5e007796673e66187b3	-
	kernel-uek-debug-modules-5.15.0-0.30.20.el8uek.x86_64.rpm	c558e68ee54a74a172a4f4c067e66dc5	-
	kernel-uek-debug-modules-extra-5.15.0-0.30.20.el8uek.x86_64.rpm	c14d5efa642170443fafb9e97c3befc9	-
	kernel-uek-devel-5.15.0-0.30.20.el8uek.x86_64.rpm	96d4d1a6512521cb744373bd8aa0e6ef	-
	kernel-uek-doc-5.15.0-0.30.20.el8uek.noarch.rpm	ed6f2b65f761ea6f5e324ca2d4e68036	-
	kernel-uek-modules-5.15.0-0.30.20.el8uek.x86_64.rpm	c1583525a373b53638613982629612e1	-
	kernel-uek-modules-extra-5.15.0-0.30.20.el8uek.x86_64.rpm	5f840e0761ae00e9de8fc42ebfd64388	-

Oracle Linux 9 (aarch64)	kernel-uek-5.15.0-0.30.20.el9uek.src.rpm	b44bde3c8b09d56fdc920c1fcf415c0c	-
	bpftool-5.15.0-0.30.20.el9uek.aarch64.rpm	2b9074812f818b305bf81042f6f360eb	-
	kernel-uek-5.15.0-0.30.20.el9uek.aarch64.rpm	4c63dc5025cff30963aee21a87ce298e	-
	kernel-uek-core-5.15.0-0.30.20.el9uek.aarch64.rpm	6ac10da8d6fd1bc1ec90954f6e361483	-
	kernel-uek-debug-5.15.0-0.30.20.el9uek.aarch64.rpm	817ff2aad38e6c266826ab4f01117df7	-
	kernel-uek-debug-core-5.15.0-0.30.20.el9uek.aarch64.rpm	cf1ab231b8ce2ae118ea1df9dc604c87	-
	kernel-uek-debug-devel-5.15.0-0.30.20.el9uek.aarch64.rpm	7e73bfc6e8679ba91da2c775eceb2535	-
	kernel-uek-debug-modules-5.15.0-0.30.20.el9uek.aarch64.rpm	838086d019bda5d8ac5d7010c62272de	-
	kernel-uek-debug-modules-extra-5.15.0-0.30.20.el9uek.aarch64.rpm	7e1446d4dc6d166259fce0d0ac872609	-
	kernel-uek-devel-5.15.0-0.30.20.el9uek.aarch64.rpm	8e6b6c5c6f2a35c6a498a2e95dcaf531	-
	kernel-uek-doc-5.15.0-0.30.20.el9uek.noarch.rpm	eeeeb77e2eeb20d81bce8561608241e0	-
	kernel-uek-modules-5.15.0-0.30.20.el9uek.aarch64.rpm	d46a75bc775455521a449593ceae2cab	-
	kernel-uek-modules-extra-5.15.0-0.30.20.el9uek.aarch64.rpm	7fd71b609bbe6bb2b125f159db4c55b1	-

Oracle Linux 9 (x86_64)	kernel-uek-5.15.0-0.30.20.el9uek.src.rpm	b44bde3c8b09d56fdc920c1fcf415c0c	-
	bpftool-5.15.0-0.30.20.el9uek.x86_64.rpm	15107d9279b6bf3345c3c0ee3939e18c	-
	kernel-uek-5.15.0-0.30.20.el9uek.x86_64.rpm	8af0517e2e21dd04f8b2bb0e0823556f	-
	kernel-uek-core-5.15.0-0.30.20.el9uek.x86_64.rpm	eb4e780ecfe9a2ac6e236d71a142abc5	-
	kernel-uek-debug-5.15.0-0.30.20.el9uek.x86_64.rpm	b5fefe78f6e656cbc9b2acbf9ad545de	-
	kernel-uek-debug-core-5.15.0-0.30.20.el9uek.x86_64.rpm	0463a19a6fca6e1485e68b1c45219975	-
	kernel-uek-debug-devel-5.15.0-0.30.20.el9uek.x86_64.rpm	016151039874db93b9f66eec9beca23e	-
	kernel-uek-debug-modules-5.15.0-0.30.20.el9uek.x86_64.rpm	114b0c03e5d8eba90fe5c887cc4b3901	-
	kernel-uek-debug-modules-extra-5.15.0-0.30.20.el9uek.x86_64.rpm	ecc16e64108b1f705d11b09f0442dc22	-
	kernel-uek-devel-5.15.0-0.30.20.el9uek.x86_64.rpm	47fb9eddf8809a51940f5eecee16a425	-
	kernel-uek-doc-5.15.0-0.30.20.el9uek.noarch.rpm	eeeeb77e2eeb20d81bce8561608241e0	-
	kernel-uek-modules-5.15.0-0.30.20.el9uek.x86_64.rpm	acb8f61d414380b70ea8594ffd84c89a	-
	kernel-uek-modules-extra-5.15.0-0.30.20.el9uek.x86_64.rpm	46cef0bf2ba847bd3b656dfddf31dca0	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691