ELSA-2023-7749
- ULN >
- Oracle Linux Errata repository >
- ELSA-2023-7749
ELSA-2023-7749 - kernel security update
| Type: | SECURITY |
| Severity: | IMPORTANT |
| Release Date: | 2023-12-22 |
Description
[5.14.0-362.13.1.el9_3.OL9]
- x86/retpoline: Document some thunk handling aspects (Borislav Petkov) {CVE-2023-20569}
- objtool: Fix return thunk patching in retpolines (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Remove unnecessary semicolon (Yang Li) {CVE-2023-20569}
- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Josh Poimboeuf) {CVE-2023-20569}
- x86/nospec: Refactor UNTRAIN_RET[_*] (Josh Poimboeuf) {CVE-2023-20569}
- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Disentangle rethunk-dependent options (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Josh Poimboeuf) {CVE-2023-20569}
- x86/bugs: Remove default case for fully switched enums (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Remove 'pred_cmd' label (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Unexport untraining functions (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Improve i-cache locality for alias mitigation (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix unret validation dependencies (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix vulnerability reporting for missing microcode (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Print mitigation for retbleed IBPB case (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Print actual mitigation if requested mitigation isn't possible (Josh Poimboeuf) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Josh Poimboeuf) {CVE-2023-20569}
- x86,static_call: Fix static-call vs return-thunk (Peter Zijlstra) {CVE-2023-20569}
- x86/alternatives: Remove faulty optimization (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Don't probe microcode in a guest (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix srso_show_state() side effect (Josh Poimboeuf) {CVE-2023-20569}
- x86/cpu: Fix amd_check_microcode() declaration (Arnd Bergmann) {CVE-2023-20569}
- x86/srso: Correct the mitigation status when SMT is disabled (Borislav Petkov) {CVE-2023-20569}
- x86/static_call: Fix __static_call_fixup() (Peter Zijlstra) {CVE-2023-20569}
- objtool/x86: Fixup frame-pointer vs rethunk (Peter Zijlstra) {CVE-2023-20569}
- x86/srso: Explain the untraining sequences a bit more (Borislav Petkov) {CVE-2023-20569}
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Cleanup the untrain mess (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Rename original retbleed methods (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Clean up SRSO return thunk mess (Peter Zijlstra) {CVE-2023-20569}
- x86/alternative: Make custom return thunk unconditional (Peter Zijlstra) {CVE-2023-20569}
- objtool/x86: Fix SRSO mess (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Fix __x86_return_thunk symbol type (Peter Zijlstra) {CVE-2023-20569}
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Petr Pavlu) {CVE-2023-20569}
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Petr Pavlu) {CVE-2023-20569}
- x86/srso: Disable the mitigation on unaffected configurations (Borislav Petkov) {CVE-2023-20569}
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Borislav Petkov) {CVE-2023-20588}
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Sean Christopherson) {CVE-2023-20569}
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Cristian Ciocaltea) {CVE-2023-20593}
- driver core: cpu: Fix the fallback cpu_show_gds() name (Borislav Petkov) {CVE-2023-20569}
- x86: Move gds_ucode_mitigated() declaration to header (Arnd Bergmann) {CVE-2023-20569}
- x86/speculation: Add cpu_show_gds() prototype (Arnd Bergmann) {CVE-2023-20569}
- driver core: cpu: Make cpu_show_not_affected() static (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Fix build breakage with the LLVM linker (Nick Desaulniers) {CVE-2023-20569}
- Documentation/srso: Document IBPB aspect and fix formatting (Borislav Petkov) {CVE-2023-20569}
- driver core: cpu: Unify redundant silly stubs (Borislav Petkov) {CVE-2023-20569}
- Documentation/hw-vuln: Unify filename specification in index (Borislav Petkov) {CVE-2023-20569}
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Borislav Petkov) {CVE-2023-20588}
- x86/srso: Tie SBPB bit setting to microcode patch detection (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add a forgotten NOENDBR annotation (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Fix return thunks in generated code (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Add IBPB on VMEXIT (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add IBPB (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add SRSO_NO support (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add IBPB_BRTYPE support (Borislav Petkov) {CVE-2023-20569}
- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add a Speculative RAS Overflow mitigation (Borislav Petkov) {CVE-2023-20569}
- x86/retbleed: Add __x86_return_thunk alignment checks (Borislav Petkov) {CVE-2023-20569}
- x86/retbleed: Fix return thunk alignment (Borislav Petkov) {CVE-2023-20569}
- x86/alternative: Optimize returns patching (Borislav Petkov) {CVE-2023-20569}
- x86,objtool: Separate unret validation from unwind hints (Josh Poimboeuf) {CVE-2023-20569}
- objtool: Add objtool_types.h (Josh Poimboeuf) {CVE-2023-20569}
- objtool: Union instruction::{call_dest,jump_table} (Peter Zijlstra) {CVE-2023-20569}
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Peter Zijlstra) {CVE-2023-20569}
- objtool: Fix SEGFAULT (Christophe Leroy) {CVE-2023-20569}
- vmlinux.lds.h: add BOUNDED_SECTION* macros (Jim Cromie) {CVE-2023-20569}
Related CVEs
| CVE-2023-5345 |
| CVE-2023-20569 |
| CVE-2023-1192 |
| CVE-2023-45871 |
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | kernel-5.14.0-362.13.1.el9_3.src.rpm | 079921fc9fa124b636b236e7db4f16dc | - | ol9_aarch64_appstream |
| kernel-5.14.0-362.13.1.el9_3.src.rpm | 079921fc9fa124b636b236e7db4f16dc | - | ol9_aarch64_baseos_latest | |
| kernel-5.14.0-362.13.1.el9_3.src.rpm | 079921fc9fa124b636b236e7db4f16dc | - | ol9_aarch64_codeready_builder | |
| bpftool-7.2.0-362.13.1.el9_3.aarch64.rpm | 864bcf2fda3858799788c02a0b9abccf | - | ol9_aarch64_baseos_latest | |
| kernel-cross-headers-5.14.0-362.13.1.el9_3.aarch64.rpm | 23a33978902d3439a2a5a145cb81adf3 | - | ol9_aarch64_codeready_builder | |
| kernel-headers-5.14.0-362.13.1.el9_3.aarch64.rpm | 7f2e4523180b14b987224e20e07f5f98 | - | ol9_aarch64_appstream | |
| kernel-tools-5.14.0-362.13.1.el9_3.aarch64.rpm | 73a606b05fc9ef1b4b796fd61f06c1a2 | - | ol9_aarch64_baseos_latest | |
| kernel-tools-libs-5.14.0-362.13.1.el9_3.aarch64.rpm | 6ffc13068efc259f78d7fd0147812aaa | - | ol9_aarch64_baseos_latest | |
| kernel-tools-libs-devel-5.14.0-362.13.1.el9_3.aarch64.rpm | 7cf5869bda22ef8e213cbff7b0fe0438 | - | ol9_aarch64_codeready_builder | |
| perf-5.14.0-362.13.1.el9_3.aarch64.rpm | e8410faa044c4c11aced7c5fff947878 | - | ol9_aarch64_appstream | |
| python3-perf-5.14.0-362.13.1.el9_3.aarch64.rpm | dc6f81da065f71ad850a5366ad5872a2 | - | ol9_aarch64_baseos_latest | |
| Oracle Linux 9 (x86_64) | kernel-5.14.0-362.13.1.el9_3.src.rpm | 079921fc9fa124b636b236e7db4f16dc | - | ol9_x86_64_appstream |
| kernel-5.14.0-362.13.1.el9_3.src.rpm | 079921fc9fa124b636b236e7db4f16dc | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-362.13.1.el9_3.src.rpm | 079921fc9fa124b636b236e7db4f16dc | - | ol9_x86_64_codeready_builder | |
| bpftool-7.2.0-362.13.1.el9_3.x86_64.rpm | 67e4056ebb548bf01f0ec7e4b6c0bca0 | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-362.13.1.el9_3.x86_64.rpm | 8244f2bfd046b5d84819d783d3017cc1 | - | ol9_x86_64_baseos_latest | |
| kernel-abi-stablelists-5.14.0-362.13.1.el9_3.noarch.rpm | 646a464f36dc044a40b5ae4d0f280da0 | - | ol9_x86_64_baseos_latest | |
| kernel-core-5.14.0-362.13.1.el9_3.x86_64.rpm | c413a943231dfe7490d1a49b4335682e | - | ol9_x86_64_baseos_latest | |
| kernel-cross-headers-5.14.0-362.13.1.el9_3.x86_64.rpm | 837bf79fd0c11a49306c59cb06250353 | - | ol9_x86_64_codeready_builder | |
| kernel-debug-5.14.0-362.13.1.el9_3.x86_64.rpm | af41b2776dc2cc350f47b2080a54cc2d | - | ol9_x86_64_baseos_latest | |
| kernel-debug-core-5.14.0-362.13.1.el9_3.x86_64.rpm | 93daf128f8851d824845e6783434b9c7 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-devel-5.14.0-362.13.1.el9_3.x86_64.rpm | ff7c72c09c9c0d1c09c6cfeb03862493 | - | ol9_x86_64_appstream | |
| kernel-debug-devel-matched-5.14.0-362.13.1.el9_3.x86_64.rpm | bc3c151a62d2a8561f5b8efadc8eca14 | - | ol9_x86_64_appstream | |
| kernel-debug-modules-5.14.0-362.13.1.el9_3.x86_64.rpm | dc2f4d54897c6e9868bad8c42d43b52f | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-core-5.14.0-362.13.1.el9_3.x86_64.rpm | 39e75d012d9f1e559f8870e0466e397c | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-extra-5.14.0-362.13.1.el9_3.x86_64.rpm | 552e4655d5e4089c73815b1bedfa9be4 | - | ol9_x86_64_baseos_latest | |
| kernel-devel-5.14.0-362.13.1.el9_3.x86_64.rpm | aa2da60a0069c7c8d3eb36c36de7e39f | - | ol9_x86_64_appstream | |
| kernel-devel-matched-5.14.0-362.13.1.el9_3.x86_64.rpm | 9ac40b43f38b5264768e3a0052cbad67 | - | ol9_x86_64_appstream | |
| kernel-doc-5.14.0-362.13.1.el9_3.noarch.rpm | 7b3050f3649eac7729be2f3851c70b87 | - | ol9_x86_64_appstream | |
| kernel-headers-5.14.0-362.13.1.el9_3.x86_64.rpm | f3a09bc3e12954db739c3d97404b8f72 | - | ol9_x86_64_appstream | |
| kernel-modules-5.14.0-362.13.1.el9_3.x86_64.rpm | 527be7154a0d110b942ad1bfbd643af0 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-core-5.14.0-362.13.1.el9_3.x86_64.rpm | d88610f03f79118ec1a2177e5384708a | - | ol9_x86_64_baseos_latest | |
| kernel-modules-extra-5.14.0-362.13.1.el9_3.x86_64.rpm | 8ae0b7800dbb1773851ec310938185d2 | - | ol9_x86_64_baseos_latest | |
| kernel-tools-5.14.0-362.13.1.el9_3.x86_64.rpm | 014b60653cca9d832e0b9e830ac1f9e0 | - | ol9_x86_64_baseos_latest | |
| kernel-tools-libs-5.14.0-362.13.1.el9_3.x86_64.rpm | 2a3d3bda02e476d4a3552da2f38b9d43 | - | ol9_x86_64_baseos_latest | |
| kernel-tools-libs-devel-5.14.0-362.13.1.el9_3.x86_64.rpm | 949f76140e04c4585603ce5796719c8d | - | ol9_x86_64_codeready_builder | |
| perf-5.14.0-362.13.1.el9_3.x86_64.rpm | 14d907810369ec307395eeb1f34cc5a7 | - | ol9_x86_64_appstream | |
| python3-perf-5.14.0-362.13.1.el9_3.x86_64.rpm | 342867c7b5b31287c6d4ba67161777f5 | - | ol9_x86_64_baseos_latest | |
| rtla-5.14.0-362.13.1.el9_3.x86_64.rpm | bf0e6d8c8926d008923195e3fbcba90f | - | ol9_x86_64_appstream | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
