ELSA-2023-7749
- ULN >
- Oracle Linux Errata repository >
- ELSA-2023-7749
ELSA-2023-7749 - kernel security update
| Type: | SECURITY |
| Impact: | IMPORTANT |
| Release Date: | 2023-12-22 |
Description
[5.14.0-362.13.1.el9_3.OL9]
- x86/retpoline: Document some thunk handling aspects (Borislav Petkov) {CVE-2023-20569}
- objtool: Fix return thunk patching in retpolines (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Remove unnecessary semicolon (Yang Li) {CVE-2023-20569}
- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Josh Poimboeuf) {CVE-2023-20569}
- x86/nospec: Refactor UNTRAIN_RET[_*] (Josh Poimboeuf) {CVE-2023-20569}
- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Disentangle rethunk-dependent options (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Josh Poimboeuf) {CVE-2023-20569}
- x86/bugs: Remove default case for fully switched enums (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Remove 'pred_cmd' label (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Unexport untraining functions (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Improve i-cache locality for alias mitigation (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix unret validation dependencies (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix vulnerability reporting for missing microcode (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Print mitigation for retbleed IBPB case (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Print actual mitigation if requested mitigation isn't possible (Josh Poimboeuf) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Josh Poimboeuf) {CVE-2023-20569}
- x86,static_call: Fix static-call vs return-thunk (Peter Zijlstra) {CVE-2023-20569}
- x86/alternatives: Remove faulty optimization (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Don't probe microcode in a guest (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix srso_show_state() side effect (Josh Poimboeuf) {CVE-2023-20569}
- x86/cpu: Fix amd_check_microcode() declaration (Arnd Bergmann) {CVE-2023-20569}
- x86/srso: Correct the mitigation status when SMT is disabled (Borislav Petkov) {CVE-2023-20569}
- x86/static_call: Fix __static_call_fixup() (Peter Zijlstra) {CVE-2023-20569}
- objtool/x86: Fixup frame-pointer vs rethunk (Peter Zijlstra) {CVE-2023-20569}
- x86/srso: Explain the untraining sequences a bit more (Borislav Petkov) {CVE-2023-20569}
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Cleanup the untrain mess (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Rename original retbleed methods (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Clean up SRSO return thunk mess (Peter Zijlstra) {CVE-2023-20569}
- x86/alternative: Make custom return thunk unconditional (Peter Zijlstra) {CVE-2023-20569}
- objtool/x86: Fix SRSO mess (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Fix __x86_return_thunk symbol type (Peter Zijlstra) {CVE-2023-20569}
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Petr Pavlu) {CVE-2023-20569}
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Petr Pavlu) {CVE-2023-20569}
- x86/srso: Disable the mitigation on unaffected configurations (Borislav Petkov) {CVE-2023-20569}
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Borislav Petkov) {CVE-2023-20588}
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Sean Christopherson) {CVE-2023-20569}
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Cristian Ciocaltea) {CVE-2023-20593}
- driver core: cpu: Fix the fallback cpu_show_gds() name (Borislav Petkov) {CVE-2023-20569}
- x86: Move gds_ucode_mitigated() declaration to header (Arnd Bergmann) {CVE-2023-20569}
- x86/speculation: Add cpu_show_gds() prototype (Arnd Bergmann) {CVE-2023-20569}
- driver core: cpu: Make cpu_show_not_affected() static (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Fix build breakage with the LLVM linker (Nick Desaulniers) {CVE-2023-20569}
- Documentation/srso: Document IBPB aspect and fix formatting (Borislav Petkov) {CVE-2023-20569}
- driver core: cpu: Unify redundant silly stubs (Borislav Petkov) {CVE-2023-20569}
- Documentation/hw-vuln: Unify filename specification in index (Borislav Petkov) {CVE-2023-20569}
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Borislav Petkov) {CVE-2023-20588}
- x86/srso: Tie SBPB bit setting to microcode patch detection (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add a forgotten NOENDBR annotation (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Fix return thunks in generated code (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Add IBPB on VMEXIT (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add IBPB (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add SRSO_NO support (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add IBPB_BRTYPE support (Borislav Petkov) {CVE-2023-20569}
- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add a Speculative RAS Overflow mitigation (Borislav Petkov) {CVE-2023-20569}
- x86/retbleed: Add __x86_return_thunk alignment checks (Borislav Petkov) {CVE-2023-20569}
- x86/retbleed: Fix return thunk alignment (Borislav Petkov) {CVE-2023-20569}
- x86/alternative: Optimize returns patching (Borislav Petkov) {CVE-2023-20569}
- x86,objtool: Separate unret validation from unwind hints (Josh Poimboeuf) {CVE-2023-20569}
- objtool: Add objtool_types.h (Josh Poimboeuf) {CVE-2023-20569}
- objtool: Union instruction::{call_dest,jump_table} (Peter Zijlstra) {CVE-2023-20569}
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Peter Zijlstra) {CVE-2023-20569}
- objtool: Fix SEGFAULT (Christophe Leroy) {CVE-2023-20569}
- vmlinux.lds.h: add BOUNDED_SECTION* macros (Jim Cromie) {CVE-2023-20569}
Related CVEs
| CVE-2023-5345 |
| CVE-2023-20569 |
| CVE-2023-1192 |
| CVE-2023-45871 |
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 9 (aarch64) | kernel-5.14.0-362.13.1.el9_3.src.rpm | b078ea9fa3cbf1a60df37c8e0dd8a014e8f9669bd4fbc4c6dc71fbf34b11fb99 | - | ol9_aarch64_appstream |
| kernel-5.14.0-362.13.1.el9_3.src.rpm | b078ea9fa3cbf1a60df37c8e0dd8a014e8f9669bd4fbc4c6dc71fbf34b11fb99 | - | ol9_aarch64_baseos_latest | |
| kernel-5.14.0-362.13.1.el9_3.src.rpm | b078ea9fa3cbf1a60df37c8e0dd8a014e8f9669bd4fbc4c6dc71fbf34b11fb99 | - | ol9_aarch64_codeready_builder | |
| bpftool-7.2.0-362.13.1.el9_3.aarch64.rpm | b1f77cb6d39b9f445b4304bf87bc488838771035b6415eb566abd500ff70b49d | - | ol9_aarch64_baseos_latest | |
| kernel-cross-headers-5.14.0-362.13.1.el9_3.aarch64.rpm | 0315a7a7ad3bc5d2181f44fe8ae0d81c52cc8be87403be6b1770b4e7cac31a3a | - | ol9_aarch64_codeready_builder | |
| kernel-headers-5.14.0-362.13.1.el9_3.aarch64.rpm | 102622d903aff97819334e7f86bb1e272c6b0e0a54064b152cbc69e5e4b3d605 | - | ol9_aarch64_appstream | |
| kernel-tools-5.14.0-362.13.1.el9_3.aarch64.rpm | 980632766f7b0ae586719bee1b1f5dbdb969b257e7d866eccf704730bb4e63f4 | - | ol9_aarch64_baseos_latest | |
| kernel-tools-libs-5.14.0-362.13.1.el9_3.aarch64.rpm | 140693a87eba614930cde0003f485ef38918b00ffcb62036c1aa9f5783efe821 | - | ol9_aarch64_baseos_latest | |
| kernel-tools-libs-devel-5.14.0-362.13.1.el9_3.aarch64.rpm | ca8227e62a7ae3eb4f1e8283fdbc4b7ac46c3b1e24127907be2701b09d3451ae | - | ol9_aarch64_codeready_builder | |
| perf-5.14.0-362.13.1.el9_3.aarch64.rpm | 65036dfaa9aa4921d96a7e3574b59366fc9732d8fa679504ed4728f5247f0911 | - | ol9_aarch64_appstream | |
| python3-perf-5.14.0-362.13.1.el9_3.aarch64.rpm | f88bf4355e3120e95720eea6b7bfc7f26e76e7aa590b3c86732e0487a8aab275 | - | ol9_aarch64_baseos_latest | |
| Oracle Linux 9 (x86_64) | kernel-5.14.0-362.13.1.el9_3.src.rpm | b078ea9fa3cbf1a60df37c8e0dd8a014e8f9669bd4fbc4c6dc71fbf34b11fb99 | - | ol9_x86_64_appstream |
| kernel-5.14.0-362.13.1.el9_3.src.rpm | b078ea9fa3cbf1a60df37c8e0dd8a014e8f9669bd4fbc4c6dc71fbf34b11fb99 | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-362.13.1.el9_3.src.rpm | b078ea9fa3cbf1a60df37c8e0dd8a014e8f9669bd4fbc4c6dc71fbf34b11fb99 | - | ol9_x86_64_codeready_builder | |
| bpftool-7.2.0-362.13.1.el9_3.x86_64.rpm | 6874eac20801f357f3bab8bd6ac79c5f2b60036ef3db55bed07898fe6aad4e85 | - | ol9_x86_64_baseos_latest | |
| kernel-5.14.0-362.13.1.el9_3.x86_64.rpm | 9f3e9f138c592c743b69283ca7927927875384e01f062aec20aff1ebe03764b7 | - | ol9_x86_64_baseos_latest | |
| kernel-abi-stablelists-5.14.0-362.13.1.el9_3.noarch.rpm | 582614087404dbd8e3425c3dece1884a382eb34c9f3b7a74529af72f4af2f3d0 | - | ol9_x86_64_baseos_latest | |
| kernel-core-5.14.0-362.13.1.el9_3.x86_64.rpm | aecef06df7735ee2c652f1800ee2d2cb05eded8e6bfd962840e450231c1fd5a0 | - | ol9_x86_64_baseos_latest | |
| kernel-cross-headers-5.14.0-362.13.1.el9_3.x86_64.rpm | caca67449db65ce4c75f03381c580e7135d3d2038b7a5bf9dac388a5771b3003 | - | ol9_x86_64_codeready_builder | |
| kernel-debug-5.14.0-362.13.1.el9_3.x86_64.rpm | d4c9dd08495bb3cd330e8bbfcdadd866d932209ef0c38d995a74f558e0a87242 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-core-5.14.0-362.13.1.el9_3.x86_64.rpm | 23593d000620dd20fcd4744cd65ec26f2e2b748d5ff01d5f260d540864976368 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-devel-5.14.0-362.13.1.el9_3.x86_64.rpm | 526be6b6420e721bacd3689166b655d637f820889869c19570dc05f750faee4e | - | ol9_x86_64_appstream | |
| kernel-debug-devel-matched-5.14.0-362.13.1.el9_3.x86_64.rpm | 4cfeb3e2e50cba2ca5c5bb9c207a13c6786c17234fd4cf9378297772700383e9 | - | ol9_x86_64_appstream | |
| kernel-debug-modules-5.14.0-362.13.1.el9_3.x86_64.rpm | ec47148ac85dbf528fe48ac33de1e17c52edb356f5315cb490848fe7819ef6af | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-core-5.14.0-362.13.1.el9_3.x86_64.rpm | 3d6b09e75e0b23f302f480fbbe287cb501ee8d4775d4fb068596de38a93a7d49 | - | ol9_x86_64_baseos_latest | |
| kernel-debug-modules-extra-5.14.0-362.13.1.el9_3.x86_64.rpm | 4e7ff467862474f941ffe3b0e70ab6f39c0af6c944588c0023ab5a0a4017cc18 | - | ol9_x86_64_baseos_latest | |
| kernel-devel-5.14.0-362.13.1.el9_3.x86_64.rpm | c425b9fe1c58be8ef735f5956d4968cf98f831323015902da464f69725eff2eb | - | ol9_x86_64_appstream | |
| kernel-devel-matched-5.14.0-362.13.1.el9_3.x86_64.rpm | f0b5e71149f6a40fd77a023ecee7fc0a9680f445c2fc2d86eeadbc359a6dbb18 | - | ol9_x86_64_appstream | |
| kernel-doc-5.14.0-362.13.1.el9_3.noarch.rpm | 19f7b8ce52e43bdbd7a8e9080e54b40c7567d72e261eab6b2f0d670d0b3b7c95 | - | ol9_x86_64_appstream | |
| kernel-headers-5.14.0-362.13.1.el9_3.x86_64.rpm | cb8e7d790391ee27b367c9117c062e15c284571f89ba87afac4b2091ba9b39dd | - | ol9_x86_64_appstream | |
| kernel-modules-5.14.0-362.13.1.el9_3.x86_64.rpm | 0b246c02296954f7da86c4b3b55f72de52fbc2e700f4466767dff5f252a9eb27 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-core-5.14.0-362.13.1.el9_3.x86_64.rpm | 9dd3e54f0ef93d8341307e3a8fb727e4c131de98cb7db07be85acd2f1fb87135 | - | ol9_x86_64_baseos_latest | |
| kernel-modules-extra-5.14.0-362.13.1.el9_3.x86_64.rpm | 745707751c376fe5a51cb0e8ee99dfc48d55e02d6305b24454a9265c8e636b7f | - | ol9_x86_64_baseos_latest | |
| kernel-tools-5.14.0-362.13.1.el9_3.x86_64.rpm | ce61ed075edfc2357299ee88c091041002416521faaffe495bc4d6def62e7c0d | - | ol9_x86_64_baseos_latest | |
| kernel-tools-libs-5.14.0-362.13.1.el9_3.x86_64.rpm | 48a309982540cc25d029f64eb92e0d4f62809c4e9e7fc689c89be5110610910f | - | ol9_x86_64_baseos_latest | |
| kernel-tools-libs-devel-5.14.0-362.13.1.el9_3.x86_64.rpm | f781e5133cb2865b46890a2c0b6ea98f7a37265954c4dd6b0c2cf7921f75557f | - | ol9_x86_64_codeready_builder | |
| perf-5.14.0-362.13.1.el9_3.x86_64.rpm | e84b4af803186a1769e6ca5192fa6356b71e75dbf3fbde0cbcf6ae112d4f2827 | - | ol9_x86_64_appstream | |
| python3-perf-5.14.0-362.13.1.el9_3.x86_64.rpm | 83ba2d5d9002768d4ee5253c06d5e20f62f58067ec6093b8b228759dc4d6b4ce | - | ol9_x86_64_baseos_latest | |
| rtla-5.14.0-362.13.1.el9_3.x86_64.rpm | ecb4038f6a1441426aa5d1fd387fcd46a26c60948ec64d1363a7f9a16d573199 | - | ol9_x86_64_appstream | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
