[ELSA-2022-7337] kernel security and bug fix update
[3.10.0-1160.80.1.0.1.OL7]
- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}
[3.10.0-1160.80.1.OL7]
- Update Oracle Linux certificates (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9
- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)
[3.10.0-1160.80.1]
- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (Dick Kennedy) [1969988]
- scsi: lpfc: Fix illegal memory access on Abort IOCBs (Dick Kennedy) [1969988]
- NFS: Fix extra call to dput() in nfs_prime_dcache (Benjamin Coddington) [2117856]
[3.10.0-1160.79.1]
- x86/speculation: Add LFENCE to RSB fill sequence (Rafael Aquini) [2115073] {CVE-2022-26373}
- x86/speculation: Protect against userspace-userspace spectreRSB (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: cope with spectre_v2=retpoline cmdline on retbleed-affected Intel CPUs (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- KVM: emulate: do not adjust size of fastop and setcc subroutines (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/speculation: Disable RRSBA behavior (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kexec: Disable RET on kexec (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu/amd: Enumerate BTC_NO (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/common: Stamp out the stepping madness (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu/amd: Add Spectral Chicken (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Do IBPB fallback check only once (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add retbleed=ibpb (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Report Intel retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Enable STIBP for JMP2RET (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Add AMD retbleed= boot parameter (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/bugs: Report AMD retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Add magic AMD return-thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Use return-thunk in asm code (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/sev: Avoid using __x86_return_thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Fix SETcc emulation for return thunks (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86,objtool: Create .return_sites (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Undo return-thunk damage (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/retpoline: Use -mfunction-return (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Move RETPOLINE flags to word 11 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- objtool: Add ELF writing capability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Prepare asm files for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86: Prepare inline-asm for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Fix fastop function ELF metadata (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/kvm: Move kvm_fastop_exception to .fixup section (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/vdso: Fix vDSO build if a retpoline is emitted (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Carve out CQM features retrieval (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeatures: Re-tabulate the X86_FEATURE definitions (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpufeature: Move processor tracing out of scattered features (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
- x86/alternatives: Cleanup DPRINTK macro (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}
[3.10.0-1160.78.1]
- net_sched: cls_route: remove from list when handle is 0 (Davide Caratti) [2121809] {CVE-2022-2588}
[3.10.0-1160.77.1]
- net/mlx5: Add Fast teardown support (Jay Shin) [2077711]
- net/mlx5: Free IRQs in shutdown path (Jay Shin) [2077711]
- net/mlx5: Change teardown with force mode failure message to warning (Jay Shin) [2077711]
- net/mlx5: Cancel health poll before sending panic teardown command (Jay Shin) [2077711]
- net/mlx5: Add fast unload support in shutdown flow (Jay Shin) [2077711]
- net/mlx5: Expose command polling interface (Jay Shin) [2077711]
- posix-timers: Remove remaining uses of tasklist_lock (Oleg Nesterov) [2115147]
- posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (Oleg Nesterov) [2115147]
- posix-cpu-timers: remove tasklist_lock in posix_cpu_clock_get() (Oleg Nesterov) [2115147]
- ID
- ELSA-2022-7337
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2022-7337.html
- Published
-
2022-11-03T00:00:00
(22 months ago) - Modified
-
2022-11-03T00:00:00
(22 months ago) - Rights
- Copyright 2022 Oracle, Inc.
- Other Advisories
-
-
ALAS-2022-1636
-
ALAS-2022-1645
-
ALAS2-2022-1838
-
ALAS2-2022-1852
-
ALAS2-2022-1888
-
ALPINE:CVE-2022-23816
-
ALPINE:CVE-2022-23825
-
ALPINE:CVE-2022-29900
-
ALSA-2022:7110
-
ALSA-2022:7683
-
ALSA-2022:8267
-
DSA-5184-1
-
DSA-5207-1
-
ELSA-2022-7110
-
ELSA-2022-7683
-
ELSA-2022-8267
-
ELSA-2022-9590
-
ELSA-2022-9591
-
ELSA-2022-9689
-
ELSA-2022-9690
-
ELSA-2022-9691
-
ELSA-2022-9692
-
ELSA-2022-9693
-
ELSA-2022-9694
-
ELSA-2022-9699
-
ELSA-2022-9709
-
ELSA-2022-9710
-
ELSA-2022-9761
-
ELSA-2022-9787
-
ELSA-2022-9788
-
ELSA-2022-9827
-
ELSA-2022-9830
-
ELSA-2024-12150
-
ELSA-2024-12151
-
ELSA-2024-12153
-
ELSA-2024-12154
-
ELSA-2024-12433
-
FEDORA-2022-3e6ce58029
-
FEDORA-2022-484e226872
-
FEDORA-2022-8aab5b5cde
-
FEDORA-2022-9bbb1d9b7b
-
FEDORA-2022-a0d7a5eaf2
-
FEDORA-2022-c69ef9c1dd
-
GLSA-202402-07
-
MS:CVE-2022-23825
-
MS:CVE-2022-29900
-
openSUSE-SU-2022:2549-1
-
RHSA-2022:7110
-
RHSA-2022:7134
-
RHSA-2022:7137
-
RHSA-2022:7337
-
RHSA-2022:7338
-
RHSA-2022:7344
-
RHSA-2022:7444
-
RHSA-2022:7683
-
RHSA-2022:7933
-
RHSA-2022:8267
-
RLSA-2022:7110
-
RLSA-2022:7683
-
SSA:2022-237-02
-
SUSE-SU-2022:2376-1
-
SUSE-SU-2022:2377-1
-
SUSE-SU-2022:2379-1
-
SUSE-SU-2022:2382-1
-
SUSE-SU-2022:2393-1
-
SUSE-SU-2022:2407-1
-
SUSE-SU-2022:2411-1
-
SUSE-SU-2022:2424-1
-
SUSE-SU-2022:2424-2
-
SUSE-SU-2022:2478-1
-
SUSE-SU-2022:2520-1
-
SUSE-SU-2022:2549-1
-
SUSE-SU-2022:2557-1
-
SUSE-SU-2022:2560-1
-
SUSE-SU-2022:2569-1
-
SUSE-SU-2022:2574-1
-
SUSE-SU-2022:2591-1
-
SUSE-SU-2022:2597-1
-
SUSE-SU-2022:2599-1
-
SUSE-SU-2022:2599-2
-
SUSE-SU-2022:2600-1
-
SUSE-SU-2022:2601-1
-
SUSE-SU-2022:2615-1
-
SUSE-SU-2022:2629-1
-
SUSE-SU-2022:2803-1
-
SUSE-SU-2022:2809-1
-
SUSE-SU-2022:3263-1
-
SUSE-SU-2022:3264-1
-
SUSE-SU-2022:3265-1
-
SUSE-SU-2022:3274-1
-
SUSE-SU-2022:3282-1
-
SUSE-SU-2022:3288-1
-
SUSE-SU-2022:3291-1
-
SUSE-SU-2022:3293-1
-
SUSE-SU-2022:3294-1
-
SUSE-SU-2022:3408-1
-
SUSE-SU-2022:3422-1
-
SUSE-SU-2022:3450-1
-
SUSE-SU-2022:3609-1
-
SUSE-SU-2022:3809-1
-
SUSE-SU-2022:4024-1
-
SUSE-SU-2022:4027-1
-
SUSE-SU-2022:4030-1
-
SUSE-SU-2022:4033-1
-
SUSE-SU-2022:4034-1
-
SUSE-SU-2022:4035-1
-
SUSE-SU-2022:4039-1
-
SUSE-SU-2022:4100-1
-
SUSE-SU-2022:4112-1
-
SUSE-SU-2022:4113-1
-
SUSE-SU-2022:4129-1
-
SUSE-SU-2022:4616-1
-
SUSE-SU-2022:4617-1
-
SUSE-SU-2023:0416-1
-
USN-5557-1
-
USN-5560-1
-
USN-5560-2
-
USN-5562-1
-
USN-5564-1
-
USN-5565-1
-
USN-5566-1
-
USN-5567-1
-
USN-5582-1
-
USN-5588-1
-
USN-5667-1
-
USN-5668-1
-
USN-5677-1
-
USN-5682-1
-
USN-5683-1
-
USN-5703-1
-
USN-5706-1
-
USN-5728-1
-
USN-5728-2
-
USN-5728-3
-
USN-5854-1
-
USN-5861-1
-
USN-5862-1
-
USN-5865-1
-
USN-5883-1
-
USN-5924-1
-
USN-5975-1
-
USN-6007-1
-
USN-6221-1
-
VMSA-2022-0020.2
-
XSA-407
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2022-7337 |
|
|
| CVE | CVE-2022-2588 |
|
|
| CVE | CVE-2022-26373 |
|
|
| CVE | CVE-2022-23816 |
|
|
| CVE | CVE-2022-29901 |
|
|
| CVE | CVE-2022-23825 |
|
|
| CVE | CVE-2022-29900 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/python-perf?distro=oraclelinux-7 | oraclelinux |
 python-perf
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-7 | oraclelinux |
perf
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-7 | oraclelinux |
kernel
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-7 | oraclelinux |
kernel-tools
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-7 | oraclelinux |
kernel-tools-libs
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-7 | oraclelinux |
kernel-tools-libs-devel
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-7 | oraclelinux |
kernel-headers
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-7 | oraclelinux |
kernel-doc
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-7 | oraclelinux |
kernel-devel
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-7 | oraclelinux |
kernel-debug
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-7 | oraclelinux |
kernel-debug-devel
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/kernel-abi-whitelists?distro=oraclelinux-7 | oraclelinux |
kernel-abi-whitelists
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 | ||
| Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-7 | oraclelinux |
bpftool
|
< 3.10.0-1160.80.1.0.1.el7 | oraclelinux-7 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |