[ELSA-2022-9274] Unbreakable Enterprise kernel-container security update
[5.4.17-2136.306.1.3]
- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo
Bonzini) [Orabug: 34053807] {CVE-2022-1158}
[5.4.17-2136.306.1.2]
- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair)
[Orabug: 34045203]
[5.4.17-2136.306.1.1]
- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34035701] {CVE-2022-1016}
- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34035682]
[5.4.17-2136.306.1]
- sr9700: sanity check for packet length (Brian Maly) [Orabug: 33962705] {CVE-2022-26966}
- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) [Orabug: 33835787] {CVE-2021-22600}
- KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains (Krish Sadhukhan) [Orabug: 33921125]
- x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains (Krish Sadhukhan) [Orabug: 33921125]
- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940519]
- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958154] {CVE-2022-24448}
- Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug: 33958240]
- Revert 'btrfs: fix metadata reservation for fallocate that leads to transaction aborts' (Srikanth C S) [Orabug: 33958240]
- ovl: fix WARN_ON nlink drop to zero (Miklos Szeredi) [Orabug: 33687076]
- panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33740420]
- printk: Drop console_sem during panic (Stephen Brennan) [Orabug: 33740420]
- printk: Avoid livelock with heavy printk during panic (Stephen Brennan) [Orabug: 33740420]
- printk: disable optimistic spin during panic (Stephen Brennan) [Orabug: 33740420]
- printk: Add panic_in_progress helper (Stephen Brennan) [Orabug: 33740420]
- sched: Put vcpu preemption idle check into a SCHED_FEAT. (chris hyser) [Orabug: 33806261]
- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820776]
- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840432] {CVE-2022-22942}
- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}
- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}
- ACPI: sysfs: copy ACPI data using io memory copying (Colin Ian King) [Orabug: 33876016]
- Enable CONFIG_DM_DUST and nano for UEK6 (Gulam Mohamed) [Orabug: 33897851]
- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33900748]
- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910799]
- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}
- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}
- bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33919430]
- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925471]
- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921736] {CVE-2022-23960}
- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921736] {CVE-2022-23960}
- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921736] {CVE-2022-23960}
- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921736] {CVE-2022-23960}
- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921736] {CVE-2022-23960}
- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33941936] {CVE-2021-26401}
- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33917127]
- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}
- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}
- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736]
- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820760]
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-8 | < 5.4.17-2136.306.1.3.el8 |
pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 | < 5.4.17-2136.306.1.3.el7 |
pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-8 | < 5.4.17-2136.306.1.3.el8 |
pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-7 | < 5.4.17-2136.306.1.3.el7 |
- ID
- ELSA-2022-9274
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2022-9274.html
- Published
-
2022-04-11T00:00:00
(2 years ago) - Modified
-
2022-04-11T00:00:00
(2 years ago) - Rights
- Copyright 2022 Oracle, Inc.
- Other Advisories
-
- ALAS-2022-1571
- ALAS-2022-1577
- ALAS2-2022-1761
- ALAS2-2022-1768
- ALPINE:CVE-2022-23960
- ALSA-2022:0825
- ALSA-2022:1988
- ALSA-2022:7683
- ALSA-2022:8267
- ALSA-2023:2458
- ALSA-2023:2951
- ASB-A-213464034
- ASB-A-215557547
- CISA-2022:0411
- DSA-5092-1
- DSA-5095-1
- DSA-5096-1
- DSA-5127-1
- DSA-5173-1
- ELSA-2022-0620
- ELSA-2022-0825
- ELSA-2022-1988
- ELSA-2022-7683
- ELSA-2022-8267
- ELSA-2022-9198
- ELSA-2022-9199
- ELSA-2022-9200
- ELSA-2022-9201
- ELSA-2022-9244
- ELSA-2022-9245
- ELSA-2022-9260
- ELSA-2022-9264
- ELSA-2022-9265
- ELSA-2022-9266
- ELSA-2022-9267
- ELSA-2022-9270
- ELSA-2022-9271
- ELSA-2022-9273
- ELSA-2022-9313
- ELSA-2022-9314
- ELSA-2022-9348
- ELSA-2022-9365
- ELSA-2022-9368
- ELSA-2022-9761
- ELSA-2023-0187
- ELSA-2023-0399
- ELSA-2023-2458
- ELSA-2023-2951
- ELSA-2024-12570
- ELSA-2024-12571
- MS:CVE-2021-22600
- MS:CVE-2022-0617
- MS:CVE-2022-1016
- MS:CVE-2022-1158
- MS:CVE-2022-23960
- MS:CVE-2022-24448
- MS:CVE-2022-26966
- openSUSE-SU-2022:0363-1
- openSUSE-SU-2022:0370-1
- openSUSE-SU-2022:0768-1
- openSUSE-SU-2022:0940-1
- openSUSE-SU-2022:1037-1
- openSUSE-SU-2022:1039-1
- openSUSE-SU-2022:2549-1
- RHSA-2022:0592
- RHSA-2022:0620
- RHSA-2022:0622
- RHSA-2022:0819
- RHSA-2022:0825
- RHSA-2022:0849
- RHSA-2022:1975
- RHSA-2022:1988
- RHSA-2022:7444
- RHSA-2022:7683
- RHSA-2022:7933
- RHSA-2022:8267
- RHSA-2023:0399
- RHSA-2023:0400
- RHSA-2023:2148
- RHSA-2023:2458
- RHSA-2023:2736
- RHSA-2023:2951
- RLSA-2022:1988
- RLSA-2022:7683
- SSA:2022-129-01
- SUSE-SU-2022:0363-1
- SUSE-SU-2022:0364-1
- SUSE-SU-2022:0365-1
- SUSE-SU-2022:0370-1
- SUSE-SU-2022:0372-1
- SUSE-SU-2022:0543-1
- SUSE-SU-2022:0544-1
- SUSE-SU-2022:0555-1
- SUSE-SU-2022:0619-1
- SUSE-SU-2022:0660-1
- SUSE-SU-2022:0756-1
- SUSE-SU-2022:0757-1
- SUSE-SU-2022:0759-1
- SUSE-SU-2022:0761-1
- SUSE-SU-2022:0762-1
- SUSE-SU-2022:0765-1
- SUSE-SU-2022:0766-1
- SUSE-SU-2022:0767-1
- SUSE-SU-2022:0768-1
- SUSE-SU-2022:0931-1
- SUSE-SU-2022:0939-1
- SUSE-SU-2022:0940-1
- SUSE-SU-2022:1037-1
- SUSE-SU-2022:1038-1
- SUSE-SU-2022:1039-1
- SUSE-SU-2022:1163-1
- SUSE-SU-2022:1172-1
- SUSE-SU-2022:1183-1
- SUSE-SU-2022:1189-1
- SUSE-SU-2022:1193-1
- SUSE-SU-2022:1194-1
- SUSE-SU-2022:1196-1
- SUSE-SU-2022:1197-1
- SUSE-SU-2022:1212-1
- SUSE-SU-2022:1223-1
- SUSE-SU-2022:1242-1
- SUSE-SU-2022:1246-1
- SUSE-SU-2022:1255-1
- SUSE-SU-2022:1256-1
- SUSE-SU-2022:1257-1
- SUSE-SU-2022:1266-1
- SUSE-SU-2022:1267-1
- SUSE-SU-2022:1270-1
- SUSE-SU-2022:1278-1
- SUSE-SU-2022:1283-1
- SUSE-SU-2022:1285-1
- SUSE-SU-2022:1300-1
- SUSE-SU-2022:1318-1
- SUSE-SU-2022:1320-1
- SUSE-SU-2022:1322-1
- SUSE-SU-2022:1326-1
- SUSE-SU-2022:1329-1
- SUSE-SU-2022:1335-1
- SUSE-SU-2022:1359-1
- SUSE-SU-2022:1369-1
- SUSE-SU-2022:1375-1
- SUSE-SU-2022:1402-1
- SUSE-SU-2022:1407-1
- SUSE-SU-2022:1408-1
- SUSE-SU-2022:1440-1
- SUSE-SU-2022:1453-1
- SUSE-SU-2022:1486-1
- SUSE-SU-2022:1569-1
- SUSE-SU-2022:1571-1
- SUSE-SU-2022:1573-1
- SUSE-SU-2022:1575-1
- SUSE-SU-2022:1591-1
- SUSE-SU-2022:1593-1
- SUSE-SU-2022:1605-1
- SUSE-SU-2022:1629-1
- SUSE-SU-2022:1634-1
- SUSE-SU-2022:1637-1
- SUSE-SU-2022:1651-1
- SUSE-SU-2022:1669-1
- SUSE-SU-2022:1676-1
- SUSE-SU-2022:1687-1
- SUSE-SU-2022:2079-1
- SUSE-SU-2022:2080-1
- SUSE-SU-2022:2104-1
- SUSE-SU-2022:2111-1
- SUSE-SU-2022:2268-1
- SUSE-SU-2022:2376-1
- SUSE-SU-2022:2379-1
- SUSE-SU-2022:2393-1
- SUSE-SU-2022:2407-1
- SUSE-SU-2022:2411-1
- SUSE-SU-2022:2424-1
- SUSE-SU-2022:2424-2
- SUSE-SU-2022:2478-1
- SUSE-SU-2022:2520-1
- SUSE-SU-2022:2549-1
- SUSE-SU-2022:2615-1
- SUSE-SU-2022:2629-1
- SUSE-SU-2022:2723-1
- SUSE-SU-2022:2808-1
- SUSE-SU-2022:2809-1
- SUSE-SU-2022:2875-1
- SUSE-SU-2022:2875-2
- SUSE-SU-2022:2892-1
- SUSE-SU-2022:2892-2
- SUSE-SU-2022:2910-1
- SUSE-SU-2022:3061-1
- SUSE-SU-2022:3064-1
- SUSE-SU-2022:3072-1
- SUSE-SU-2022:3088-1
- SUSE-SU-2022:3108-1
- SUSE-SU-2022:3123-1
- SUSE-SU-2022:3263-1
- SUSE-SU-2022:3265-1
- SUSE-SU-2022:3274-1
- SUSE-SU-2022:3282-1
- SUSE-SU-2022:3288-1
- SUSE-SU-2022:3291-1
- SUSE-SU-2022:3293-1
- SUSE-SU-2022:3294-1
- SUSE-SU-2022:3408-1
- SUSE-SU-2022:3450-1
- SUSE-SU-2022:3609-1
- SUSE-SU-2022:4617-1
- SUSE-SU-2023:0416-1
- SUSE-SU-2024:2360-1
- SUSE-SU-2024:2362-1
- SUSE-SU-2024:2365-1
- SUSE-SU-2024:2561-1
- USN-5266-1
- USN-5278-1
- USN-5294-1
- USN-5294-2
- USN-5295-1
- USN-5295-2
- USN-5297-1
- USN-5298-1
- USN-5302-1
- USN-5317-1
- USN-5318-1
- USN-5362-1
- USN-5381-1
- USN-5383-1
- USN-5384-1
- USN-5385-1
- USN-5390-1
- USN-5390-2
- USN-5415-1
- USN-5416-1
- USN-5417-1
- USN-5418-1
- USN-5466-1
- USN-5467-1
- USN-5468-1
- USN-5469-1
- USN-6001-1
- USN-6013-1
- USN-6014-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2022-9274 | https://linux.oracle.com/errata/ELSA-2022-9274.html | |
CVE | CVE-2021-26341 | https://linux.oracle.com/cve/CVE-2021-26341.html | |
CVE | CVE-2021-26401 | https://linux.oracle.com/cve/CVE-2021-26401.html | |
CVE | CVE-2022-23960 | https://linux.oracle.com/cve/CVE-2022-23960.html | |
CVE | CVE-2020-36516 | https://linux.oracle.com/cve/CVE-2020-36516.html | |
CVE | CVE-2022-26966 | https://linux.oracle.com/cve/CVE-2022-26966.html | |
CVE | CVE-2022-1016 | https://linux.oracle.com/cve/CVE-2022-1016.html | |
CVE | CVE-2022-1158 | https://linux.oracle.com/cve/CVE-2022-1158.html | |
CVE | CVE-2021-22600 | https://linux.oracle.com/cve/CVE-2021-22600.html | |
CVE | CVE-2022-0617 | https://linux.oracle.com/cve/CVE-2022-0617.html | |
CVE | CVE-2022-24448 | https://linux.oracle.com/cve/CVE-2022-24448.html | |
CVE | CVE-2022-22942 | https://linux.oracle.com/cve/CVE-2022-22942.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-8 | oraclelinux | kernel-uek-container | < 5.4.17-2136.306.1.3.el8 | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container?distro=oraclelinux-7 | oraclelinux | kernel-uek-container | < 5.4.17-2136.306.1.3.el7 | oraclelinux-7 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-8 | oraclelinux | kernel-uek-container-debug | < 5.4.17-2136.306.1.3.el8 | oraclelinux-8 | ||
Affected | pkg:rpm/oraclelinux/kernel-uek-container-debug?distro=oraclelinux-7 | oraclelinux | kernel-uek-container-debug | < 5.4.17-2136.306.1.3.el7 | oraclelinux-7 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |