[ELSA-2023-7749] kernel security update
[5.14.0-362.13.1.el9_3.OL9]
- x86/retpoline: Document some thunk handling aspects (Borislav Petkov) {CVE-2023-20569}
- objtool: Fix return thunk patching in retpolines (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Remove unnecessary semicolon (Yang Li) {CVE-2023-20569}
- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Josh Poimboeuf) {CVE-2023-20569}
- x86/nospec: Refactor UNTRAIN_RET_* {CVE-2023-20569}
- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Disentangle rethunk-dependent options (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Josh Poimboeuf) {CVE-2023-20569}
- x86/bugs: Remove default case for fully switched enums (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Remove 'pred_cmd' label (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Unexport untraining functions (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Improve i-cache locality for alias mitigation (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix unret validation dependencies (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix vulnerability reporting for missing microcode (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Print mitigation for retbleed IBPB case (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Print actual mitigation if requested mitigation isn't possible (Josh Poimboeuf) [RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Josh Poimboeuf) {CVE-2023-20569}
- x86,static_call: Fix static-call vs return-thunk (Peter Zijlstra) {CVE-2023-20569}
- x86/alternatives: Remove faulty optimization (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Don't probe microcode in a guest (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Fix srso_show_state() side effect (Josh Poimboeuf) {CVE-2023-20569}
- x86/cpu: Fix amd_check_microcode() declaration (Arnd Bergmann) {CVE-2023-20569}
- x86/srso: Correct the mitigation status when SMT is disabled (Borislav Petkov) {CVE-2023-20569}
- x86/static_call: Fix __static_call_fixup() (Peter Zijlstra) {CVE-2023-20569}
- objtool/x86: Fixup frame-pointer vs rethunk (Peter Zijlstra) {CVE-2023-20569}
- x86/srso: Explain the untraining sequences a bit more (Borislav Petkov) {CVE-2023-20569}
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Cleanup the untrain mess (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Rename original retbleed methods (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Clean up SRSO return thunk mess (Peter Zijlstra) {CVE-2023-20569}
- x86/alternative: Make custom return thunk unconditional (Peter Zijlstra) {CVE-2023-20569}
- objtool/x86: Fix SRSO mess (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Peter Zijlstra) {CVE-2023-20569}
- x86/cpu: Fix __x86_return_thunk symbol type (Peter Zijlstra) {CVE-2023-20569}
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Petr Pavlu) {CVE-2023-20569}
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Petr Pavlu) {CVE-2023-20569}
- x86/srso: Disable the mitigation on unaffected configurations (Borislav Petkov) {CVE-2023-20569}
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Borislav Petkov) {CVE-2023-20588}
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Sean Christopherson) {CVE-2023-20569}
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Cristian Ciocaltea) {CVE-2023-20593}
- driver core: cpu: Fix the fallback cpu_show_gds() name (Borislav Petkov) {CVE-2023-20569}
- x86: Move gds_ucode_mitigated() declaration to header (Arnd Bergmann) {CVE-2023-20569}
- x86/speculation: Add cpu_show_gds() prototype (Arnd Bergmann) {CVE-2023-20569}
- driver core: cpu: Make cpu_show_not_affected() static (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Fix build breakage with the LLVM linker (Nick Desaulniers) {CVE-2023-20569}
- Documentation/srso: Document IBPB aspect and fix formatting (Borislav Petkov) {CVE-2023-20569}
- driver core: cpu: Unify redundant silly stubs (Borislav Petkov) {CVE-2023-20569}
- Documentation/hw-vuln: Unify filename specification in index (Borislav Petkov) {CVE-2023-20569}
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Borislav Petkov) {CVE-2023-20588}
- x86/srso: Tie SBPB bit setting to microcode patch detection (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add a forgotten NOENDBR annotation (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Fix return thunks in generated code (Josh Poimboeuf) {CVE-2023-20569}
- x86/srso: Add IBPB on VMEXIT (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add IBPB (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add SRSO_NO support (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add IBPB_BRTYPE support (Borislav Petkov) {CVE-2023-20569}
- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Borislav Petkov) {CVE-2023-20569}
- x86/srso: Add a Speculative RAS Overflow mitigation (Borislav Petkov) {CVE-2023-20569}
- x86/retbleed: Add __x86_return_thunk alignment checks (Borislav Petkov) {CVE-2023-20569}
- x86/retbleed: Fix return thunk alignment (Borislav Petkov) {CVE-2023-20569}
- x86/alternative: Optimize returns patching (Borislav Petkov) {CVE-2023-20569}
- x86,objtool: Separate unret validation from unwind hints (Josh Poimboeuf) {CVE-2023-20569}
- objtool: Add objtool_types.h (Josh Poimboeuf) {CVE-2023-20569}
- objtool: Union instruction::{call_dest,jump_table} (Peter Zijlstra) {CVE-2023-20569}
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Peter Zijlstra) {CVE-2023-20569}
- objtool: Fix SEGFAULT (Christophe Leroy) {CVE-2023-20569}
- vmlinux.lds.h: add BOUNDED_SECTION* macros (Jim Cromie) {CVE-2023-20569}
- ID
- ELSA-2023-7749
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2023-7749.html
- Published
-
2023-12-22T00:00:00
(8 months ago) - Modified
-
2023-12-22T00:00:00
(8 months ago) - Rights
- Copyright 2023 Oracle, Inc.
- Other Advisories
-
-
ALAS-2023-1838
-
ALAS2-2023-2179
-
ALAS2-2023-2264
-
ALPINE:CVE-2023-20569
-
ALSA-2023:6595
-
ALSA-2023:7109
-
ALSA-2023:7549
-
ALSA-2024:0113
-
ALSA-2024:0897
-
DSA-5475-1
-
ELSA-2023-12712
-
ELSA-2023-12713
-
ELSA-2023-12714
-
ELSA-2023-12715
-
ELSA-2023-12874
-
ELSA-2023-12910
-
ELSA-2023-12911
-
ELSA-2023-13043
-
ELSA-2023-13047
-
ELSA-2023-6595
-
ELSA-2023-7109
-
ELSA-2023-7549
-
ELSA-2024-0897
-
ELSA-2024-12169
-
ELSA-2024-1249
-
FEDORA-2023-04473fc41e
-
FEDORA-2023-50bd7c9c12
-
FEDORA-2023-638681260a
-
FEDORA-2023-830d9ec624
-
FEDORA-2023-c3bb819677
-
FEDORA-2023-ddfd3073b3
-
FEDORA-2023-fff31650c8
-
MS:CVE-2023-1192
-
MS:CVE-2023-20569
-
RHBA-2023:2977
-
RHSA-2023:6595
-
RHSA-2023:7109
-
RHSA-2023:7513
-
RHSA-2023:7548
-
RHSA-2023:7549
-
RHSA-2023:7734
-
RHSA-2024:0113
-
RHSA-2024:0134
-
RHSA-2024:0876
-
RHSA-2024:0881
-
RHSA-2024:0897
-
RHSA-2024:1249
-
RHSA-2024:1323
-
RHSA-2024:1332
-
RLSA-2023:7549
-
SSA:2023-325-01
-
SUSE-SU-2023:3262-1
-
SUSE-SU-2023:3298-1
-
SUSE-SU-2023:3302-1
-
SUSE-SU-2023:3309-1
-
SUSE-SU-2023:3311-1
-
SUSE-SU-2023:3313-1
-
SUSE-SU-2023:3318-1
-
SUSE-SU-2023:3324-1
-
SUSE-SU-2023:3329-1
-
SUSE-SU-2023:3349-1
-
SUSE-SU-2023:3360-1
-
SUSE-SU-2023:3361-1
-
SUSE-SU-2023:3362-1
-
SUSE-SU-2023:3376-1
-
SUSE-SU-2023:3377-1
-
SUSE-SU-2023:3389-1
-
SUSE-SU-2023:3390-1
-
SUSE-SU-2023:3391-1
-
SUSE-SU-2023:3392-1
-
SUSE-SU-2023:3395-1
-
SUSE-SU-2023:3421-1
-
SUSE-SU-2023:3446-1
-
SUSE-SU-2023:3447-1
-
SUSE-SU-2023:3494-1
-
SUSE-SU-2023:3495-1
-
SUSE-SU-2023:3496-1
-
SUSE-SU-2023:3988-1
-
SUSE-SU-2023:4028-1
-
SUSE-SU-2023:4030-1
-
SUSE-SU-2023:4031-1
-
SUSE-SU-2023:4032-1
-
SUSE-SU-2023:4033-1
-
SUSE-SU-2023:4035-1
-
SUSE-SU-2023:4057-1
-
SUSE-SU-2023:4058-1
-
SUSE-SU-2023:4071-1
-
SUSE-SU-2023:4072-1
-
SUSE-SU-2023:4072-2
-
SUSE-SU-2023:4093-1
-
SUSE-SU-2023:4095-1
-
SUSE-SU-2023:4142-1
-
SUSE-SU-2023:4347-1
-
SUSE-SU-2023:4730-1
-
SUSE-SU-2023:4731-1
-
SUSE-SU-2023:4732-1
-
SUSE-SU-2023:4733-1
-
SUSE-SU-2023:4734-1
-
SUSE-SU-2023:4735-1
-
SUSE-SU-2023:4766-1
-
SUSE-SU-2023:4775-1
-
SUSE-SU-2023:4782-1
-
SUSE-SU-2023:4783-1
-
SUSE-SU-2023:4784-1
-
SUSE-SU-2023:4801-1
-
SUSE-SU-2023:4805-1
-
SUSE-SU-2023:4810-1
-
SUSE-SU-2023:4811-1
-
SUSE-SU-2023:4822-1
-
SUSE-SU-2023:4841-1
-
SUSE-SU-2023:4848-1
-
SUSE-SU-2023:4863-1
-
SUSE-SU-2023:4872-1
-
SUSE-SU-2023:4882-1
-
SUSE-SU-2023:4883-1
-
SUSE-SU-2024:1454-1
-
SUSE-SU-2024:1489-1
-
USN-6319-1
-
USN-6412-1
-
USN-6415-1
-
USN-6416-1
-
USN-6416-2
-
USN-6416-3
-
USN-6445-1
-
USN-6445-2
-
USN-6461-1
-
USN-6466-1
-
USN-6494-1
-
USN-6494-2
-
USN-6495-1
-
USN-6495-2
-
USN-6496-1
-
USN-6496-2
-
USN-6502-1
-
USN-6502-2
-
USN-6502-3
-
USN-6502-4
-
USN-6503-1
-
USN-6516-1
-
USN-6520-1
-
USN-6532-1
-
USN-6537-1
-
USN-6572-1
-
USN-6607-1
-
XSA-434
-
| Source | # ID | Name | URL |
|---|---|---|---|
| elsa | ELSA-2023-7749 |
|
|
| CVE | CVE-2023-5345 |
|
|
| CVE | CVE-2023-20569 |
|
|
| CVE | CVE-2023-1192 |
|
|
| CVE | CVE-2023-45871 |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/oraclelinux/rtla?distro=oraclelinux-9.3 | oraclelinux |
 rtla
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/python3-perf?distro=oraclelinux-9.3 | oraclelinux |
python3-perf
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/perf?distro=oraclelinux-9.3 | oraclelinux |
perf
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel?distro=oraclelinux-9.3 | oraclelinux |
kernel
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools?distro=oraclelinux-9.3 | oraclelinux |
kernel-tools
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs?distro=oraclelinux-9.3 | oraclelinux |
kernel-tools-libs
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-tools-libs-devel?distro=oraclelinux-9.3 | oraclelinux |
kernel-tools-libs-devel
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules?distro=oraclelinux-9.3 | oraclelinux |
kernel-modules
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules-extra?distro=oraclelinux-9.3 | oraclelinux |
kernel-modules-extra
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-modules-core?distro=oraclelinux-9.3 | oraclelinux |
kernel-modules-core
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-headers?distro=oraclelinux-9.3 | oraclelinux |
kernel-headers
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-doc?distro=oraclelinux-9.3 | oraclelinux |
kernel-doc
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel?distro=oraclelinux-9.3 | oraclelinux |
kernel-devel
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-devel-matched?distro=oraclelinux-9.3 | oraclelinux |
kernel-devel-matched
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug?distro=oraclelinux-9.3 | oraclelinux |
kernel-debug
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules?distro=oraclelinux-9.3 | oraclelinux |
kernel-debug-modules
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules-extra?distro=oraclelinux-9.3 | oraclelinux |
kernel-debug-modules-extra
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-modules-core?distro=oraclelinux-9.3 | oraclelinux |
kernel-debug-modules-core
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel?distro=oraclelinux-9.3 | oraclelinux |
kernel-debug-devel
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-devel-matched?distro=oraclelinux-9.3 | oraclelinux |
kernel-debug-devel-matched
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-debug-core?distro=oraclelinux-9.3 | oraclelinux |
kernel-debug-core
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-cross-headers?distro=oraclelinux-9.3 | oraclelinux |
kernel-cross-headers
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-core?distro=oraclelinux-9.3 | oraclelinux |
kernel-core
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/kernel-abi-stablelists?distro=oraclelinux-9.3 | oraclelinux |
kernel-abi-stablelists
|
< 5.14.0-362.13.1.el9_3 | oraclelinux-9.3 | ||
| Affected | pkg:rpm/oraclelinux/bpftool?distro=oraclelinux-9.3 | oraclelinux |
bpftool
|
< 7.2.0-362.13.1.el9_3 | oraclelinux-9.3 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |