El-errata: ELSA-2022-9590 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update
Oracle Linux Security Advisory ELSA-2022-9590
http://linux.oracle.com/errata/ELSA-2022-9590.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-5.15.0-0.30.20.el8uek.x86_64.rpm
kernel-uek-5.15.0-0.30.20.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-0.30.20.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-0.30.20.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-0.30.20.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-0.30.20.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-0.30.20.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-0.30.20.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-0.30.20.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-0.30.20.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-0.30.20.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-0.30.20.el8uek.x86_64.rpm
aarch64:
bpftool-5.15.0-0.30.20.el8uek.aarch64.rpm
kernel-uek-5.15.0-0.30.20.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-0.30.20.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-0.30.20.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-0.30.20.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-0.30.20.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-0.30.20.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-0.30.20.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-0.30.20.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-0.30.20.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-0.30.20.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-0.30.20.el8uek.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-0.30.20.el8uek.src.rpm
Related CVEs:
CVE-2022-1652
CVE-2022-23816
CVE-2022-29901
Description of changes:
[5.15.0-0.30.20.el8uek]
- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652}
- x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
- x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}
_______________________________________________
An unbreakable Enterprise kernel security update has been released for Oracle Linux 8.