[El-errata] ELSA-2022-9590 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Wed Jul 13 14:54:25 UTC 2022 

Oracle Linux Security Advisory ELSA-2022-9590

http://linux.oracle.com/errata/ELSA-2022-9590.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-0.30.20.el9uek.x86_64.rpm
kernel-uek-5.15.0-0.30.20.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-0.30.20.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-0.30.20.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-0.30.20.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-0.30.20.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-0.30.20.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-0.30.20.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-0.30.20.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-0.30.20.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-0.30.20.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-0.30.20.el9uek.x86_64.rpm



SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-0.30.20.el9uek.src.rpm

Related CVEs:

CVE-2022-1652
CVE-2022-23816
CVE-2022-29901




Description of changes:

[5.15.0-0.30.20.el9uek]
- floppy: use a statically allocated error counter (Willy Tarreau)  [Orabug: 34218638]  {CVE-2022-1652}
- x86: Disable RET on kexec (Konrad Rzeszutek Wilk)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/common: Stamp out the stepping madness (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- objtool: Add entry UNRET validation (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Add retbleed=ibpb (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/xen: Rename SYS* entry points (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- objtool: Update Retpoline validation (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- intel_idle: Disable IBRS during long idle (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Add kernel IBRS implementation (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86: Add magic AMD return-thunk (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86: Use return-thunk in asm code (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/sev: Avoid using __x86_return_thunk (Kim Phillips)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/bpf: Use alternative RET encoding (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/ftrace: Use alternative RET encoding (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86,static_call: Use alternative RET encoding (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86,objtool: Create .return_sites (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86: Undo return-thunk damage (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Use -mfunction-return (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/kvm/vmx: Make noinstr clean (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Remove skip_r11rcx (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/entry: Simplify entry_INT80_compat() (Linus Torvalds)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- objtool: Default ignore INT3 for unreachable (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86: Add straight-line-speculation mitigation (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- objtool: Add straight-line-speculation validation (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- static_call,x86: Robustify trampoline patching (Peter Zijlstra)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}
- x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf)  [Orabug: 34335631]  {CVE-2022-29901} {CVE-2022-23816}

More information about the El-errata mailing list