Important: kernel-rt security and bug fix update

2022-10-25T00:00:00

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588) * kernel: information leak in scsi_ioctl() (CVE-2022-0494) * Kernel: A kernel-info-leak issue in pfkey_register (CVE-2022-1353) * hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900) * hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825) * hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * [almalinux8-rt] BUG: using __this_cpu_add() in preemptible [00000000] - caller is __mod_memcg_lruvec_state+0x69/0x1c0 (BZ#2122600) * The latest AlmaLinux 8.6.z4 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2125396)

Affected Package

OS	OS Version	Package Name	Package Version
almalinux	8	kernel-rt-modules	4.18.0-372.32.1.rt7.189.el8_6
almalinux	8	kernel-rt	4.18.0-372.32.1.rt7.189.el8_6
almalinux	8	kernel-rt-debug-kvm	4.18.0-372.32.1.rt7.189.el8_6
almalinux	8	kernel-rt-modules-extra	4.18.0-372.32.1.rt7.189.el8_6
almalinux	8	kernel-rt-debug-modules-extra	4.18.0-372.32.1.rt7.189.el8_6
almalinux	8	kernel-rt-debug-modules	4.18.0-372.32.1.rt7.189.el8_6
almalinux	8	kernel-rt-debug-devel	4.18.0-372.32.1.rt7.189.el8_6
almalinux	8	kernel-rt-kvm	4.18.0-372.32.1.rt7.189.el8_6
almalinux	8	kernel-rt-debug	4.18.0-372.32.1.rt7.189.el8_6
almalinux	8	kernel-rt-devel	4.18.0-372.32.1.rt7.189.el8_6
almalinux	8	kernel-rt-debug-core	4.18.0-372.32.1.rt7.189.el8_6
almalinux	8	kernel-rt-core	4.18.0-372.32.1.rt7.189.el8_6

{"id": "ALSA-2022:7134", "vendorId": null, "type": "almalinux", "bulletinFamily": "unix", "title": "Important: kernel-rt security and bug fix update", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n* kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n* Kernel: A kernel-info-leak issue in pfkey_register (CVE-2022-1353)\n* hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n* hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n* hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [almalinux8-rt] BUG: using __this_cpu_add() in preemptible [00000000] - caller is __mod_memcg_lruvec_state+0x69/0x1c0 (BZ#2122600)\n* The latest AlmaLinux 8.6.z4 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2125396)", "published": "2022-10-25T00:00:00", "modified": "2023-09-15T13:41:48", "epss": [{"cve": "CVE-2022-0494", "epss": 0.00042, "percentile": 0.05716, "modified": "2023-07-29"}, {"cve": "CVE-2022-1353", "epss": 0.00042, "percentile": 0.05682, "modified": "2023-06-17"}, {"cve": "CVE-2022-23825", "epss": 0.00046, "percentile": 0.12977, "modified": "2023-06-14"}, {"cve": "CVE-2022-29900", "epss": 0.00046, "percentile": 0.12903, "modified": "2023-07-29"}, {"cve": "CVE-2022-29901", "epss": 0.00087, "percentile": 0.35446, "modified": "2023-06-03"}], "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 4.9}, "severity": "MEDIUM", "exploitabilityScore": 3.9, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.2}, "href": "https://errata.almalinux.org/8/ALSA-2022-7134.html", "reporter": "AlmaLinux", "references": ["https://access.redhat.com/errata/RHSA-2022:7134", "https://access.redhat.com/security/cve/CVE-2022-0494", "https://access.redhat.com/security/cve/CVE-2022-1353", "https://access.redhat.com/security/cve/CVE-2022-23816", "https://access.redhat.com/security/cve/CVE-2022-23825", "https://access.redhat.com/security/cve/CVE-2022-2588", "https://access.redhat.com/security/cve/CVE-2022-29900", "https://access.redhat.com/security/cve/CVE-2022-29901", "https://bugzilla.redhat.com/2039448", "https://bugzilla.redhat.com/2066819", "https://bugzilla.redhat.com/2090226", "https://bugzilla.redhat.com/2103148", "https://bugzilla.redhat.com/2103153", "https://bugzilla.redhat.com/2114849", "https://errata.almalinux.org/8/ALSA-2022-7134.html"], "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "immutableFields": [], "lastseen": "2023-09-18T14:51:40", "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:6002", "ALSA-2022:6003", "ALSA-2022:7110", "ALSA-2022:7933", "ALSA-2022:8267"]}, {"type": "amazon", "idList": ["ALAS-2022-1591", "ALAS-2022-1604", "ALAS-2022-1636", "ALAS-2022-1852", "ALAS2-2022-1793", "ALAS2-2022-1813", "ALAS2-2022-1838", "ALAS2-2022-1852"]}, {"type": "amd", "idList": ["AMD-SB-1037"]}, {"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "citrix", "idList": ["CTX461397"]}, {"type": "cloudlinux", "idList": ["CLSA-2023:1682705952", "CLSA-2023:1682711481"]}, {"type": "cve", "idList": ["CVE-2022-0494", "CVE-2022-1353"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3065-1:C1710", "DEBIAN:DLA-3102-1:8DD52", "DEBIAN:DLA-3131-1:083C4", "DEBIAN:DLA-3245-1:5D45B", "DEBIAN:DSA-5127-1:B6959", "DEBIAN:DSA-5161-1:2800F", "DEBIAN:DSA-5173-1:5A28E", "DEBIAN:DSA-5184-1:CABB7", "DEBIAN:DSA-5207-1:0D465"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-0494", "DEBIANCVE:CVE-2022-1353", "DEBIANCVE:CVE-2022-23816", "DEBIANCVE:CVE-2022-23825", "DEBIANCVE:CVE-2022-2588", "DEBIANCVE:CVE-2022-29900", "DEBIANCVE:CVE-2022-29901"]}, {"type": "f5", "idList": ["F5:K32615023", "F5:K57185580", "F5:K83713003"]}, {"type": "fedora", "idList": ["FEDORA:3622F307260C", "FEDORA:3E0893021FB2", "FEDORA:791D3304C27B", "FEDORA:79262304C76D", "FEDORA:A4846305797B", "FEDORA:E6CE83084966"]}, {"type": "githubexploit", "idList": ["027DC021-9759-5152-B253-BB124AAF3689", "9E1C498D-25A3-57B2-A391-764CDA0E674F", "F3F45FED-B716-5B56-9880-08CA523A08B7"]}, {"type": "ibm", "idList": ["7723E7232CDF38CAF6FB9BEBC720727705544B73B826D4C481C2D54FB681768E", "80CD718D1D142D3B40DCBA71626D910648A9F36D3E9F858F36123167200B31E5", "B5A64C62AD14AC5F708718469CD252B6E7CC148ED6744F6CA78BE827CE0DE99F", "C8058EE2D98E4E3A2B41A83E031B9A6C3266947F454144446221EF58E526C98F", "E8EFCA8810003524E6931CD5AFDC084870201D5052BAC467C09EBF324F61A84B", "F42698819438A0AFD00188966548F0688DA81186746B5D708D7F1D8C8274475E"]}, {"type": "ics", "idList": ["ICSA-23-075-01", "ICSA-23-166-10", "ICSA-23-166-11"]}, {"type": "intel", "idList": ["INTEL:INTEL-SA-00702"]}, {"type": "kaspersky", "idList": ["KLA12580", "KLA12581"]}, {"type": "mageia", "idList": ["MGASA-2022-0154", "MGASA-2022-0155", "MGASA-2022-0278", "MGASA-2022-0279", "MGASA-2022-0305", "MGASA-2022-0308"]}, {"type": "mscve", "idList": ["MS:CVE-2022-23816", "MS:CVE-2022-23825", "MS:CVE-2022-29900"]}, {"type": "mskb", "idList": ["KB5015827"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-042.NASL", "AL2022_ALAS2022-2022-083.NASL", "AL2022_ALAS2022-2022-125.NASL", "AL2022_ALAS2022-2022-127.NASL", "AL2022_ALAS2022-2022-150.NASL", "AL2022_ALAS2022-2022-185.NASL", "AL2023_ALAS2023-2023-070.NASL", "AL2_ALAS-2022-1793.NASL", "AL2_ALAS-2022-1813.NASL", "AL2_ALAS-2022-1838.NASL", "AL2_ALAS-2022-1852.NASL", "AL2_ALASKERNEL-5_10-2022-014.NASL", "AL2_ALASKERNEL-5_10-2022-015.NASL", "AL2_ALASKERNEL-5_10-2022-016.NASL", "AL2_ALASKERNEL-5_10-2022-017.NASL", "AL2_ALASKERNEL-5_10-2022-019.NASL", "AL2_ALASKERNEL-5_10-2022-020.NASL", "AL2_ALASKERNEL-5_10-2023-036.NASL", "AL2_ALASKERNEL-5_15-2022-001.NASL", "AL2_ALASKERNEL-5_15-2022-002.NASL", "AL2_ALASKERNEL-5_15-2022-003.NASL", "AL2_ALASKERNEL-5_15-2022-004.NASL", "AL2_ALASKERNEL-5_15-2022-006.NASL", "AL2_ALASKERNEL-5_15-2022-008.NASL", "AL2_ALASKERNEL-5_15-2023-023.NASL", "AL2_ALASKERNEL-5_4-2022-026.NASL", "AL2_ALASKERNEL-5_4-2022-028.NASL", "AL2_ALASKERNEL-5_4-2022-030.NASL", "AL2_ALASKERNEL-5_4-2022-032.NASL", "AL2_ALASKERNEL-5_4-2022-035.NASL", "AL2_ALASKERNEL-5_4-2022-036.NASL", "AL2_ALASKERNEL-5_4-2022-037.NASL", "AL2_ALASKERNEL-5_4-2022-039.NASL", "ALA_ALAS-2022-1591.NASL", "ALA_ALAS-2022-1604.NASL", "ALA_ALAS-2022-1636.NASL", "ALMA_LINUX_ALSA-2022-6002.NASL", "ALMA_LINUX_ALSA-2022-6003.NASL", "ALMA_LINUX_ALSA-2022-7110.NASL", "ALMA_LINUX_ALSA-2022-7134.NASL", "ALMA_LINUX_ALSA-2022-7137.NASL", "ALMA_LINUX_ALSA-2022-7933.NASL", "ALMA_LINUX_ALSA-2022-8267.NASL", "DEBIAN_DLA-3065.NASL", "DEBIAN_DLA-3102.NASL", "DEBIAN_DLA-3131.NASL", "DEBIAN_DLA-3245.NASL", "DEBIAN_DSA-5127.NASL", "DEBIAN_DSA-5161.NASL", "DEBIAN_DSA-5173.NASL", "DEBIAN_DSA-5184.NASL", "DEBIAN_DSA-5207.NASL", "EULEROS_SA-2022-1844.NASL", "EULEROS_SA-2022-1896.NASL", "EULEROS_SA-2022-1934.NASL", "EULEROS_SA-2022-1969.NASL", "EULEROS_SA-2022-1999.NASL", "EULEROS_SA-2022-2090.NASL", "EULEROS_SA-2022-2110.NASL", "EULEROS_SA-2022-2134.NASL", "EULEROS_SA-2022-2159.NASL", "EULEROS_SA-2022-2181.NASL", "EULEROS_SA-2022-2348.NASL", "EULEROS_SA-2022-2384.NASL", "EULEROS_SA-2022-2441.NASL", "EULEROS_SA-2022-2466.NASL", "EULEROS_SA-2022-2566.NASL", "EULEROS_SA-2022-2654.NASL", "EULEROS_SA-2022-2686.NASL", "EULEROS_SA-2022-2732.NASL", "EULEROS_SA-2022-2767.NASL", "EULEROS_SA-2022-2906.NASL", "EULEROS_SA-2022-2932.NASL", "EULEROS_SA-2023-1012.NASL", "EULEROS_SA-2023-1037.NASL", "EULEROS_SA-2023-1193.NASL", "EULEROS_SA-2023-1223.NASL", "EULEROS_SA-2023-1695.NASL", "EULEROS_SA-2023-2072.NASL", "EULEROS_SA-2023-2124.NASL", "EULEROS_SA-2023-2252.NASL", "EULEROS_SA-2023-2383.NASL", "EULEROS_SA-2023-2444.NASL", "EULEROS_SA-2023-2541.NASL", "F5_BIGIP_SOL83713003.NASL", "FEDORA_2022-C69EF9C1DD.NASL", "MARINER_KERNEL_CVE-2022-0494.NASL", "MARINER_KERNEL_CVE-2022-1353.NASL", "NUTANIX_NXSA-AHV-20220304_10013.NASL", "NUTANIX_NXSA-AHV-20230302_207.NASL", "NUTANIX_NXSA-AOS-6_6_2.NASL", "ORACLELINUX_ELSA-2022-26385.NASL", "ORACLELINUX_ELSA-2022-6003.NASL", "ORACLELINUX_ELSA-2022-7110.NASL", "ORACLELINUX_ELSA-2022-7337.NASL", "ORACLELINUX_ELSA-2022-8267.NASL", "ORACLELINUX_ELSA-2022-9479.NASL", "ORACLELINUX_ELSA-2022-9480.NASL", "ORACLELINUX_ELSA-2022-9590.NASL", "ORACLELINUX_ELSA-2022-9591.NASL", "ORACLELINUX_ELSA-2022-9689.NASL", "ORACLELINUX_ELSA-2022-9690.NASL", "ORACLELINUX_ELSA-2022-9691.NASL", "ORACLELINUX_ELSA-2022-9692.NASL", "ORACLELINUX_ELSA-2022-9693.NASL", "ORACLELINUX_ELSA-2022-9694.NASL", "ORACLELINUX_ELSA-2022-9699.NASL", "ORACLELINUX_ELSA-2022-9709.NASL", "ORACLELINUX_ELSA-2022-9710.NASL", "ORACLELINUX_ELSA-2022-9761.NASL", "ORACLELINUX_ELSA-2022-9787.NASL", "ORACLELINUX_ELSA-2022-9788.NASL", "ORACLELINUX_ELSA-2022-9827.NASL", "ORACLELINUX_ELSA-2022-9830.NASL", "ORACLEVM_OVMSA-2022-0022.NASL", "ORACLEVM_OVMSA-2022-0024.NASL", "REDHAT-RHSA-2022-5934.NASL", "REDHAT-RHSA-2022-5998.NASL", "REDHAT-RHSA-2022-6002.NASL", "REDHAT-RHSA-2022-6003.NASL", "REDHAT-RHSA-2022-6243.NASL", "REDHAT-RHSA-2022-6248.NASL", "REDHAT-RHSA-2022-6551.NASL", "REDHAT-RHSA-2022-6872.NASL", "REDHAT-RHSA-2022-6875.NASL", "REDHAT-RHSA-2022-6978.NASL", "REDHAT-RHSA-2022-6983.NASL", "REDHAT-RHSA-2022-6991.NASL", "REDHAT-RHSA-2022-7110.NASL", "REDHAT-RHSA-2022-7134.NASL", "REDHAT-RHSA-2022-7137.NASL", "REDHAT-RHSA-2022-7146.NASL", "REDHAT-RHSA-2022-7171.NASL", "REDHAT-RHSA-2022-7173.NASL", "REDHAT-RHSA-2022-7279.NASL", "REDHAT-RHSA-2022-7280.NASL", "REDHAT-RHSA-2022-7337.NASL", "REDHAT-RHSA-2022-7338.NASL", "REDHAT-RHSA-2022-7344.NASL", "REDHAT-RHSA-2022-7885.NASL", "REDHAT-RHSA-2022-7933.NASL", "REDHAT-RHSA-2022-8267.NASL", "REDHAT-RHSA-2022-8973.NASL", "REDHAT-RHSA-2022-8974.NASL", "REDHAT-RHSA-2023-4022.NASL", "REDHAT-RHSA-2023-4023.NASL", "REDHAT-RHSA-2023-4801.NASL", "REDHAT-RHSA-2023-4814.NASL", "ROCKY_LINUX_RLSA-2022-7110.NASL", "ROCKY_LINUX_RLSA-2022-7134.NASL", "SLACKWARE_SSA_2022-129-01.NASL", "SLACKWARE_SSA_2022-237-02.NASL", "SLACKWARE_SSA_2022-333-01.NASL", "SL_20221103_KERNEL_ON_SL7_X.NASL", "SMB_NT_MS22_JUL_5015827.NASL", "SUSE_SU-2022-1651-1.NASL", "SUSE_SU-2022-1668-1.NASL", "SUSE_SU-2022-1669-1.NASL", "SUSE_SU-2022-1676-1.NASL", "SUSE_SU-2022-1686-1.NASL", "SUSE_SU-2022-1687-1.NASL", "SUSE_SU-2022-2077-1.NASL", "SUSE_SU-2022-2082-1.NASL", "SUSE_SU-2022-2083-1.NASL", "SUSE_SU-2022-2103-1.NASL", "SUSE_SU-2022-2104-1.NASL", "SUSE_SU-2022-2111-1.NASL", "SUSE_SU-2022-2376-1.NASL", "SUSE_SU-2022-2377-1.NASL", "SUSE_SU-2022-2379-1.NASL", "SUSE_SU-2022-2382-1.NASL", "SUSE_SU-2022-2393-1.NASL", "SUSE_SU-2022-2407-1.NASL", "SUSE_SU-2022-2411-1.NASL", "SUSE_SU-2022-2422-1.NASL", "SUSE_SU-2022-2423-1.NASL", "SUSE_SU-2022-2424-1.NASL", "SUSE_SU-2022-2478-1.NASL", "SUSE_SU-2022-2520-1.NASL", "SUSE_SU-2022-2549-1.NASL", "SUSE_SU-2022-2557-1.NASL", "SUSE_SU-2022-2560-1.NASL", "SUSE_SU-2022-2569-1.NASL", "SUSE_SU-2022-2574-1.NASL", "SUSE_SU-2022-2591-1.NASL", "SUSE_SU-2022-2597-1.NASL", "SUSE_SU-2022-2599-1.NASL", "SUSE_SU-2022-2600-1.NASL", "SUSE_SU-2022-2601-1.NASL", "SUSE_SU-2022-2615-1.NASL", "SUSE_SU-2022-2629-1.NASL", "SUSE_SU-2022-2809-1.NASL", "SUSE_SU-2022-3263-1.NASL", "SUSE_SU-2022-3264-1.NASL", "SUSE_SU-2022-3265-1.NASL", "SUSE_SU-2022-3274-1.NASL", "SUSE_SU-2022-3282-1.NASL", "SUSE_SU-2022-3288-1.NASL", "SUSE_SU-2022-3291-1.NASL", "SUSE_SU-2022-3293-1.NASL", "SUSE_SU-2022-3294-1.NASL", "SUSE_SU-2022-3408-1.NASL", "SUSE_SU-2022-3422-1.NASL", "SUSE_SU-2022-3450-1.NASL", "SUSE_SU-2022-3609-1.NASL", "SUSE_SU-2022-3809-1.NASL", "SUSE_SU-2022-4024-1.NASL", "SUSE_SU-2022-4027-1.NASL", "SUSE_SU-2022-4030-1.NASL", "SUSE_SU-2022-4033-1.NASL", "SUSE_SU-2022-4034-1.NASL", "SUSE_SU-2022-4035-1.NASL", "SUSE_SU-2022-4039-1.NASL", "SUSE_SU-2022-4100-1.NASL", "SUSE_SU-2022-4112-1.NASL", "SUSE_SU-2022-4113-1.NASL", "SUSE_SU-2022-4129-1.NASL", "SUSE_SU-2022-4503-1.NASL", "SUSE_SU-2022-4504-1.NASL", "SUSE_SU-2022-4505-1.NASL", "SUSE_SU-2022-4566-1.NASL", "SUSE_SU-2022-4573-1.NASL", "SUSE_SU-2022-4574-1.NASL", "SUSE_SU-2022-4585-1.NASL", "SUSE_SU-2022-4589-1.NASL", "SUSE_SU-2022-4613-1.NASL", "SUSE_SU-2022-4614-1.NASL", "SUSE_SU-2022-4615-1.NASL", "SUSE_SU-2022-4616-1.NASL", "SUSE_SU-2022-4617-1.NASL", "SUSE_SU-2023-0229-1.NASL", "SUSE_SU-2023-0237-1.NASL", "SUSE_SU-2023-0245-1.NASL", "SUSE_SU-2023-0262-1.NASL", "SUSE_SU-2023-0267-1.NASL", "SUSE_SU-2023-0270-1.NASL", "SUSE_SU-2023-0277-1.NASL", "SUSE_SU-2023-0280-1.NASL", "SUSE_SU-2023-0281-1.NASL", "SUSE_SU-2023-0331-1.NASL", "SUSE_SU-2023-0339-1.NASL", "UBUNTU_USN-5381-1.NASL", "UBUNTU_USN-5467-1.NASL", "UBUNTU_USN-5469-1.NASL", "UBUNTU_USN-5500-1.NASL", "UBUNTU_USN-5505-1.NASL", "UBUNTU_USN-5515-1.NASL", "UBUNTU_USN-5541-1.NASL", "UBUNTU_USN-5557-1.NASL", "UBUNTU_USN-5560-1.NASL", "UBUNTU_USN-5560-2.NASL", "UBUNTU_USN-5562-1.NASL", "UBUNTU_USN-5564-1.NASL", "UBUNTU_USN-5565-1.NASL", "UBUNTU_USN-5566-1.NASL", "UBUNTU_USN-5567-1.NASL", "UBUNTU_USN-5582-1.NASL", "UBUNTU_USN-5700-1.NASL", "UBUNTU_USN-5728-1.NASL", "UBUNTU_USN-5728-2.NASL", "UBUNTU_USN-5728-3.NASL", "UBUNTU_USN-5752-1.NASL", "UBUNTU_USN-5854-1.NASL", "UBUNTU_USN-5861-1.NASL", "UBUNTU_USN-5862-1.NASL", "UBUNTU_USN-5865-1.NASL", "UBUNTU_USN-5883-1.NASL", "UBUNTU_USN-5975-1.NASL", "UBUNTU_USN-6001-1.NASL", "UBUNTU_USN-6007-1.NASL", "UBUNTU_USN-6014-1.NASL", "UBUNTU_USN-6221-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-6003", "ELSA-2022-7110", "ELSA-2022-7337", "ELSA-2022-8267", "ELSA-2022-9479", "ELSA-2022-9480", "ELSA-2022-9590", "ELSA-2022-9591", "ELSA-2022-9689", "ELSA-2022-9690", "ELSA-2022-9691", "ELSA-2022-9692", "ELSA-2022-9693", "ELSA-2022-9694", "ELSA-2022-9699", "ELSA-2022-9709", "ELSA-2022-9710", "ELSA-2022-9761", "ELSA-2022-9787", "ELSA-2022-9788", "ELSA-2022-9827", "ELSA-2022-9830"]}, {"type": "osv", "idList": ["OSV:CVE-2022-23816", "OSV:CVE-2022-23825", "OSV:CVE-2022-29900", "OSV:DLA-3065-1", "OSV:DLA-3102-1", "OSV:DLA-3131-1", "OSV:DLA-3245-1", "OSV:DSA-5127-1", "OSV:DSA-5161-1", "OSV:DSA-5173-1", "OSV:DSA-5207-1"]}, {"type": "photon", "idList": ["PHSA-2022-0201", "PHSA-2022-0226", "PHSA-2022-0248", "PHSA-2022-0393", "PHSA-2022-0409", "PHSA-2022-0488", "PHSA-2022-0506", "PHSA-2022-3.0-0393", "PHSA-2022-3.0-0409", "PHSA-2022-3.0-0433", "PHSA-2022-4.0-0201", "PHSA-2022-4.0-0226", "PHSA-2022-4.0-0248", "PHSA-2023-3.0-0528", "PHSA-2023-3.0-0559"]}, {"type": "prion", "idList": ["PRION:CVE-2022-0494", "PRION:CVE-2022-1353", "PRION:CVE-2022-23825", "PRION:CVE-2022-29900", "PRION:CVE-2022-29901"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:B54637535A9D368B19D4D9881C6C34B3"]}, {"type": "redhat", "idList": ["RHSA-2022:5934", "RHSA-2022:5998", "RHSA-2022:6002", "RHSA-2022:6003", "RHSA-2022:6243", "RHSA-2022:6248", "RHSA-2022:6258", "RHSA-2022:6262", "RHSA-2022:6263", "RHSA-2022:6308", "RHSA-2022:6317", "RHSA-2022:6318", "RHSA-2022:6322", "RHSA-2022:6551", "RHSA-2022:6681", "RHSA-2022:6872", "RHSA-2022:6875", "RHSA-2022:6882", "RHSA-2022:6890", "RHSA-2022:6978", "RHSA-2022:6983", "RHSA-2022:6991", "RHSA-2022:7110", "RHSA-2022:7134", "RHSA-2022:7137", "RHSA-2022:7146", "RHSA-2022:7171", "RHSA-2022:7173", "RHSA-2022:7201", "RHSA-2022:7211", "RHSA-2022:7216", "RHSA-2022:7276", "RHSA-2022:7279", "RHSA-2022:7280", "RHSA-2022:7313", "RHSA-2022:7337", "RHSA-2022:7338", "RHSA-2022:7344", "RHSA-2022:7434", "RHSA-2022:7874", "RHSA-2022:7885", "RHSA-2022:7933", "RHSA-2022:8267", "RHSA-2022:8609", "RHSA-2022:8973", "RHSA-2022:8974", "RHSA-2023:4022", "RHSA-2023:4023", "RHSA-2023:4801", "RHSA-2023:4814"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-0494", "RH:CVE-2022-1353", "RH:CVE-2022-23816", "RH:CVE-2022-23824", "RH:CVE-2022-23825", "RH:CVE-2022-2588", "RH:CVE-2022-29900", "RH:CVE-2022-29901"]}, {"type": "redos", "idList": ["ROS-20220908-01"]}, {"type": "rocky", "idList": ["RLSA-2022:7110", "RLSA-2022:7134"]}, {"type": "slackware", "idList": ["SSA-2022-129-01", "SSA-2022-237-02"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:2422-1", "OPENSUSE-SU-2022:2549-1", "SUSE-SU-2022:1676-1", "SUSE-SU-2022:1687-1", "SUSE-SU-2022:2111-1", "SUSE-SU-2022:2376-1", "SUSE-SU-2022:2411-1", "SUSE-SU-2022:2422-1", "SUSE-SU-2022:2424-2", "SUSE-SU-2022:2520-1", "SUSE-SU-2022:2549-1", "SUSE-SU-2022:2597-1", "SUSE-SU-2022:2599-1", "SUSE-SU-2022:2599-2", "SUSE-SU-2022:2615-1", "SUSE-SU-2022:3264-1", "SUSE-SU-2022:3288-1", "SUSE-SU-2022:3293-1", "SUSE-SU-2022:3408-1", "SUSE-SU-2022:3609-1", "SUSE-SU-2022:3809-1"]}, {"type": "thn", "idList": ["THN:7653AAD966BDC7D71A9D1981CA662AC3", "THN:83DDF7EA5627F196DA7F3A5DB2F32A06", "THN:8BA839C7684CFABE3D4035B81FAF6C1F"]}, {"type": "ubuntu", "idList": ["LSN-0089-1", "USN-5381-1", "USN-5467-1", "USN-5469-1", "USN-5500-1", "USN-5505-1", "USN-5513-1", "USN-5515-1", "USN-5541-1", "USN-5557-1", "USN-5560-1", "USN-5560-2", "USN-5562-1", "USN-5564-1", "USN-5565-1", "USN-5566-1", "USN-5567-1", "USN-5582-1", "USN-5588-1", "USN-5728-1", "USN-5728-2", "USN-5728-3", "USN-5854-1", "USN-5861-1", "USN-5862-1", "USN-5865-1", "USN-5883-1", "USN-5924-1", "USN-5975-1", "USN-6001-1", "USN-6007-1", "USN-6013-1", "USN-6014-1", "USN-6221-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-0494", "UB:CVE-2022-1353", "UB:CVE-2022-23816", "UB:CVE-2022-23825", "UB:CVE-2022-2588", "UB:CVE-2022-29900", "UB:CVE-2022-29901"]}, {"type": "veracode", "idList": ["VERACODE:36361", "VERACODE:36362", "VERACODE:36363", "VERACODE:37004", "VERACODE:37005", "VERACODE:37434", "VERACODE:37864"]}, {"type": "virtuozzo", "idList": ["VZA-2023-003", "VZA-2023-004"]}, {"type": "vmware", "idList": ["VMSA-2022-0020", "VMSA-2022-0020.1", "VMSA-2022-0020.2"]}, {"type": "xen", "idList": ["XSA-407", "XSA-422"]}, {"type": "zdi", "idList": ["ZDI-22-1117"]}]}, "epss": [{"cve": "CVE-2022-0494", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-1353", "epss": 0.00042, "percentile": 0.05656, "modified": "2023-05-02"}, {"cve": "CVE-2022-23825", "epss": 0.00046, "percentile": 0.12963, "modified": "2023-05-02"}, {"cve": "CVE-2022-29900", "epss": 0.00046, "percentile": 0.12912, "modified": "2023-05-02"}, {"cve": "CVE-2022-29901", "epss": 0.00087, "percentile": 0.35352, "modified": "2023-05-02"}], "score": {"value": 7.4, "vector": "NONE"}, "vulnersScore": 7.4}, "_state": {"dependencies": 1695050506, "score": 1695051005, "epss": 0}, "_internal": {"score_hash": "05d9e02c916ce7db948a27dddaeb1ca6"}, "affectedPackage": [{"OS": "almalinux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-372.32.1.rt7.189.el8_6", "packageFilename": "kernel-rt-modules-4.18.0-372.32.1.rt7.189.el8_6.x86_64.rpm", "operator": "lt", "packageName": "kernel-rt-modules"}, {"OS": "almalinux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-372.32.1.rt7.189.el8_6", "packageFilename": "kernel-rt-4.18.0-372.32.1.rt7.189.el8_6.x86_64.rpm", "operator": "lt", "packageName": "kernel-rt"}, {"OS": "almalinux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-372.32.1.rt7.189.el8_6", "packageFilename": "kernel-rt-debug-kvm-4.18.0-372.32.1.rt7.189.el8_6.x86_64.rpm", "operator": "lt", "packageName": "kernel-rt-debug-kvm"}, {"OS": "almalinux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-372.32.1.rt7.189.el8_6", "packageFilename": "kernel-rt-modules-extra-4.18.0-372.32.1.rt7.189.el8_6.x86_64.rpm", "operator": "lt", "packageName": "kernel-rt-modules-extra"}, {"OS": "almalinux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-372.32.1.rt7.189.el8_6", "packageFilename": "kernel-rt-debug-modules-extra-4.18.0-372.32.1.rt7.189.el8_6.x86_64.rpm", "operator": "lt", "packageName": "kernel-rt-debug-modules-extra"}, {"OS": "almalinux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-372.32.1.rt7.189.el8_6", "packageFilename": "kernel-rt-debug-modules-4.18.0-372.32.1.rt7.189.el8_6.x86_64.rpm", "operator": "lt", "packageName": "kernel-rt-debug-modules"}, {"OS": "almalinux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-372.32.1.rt7.189.el8_6", "packageFilename": "kernel-rt-debug-devel-4.18.0-372.32.1.rt7.189.el8_6.x86_64.rpm", "operator": "lt", "packageName": "kernel-rt-debug-devel"}, {"OS": "almalinux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-372.32.1.rt7.189.el8_6", "packageFilename": "kernel-rt-kvm-4.18.0-372.32.1.rt7.189.el8_6.x86_64.rpm", "operator": "lt", "packageName": "kernel-rt-kvm"}, {"OS": "almalinux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-372.32.1.rt7.189.el8_6", "packageFilename": "kernel-rt-debug-4.18.0-372.32.1.rt7.189.el8_6.x86_64.rpm", "operator": "lt", "packageName": "kernel-rt-debug"}, {"OS": "almalinux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-372.32.1.rt7.189.el8_6", "packageFilename": "kernel-rt-devel-4.18.0-372.32.1.rt7.189.el8_6.x86_64.rpm", "operator": "lt", "packageName": "kernel-rt-devel"}, {"OS": "almalinux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-372.32.1.rt7.189.el8_6", "packageFilename": "kernel-rt-debug-core-4.18.0-372.32.1.rt7.189.el8_6.x86_64.rpm", "operator": "lt", "packageName": "kernel-rt-debug-core"}, {"OS": "almalinux", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.18.0-372.32.1.rt7.189.el8_6", "packageFilename": "kernel-rt-core-4.18.0-372.32.1.rt7.189.el8_6.x86_64.rpm", "operator": "lt", "packageName": "kernel-rt-core"}]}

{"oraclelinux": [{"lastseen": "2022-10-26T15:28:41", "description": "[4.18.0-372.32.1.0.1_6.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\n- debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499}\n[4.18.0-372.32.1_6]\n- net: atlantic: remove aq_nic_deinit() when resume (Inigo Huguet) [2131936 2130839]\n- net: atlantic: remove deep parameter on suspend/resume functions (Inigo Huguet) [2131936 2130839]\n- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2129923 2123508]\n- drm/nouveau: recognise GA103 (Karol Herbst) [2127122 1923125]\n- net: fix a memleak when uncloning an skb dst and its metadata (Hangbin Liu) [2131255 2068355]\n- net: do not keep the dst cache when uncloning an skb dst and its metadata (Hangbin Liu) [2131255 2068355]\n- intel_idle: Fix false positive RCU splats due to incorrect hardirqs state (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/spec_ctrl: Enable RHEL only ibrs_always & retpoline,ibrs_user spectre_v2 options (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- efi/x86: use naked RET on mixed mode call wrapper (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Remove apostrophe typo (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Mark retbleed_strings static (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Disable RRSBA behavior (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kexec: Disable RET on kexec (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- redhat/configs: Add new mitigation configs for RetBleed CVEs (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retbleed: Add fine grained Kconfig knobs (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/amd: Enumerate BTC_NO (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/common: Stamp out the stepping madness (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Prevent RSB underflow before vmenter (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Fill RSB on vmexit for IBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Fix IBRS handling after vmexit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Convert launched argument to flags (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Remove x86_spec_ctrl_mask (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/amd: Add Spectral Chicken (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Do IBPB fallback check only once (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Add retbleed=ibpb (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Update Retpoline validation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- intel_idle: Disable IBRS during long idle (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Report Intel retbleed vulnerability (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Add kernel IBRS implementation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Enable STIBP for JMP2RET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Add AMD retbleed= boot parameter (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Report AMD retbleed vulnerability (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Add magic AMD return-thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Use return-thunk in asm code (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/sev: Avoid using __x86_return_thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kvm: Fix SETcc emulation for return thunks (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bpf: Use alternative RET encoding (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use alternative RET encoding (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86,objtool: Create .return_sites (Josh Poimboeuf) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Undo return-thunk damage (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retpoline: Use -mfunction-return (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retpoline: Swizzle retpoline thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retpoline: Cleanup some #ifdefery (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpufeatures: Move RETPOLINE flags to word 11 (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kvm/vmx: Make noinstr clean (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- arch/x86/boot/compressed: Add -D__DISABLE_EXPORTS to kbuild flags (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: (Ab)use __DISABLE_EXPORTS to disable RETHUNK in real mode (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Remove skip_r11rcx (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation/srbds: Do not try to turn mitigation off when not supported (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/module: Fix the paravirt vs alternative order (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Add straight-line-speculation mitigation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Prepare inline-asm for straight-line-speculation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Prepare asm files for straight-line-speculation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Move RETPOLINE*_CFLAGS to arch Makefile (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- Makefile: remove stale cc-option checks (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tools headers: Remove broken definition of __LITTLE_ENDIAN (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf bench mem memcpy' (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Add insn_decode_kernel() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tools/insn: Restore the relative include paths for cross building (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Use insn_decode() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/insn: Add an insn_decode() API (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/insn: Rename insn_decode() to insn_decode_from_regs() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Add new features for paravirt patching (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Support not-feature (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Merge include files (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Fix error handling for STD/CLD warnings (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Teach text_poke_bp() to emulate RET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Have ftrace trampolines turn read-only at the end of system boot up (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Add support for intra-function calls (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Rework allocating stack_ops on decode (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Better handle IRET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Support multiple stack_op per instruction (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Make BP scratch register warning more robust (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kexec: Make relocate_kernel_64.S objtool clean (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Introduce validate_return() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- Makefile: disallow data races on gcc-10 as well (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Improve call destination function detection (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Implement a better poke_int3_handler() completion scheme (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- lib/: fix Kconfig indentation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Use INT3_INSN_SIZE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kprobes: Fix ordering while text-patching (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kprobes: Convert to text-patching.h (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Shrink text_poke_loc (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Remove text_poke_loc::len (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use text_gen_insn() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Add text_opcode_size() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use text_poke() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use vmalloc special flag (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Explicitly include vmalloc.h for set_vm_flush_reset_perms() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Add and use text_gen_insn() helper (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives, jump_label: Provide better text_poke() batching interface (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/asm: Annotate relocate_kernel_{32,64}.c (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: kprobes: Prohibit probing on instruction which has emulate prefix (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Correct misc typos (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation/mds: Apply more accurate check on hypervisor platform (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Convert insn type to enum (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Track original function across branches (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Make enable parameter bool where applicable (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Fix function fallthrough detection (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Detect over-sized patching bugs in paravirt_patch_call() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/amd: Exclude 32bit only assembler from 64bit build (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/asm: Mark all top level asm statements as .text (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/bugs: Use __initconst for 'const' init data (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Add Direction Flag validation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Rewrite add_ignores() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/nospec, objtool: Introduce ANNOTATE_IGNORE_ALTERNATIVE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- kbuild: Disable extra debugging info in .s output (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/CPU/AMD: Set the CPB bit unconditionally on F17h (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Print containing function (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Do not call function graph from dynamic trampolines (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- ftrace: Create new ftrace_internal.h header (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- kprobes/x86: Fix instruction patching corruption when copying more than one RIP-relative instruction (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tracing/Makefile: Fix handling redefinition of CC_FLAGS_FTRACE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Remove unused paravirt bits (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Remove clobbers parameter from paravirt patch functions (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Make paravirt_patch_call() and paravirt_patch_jmp() static (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- ftrace: Remove unused pointer ftrace_swapper_pid (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/spec_ctrl: Temporarily remove RHEL specific IBRS code (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- intel_idle: enable interrupts before C1 on Xeons (Steve Best) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (Vitaly Kuznetsov) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- atlantic: Fix issue in the pm resume flow. (Igor Russkikh) [2127845 2002395]\n- atlantic: Fix driver resume flow. (Igor Russkikh) [2127845 2002395]\n- net: atlantic: always deep reset on pm op, fixing up my null deref regression (Foggy Liu) [2124966 2039680]\n- net: atlantic: invert deep par in pm functions, preventing null derefs (Foggy Liu) [2124966 2039680]\n[4.18.0-372.31.1_6]\n- ice: Allow operation with reduced device MSI-X (Petr Oros) [2126482 2102844]\n- redhat: kernel depends on new linux-firmware (John Meneghini) [2120613 2044843]\n- scsi: qedi: Use QEDI_MODE_NORMAL for error handling (John Meneghini) [2119847 2101760]\n- qede: Reduce verbosity of ptp tx timestamp (John Meneghini) [2125477 2080655]\n- qede: confirm skb is allocated before using (John Meneghini) [2120611 2040267]\n- qed: fix ethtool register dump (John Meneghini) [2120611 2040267]\n- scsi: qedf: Stop using the SCSI pointer (John Meneghini) [2120613 2044843]\n- scsi: qedf: Change context reset messages to ratelimited (John Meneghini) [2120613 2044843]\n- scsi: qedf: Fix refcount issue when LOGO is received during TMF (John Meneghini) [2120613 2044843]\n- scsi: qedf: Add stag_work to all the vports (John Meneghini) [2120613 2044843]\n- scsi: qedf: Fix potential dereference of NULL pointer (John Meneghini) [2120613 2044843]\n- scsi: qedi: Remove redundant flush_workqueue() calls (John Meneghini) [2120612 2044837]\n- scsi: qedi: Fix SYSFS_FLAG_FW_SEL_BOOT formatting (John Meneghini) [2120612 2044837]\n- qed: remove unnecessary memset in qed_init_fw_funcs (John Meneghini) [2120611 2040267]\n- qed: return status of qed_iov_get_link (John Meneghini) [2120611 2040267]\n- net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (John Meneghini) [2120611 2040267]\n- qed: validate and restrict untrusted VFs vlan promisc mode (John Meneghini) [2120611 2040267]\n- qed: display VF trust config (John Meneghini) [2120611 2040267]\n- qed: prevent a fw assert during device shutdown (John Meneghini) [2120611 2040267]\n- qed: use msleep() in qed_mcp_cmd() and add qed_mcp_cmd_nosleep() for udelay. (John Meneghini) [2120611 2040267]\n- qed: Use dma_set_mask_and_coherent() and simplify code (John Meneghini) [2120611 2040267]\n- qed*: esl priv flag support through ethtool (John Meneghini) [2120611 2040267]\n- qed*: enhance tx timeout debug info (John Meneghini) [2120611 2040267]\n- qede: validate non LSO skb length (John Meneghini) [2120611 2040267]\n- qed: Enhance rammod debug prints to provide pretty details (John Meneghini) [2120611 2040267]\n- net: qed: fix the array may be out of bound (John Meneghini) [2120611 2040267]\n- qed: Use the bitmap API to simplify some functions (John Meneghini) [2120611 2040267]\n- RDMA/qed: Use helper function to set GUIDs (John Meneghini) [2120611 2040267]\n- net: qed_dev: fix check of true !rc expression (John Meneghini) [2120611 2040267]\n- net: qed_ptp: fix check of true !rc expression (John Meneghini) [2120611 2040267]\n- RDMA/qedr: Remove unsupported qedr_resize_cq callback (John Meneghini) [2120611 2040267]\n- qed: Change the TCP common variable - 'iscsi_ooo' (John Meneghini) [2120611 2040267]\n- qed: Optimize the ll2 ooo flow (John Meneghini) [2120611 2040267]\n- net: qed_debug: fix check of false (grc_param < 0) expression (John Meneghini) [2120611 2040267]\n- qed: Fix missing error code in qed_slowpath_start() (John Meneghini) [2120611 2040267]\n- qed: Fix compilation for CONFIG_QED_SRIOV undefined scenario (John Meneghini) [2120611 2040267]\n- qed: Initialize debug string array (John Meneghini) [2120611 2040267]\n- qed: Fix spelling mistake 'ctx_bsaed' -> 'ctx_based' (John Meneghini) [2120611 2040267]\n- qed: fix ll2 establishment during load of RDMA driver (John Meneghini) [2120611 2040267]\n- qed: Update the TCP active termination 2 MSL timer ('TIME_WAIT') (John Meneghini) [2120611 2040267]\n- qed: Update TCP silly-window-syndrome timeout for iwarp, scsi (John Meneghini) [2120611 2040267]\n- qed: Update debug related changes (John Meneghini) [2120611 2040267]\n- qed: Add '_GTT' suffix to the IRO RAM macros (John Meneghini) [2120611 2040267]\n- qed: Update FW init functions to support FW 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Use enum as per FW 8.59.1.0 in qed_iro_hsi.h (John Meneghini) [2120611 2040267]\n- qed: Update qed_hsi.h for fw 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Update qed_mfw_hsi.h for FW ver 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Update common_hsi for FW ver 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Split huge qed_hsi.h header file (John Meneghini) [2120611 2040267]\n- qed: Remove e4_ and _e4 from FW HSI (John Meneghini) [2120611 2040267]\n- qed: Fix kernel-doc warnings (John Meneghini) [2120611 2040267]\n- qed: Don't ignore devlink allocation failures (John Meneghini) [2120611 2040267]\n- qed: Improve the stack space of filter_config() (John Meneghini) [2120611 2040267]\n- RDMA/qedr: Move variables reset to qedr_set_common_qp_params() (John Meneghini) [2120611 2040267]\n- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (John Meneghini) [2119122 2051524]\n[4.18.0-372.30.1_6]\n- af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Xin Long) [2107611 2075181] {CVE-2022-1353}\n- SUNRPC: avoid race between mod_timer() and del_timer_sync() (Benjamin Coddington) [2126184 2104507]\n- powerpc/fadump: print start of preserved area (Diego Domingos) [2107488 2075092]\n- powerpc/fadump: align destination address to pagesize (Diego Domingos) [2107488 2075092]\n- powerpc/fadump: fix PT_LOAD segment for boot memory area (Diego Domingos) [2107488 2075092]\n- drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (Michel Danzer) [2091065 2066918]\n- drm/amd: Use amdgpu_device_should_use_aspm on navi umd pstate switching (Michel Danzer) [2091065 2066918]\n- drm/amd: Refactor amdgpu_aspm to be evaluated per device (Michel Danzer) [2091065 2066918]\n- drm/amd: Check if ASPM is enabled from PCIe subsystem (Michel Danzer) [2091065 2066918]\n[4.18.0-372.29.1_6]\n- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Ewan D. Milne) [2107627 2049198] {CVE-2022-0494}\n- cpufreq: Specify default governor on command line (Prarit Bhargava) [2109996 2083766]\n- cpufreq: Fix locking issues with governors (Prarit Bhargava) [2109996 2083766]\n- cpufreq: Register governors at core_initcall (Prarit Bhargava) [2109996 2083766]\n- net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2121817 2116328] {CVE-2022-2588}\n[4.18.0-372.28.1_6]\n- powerpc/smp: Update cpu_core_map on all PowerPc systems (Diego Domingos) [2112820 2064104]\n- iavf: Fix reset error handling (Petr Oros) [2120225 2119759]\n- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2120225 2119759]\n- iavf: Fix adminq error handling (Petr Oros) [2120225 2119759]\n- iavf: Fix missing state logs (Petr Oros) [2120225 2119759]\n- scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (Tomas Henzl) [2111140 2106413]\n- s390/qeth: cache link_info for ethtool (Michal Schmidt) [2120197 2117098]\n- nvme: fix RCU hole that allowed for endless looping in multipath round robin (Gopal Tiwari) [2106017 2078806]\n- nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (Gopal Tiwari) [2106017 2078806]\n- nvme: fix use after free when disconnecting a reconnecting ctrl (Gopal Tiwari) [2106017 2078806]\n- nvme: only call synchronize_srcu when clearing current path (Gopal Tiwari) [2106017 2078806]\n- nvme-multipath: revalidate paths during rescan (Gopal Tiwari) [2106017 2078806]\n- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (Dick Kennedy) [2112103 2034425]\n[4.18.0-372.27.1_6]\n- [s390] s390/pci: add s390_iommu_aperture kernel parameter (Claudio Imbrenda) [2081324 2039181]\n- ipv6: take care of disable_policy when restoring routes (Andrea Claudi) [2109971 2103894]\n- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Eelco Chaudron) [2106703 2101537]\n- scsi: ch: Make it possible to open a ch device multiple times again (Ewan D. Milne) [2115965 2108649]\n- scsi: smartpqi: Fix DMA direction for RAID requests (Don Brace) [2112354 2101548]\n- iommu/vt-d: Calculate mask for non-aligned flushes (Jerry Snitselaar) [2111692 2072179]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-26T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-10-26T00:00:00", "id": "ELSA-2022-7110", "href": "http://linux.oracle.com/errata/ELSA-2022-7110.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-11-03T16:36:33", "description": "[3.10.0-1160.80.1.0.1.OL7]\n- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}\n[3.10.0-1160.80.1.OL7]\n- Update Oracle Linux certificates (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9\n- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)\n[3.10.0-1160.80.1]\n- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (Dick Kennedy) [1969988]\n- scsi: lpfc: Fix illegal memory access on Abort IOCBs (Dick Kennedy) [1969988]\n- NFS: Fix extra call to dput() in nfs_prime_dcache (Benjamin Coddington) [2117856]\n[3.10.0-1160.79.1]\n- x86/speculation: Add LFENCE to RSB fill sequence (Rafael Aquini) [2115073] {CVE-2022-26373}\n- x86/speculation: Protect against userspace-userspace spectreRSB (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/speculation: cope with spectre_v2=retpoline cmdline on retbleed-affected Intel CPUs (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/speculation: Disable RRSBA behavior (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kexec: Disable RET on kexec (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpu/amd: Enumerate BTC_NO (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/common: Stamp out the stepping madness (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpu/amd: Add Spectral Chicken (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Do IBPB fallback check only once (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Add retbleed=ibpb (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Report Intel retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Enable STIBP for JMP2RET (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Add AMD retbleed= boot parameter (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Report AMD retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Add magic AMD return-thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Use return-thunk in asm code (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/sev: Avoid using __x86_return_thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: Fix SETcc emulation for return thunks (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86,objtool: Create .return_sites (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Undo return-thunk damage (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/retpoline: Use -mfunction-return (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Move RETPOLINE flags to word 11 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- objtool: Add ELF writing capability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Prepare asm files for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Prepare inline-asm for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: Fix fastop function ELF metadata (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: Move kvm_fastop_exception to .fixup section (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/vdso: Fix vDSO build if a retpoline is emitted (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Carve out CQM features retrieval (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Re-tabulate the X86_FEATURE definitions (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeature: Move processor tracing out of scattered features (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/alternatives: Cleanup DPRINTK macro (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n[3.10.0-1160.78.1]\n- net_sched: cls_route: remove from list when handle is 0 (Davide Caratti) [2121809] {CVE-2022-2588}\n[3.10.0-1160.77.1]\n- net/mlx5: Add Fast teardown support (Jay Shin) [2077711]\n- net/mlx5: Free IRQs in shutdown path (Jay Shin) [2077711]\n- net/mlx5: Change teardown with force mode failure message to warning (Jay Shin) [2077711]\n- net/mlx5: Cancel health poll before sending panic teardown command (Jay Shin) [2077711]\n- net/mlx5: Add fast unload support in shutdown flow (Jay Shin) [2077711]\n- net/mlx5: Expose command polling interface (Jay Shin) [2077711]\n- posix-timers: Remove remaining uses of tasklist_lock (Oleg Nesterov) [2115147]\n- posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (Oleg Nesterov) [2115147]\n- posix-cpu-timers: remove tasklist_lock in posix_cpu_clock_get() (Oleg Nesterov) [2115147]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-11-03T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-11-03T00:00:00", "id": "ELSA-2022-7337", "href": "http://linux.oracle.com/errata/ELSA-2022-7337.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-15T18:31:24", "description": "[5.4.17-2136.310.7]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588}\n- x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: remove incorrect __init/__ro_after_init annotations (Ankur Arora) [Orabug: 34455621]\n[5.4.17-2136.310.6]\n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- Revert 'hwmon: Make chip parameter for with_info API mandatory' (Greg Kroah-Hartman) [Orabug: 34423806] \n- ext4: make variable 'count' signed (Ding Xiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf)\n[5.4.17-2136.310.5]\n- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Paolo Bonzini) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Disable RRSBA behavior (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/exec: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/VMX: Use TEST %REG,%REG instead of CMP /u03/ksharma/errata_processing/work/el7uek6/db_7uek6.ELSA-2022-9709,%REG in vmenter.S (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kbuild/objtool: Add objtool-vmlinux.o pass (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add retbleed=ibpb (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/xen: Rename SYS* entry points (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Update Retpoline validation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- intel_idle: Disable IBRS during long idle (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Add kernel IBRS implementation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report AMD retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add magic AMD return-thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vmlinux: Use INT3 instead of NOP for linker fill bytes (Kees Cook) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/realmode: build with __DISABLE_EXPORTS (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Use return-thunk in asm code (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bpf: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/ftrace: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86,objtool: Create .return_sites (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/mm: elide references to .discard.* from .return_sites (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Undo return-thunk damage (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Use -mfunction-return (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/alternative: Support not-feature (Juergen Gross) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/features: Move RETPOLINE flags to word 11 (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Classify symbols (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Create reloc sections implicitly (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add elf_create_reloc() helper (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rework the elf_rebuild_reloc_section() logic (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Handle per arch retpoline naming (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Correctly handle retpoline thunk calls (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Support retpoline jump detection for vmlinux.o (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add 'alt_group' struct (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Clean up elf_write() condition (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add support for relocations without addends (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename rela to reloc (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: optimize add_dead_ends for split sections (Sami Tolvanen) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Move the IRET hack into the arch decoder (Miroslav Benes) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename elf_read() to elf_open_read() (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Constify 'struct elf *' parameters (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize !vmlinux.o again (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Better handle IRET (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/unwind_hints: define unwind_hint_save, unwind_hint_restore (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add abstraction for destination offsets (Raphael Gault) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix off-by-one in symbol_by_offset() (Julien Thierry) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_rela_by_dest_range() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize read_sections() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename find_containing_func() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_*() and read_symbols() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add a statistics mode (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn_all() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Introduce validate_return() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Improve call destination function detection (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix clang switch table edge case (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add relocation check for alternative sections (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add is_static_jump() helper (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n[5.4.17-2136.310.4]\n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34400675] {CVE-2022-21505}\n- bnxt_en: Use page frag RX buffers for better software GRO performance (Jakub Kicinski) [Orabug: 34083551] \n- bnxt_en: enable interrupt sampling on 5750X for DIM (Andy Gospodarek) [Orabug: 34083551] \n- bnxt_en: Add event handler for PAUSE Storm event (Somnath Kotur) [Orabug: 34083551] \n- bnxt_en: reject indirect blk offload when hw-tc-offload is off (Sriharsha Basavapatna) [Orabug: 34083551] \n- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (Edwin Peer) [Orabug: 34083551] \n- bnxt_en: Fix error recovery regression (Michael Chan) [Orabug: 34083551] \n- bnxt_en: Fix possible unintended driver initiated error recovery (Michael Chan) [Orabug: 34083551] \n- bnxt: count discards due to memory allocation errors (Jakub Kicinski) [Orabug: 34083551] \n- bnxt: count packets discarded because of netpoll (Jakub Kicinski) [Orabug: 34083551] \n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364337] \n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364337] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371884]\n[5.4.17-2136.310.3]\n- RDS/IB: Fix RDS IB SRQ implementation and tune it (Hans Westgaard Ry) [Orabug: 31899472] \n- RDS/IB: Introduce bit_flag routines with memory-barrier for bit flags (Hans Westgaard Ry) [Orabug: 31899472] \n- xfs: don't fail unwritten extent conversion on writeback due to edquot (Darrick J. Wong) [Orabug: 33786167] \n- mm/page_alloc: reuse tail struct pages for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: improve memory savings for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: refactor core of vmemmap_populate_basepages() to helper (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: add a pgmap argument to section activation (Joao Martins) [Orabug: 34314763] \n- memory-failure: fetch compound_head after pgmap_pfn_valid() (Joao Martins) [Orabug: 34314763] \n- device-dax: compound devmap support (Joao Martins) [Orabug: 34314763] \n- device-dax: factor out page mapping initialization (Joao Martins) [Orabug: 34314763] \n- device-dax: ensure dev_dax->pgmap is valid for dynamic devices (Joao Martins) [Orabug: 34314763] \n- device-dax: use struct_size() (Joao Martins) [Orabug: 34314763] \n- device-dax: use ALIGN() for determining pgoff (Joao Martins) [Orabug: 34314763] \n- mm/memremap: add ZONE_DEVICE support for compound pages (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: refactor memmap_init_zone_device() page init (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: split prep_compound_page into head and tail subparts (Joao Martins) [Orabug: 34314763] \n- RDMA/umem: batch page unpin in __ib_umem_release() (Joao Martins) [Orabug: 34314763] \n- mm/gup: add a range variant of unpin_user_pages_dirty_lock() (Joao Martins) [Orabug: 34314763] \n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323859] {CVE-2022-2153}\n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 34330922] \n- x86/boot/compressed/64: Disable 5-level page tables on AMD (Boris Ostrovsky) [Orabug: 34366382]\n[5.4.17-2136.310.2]\n- LTS tag: v5.4.199 (Sherry Yang) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- LTS tag: v5.4.198 (Sherry Yang) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- mmc: block: Fix CQE recovery reset success (Adrian Hunter) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- scripts/gdb: change kernel config dumping method (Kuan-Ying Lee) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- cifs: version operations for smb20 unneeded when legacy support disabled (Steve French) \n- s390/gmap: voluntarily schedule during key setting (Christian Borntraeger) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- x86/cpu: Elide KCSAN for cpu_has() and friends (Peter Zijlstra) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- ceph: allow ceph.dir.rctime xattr to be updatable (Venky Shankar) \n- Revert 'net: af_key: add check for pfkey_broadcast in function pfkey_process' (Michal Kubecek) \n- scsi: myrb: Fix up null pointer access on myrb_cleanup() (Hannes Reinecke) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- watchdog: wdat_wdt: Stop watchdog when rebooting the system (Liu Xinpeng) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- staging: rtl8712: fix uninit-value in usb_read8() and friends (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: don't reset gadget's driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of 'out of frame' object (Kees Cook) \n- iio: st_sensors: Add a local lock for protecting odr (Miquel Raynal) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- ip_gre: test csum_start instead of transport header (Willem de Bruijn) \n- net/mlx5: fs, fail conflicting actions (Mark Bloch) \n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (Miaoqian Lin) \n- bpf, arm64: Clear prog->jited_len along prog->jited (Eric Dumazet) \n- af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- netfilter: nf_tables: memleak flow rule from commit path (Pablo Neira Ayuso) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- netfilter: nat: really support inet nat without l3 address (Florian Westphal) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- NFSv4: Don't hold the layoutget locks across multiple RPC calls (Trond Myklebust) \n- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (Radhey Shyam Pandey) \n- m68knommu: fix undefined reference to _init_sp' (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (Dongliang Mu) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tipc: check attribute length for bearer name (Hoang Le) \n- afs: Fix infinite loop found by xfstest generic/676 (David Howells) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- net: sched: add barrier to fix packet stuck problem for lockless qdisc (Guoju Fang) \n- net/mlx5e: Update netdev features after changing XDP state (Maxim Mikityanskiy) \n- net/mlx5: Don't use already freed action pointer (Leon Romanovsky) \n- nfp: only report pause frame configuration for physical device (Yu Xiao) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (Vincent Ray) \n- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (Jann Horn) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (Shengjiu Wang) \n- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (Miaoqian Lin) \n- driver core: fix deadlock in __device_attach (Zhang Wensheng) \n- driver: base: fix UAF when driver_attach failed (Schspa Shi) \n- bus: ti-sysc: Fix warnings for unbind for serial (Tony Lindgren) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: stm32-usart: Correct CSIZE, bits, and parity (Ilpo Jarvinen) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sifive: Sanitize CSIZE and c_iflag (Ilpo Jarvinen) \n- serial: sh-sci: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: rda-uart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- MIPS: IP27: Remove incorrect cpu_has_fpu' override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- Kconfig: add config option for asm goto w/ outputs (Nick Desaulniers) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: don't overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: don't need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Don't report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- PCI: imx6: Fix PERST# start-up sequence (Francesco Dolcini) \n- ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (Waiman Long) \n- proc: fix dentry/inode overinstantiating under /proc//net (Alexey Dobriyan) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export 'cpm_setbrg' for modules (Randy Dunlap) \n- dax: fix cache flush on PMD-mapped pages (Muchun Song) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- nvdimm: Allow overwrite in the presence of disabled dimms (Dan Williams) \n- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (Cristian Marussi) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- powerpc/fadump: fix PT_LOAD segment for boot memory area (Hari Bathini) \n- arm: mediatek: select arch timer for mt7629 (Chuanhong Guo) \n- crypto: marvell/cesa - ECB does not IV (Corentin Labbe) \n- misc: ocxl: fix possible double free in ocxl_file_register_afu (Hangyu Hua) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (Phil Elwell) \n- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (Phil Elwell) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- can: xilinx_can: mark bit timing constants as const (Marc Kleine-Budde) \n- KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (Sean Christopherson) \n- PCI: rockchip: Fix find_first_zero_bit() limit (Dan Carpenter) \n- PCI: cadence: Fix find_first_zero_bit() limit (Dan Carpenter) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- ARM: dts: suniv: F1C100: fix watchdog compatible (Andre Przywara) \n- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (Shawn Lin) \n- net/smc: postpone sk_refcnt increment in connect() (liuyacan) \n- rxrpc: Fix decision on when to generate an IDLE ACK (David Howells) \n- rxrpc: Don't let ack.previousPacket regress (David Howells) \n- rxrpc: Fix overlapping ACK accounting (David Howells) \n- rxrpc: Don't try to resend the request if we're receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (Duoming Zhou) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (Zheng Yongjun) \n- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (Hangyu Hua) \n- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (Miaoqian Lin) \n- ext4: reject the 'commit' option on ext2 filesystems (Eric Biggers) \n- media: ov7670: remove ov7670_power_off from ov7670_remove (Dongliang Mu) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: vsp1: Fix offset calculation for plane cropping (Michael Rodin) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- media: aspeed: Fix an error handling path in aspeed_video_probe() (Christophe JAILLET) \n- scripts/faddr2line: Fix overlapping text section failures (Josh Poimboeuf) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (Miaoqian Lin) \n- perf/amd/ibs: Use interrupt regs ip for stack unwinding (Ravi Bangoria) \n- Revert 'cpufreq: Fix possible race in cpufreq online error path' (Viresh Kumar) \n- iomap: iomap_write_failed fix (Andreas Gruenbacher) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (Jessica Zhang) \n- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (Jessica Zhang) \n- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (Zev Weiss) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (Daniel Thompson) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- virtio_blk: fix the discard_granularity and discard_alignment queue limits (Christoph Hellwig) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (Vinod Polimera) \n- perf tools: Add missing headers needed by util/data.h (Yang Jihong) \n- ASoC: rk3328: fix disabling mclk on pclk probe failure (Nicolas Frattaroli) \n- x86/speculation: Add missing prototype for unpriv_ebpf_notify() (Josh Poimboeuf) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- scsi: ufs: core: Exclude UECxx from SFR dump list (Kiwoong Kim) \n- of: overlay: do not break notify on NOTIFY_{OK|STOP} (Nuno Sa) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- cpufreq: Fix possible race in cpufreq online error path (Schspa Shi) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (Chengming Zhou) \n- drm/bridge: Fix error handling in analogix_dp_probe (Miaoqian Lin) \n- HID: elan: Fix potential double free in elan_input_configured (Miaoqian Lin) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- drbd: fix duplicate array initializer (Arnd Bergmann) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm: mali-dp: potential dereference of null pointer (Jiasheng Jiang) \n- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (Zhou Qingyang) \n- nl80211: show SSID for P2P_GO interfaces (Johannes Berg) \n- bpf: Fix excessive memory allocation in stack_map_alloc() (Yuntao Wang) \n- drm/vc4: txp: Force alpha to be 0xff if it's disabled (Maxime Ripard) \n- drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (Maxime Ripard) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- drm/bridge: adv7511: clean up CEC adapter when probe fails (Lucas Stach) \n- drm/edid: fix invalid EDID extension block filtering (Jani Nikula) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Linus Torvalds) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (Peng Wu) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/powernv: fix missing of_node_put in uv_init() (Lv Ruyi) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- powerpc/fadump: Fix fadump to work with a different endian capture kernel (Hari Bathini) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- PM / devfreq: rk3399_dmc: Disable edev on remove() (Brian Norris) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- IB/rdmavt: add missing locks in rvt_ruc_loopback (Niels Dossche) \n- selftests/bpf: fix btf_dump/btf_dump due to recent clang change (Yonghong Song) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- hwmon: Make chip parameter for with_info API mandatory (Guenter Roeck) \n- ASoC: max98357a: remove dependency on GPIOLIB (Pierre-Louis Bossart) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- nbd: Fix hung on disconnect request if socket is closed before (Xie Yongji) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- media: cec-adap.c: fix is_configuring state (Hans Verkuil) \n- media: coda: limit frame interval enumeration to supported encoder frame sizes (Philipp Zabel) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi: Fix pr_fmt to avoid compilation issues (Corey Minyard) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (Mario Limonciello) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (Patrice Chotard) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (Charles Keepax) \n- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (Dongliang Mu) \n- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (Alice Wong) \n- mlxsw: spectrum_dcb: Do not warn about priority changes (Petr Machata) \n- ASoC: dapm: Don't fold register value changes into notifications (Mark Brown) \n- net/mlx5: fs, delete the FTE when there are no rules attached to it (Mark Bloch) \n- ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm: msm: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (Alexandru Elisei) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- drm/plane: Move range check for format_count earlier (Steven Price) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- mmc: jz4740: Apply DMA engine limits to maximum segment size (Aidan MacDonald) \n- md/bitmap: don't set sb values if can't pass sanity check (Heming Zhao) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VAReNE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- tools/power turbostat: fix ICX DRAM power numbers (Len Brown) \n- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (Biju Das) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Siawinski) \n- drm/komeda: return early if drm_universal_plane_init() fails. (Liviu Dudau) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- fbcon: Consistently protect deferred_takeover with console_lock() (Daniel Vetter) \n- ipv6: fix locking issues with loops over idev->addr_list (Niels Dossche) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add '0x' prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (Eric W. Biederman) \n- perf/x86/intel: Fix event constraints for ICL (Kan Liang) \n- usb: core: hcd: Add support for deferring roothub registration (Kishon Vijay Abraham I) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (Marios Levogiannis) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- LTS tag: v5.4.197 (Sherry Yang) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- NFS: Memory allocation failures are not server fatal errors (Trond Myklebust) \n- docs: submitting-patches: Fix crossref to 'The canonical patch format' (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- tpm: Fix buffer access in tpm2_get_tpm_pt() (Stefan Mahnke-Hartmann) \n- HID: multitouch: Add support for Google Whiskers Touchpad (Marek Maslanka) \n- raid5: introduce MD_BROKEN (Mariusz Tkaczyk) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- crypto: ecrdsa - Fix incorrect use of vli_cmp (Vitaly Chikunov) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- cfg80211: set custom regdomain after wiphy registration (Miri Korenblit) \n- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (Mika Westerberg) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- pinctrl: sunxi: fix f1c100s uart2 function (IotaHydrae) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- media: vim2m: initialize the media device earlier (Hans Verkuil) \n- media: vim2m: Register video device after setting up internals (Sakari Ailus) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- Input: goodix - fix spurious key release events (Dmitry Mastykin) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner)\n[5.4.17-2136.310.1]\n- intel_idle: Fix max_cstate for processor models without C-state tables (Chen Yu) [Orabug: 34081688] \n- intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add 'preferred_cstates' module argument (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: Adjust the SKX C6 parameters if PC6 is disabled (Chen Yu) [Orabug: 34081688] \n- intel_idle: Clean up kerneldoc comments for multiple functions (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add __initdata annotations to init time variables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Relocate definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Simplify LAPIC timer reliability checks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'states_off' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'use_acpi' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up irtl_2_usec() (Rafael J. Wysocki) [Orabug: 34081688] \n- Documentation: admin-guide: PM: Add intel_idle document (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move 3 functions closer to their callers (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Annotate initialization code and data structures (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move and clean up intel_idle_cpuidle_devices_uninit() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Rearrange intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Fold intel_idle_probe() into intel_idle_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Eliminate __setup_broadcast_timer() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add module parameter to prevent ACPI _CST from being used (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Allow ACPI _CST to be used for selected known processors (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Allow idle states to be disabled by default (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Refactor intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Drop disabled field from struct cpuidle_state (Thomas Tai) [Orabug: 34081688] \n- cpuidle: Consolidate disabled state checks (Rafael J. Wysocki) [Orabug: 34081688] \n- Revert 'intel_idle: Use ACPI _CST for processor models without C-state tables' (Thomas Tai) [Orabug: 34081688]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-08-15T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21505", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-2588", "CVE-2022-29901"], "modified": "2022-08-15T00:00:00", "id": "ELSA-2022-9709", "href": "http://linux.oracle.com/errata/ELSA-2022-9709.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-15T18:31:19", "description": "r[ 5.4.17-2136.310.7]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588}\n- x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: remove incorrect __init/__ro_after_init annotations (Ankur Arora) [Orabug: 34455621]\n[5.4.17-2136.310.6]\n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- Revert 'hwmon: Make chip parameter for with_info API mandatory' (Greg Kroah-Hartman) [Orabug: 34423806] \n- ext4: make variable 'count' signed (Ding Xiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf)\n[5.4.17-2136.310.5]\n- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Paolo Bonzini) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Disable RRSBA behavior (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/exec: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/VMX: Use TEST %REG,%REG instead of CMP /u03/ksharma/errata_processing/work/el7uek6/db_7uek6.ELSA-2022-9710,%REG in vmenter.S (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kbuild/objtool: Add objtool-vmlinux.o pass (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add retbleed=ibpb (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/xen: Rename SYS* entry points (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Update Retpoline validation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- intel_idle: Disable IBRS during long idle (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Add kernel IBRS implementation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report AMD retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add magic AMD return-thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vmlinux: Use INT3 instead of NOP for linker fill bytes (Kees Cook) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/realmode: build with __DISABLE_EXPORTS (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Use return-thunk in asm code (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bpf: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/ftrace: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86,objtool: Create .return_sites (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/mm: elide references to .discard.* from .return_sites (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Undo return-thunk damage (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Use -mfunction-return (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/alternative: Support not-feature (Juergen Gross) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/features: Move RETPOLINE flags to word 11 (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Classify symbols (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Create reloc sections implicitly (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add elf_create_reloc() helper (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rework the elf_rebuild_reloc_section() logic (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Handle per arch retpoline naming (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Correctly handle retpoline thunk calls (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Support retpoline jump detection for vmlinux.o (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add 'alt_group' struct (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Clean up elf_write() condition (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add support for relocations without addends (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename rela to reloc (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: optimize add_dead_ends for split sections (Sami Tolvanen) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Move the IRET hack into the arch decoder (Miroslav Benes) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename elf_read() to elf_open_read() (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Constify 'struct elf *' parameters (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize !vmlinux.o again (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Better handle IRET (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/unwind_hints: define unwind_hint_save, unwind_hint_restore (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add abstraction for destination offsets (Raphael Gault) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix off-by-one in symbol_by_offset() (Julien Thierry) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_rela_by_dest_range() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize read_sections() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename find_containing_func() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_*() and read_symbols() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add a statistics mode (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn_all() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Introduce validate_return() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Improve call destination function detection (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix clang switch table edge case (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add relocation check for alternative sections (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add is_static_jump() helper (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n[5.4.17-2136.310.4]\n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34400675] {CVE-2022-21505}\n- bnxt_en: Use page frag RX buffers for better software GRO performance (Jakub Kicinski) [Orabug: 34083551] \n- bnxt_en: enable interrupt sampling on 5750X for DIM (Andy Gospodarek) [Orabug: 34083551] \n- bnxt_en: Add event handler for PAUSE Storm event (Somnath Kotur) [Orabug: 34083551] \n- bnxt_en: reject indirect blk offload when hw-tc-offload is off (Sriharsha Basavapatna) [Orabug: 34083551] \n- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (Edwin Peer) [Orabug: 34083551] \n- bnxt_en: Fix error recovery regression (Michael Chan) [Orabug: 34083551] \n- bnxt_en: Fix possible unintended driver initiated error recovery (Michael Chan) [Orabug: 34083551] \n- bnxt: count discards due to memory allocation errors (Jakub Kicinski) [Orabug: 34083551] \n- bnxt: count packets discarded because of netpoll (Jakub Kicinski) [Orabug: 34083551] \n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364337] \n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364337] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371884]\n[5.4.17-2136.310.3]\n- RDS/IB: Fix RDS IB SRQ implementation and tune it (Hans Westgaard Ry) [Orabug: 31899472] \n- RDS/IB: Introduce bit_flag routines with memory-barrier for bit flags (Hans Westgaard Ry) [Orabug: 31899472] \n- xfs: don't fail unwritten extent conversion on writeback due to edquot (Darrick J. Wong) [Orabug: 33786167] \n- mm/page_alloc: reuse tail struct pages for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: improve memory savings for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: refactor core of vmemmap_populate_basepages() to helper (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: add a pgmap argument to section activation (Joao Martins) [Orabug: 34314763] \n- memory-failure: fetch compound_head after pgmap_pfn_valid() (Joao Martins) [Orabug: 34314763] \n- device-dax: compound devmap support (Joao Martins) [Orabug: 34314763] \n- device-dax: factor out page mapping initialization (Joao Martins) [Orabug: 34314763] \n- device-dax: ensure dev_dax->pgmap is valid for dynamic devices (Joao Martins) [Orabug: 34314763] \n- device-dax: use struct_size() (Joao Martins) [Orabug: 34314763] \n- device-dax: use ALIGN() for determining pgoff (Joao Martins) [Orabug: 34314763] \n- mm/memremap: add ZONE_DEVICE support for compound pages (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: refactor memmap_init_zone_device() page init (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: split prep_compound_page into head and tail subparts (Joao Martins) [Orabug: 34314763] \n- RDMA/umem: batch page unpin in __ib_umem_release() (Joao Martins) [Orabug: 34314763] \n- mm/gup: add a range variant of unpin_user_pages_dirty_lock() (Joao Martins) [Orabug: 34314763] \n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323859] {CVE-2022-2153}\n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 34330922] \n- x86/boot/compressed/64: Disable 5-level page tables on AMD (Boris Ostrovsky) [Orabug: 34366382]\n[5.4.17-2136.310.2]\n- LTS tag: v5.4.199 (Sherry Yang) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- LTS tag: v5.4.198 (Sherry Yang) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- mmc: block: Fix CQE recovery reset success (Adrian Hunter) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- scripts/gdb: change kernel config dumping method (Kuan-Ying Lee) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- cifs: version operations for smb20 unneeded when legacy support disabled (Steve French) \n- s390/gmap: voluntarily schedule during key setting (Christian Borntraeger) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- x86/cpu: Elide KCSAN for cpu_has() and friends (Peter Zijlstra) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- ceph: allow ceph.dir.rctime xattr to be updatable (Venky Shankar) \n- Revert 'net: af_key: add check for pfkey_broadcast in function pfkey_process' (Michal Kubecek) \n- scsi: myrb: Fix up null pointer access on myrb_cleanup() (Hannes Reinecke) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- watchdog: wdat_wdt: Stop watchdog when rebooting the system (Liu Xinpeng) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- staging: rtl8712: fix uninit-value in usb_read8() and friends (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: don't reset gadget's driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of 'out of frame' object (Kees Cook) \n- iio: st_sensors: Add a local lock for protecting odr (Miquel Raynal) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- ip_gre: test csum_start instead of transport header (Willem de Bruijn) \n- net/mlx5: fs, fail conflicting actions (Mark Bloch) \n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (Miaoqian Lin) \n- bpf, arm64: Clear prog->jited_len along prog->jited (Eric Dumazet) \n- af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- netfilter: nf_tables: memleak flow rule from commit path (Pablo Neira Ayuso) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- netfilter: nat: really support inet nat without l3 address (Florian Westphal) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- NFSv4: Don't hold the layoutget locks across multiple RPC calls (Trond Myklebust) \n- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (Radhey Shyam Pandey) \n- m68knommu: fix undefined reference to _init_sp' (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (Dongliang Mu) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tipc: check attribute length for bearer name (Hoang Le) \n- afs: Fix infinite loop found by xfstest generic/676 (David Howells) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- net: sched: add barrier to fix packet stuck problem for lockless qdisc (Guoju Fang) \n- net/mlx5e: Update netdev features after changing XDP state (Maxim Mikityanskiy) \n- net/mlx5: Don't use already freed action pointer (Leon Romanovsky) \n- nfp: only report pause frame configuration for physical device (Yu Xiao) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (Vincent Ray) \n- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (Jann Horn) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (Shengjiu Wang) \n- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (Miaoqian Lin) \n- driver core: fix deadlock in __device_attach (Zhang Wensheng) \n- driver: base: fix UAF when driver_attach failed (Schspa Shi) \n- bus: ti-sysc: Fix warnings for unbind for serial (Tony Lindgren) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: stm32-usart: Correct CSIZE, bits, and parity (Ilpo Jarvinen) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sifive: Sanitize CSIZE and c_iflag (Ilpo Jarvinen) \n- serial: sh-sci: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: rda-uart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- MIPS: IP27: Remove incorrect cpu_has_fpu' override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- Kconfig: add config option for asm goto w/ outputs (Nick Desaulniers) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: don't overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: don't need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Don't report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- PCI: imx6: Fix PERST# start-up sequence (Francesco Dolcini) \n- ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (Waiman Long) \n- proc: fix dentry/inode overinstantiating under /proc//net (Alexey Dobriyan) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export 'cpm_setbrg' for modules (Randy Dunlap) \n- dax: fix cache flush on PMD-mapped pages (Muchun Song) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- nvdimm: Allow overwrite in the presence of disabled dimms (Dan Williams) \n- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (Cristian Marussi) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- powerpc/fadump: fix PT_LOAD segment for boot memory area (Hari Bathini) \n- arm: mediatek: select arch timer for mt7629 (Chuanhong Guo) \n- crypto: marvell/cesa - ECB does not IV (Corentin Labbe) \n- misc: ocxl: fix possible double free in ocxl_file_register_afu (Hangyu Hua) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (Phil Elwell) \n- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (Phil Elwell) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- can: xilinx_can: mark bit timing constants as const (Marc Kleine-Budde) \n- KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (Sean Christopherson) \n- PCI: rockchip: Fix find_first_zero_bit() limit (Dan Carpenter) \n- PCI: cadence: Fix find_first_zero_bit() limit (Dan Carpenter) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- ARM: dts: suniv: F1C100: fix watchdog compatible (Andre Przywara) \n- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (Shawn Lin) \n- net/smc: postpone sk_refcnt increment in connect() (liuyacan) \n- rxrpc: Fix decision on when to generate an IDLE ACK (David Howells) \n- rxrpc: Don't let ack.previousPacket regress (David Howells) \n- rxrpc: Fix overlapping ACK accounting (David Howells) \n- rxrpc: Don't try to resend the request if we're receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (Duoming Zhou) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (Zheng Yongjun) \n- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (Hangyu Hua) \n- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (Miaoqian Lin) \n- ext4: reject the 'commit' option on ext2 filesystems (Eric Biggers) \n- media: ov7670: remove ov7670_power_off from ov7670_remove (Dongliang Mu) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: vsp1: Fix offset calculation for plane cropping (Michael Rodin) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- media: aspeed: Fix an error handling path in aspeed_video_probe() (Christophe JAILLET) \n- scripts/faddr2line: Fix overlapping text section failures (Josh Poimboeuf) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (Miaoqian Lin) \n- perf/amd/ibs: Use interrupt regs ip for stack unwinding (Ravi Bangoria) \n- Revert 'cpufreq: Fix possible race in cpufreq online error path' (Viresh Kumar) \n- iomap: iomap_write_failed fix (Andreas Gruenbacher) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (Jessica Zhang) \n- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (Jessica Zhang) \n- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (Zev Weiss) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (Daniel Thompson) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- virtio_blk: fix the discard_granularity and discard_alignment queue limits (Christoph Hellwig) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (Vinod Polimera) \n- perf tools: Add missing headers needed by util/data.h (Yang Jihong) \n- ASoC: rk3328: fix disabling mclk on pclk probe failure (Nicolas Frattaroli) \n- x86/speculation: Add missing prototype for unpriv_ebpf_notify() (Josh Poimboeuf) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- scsi: ufs: core: Exclude UECxx from SFR dump list (Kiwoong Kim) \n- of: overlay: do not break notify on NOTIFY_{OK|STOP} (Nuno Sa) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- cpufreq: Fix possible race in cpufreq online error path (Schspa Shi) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (Chengming Zhou) \n- drm/bridge: Fix error handling in analogix_dp_probe (Miaoqian Lin) \n- HID: elan: Fix potential double free in elan_input_configured (Miaoqian Lin) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- drbd: fix duplicate array initializer (Arnd Bergmann) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm: mali-dp: potential dereference of null pointer (Jiasheng Jiang) \n- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (Zhou Qingyang) \n- nl80211: show SSID for P2P_GO interfaces (Johannes Berg) \n- bpf: Fix excessive memory allocation in stack_map_alloc() (Yuntao Wang) \n- drm/vc4: txp: Force alpha to be 0xff if it's disabled (Maxime Ripard) \n- drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (Maxime Ripard) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- drm/bridge: adv7511: clean up CEC adapter when probe fails (Lucas Stach) \n- drm/edid: fix invalid EDID extension block filtering (Jani Nikula) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Linus Torvalds) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (Peng Wu) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/powernv: fix missing of_node_put in uv_init() (Lv Ruyi) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- powerpc/fadump: Fix fadump to work with a different endian capture kernel (Hari Bathini) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- PM / devfreq: rk3399_dmc: Disable edev on remove() (Brian Norris) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- IB/rdmavt: add missing locks in rvt_ruc_loopback (Niels Dossche) \n- selftests/bpf: fix btf_dump/btf_dump due to recent clang change (Yonghong Song) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- hwmon: Make chip parameter for with_info API mandatory (Guenter Roeck) \n- ASoC: max98357a: remove dependency on GPIOLIB (Pierre-Louis Bossart) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- nbd: Fix hung on disconnect request if socket is closed before (Xie Yongji) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- media: cec-adap.c: fix is_configuring state (Hans Verkuil) \n- media: coda: limit frame interval enumeration to supported encoder frame sizes (Philipp Zabel) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi: Fix pr_fmt to avoid compilation issues (Corey Minyard) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (Mario Limonciello) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (Patrice Chotard) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (Charles Keepax) \n- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (Dongliang Mu) \n- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (Alice Wong) \n- mlxsw: spectrum_dcb: Do not warn about priority changes (Petr Machata) \n- ASoC: dapm: Don't fold register value changes into notifications (Mark Brown) \n- net/mlx5: fs, delete the FTE when there are no rules attached to it (Mark Bloch) \n- ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm: msm: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (Alexandru Elisei) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- drm/plane: Move range check for format_count earlier (Steven Price) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- mmc: jz4740: Apply DMA engine limits to maximum segment size (Aidan MacDonald) \n- md/bitmap: don't set sb values if can't pass sanity check (Heming Zhao) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VAReNE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- tools/power turbostat: fix ICX DRAM power numbers (Len Brown) \n- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (Biju Das) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Siawinski) \n- drm/komeda: return early if drm_universal_plane_init() fails. (Liviu Dudau) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- fbcon: Consistently protect deferred_takeover with console_lock() (Daniel Vetter) \n- ipv6: fix locking issues with loops over idev->addr_list (Niels Dossche) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add '0x' prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (Eric W. Biederman) \n- perf/x86/intel: Fix event constraints for ICL (Kan Liang) \n- usb: core: hcd: Add support for deferring roothub registration (Kishon Vijay Abraham I) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (Marios Levogiannis) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- LTS tag: v5.4.197 (Sherry Yang) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- NFS: Memory allocation failures are not server fatal errors (Trond Myklebust) \n- docs: submitting-patches: Fix crossref to 'The canonical patch format' (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- tpm: Fix buffer access in tpm2_get_tpm_pt() (Stefan Mahnke-Hartmann) \n- HID: multitouch: Add support for Google Whiskers Touchpad (Marek Maslanka) \n- raid5: introduce MD_BROKEN (Mariusz Tkaczyk) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- crypto: ecrdsa - Fix incorrect use of vli_cmp (Vitaly Chikunov) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- cfg80211: set custom regdomain after wiphy registration (Miri Korenblit) \n- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (Mika Westerberg) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- pinctrl: sunxi: fix f1c100s uart2 function (IotaHydrae) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- media: vim2m: initialize the media device earlier (Hans Verkuil) \n- media: vim2m: Register video device after setting up internals (Sakari Ailus) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- Input: goodix - fix spurious key release events (Dmitry Mastykin) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner)\n[5.4.17-2136.310.1]\n- intel_idle: Fix max_cstate for processor models without C-state tables (Chen Yu) [Orabug: 34081688] \n- intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add 'preferred_cstates' module argument (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: Adjust the SKX C6 parameters if PC6 is disabled (Chen Yu) [Orabug: 34081688] \n- intel_idle: Clean up kerneldoc comments for multiple functions (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add __initdata annotations to init time variables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Relocate definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Simplify LAPIC timer reliability checks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'states_off' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'use_acpi' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up irtl_2_usec() (Rafael J. Wysocki) [Orabug: 34081688] \n- Documentation: admin-guide: PM: Add intel_idle document (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move 3 functions closer to their callers (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Annotate initialization code and data structures (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move and clean up intel_idle_cpuidle_devices_uninit() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Rearrange intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Fold intel_idle_probe() into intel_idle_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Eliminate __setup_broadcast_timer() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add module parameter to prevent ACPI _CST from being used (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Allow ACPI _CST to be used for selected known processors (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Allow idle states to be disabled by default (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Refactor intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Drop disabled field from struct cpuidle_state (Thomas Tai) [Orabug: 34081688] \n- cpuidle: Consolidate disabled state checks (Rafael J. Wysocki) [Orabug: 34081688] \n- Revert 'intel_idle: Use ACPI _CST for processor models without C-state tables' (Thomas Tai) [Orabug: 34081688]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-08-15T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21505", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-2588", "CVE-2022-29901"], "modified": "2022-08-15T00:00:00", "id": "ELSA-2022-9710", "href": "http://linux.oracle.com/errata/ELSA-2022-9710.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-12T18:00:27", "description": "[5.15.0-0.30.20]\n- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652}\n- x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}\n- x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-23816", "CVE-2022-29901"], "modified": "2022-07-12T00:00:00", "id": "ELSA-2022-9591", "href": "http://linux.oracle.com/errata/ELSA-2022-9591.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-12T18:00:31", "description": "[5.15.0-0.30.20]\n- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652}\n- x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}\n- x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-29901} {CVE-2022-23816}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-07-12T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-23816", "CVE-2022-29901"], "modified": "2022-07-12T00:00:00", "id": "ELSA-2022-9590", "href": "http://linux.oracle.com/errata/ELSA-2022-9590.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-08-09T22:40:36", "description": "[5.4.17-2136.309.5.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460937] {CVE-2022-2588}", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9692", "href": "http://linux.oracle.com/errata/ELSA-2022-9692.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T20:40:51", "description": "[4.14.35-2047.516.1.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588}\n[4.14.35-2047.516.1]\n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323860] {CVE-2022-2153}\n- xfs: dont use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34180868]\n[4.14.35-2047.516.0]\n- scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34328903] \n- uek: kabi: new protected symbols for USM in OL7 (Saeed Mirzamohammadi) [Orabug: 34233902] \n- vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 32967885] \n- mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: Fix vfio_find_dma_valid return (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: fix unmap all on ILP32 (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: block on invalid vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement notify callback (Steve Sistare) [Orabug: 32967885] \n- vfio: iommu driver notify callback (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: massage unmap iteration (Steve Sistare) [Orabug: 32967885] \n- vfio: interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement unmap all (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: unmap cleanup (Steve Sistare) [Orabug: 32967885] \n- vfio: option to unmap all (Steve Sistare) [Orabug: 32967885] \n- Linux 4.14.284 (Greg Kroah-Hartman) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) \n- x86/cpu: Add Comet Lake to the Intel CPU models header (Kan Liang) \n- x86/cpu: Add Cannonlake to Intel family (Rajneesh Bhardwaj) \n- x86/cpu: Add Jasper Lake to Intel family (Zhang Rui) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- x86/cpu: Add Elkhart Lake to Intel family (Gayatri Kammela) \n- Linux 4.14.283 (Greg Kroah-Hartman) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- Revert net: af_key: add check for pfkey_broadcast in function pfkey_process (Michal Kubecek) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: dont reset gadgets driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of out of frame object (Kees Cook) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- m68knommu: fix undefined reference to _init_sp (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sh-sci: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export cpm_setbrg for modules (Randy Dunlap) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- rxrpc: Dont try to resend the request if were receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Saeed Mirzamohammadi) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: dapm: Dont fold register value changes into notifications (Mark Brown) \n- ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VARENE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Slawinski) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add 0x prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- Linux 4.14.282 (Greg Kroah-Hartman) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- docs: submitting-patches: Fix crossref to The canonical patch format (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Haimin Zhang) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (Piyush Malgujar) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner) \n- Linux 4.14.281 (Greg Kroah-Hartman) \n- Reinstate some of swiotlb: rework fix info leak with DMA_FROM_DEVICE (Linus Torvalds) \n- swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) \n- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) \n- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) \n- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) \n- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) \n- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) \n- perf bench numa: Address compiler error on s390 (Thomas Richter) \n- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) \n- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) \n- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) \n- igb: skip phy status check where unavailable (Kevin Mitchell) \n- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) \n- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) \n- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) \n- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) \n- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) \n- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) \n- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) \n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) \n- mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() (Ulf Hansson) \n- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (Ulf Hansson) \n- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (Ulf Hansson) \n- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) \n- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) \n- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) \n- drbd: remove usage of list iterator variable after loop (Jakob Koschel) \n- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) \n- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) \n- Input: add bounds checking to input_set_capability() (Jeff LaBundy) \n- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow)\n[4.14.35-2047.515.3]\n- uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] \n- mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] \n- dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721]\n[4.14.35-2047.515.2]\n- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105319]\n[4.14.35-2047.515.1]\n- sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira) [Orabug: 34193333] \n- mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang) [Orabug: 34286148]\n[4.14.35-2047.515.0]\n- net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra) [Orabug: 34066209] \n- rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch) [Orabug: 34285241] \n- rds: Include congested flag in rds_sock struct. (Rohit Nair) [Orabug: 34261492] \n- cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike)) [Orabug: 34234771] \n- x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky) [Orabug: 34234771] \n- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218640] {CVE-2022-1652}\n- assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan) [Orabug: 34162064] \n- exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga) [Orabug: 32387887] \n- mm: madv_doexec_flag sysctl (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce MADV_DOEXEC (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 32387887] \n- mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga) [Orabug: 32387887] \n- mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga) [Orabug: 32387887] \n- ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga) [Orabug: 32387887] \n- Linux 4.14.280 (Greg Kroah-Hartman) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) \n- Linux 4.14.279 (Greg Kroah-Hartman) \n- VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) \n- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- block: drbd: drbd_nl: Make conversion to enum drbd_ret_code explicit (Lee Jones) \n- MIPS: Use address-of operator on section symbols (Nathan Chancellor) \n- Linux 4.14.278 (Greg Kroah-Hartman) \n- PCI: aardvark: Fix reading MSI interrupt number (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) \n- dm: fix mempool NULL pointer race when completing IO (Jiazi Li) \n- net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) \n- ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) \n- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) \n- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) \n- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) \n- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) \n- USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) \n- hex2bin: fix access beyond string end (Mikulas Patocka) \n- hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) \n- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) \n- serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) \n- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) \n- usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) \n- usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) \n- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) \n- iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) \n- iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) \n- xhci: stop polling roothubs after shutdown (Henry Lin) \n- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) \n- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) \n- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) \n- USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) \n- USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) \n- USB: quirks: add a Realtek card reader (Oliver Neukum) \n- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) \n- lightnvm: disable the subsystem (Greg Kroah-Hartman) \n- net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) \n- hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) \n- hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) \n- floppy: disable FDRAWCMD by default (Willy Tarreau) \n- Linux 4.14.277 (Greg Kroah-Hartman) \n- ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) \n- ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) \n- ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) \n- ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) \n- ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) \n- ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) \n- ax25: fix reference count leaks of ax25_dev (Duoming Zhou) \n- ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) \n- block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) \n- staging: ion: Prevent incorrect reference counting behavour (Lee Jones) \n- ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Tso) \n- ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Tso) \n- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) \n- ext4: fix symlink file size not match to file content (Ye Bin) \n- ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) \n- e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) \n- ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) \n- openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) \n- powerpc/perf: Fix power9 event alternatives (Athira Rajeev) \n- dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) \n- ata: pata_marvell: Check the bmdma_addr beforing reading (Zheyu Ma) \n- stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) \n- net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) \n- drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) \n- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) \n- vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) \n- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) \n- ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) \n- netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) \n- net/packet: fix packet_sock xmit return value checking (Hangbin Liu) \n- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) \n- tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) \n- tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) \n- ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) \n- gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) \n- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) \n- tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) \n- tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) \n- mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) \n- etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook)", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9699", "href": "http://linux.oracle.com/errata/ELSA-2022-9699.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T18:47:14", "description": "[4.14.35-2047.516.1.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588}\n[4.14.35-2047.516.1]\n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323860] {CVE-2022-2153}\n- xfs: dont use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34180868]\n[4.14.35-2047.516.0]\n- scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34328903] \n- uek: kabi: new protected symbols for USM in OL7 (Saeed Mirzamohammadi) [Orabug: 34233902] \n- vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 32967885] \n- mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: Fix vfio_find_dma_valid return (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: fix unmap all on ILP32 (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: block on invalid vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement notify callback (Steve Sistare) [Orabug: 32967885] \n- vfio: iommu driver notify callback (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: massage unmap iteration (Steve Sistare) [Orabug: 32967885] \n- vfio: interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement unmap all (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: unmap cleanup (Steve Sistare) [Orabug: 32967885] \n- vfio: option to unmap all (Steve Sistare) [Orabug: 32967885] \n- Linux 4.14.284 (Greg Kroah-Hartman) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) \n- x86/cpu: Add Comet Lake to the Intel CPU models header (Kan Liang) \n- x86/cpu: Add Cannonlake to Intel family (Rajneesh Bhardwaj) \n- x86/cpu: Add Jasper Lake to Intel family (Zhang Rui) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- x86/cpu: Add Elkhart Lake to Intel family (Gayatri Kammela) \n- Linux 4.14.283 (Greg Kroah-Hartman) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- Revert net: af_key: add check for pfkey_broadcast in function pfkey_process (Michal Kubecek) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: dont reset gadgets driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of out of frame object (Kees Cook) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- m68knommu: fix undefined reference to _init_sp (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sh-sci: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export cpm_setbrg for modules (Randy Dunlap) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- rxrpc: Dont try to resend the request if were receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Saeed Mirzamohammadi) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: dapm: Dont fold register value changes into notifications (Mark Brown) \n- ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VARENE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Slawinski) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add 0x prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- Linux 4.14.282 (Greg Kroah-Hartman) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- docs: submitting-patches: Fix crossref to The canonical patch format (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Haimin Zhang) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (Piyush Malgujar) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner) \n- Linux 4.14.281 (Greg Kroah-Hartman) \n- Reinstate some of swiotlb: rework fix info leak with DMA_FROM_DEVICE (Linus Torvalds) \n- swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) \n- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) \n- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) \n- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) \n- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) \n- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) \n- perf bench numa: Address compiler error on s390 (Thomas Richter) \n- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) \n- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) \n- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) \n- igb: skip phy status check where unavailable (Kevin Mitchell) \n- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) \n- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) \n- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) \n- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) \n- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) \n- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) \n- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) \n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) \n- mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() (Ulf Hansson) \n- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (Ulf Hansson) \n- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (Ulf Hansson) \n- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) \n- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) \n- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) \n- drbd: remove usage of list iterator variable after loop (Jakob Koschel) \n- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) \n- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) \n- Input: add bounds checking to input_set_capability() (Jeff LaBundy) \n- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow)\n[4.14.35-2047.515.3]\n- uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] \n- mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] \n- dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721]\n[4.14.35-2047.515.2]\n- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105319]\n[4.14.35-2047.515.1]\n- sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira) [Orabug: 34193333] \n- mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang) [Orabug: 34286148]\n[4.14.35-2047.515.0]\n- net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra) [Orabug: 34066209] \n- rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch) [Orabug: 34285241] \n- rds: Include congested flag in rds_sock struct. (Rohit Nair) [Orabug: 34261492] \n- cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike)) [Orabug: 34234771] \n- x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky) [Orabug: 34234771] \n- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218640] {CVE-2022-1652}\n- assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan) [Orabug: 34162064] \n- exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga) [Orabug: 32387887] \n- mm: madv_doexec_flag sysctl (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce MADV_DOEXEC (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 32387887] \n- mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga) [Orabug: 32387887] \n- mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga) [Orabug: 32387887] \n- ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga) [Orabug: 32387887] \n- Linux 4.14.280 (Greg Kroah-Hartman) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) \n- Linux 4.14.279 (Greg Kroah-Hartman) \n- VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) \n- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- block: drbd: drbd_nl: Make conversion to enum drbd_ret_code explicit (Lee Jones) \n- MIPS: Use address-of operator on section symbols (Nathan Chancellor) \n- Linux 4.14.278 (Greg Kroah-Hartman) \n- PCI: aardvark: Fix reading MSI interrupt number (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) \n- dm: fix mempool NULL pointer race when completing IO (Jiazi Li) \n- net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) \n- ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) \n- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) \n- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) \n- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) \n- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) \n- USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) \n- hex2bin: fix access beyond string end (Mikulas Patocka) \n- hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) \n- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) \n- serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) \n- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) \n- usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) \n- usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) \n- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) \n- iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) \n- iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) \n- xhci: stop polling roothubs after shutdown (Henry Lin) \n- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) \n- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) \n- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) \n- USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) \n- USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) \n- USB: quirks: add a Realtek card reader (Oliver Neukum) \n- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) \n- lightnvm: disable the subsystem (Greg Kroah-Hartman) \n- net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) \n- hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) \n- hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) \n- floppy: disable FDRAWCMD by default (Willy Tarreau) \n- Linux 4.14.277 (Greg Kroah-Hartman) \n- ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) \n- ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) \n- ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) \n- ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) \n- ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) \n- ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) \n- ax25: fix reference count leaks of ax25_dev (Duoming Zhou) \n- ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) \n- block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) \n- staging: ion: Prevent incorrect reference counting behavour (Lee Jones) \n- ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Tso) \n- ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Tso) \n- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) \n- ext4: fix symlink file size not match to file content (Ye Bin) \n- ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) \n- e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) \n- ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) \n- openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) \n- powerpc/perf: Fix power9 event alternatives (Athira Rajeev) \n- dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) \n- ata: pata_marvell: Check the bmdma_addr beforing reading (Zheyu Ma) \n- stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) \n- net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) \n- drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) \n- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) \n- vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) \n- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) \n- ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) \n- netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) \n- net/packet: fix packet_sock xmit return value checking (Hangbin Liu) \n- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) \n- tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) \n- tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) \n- ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) \n- gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) \n- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) \n- tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) \n- tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) \n- mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) \n- etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook)", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9693", "href": "http://linux.oracle.com/errata/ELSA-2022-9693.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T20:40:45", "description": "[5.15.0-1.43.4.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588}\n[5.15.0-1.43.4]\n- Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] \n- Revert selftests/bpf: Add test for reg2btf_ids out of bounds access (Alan Maguire) [Orabug: 34399286]\n[5.15.0-1.43.3]\n- x86/alternative: The retpoline alternative is not applied (Alexandre Chartre) [Orabug: 34395937] \n- x86/ftrace: Do not copy ftrace_stub() in ftrace trampoline (Alexandre Chartre) [Orabug: 34395937]\n[5.15.0-100.43.0]\n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364336] \n- ocfs2: dlmfs: dont clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364336] \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34364336] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34366723] \n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34393053] {CVE-2022-21505}\n[5.15.0-1.43.1]\n- LTS version: v5.15.43 (Jack Vogel) \n- mptcp: Do TCP fallback on early DSS checksum failure (Mat Martineau) \n- LTS version: v5.15.42 (Jack Vogel) \n- afs: Fix afs_getattr() to refetch file status if callback break occurred (David Howells) \n- i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (Yang Yingliang) \n- mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) \n- dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (Jae Hyun Yoo) \n- Input: ili210x - fix reset timing (Marek Vasut) \n- arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (Shreyas K K) \n- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) \n- net: atlantic: add check for MAX_SKB_FRAGS (Grant Grundler) \n- net: atlantic: reduce scope of is_rsc_complete (Grant Grundler) \n- net: atlantic: fix frag[0] not initialized (Grant Grundler) \n- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) \n- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) \n- nl80211: fix locking in nl80211_set_tx_bitrate_mask() (Johannes Berg) \n- net: fix wrong network header length (Lina Wang) \n- fbdev: Prevent possible use-after-free in fb_release() (Daniel Vetter) \n- Revert fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) \n- selftests: add ping test with ping_group_range tuned (Nicolas Dichtel) \n- nl80211: validate S1G channel width (Kieran Frewen) \n- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) \n- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) \n- scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (Brian Bunker) \n- perf bench numa: Address compiler error on s390 (Thomas Richter) \n- perf regs x86: Fix arch__intr_reg_mask() for the hybrid platform (Kan Liang) \n- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) \n- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) \n- perf build: Fix check for btf__load_from_kernel_by_id() in libbpf (Arnaldo Carvalho de Melo) \n- scsi: ufs: core: Fix referencing invalid rsp field (Daejun Park) \n- riscv: dts: sifive: fu540-c000: align dma node name with dtschema (Krzysztof Kozlowski) \n- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) \n- netfilter: flowtable: move dst_check to packet path (Ritaro Takenaka) \n- netfilter: flowtable: pass flowtable to nf_flow_table_iterate() (Pablo Neira Ayuso) \n- netfilter: flowtable: fix TCP flow teardown (Pablo Neira Ayuso) \n- igb: skip phy status check where unavailable (Kevin Mitchell) \n- mptcp: fix checksum byte order (Paolo Abeni) \n- mptcp: reuse __mptcp_make_csum in validate_data_csum (Geliang Tang) \n- mptcp: change the parameter of __mptcp_make_csum (Geliang Tang) \n- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) \n- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) \n- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) \n- net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) \n- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Maor Dickman) \n- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) \n- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) \n- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) \n- ice: Fix interrupt moderation settings getting cleared (Michal Wilczynski) \n- ice: move ice_container_type onto ice_ring_container (Maciej Fijalkowski) \n- ice: fix possible under reporting of ethtool Tx and Rx statistics (Paul Greenwalt) \n- ice: fix crash when writing timestamp on RX rings (Arkadiusz Kubalewski) \n- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) \n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) \n- net: systemport: Fix an error handling path in bcm_sysport_probe() (Christophe JAILLET) \n- Revert PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) \n- netfilter: nft_flow_offload: fix offload with pppoe + vlan (Felix Fietkau) \n- net: fix dev_fill_forward_path with pppoe + bridge (Felix Fietkau) \n- netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices (Felix Fietkau) \n- netfilter: flowtable: fix excessive hw offload attempts after failure (Felix Fietkau) \n- net/sched: act_pedit: sanitize shift argument before usage (Paolo Abeni) \n- xfrm: fix disable_policy flag use when arriving from different devices (Eyal Birger) \n- xfrm: rework default policy structure (Nicolas Dichtel) \n- net: macb: Increment rx bd head after allocating skb and buffer (Harini Katakam) \n- net: ipa: record proper RX transaction count (Alex Elder) \n- ALSA: hda - fix unused Realtek function when PM is not enabled (Randy Dunlap) \n- pinctrl: mediatek: mt8365: fix IES control pins (Mattijs Korpershoek) \n- ARM: dts: aspeed: Add video engine to g6 (Howard Chiu) \n- ARM: dts: aspeed: Add secure boot controller node (Joel Stanley) \n- ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (Eddie James) \n- ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (Jae Hyun Yoo) \n- pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (Jae Hyun Yoo) \n- ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (Jae Hyun Yoo) \n- dma-buf: ensure unique directory name for dmabuf stats (Charan Teja Kalla) \n- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (Jerome Pouiller) \n- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) \n- drm/i915/dmc: Add MMIO range restrictions (Anusha Srivatsa) \n- drm/amd: Dont reset dGPUs if the system is going to s2idle (Mario Limonciello) \n- libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov) \n- crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (Ondrej Mosnacek) \n- arm64: mte: Ensure the cleared tags are visible before setting the PTE (Catalin Marinas) \n- arm64: paravirt: Use RCU read locks to guard stolen_time (Prakruthi Deepak Heragu) \n- KVM: x86/mmu: Update number of zapped pages even if page list is stable (Sean Christopherson) \n- Revert can: m_can: pci: use custom bit timings for Elkhart Lake (Jarkko Nikula) \n- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (Rafael J. Wysocki) \n- Fix double fget() in vhost_net_set_backend() (Al Viro) \n- selinux: fix bad cleanup on error in hashtab_duplicate() (Ondrej Mosnacek) \n- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (Werner Sembach) \n- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) \n- ALSA: usb-audio: Restore Rane SL-1 quirk (Takashi Iwai) \n- nilfs2: fix lockdep warnings during disk space reclamation (Ryusuke Konishi) \n- nilfs2: fix lockdep warnings in page operations for btree nodes (Ryusuke Konishi) \n- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) \n- platform/chrome: cros_ec_debugfs: detach log reader wq from devm (Tzung-Bi Shih) \n- drbd: remove usage of list iterator variable after loop (Jakob Koschel) \n- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) \n- fs: fix an infinite loop in iomap_fiemap (Guo Xuenan) \n- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (Mario Limonciello) \n- nvme-multipath: fix hang when disk goes live over reconnect (Anton Eidelman) \n- nvmet: use a private workqueue instead of the system workqueue (Sagi Grimberg) \n- tools/virtio: compile with -pthread (Michael S. Tsirkin) \n- vhost_vdpa: dont setup irq offloading when irq_num < 0 (Zhu Lingshan) \n- s390/pci: improve zpci_dev reference counting (Niklas Schnelle) \n- s390/traps: improve panic message for translation-specification exception (Heiko Carstens) \n- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (Kai-Heng Feng) \n- crypto: x86/chacha20 - Avoid spurious jumps to other functions (Peter Zijlstra) \n- crypto: stm32 - fix reference leak in stm32_crc_remove (Zheng Yongjun) \n- rtc: sun6i: Fix time overflow handling (Andre Przywara) \n- gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) \n- nvme-pci: add quirks for Samsung X5 SSDs (Monish Kumar R) \n- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) \n- Input: add bounds checking to input_set_capability() (Jeff LaBundy) \n- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow) \n- rtc: pcf2127: fix bug when reading alarm registers (Hugo Villeneuve) \n- rtc: fix use-after-free on device removal (Vincent Whitchurch) \n- Revert drm/i915/opregion: check port number bounds for SWSCI display power state (Greg Thelen) \n- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (Hyeonggon Yoo) \n- Watchdog: sp5100_tco: Enable Family 17h+ CPUs (Terry Bowman) \n- Watchdog: sp5100_tco: Add initialization using EFCH MMIO (Terry Bowman) \n- Watchdog: sp5100_tco: Refactor MMIO base address initialization (Terry Bowman) \n- Watchdog: sp5100_tco: Move timer initialization into function (Terry Bowman) \n- i2c: piix4: Enable EFCH MMIO for Family 17h+ (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support for SMBus port select (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support to SMBus base address detect (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support to region request and release (Terry Bowman) \n- i2c: piix4: Move SMBus port selection into function (Terry Bowman) \n- i2c: piix4: Move SMBus controller base address detect into function (Terry Bowman) \n- i2c: piix4: Move port I/O region request/release code into functions (Terry Bowman) \n- i2c: piix4: Replace hardcoded memory map size with a #define (Terry Bowman) \n- kernel/resource: Introduce request_mem_region_muxed() (Terry Bowman) \n- io_uring: arm poll for non-nowait files (Pavel Begunkov) \n- usb: gadget: fix race when gadget driver register via ioctl (Schspa Shi) \n- LTS version: v5.15.41 (Jack Vogel) \n- usb: gadget: uvc: allow for application to cleanly shutdown (Dan Vacura) \n- usb: gadget: uvc: rename function to be more consistent (Michael Tretter) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (Naoya Horiguchi) \n- dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (Charan Teja Reddy) \n- Revert drm/amd/pm: keep the BACO feature enabled for suspend (Alex Deucher) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- SUNRPC: Ensure that the gssproxy client can start in a connected state (Trond Myklebust) \n- net: phy: micrel: Pass .probe for KS8737 (Fabio Estevam) \n- net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (Fabio Estevam) \n- arm[64]/memremap: dont abuse pfn_valid() to ensure presence of linear map (Mike Rapoport) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- writeback: Avoid skipping inode writeback (Jing Xia) \n- net: phy: Fix race condition on link status change (Francesco Dolcini) \n- net: atlantic: always deep reset on pm op, fixing up my null deref regression (Manuel Ullmann) \n- i40e: i40e_main: fix a missing check on list iterator (Xiaomeng Tong) \n- drm/nouveau/tegra: Stop using iommu_present() (Robin Murphy) \n- drm/vmwgfx: Disable command buffers on svga3 without gbobjects (Zack Rusin) \n- mm/huge_memory: do not overkill when splitting huge_zero_page (Xu Yu) \n- Revert mm/memory-failure.c: skip huge_zero_page in memory_failure() (Xu Yu) \n- ceph: fix setting of xattrs on async created inodes (Jeff Layton) \n- serial: 8250_mtk: Fix register address for XON/XOFF character (AngeloGioacchino Del Regno) \n- serial: 8250_mtk: Fix UART_EFR register address (AngeloGioacchino Del Regno) \n- fsl_lpuart: Dont enable interrupts too early (Indan Zupancic) \n- slimbus: qcom: Fix IRQ check in qcom_slim_probe (Miaoqian Lin) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: typec: tcpci_mt6360: Update for BMC PHY setting (ChiYuan Huang) \n- usb: typec: tcpci: Dont skip cleanup in .remove() on error (Uwe Kleine-Konig) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tty: n_gsm: fix mux activation issues in gsm_config() (Daniel Starke) \n- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Daniel Starke) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- x86/mm: Fix marking of unused sub-pmd ranges (Adrian-Ken Rueegsegger) \n- usb: xhci-mtk: fix fs isocs transfer error (Chunfeng Yun) \n- KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (Alexander Graf) \n- firmware_loader: use kernel credentials when reading firmware (Thiebaud Weksteen) \n- interconnect: Restore sync state by ignoring ipa-virt in provider count (Stephen Boyd) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (Matthew Hagan) \n- net: emaclite: Dont advertise 1000BASE-T and do auto negotiation (Shravya Kumbham) \n- ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (Ajit Kumar Pandey) \n- s390: disable -Warray-bounds (Sven Schnelle) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (Ashish Mhetre) \n- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (Duoming Zhou) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) \n- drm/vmwgfx: Fix fencing on SVGAv3 (Zack Rusin) \n- tls: Fix context leak on tls_device_down (Maxim Mikityanskiy) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (Florian Fainelli) \n- drm/vc4: hdmi: Fix build error for implicit function declaration (Hui Tang) \n- net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (Florian Fainelli) \n- net: ethernet: mediatek: ppe: fix wrong size passed to memset() (Yang Yingliang) \n- net/sched: act_pedit: really ensure the skb is writable (Paolo Abeni) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- virtio: fix virtio transitional ids (Shunsuke Mie) \n- arm64: vdso: fix makefile dependency on vdso.so (Joey Gouly) \n- selftests: vm: Makefile: rename TARGETS to VMTARGETS (Joel Savitz) \n- procfs: prevent unprivileged processes accessing fdinfo dir (Kalesh Singh) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- dim: initialize all struct fields (Jesse Brandeburg) \n- ionic: fix missing pci_release_regions() on error in ionic_probe() (Yang Yingliang) \n- nfs: fix broken handling of the softreval mount option (Dan Aloni) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- net: sfc: fix memory leak due to ptp channel (Taehee Yoo) \n- sfc: Use swap() instead of open coding it (Jiapeng Chong) \n- fbdev: efifb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- net: chelsio: cxgb4: Avoid potential negative array offset (Kees Cook) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (Christophe JAILLET) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- ice: fix PTP stale Tx timestamps cleanup (Michal Michalik) \n- ice: Fix race during aux device (un)plugging (Ivan Vecera) \n- platform/surface: aggregator: Fix initialization order when compiling as builtin module (Maximilian Luz) \n- fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (Vladimir Oltean) \n- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (Vladimir Oltean) \n- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (Vladimir Oltean) \n- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (Vladimir Oltean) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- mac80211: Reset MBSSID parameters upon connection (Manikanta Pubbisetty) \n- hwmon: (tmp401) Add OF device ID table (Camel Guo) \n- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (Guenter Roeck) \n- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) \n- LTS version: v5.15.40 (Jack Vogel) \n- mm: fix invalid page pointer returned with FOLL_PIN gups (Peter Xu) \n- mm/mlock: fix potential imbalanced rlimit ucounts adjustment (Miaohe Lin) \n- mm/hwpoison: fix error page recovered but reported not recovered (Naoya Horiguchi) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mm: fix missing cache flush for all tail pages of compound page (Muchun Song) \n- udf: Avoid using stale lengthOfImpUse (Jan Kara) \n- rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (Gleb Fotengauer-Malinovskiy) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in perf bench mem memcpy (Arnaldo Carvalho de Melo) \n- kbuild: move objtool_args back to scripts/Makefile.build (Masahiro Yamada) \n- LTS version: v5.15.39 (Jack Vogel) \n- PCI: aardvark: Update comment about link going down after link-up (Marek Behun) \n- PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (Marek Behun) \n- PCI: aardvark: Dont mask irq when mapping (Pali Rohar) \n- PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (Pali Rohar) \n- PCI: aardvark: Use separate INTA interrupt for emulated root bridge (Pali Rohar) \n- PCI: aardvark: Fix support for PME requester on emulated bridge (Pali Rohar) \n- PCI: aardvark: Add support for PME interrupts (Pali Rohar) \n- PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (Pali Rohar) \n- PCI: aardvark: Add support for ERR interrupt on emulated bridge (Pali Rohar) \n- PCI: aardvark: Enable MSI-X support (Pali Rohar) \n- PCI: aardvark: Fix setting MSI address (Pali Rohar) \n- PCI: aardvark: Add support for masking MSI interrupts (Pali Rohar) \n- PCI: aardvark: Refactor unmasking summary MSI interrupt (Pali Rohar) \n- PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (Marek Behun) \n- PCI: aardvark: Make msi_domain_info structure a static driver structure (Marek Behun) \n- PCI: aardvark: Make MSI irq_chip structures static driver structures (Marek Behun) \n- PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (Pali Rohar) \n- PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) \n- PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (Pali Rohar) \n- PCI: aardvark: Disable common PHY when unbinding driver (Pali Rohar) \n- PCI: aardvark: Disable link training when unbinding driver (Pali Rohar) \n- PCI: aardvark: Assert PERST# when unbinding driver (Pali Rohar) \n- PCI: aardvark: Fix memory leak in driver unbind (Pali Rohar) \n- PCI: aardvark: Mask all interrupts when unbinding driver (Pali Rohar) \n- PCI: aardvark: Disable bus mastering when unbinding driver (Pali Rohar) \n- PCI: aardvark: Comment actions in driver remove method (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (Pali Rohar) \n- PCI: pci-bridge-emul: Add definitions for missing capabilities registers (Pali Rohar) \n- PCI: pci-bridge-emul: Add description for class_revision field (Pali Rohar) \n- rcu: Apply callbacks processing time limit only on softirq (Frederic Weisbecker) \n- rcu: Fix callbacks processing time limit retaining cond_resched() (Frederic Weisbecker) \n- Revert parisc: Mark sched_clock unstable only if clocks are not syncronized (Helge Deller) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) \n- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) \n- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (Wanpeng Li) \n- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (Paolo Bonzini) \n- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini) \n- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (Wanpeng Li) \n- KVM: selftests: Silence compiler warning in the kvm_page_table_test (Thomas Huth) \n- kvm: selftests: do not use bitfields larger than 32-bits for PTEs (Paolo Bonzini) \n- iommu/dart: Add missing module owner to ops structure (Hector Martin) \n- net/mlx5e: Lag, Dont skip fib events on current dst (Vlad Buslov) \n- net/mlx5e: Lag, Fix fib_info pointer assignment (Vlad Buslov) \n- net/mlx5e: Lag, Fix use-after-free in fib event handler (Vlad Buslov) \n- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Aya Levin) \n- fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- gpio: mvebu: drop pwm base assignment (Baruch Siach) \n- drm/amdgpu: Ensure HDA function is suspended before ASIC reset (Kai-Heng Feng) \n- drm/amdgpu: dont set s3 and s0ix at the same time (Mario Limonciello) \n- drm/amdgpu: explicitly check for s0ix when evicting resources (Mario Limonciello) \n- drm/amdgpu: unify BO evicting method in amdgpu_ttm (Nirmoy Das) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- btrfs: force v2 space cache usage for subpage mount (Qu Wenruo) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (Vladimir Oltean) \n- bnxt_en: Fix unnecessary dropping of RX packets (Michael Chan) \n- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (Somnath Kotur) \n- selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (Ido Schimmel) \n- rxrpc: Enable IPv6 checksums on transport socket (David Howells) \n- mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (Eric Dumazet) \n- hinic: fix bug of wq out of bound access (Qiao Ma) \n- btrfs: do not BUG_ON() on failure to update inode when setting xattr (Filipe Manana) \n- drm/msm/dp: remove fail safe mode related code (Kuogee Hsieh) \n- selftests/net: so_txtime: usage(): fix documentation of default clock (Marc Kleine-Budde) \n- selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (Marc Kleine-Budde) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (Yang Yingliang) \n- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (Niels Dossche) \n- net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (Yang Yingliang) \n- net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (Yang Yingliang) \n- net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (Yang Yingliang) \n- NFSv4: Dont invalidate inode attributes on delegation return (Trond Myklebust) \n- RDMA/irdma: Fix possible crash due to NULL netdev in notifier (Mustafa Ismail) \n- RDMA/irdma: Reduce iWARP QP destroy time (Shiraz Saleem) \n- RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (Tatyana Nikolova) \n- RDMA/siw: Fix a condition race issue in MPA request processing (Cheng Xu) \n- SUNRPC release the transport of a relocated task with an assigned transport (Olga Kornievskaia) \n- selftests/seccomp: Dont call read() on TTY from background pgrp (Jann Horn) \n- net/mlx5: Fix deadlock in sync reset flow (Moshe Shemesh) \n- net/mlx5: Avoid double clear or set of sync reset requested (Moshe Shemesh) \n- net/mlx5e: Fix the calling of update_buffer_lossy() API (Mark Zhang) \n- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Paul Blakey) \n- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Vlad Buslov) \n- net/mlx5e: Fix trust state reset in reload (Moshe Tal) \n- iommu/dart: check return value after calling platform_get_resource() (Yang Yingliang) \n- iommu/vt-d: Drop stop marker messages (Lu Baolu) \n- ASoC: soc-ops: fix error handling (Pierre-Louis Bossart) \n- ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu) \n- hwmon: (pmbus) disable PEC if not enabled (Adam Wujek) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (Puyou Lu) \n- gpio: visconti: Fix fwnode of GPIO IRQ (Nobuhiro Iwamatsu) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: isotp: remove re-binding of bound socket (Oliver Hartkopp) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- s390/dasd: Fix read inconsistency for ESE DASD devices (Jan Hoppner) \n- s390/dasd: Fix read for ESE with blksize < 4k (Jan Hoppner) \n- s390/dasd: prevent double format of tracks for ESE devices (Stefan Haberland) \n- s390/dasd: fix data corruption for ESE devices (Stefan Haberland) \n- ASoC: meson: Fix event generation for AUI CODEC mux (Mark Brown) \n- ASoC: meson: Fix event generation for G12A tohdmi mux (Mark Brown) \n- ASoC: meson: Fix event generation for AUI ACODEC mux (Mark Brown) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- ASoC: da7219: Fix change notifications for tone generator frequency (Mark Brown) \n- genirq: Synchronize interrupt thread startup (Thomas Pfaff) \n- net: stmmac: disable Split Header (SPH) for Intel platforms (Tan Tee Min) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- timekeeping: Mark NMI safe time accessors as notrace (Kurt Kanzenbach) \n- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) \n- RISC-V: relocate DTB if its outside memory region (Nick Kossifidis) \n- drm/amdgpu: do not use passthrough mode in Xen dom0 (Marek Marczykowski-Gorecki) \n- drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (Harry Wentland) \n- iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (Nicolin Chen) \n- iommu/vt-d: Calculate mask for non-aligned flushes (David Stevens) \n- KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (Kyle Huey) \n- x86/fpu: Prevent FPU state corruption (Thomas Gleixner) \n- gpiolib: of: fix bounds check for gpio-reserved-ranges (Andrei Lalaev) \n- mmc: core: Set HS clock speed before sending HS CMD13 (Brian Norris) \n- mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (Samuel Holland) \n- mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (Shaik Sajida Bhanu) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (Zihao Wang) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- LTS version: v5.15.38 (Jack Vogel) \n- powerpc/64: Add UADDR64 relocation support (Alexey Kardashevskiy) \n- objtool: Fix type of reloc::addend (Peter Zijlstra) \n- objtool: Fix code relocs vs weak symbols (Peter Zijlstra) \n- eeprom: at25: Use DMA safe buffers (Christophe Leroy) \n- perf symbol: Remove arch__symbols__fixup_end() (Namhyung Kim) \n- tty: n_gsm: fix software flow control handling (Daniel Starke) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix reset fifo race condition (Daniel Starke) \n- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Daniel Starke) \n- tty: n_gsm: fix wrong signal octets encoding in MSC (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix wrong DLCI release order (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- netfilter: nft_socket: only do sk lookups when indev is available (Florian Westphal) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- tty: n_gsm: fix mux cleanup after unregister tty device (Daniel Starke) \n- tty: n_gsm: fix decoupled mux resource (Daniel Starke) \n- tty: n_gsm: fix restart handling via CLD command (Daniel Starke) \n- perf symbol: Update symbols__fixup_end() (Namhyung Kim) \n- perf symbol: Pass is_kallsyms to symbols__fixup_end() (Namhyung Kim) \n- x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) \n- ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (Tim Harvey) \n- ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (Eugen Hristev) \n- btrfs: fix leaked plug after failure syncing log on zoned filesystems (Filipe Manana) \n- thermal: int340x: Fix attr.show callback prototype (Kees Cook) \n- ACPI: processor: idle: Avoid falling back to C3 type C-states (Ville Syrjala) \n- net: ethernet: stmmac: fix write to sgmii_adapter_base (Dinh Nguyen) \n- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (Imre Deak) \n- drm/i915: Check EDID for HDR static metadata when choosing blc (Jouni Hogander) \n- netfilter: Update ip6_route_me_harder to consider L3 domain (Martin Willi) \n- mtd: rawnand: qcom: fix memory corruption that causes panic (Md Sadre Alam) \n- kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (Zqiang) \n- zonefs: Clear inode information flags on inode creation (Damien Le Moal) \n- zonefs: Fix management of open zones (Damien Le Moal) \n- Revert ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (Ville Syrjala) \n- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) \n- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) \n- powerpc/perf: Fix 32bit compile (Alexey Kardashevskiy) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- bonding: do not discard lowest hash bit for non layer3+4 hashing (suresh kumar) \n- ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (Namjae Jeon) \n- ksmbd: increment reference count of parent fp (Namjae Jeon) \n- arch: xtensa: platforms: Fix deadlock in rs_close() (Duoming Zhou) \n- ext4: fix bug_on in start_this_handle during umount filesystem (Ye Bin) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- ASoC: Intel: soc-acpi: correct device endpoints for max98373 (Chao Song) \n- tcp: fix F-RTO may not work correctly when receiving DSACK (Pengcheng Yang) \n- Revert ibmvnic: Add ethtool private flag for driver-defined queue limits (Dany Madden) \n- ixgbe: ensure IPsec VF<->PF compatibility (Leon Romanovsky) \n- perf arm-spe: Fix addresses of synthesized SPE events (Timothy Hayes) \n- gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) \n- gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) \n- gfs2: Minor retry logic cleanup (Andreas Gruenbacher) \n- gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) \n- net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (Yang Yingliang) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- tls: Skip tls_append_frag on zero copy size (Maxim Mikityanskiy) \n- drm/amd/display: Fix memory leak in dcn21_clock_source_create (Miaoqian Lin) \n- drm/amdkfd: Fix GWS queue count (David Yat Sin) \n- netfilter: conntrack: fix udp offload timeout sysctl (Volodymyr Mytnyk) \n- io_uring: check reserved fields for recv/recvmsg (Jens Axboe) \n- io_uring: check reserved fields for send/sendmsg (Jens Axboe) \n- net: dsa: lantiq_gswip: Dont set GSWIP_MII_CFG_RMII_CLK (Martin Blumenstingl) \n- drm/sun4i: Remove obsolete references to PHYS_OFFSET (Samuel Holland) \n- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (Nathan Rossi) \n- net: phy: marvell10g: fix return value on error (Baruch Siach) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (Vladimir Zapolskiy) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: make sure treq->af_specific is initialized (Eric Dumazet) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (Peilin Ye) \n- ip6_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- net/smc: sync err code when tcp connection was refused (liuyacan) \n- net: hns3: add return value for mailbox handling in PF (Jian Shen) \n- net: hns3: add validity check for message data length (Jian Shen) \n- net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (Jie Wang) \n- net: hns3: clear inited state and stop client after failed to register netdev (Jian Shen) \n- cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (Xiaobing Luo) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (Fabio Estevam) \n- ARM: dts: imx6ull-colibri: fix vqmmc regulator (Max Krummenacher) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- wireguard: device: check for metadata_dst with skb_valid_dst() (Nikolay Aleksandrov) \n- tcp: ensure to use the most recently sent skb when filling the rate sample (Pengcheng Yang) \n- pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (Marek Vasut) \n- tcp: md5: incorrect tcp_header_len for incoming connections (Francesco Ruggeri) \n- pinctrl: rockchip: fix RK3308 pinmux bits (Luca Ceresoli) \n- bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (Eyal Birger) \n- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (Pablo Neira Ayuso) \n- net: dsa: Add missing of_node_put() in dsa_port_link_register_of (Miaoqian Lin) ", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9690", "href": "http://linux.oracle.com/errata/ELSA-2022-9690.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T20:40:47", "description": "[4.1.12-124.65.1.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460939] {CVE-2022-2588}", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9694", "href": "http://linux.oracle.com/errata/ELSA-2022-9694.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T22:40:33", "description": "[5.4.17-2136.309.5.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza\n Cascardo) [Orabug: 34460937] {CVE-2022-2588}", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9691", "href": "http://linux.oracle.com/errata/ELSA-2022-9691.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T20:40:46", "description": "[5.15.0-1.43.4.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588}\n[5.15.0-1.43.4]\n- Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] \n- Revert selftests/bpf: Add test for reg2btf_ids out of bounds access (Alan Maguire) [Orabug: 34399286]\n[5.15.0-1.43.3]\n- x86/alternative: The retpoline alternative is not applied (Alexandre Chartre) [Orabug: 34395937] \n- x86/ftrace: Do not copy ftrace_stub() in ftrace trampoline (Alexandre Chartre) [Orabug: 34395937]\n[5.15.0-100.43.0]\n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364336] \n- ocfs2: dlmfs: dont clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364336] \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34364336] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34366723] \n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34393053] {CVE-2022-21505}\n[5.15.0-1.43.1]\n- LTS version: v5.15.43 (Jack Vogel) \n- mptcp: Do TCP fallback on early DSS checksum failure (Mat Martineau) \n- LTS version: v5.15.42 (Jack Vogel) \n- afs: Fix afs_getattr() to refetch file status if callback break occurred (David Howells) \n- i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (Yang Yingliang) \n- mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) \n- dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (Jae Hyun Yoo) \n- Input: ili210x - fix reset timing (Marek Vasut) \n- arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (Shreyas K K) \n- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) \n- net: atlantic: add check for MAX_SKB_FRAGS (Grant Grundler) \n- net: atlantic: reduce scope of is_rsc_complete (Grant Grundler) \n- net: atlantic: fix frag[0] not initialized (Grant Grundler) \n- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) \n- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) \n- nl80211: fix locking in nl80211_set_tx_bitrate_mask() (Johannes Berg) \n- net: fix wrong network header length (Lina Wang) \n- fbdev: Prevent possible use-after-free in fb_release() (Daniel Vetter) \n- Revert fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) \n- selftests: add ping test with ping_group_range tuned (Nicolas Dichtel) \n- nl80211: validate S1G channel width (Kieran Frewen) \n- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) \n- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) \n- scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (Brian Bunker) \n- perf bench numa: Address compiler error on s390 (Thomas Richter) \n- perf regs x86: Fix arch__intr_reg_mask() for the hybrid platform (Kan Liang) \n- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) \n- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) \n- perf build: Fix check for btf__load_from_kernel_by_id() in libbpf (Arnaldo Carvalho de Melo) \n- scsi: ufs: core: Fix referencing invalid rsp field (Daejun Park) \n- riscv: dts: sifive: fu540-c000: align dma node name with dtschema (Krzysztof Kozlowski) \n- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) \n- netfilter: flowtable: move dst_check to packet path (Ritaro Takenaka) \n- netfilter: flowtable: pass flowtable to nf_flow_table_iterate() (Pablo Neira Ayuso) \n- netfilter: flowtable: fix TCP flow teardown (Pablo Neira Ayuso) \n- igb: skip phy status check where unavailable (Kevin Mitchell) \n- mptcp: fix checksum byte order (Paolo Abeni) \n- mptcp: reuse __mptcp_make_csum in validate_data_csum (Geliang Tang) \n- mptcp: change the parameter of __mptcp_make_csum (Geliang Tang) \n- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) \n- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) \n- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) \n- net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) \n- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Maor Dickman) \n- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) \n- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) \n- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) \n- ice: Fix interrupt moderation settings getting cleared (Michal Wilczynski) \n- ice: move ice_container_type onto ice_ring_container (Maciej Fijalkowski) \n- ice: fix possible under reporting of ethtool Tx and Rx statistics (Paul Greenwalt) \n- ice: fix crash when writing timestamp on RX rings (Arkadiusz Kubalewski) \n- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) \n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) \n- net: systemport: Fix an error handling path in bcm_sysport_probe() (Christophe JAILLET) \n- Revert PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) \n- netfilter: nft_flow_offload: fix offload with pppoe + vlan (Felix Fietkau) \n- net: fix dev_fill_forward_path with pppoe + bridge (Felix Fietkau) \n- netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices (Felix Fietkau) \n- netfilter: flowtable: fix excessive hw offload attempts after failure (Felix Fietkau) \n- net/sched: act_pedit: sanitize shift argument before usage (Paolo Abeni) \n- xfrm: fix disable_policy flag use when arriving from different devices (Eyal Birger) \n- xfrm: rework default policy structure (Nicolas Dichtel) \n- net: macb: Increment rx bd head after allocating skb and buffer (Harini Katakam) \n- net: ipa: record proper RX transaction count (Alex Elder) \n- ALSA: hda - fix unused Realtek function when PM is not enabled (Randy Dunlap) \n- pinctrl: mediatek: mt8365: fix IES control pins (Mattijs Korpershoek) \n- ARM: dts: aspeed: Add video engine to g6 (Howard Chiu) \n- ARM: dts: aspeed: Add secure boot controller node (Joel Stanley) \n- ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (Eddie James) \n- ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (Jae Hyun Yoo) \n- pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (Jae Hyun Yoo) \n- ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (Jae Hyun Yoo) \n- dma-buf: ensure unique directory name for dmabuf stats (Charan Teja Kalla) \n- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (Jerome Pouiller) \n- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) \n- drm/i915/dmc: Add MMIO range restrictions (Anusha Srivatsa) \n- drm/amd: Dont reset dGPUs if the system is going to s2idle (Mario Limonciello) \n- libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov) \n- crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (Ondrej Mosnacek) \n- arm64: mte: Ensure the cleared tags are visible before setting the PTE (Catalin Marinas) \n- arm64: paravirt: Use RCU read locks to guard stolen_time (Prakruthi Deepak Heragu) \n- KVM: x86/mmu: Update number of zapped pages even if page list is stable (Sean Christopherson) \n- Revert can: m_can: pci: use custom bit timings for Elkhart Lake (Jarkko Nikula) \n- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (Rafael J. Wysocki) \n- Fix double fget() in vhost_net_set_backend() (Al Viro) \n- selinux: fix bad cleanup on error in hashtab_duplicate() (Ondrej Mosnacek) \n- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (Werner Sembach) \n- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) \n- ALSA: usb-audio: Restore Rane SL-1 quirk (Takashi Iwai) \n- nilfs2: fix lockdep warnings during disk space reclamation (Ryusuke Konishi) \n- nilfs2: fix lockdep warnings in page operations for btree nodes (Ryusuke Konishi) \n- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) \n- platform/chrome: cros_ec_debugfs: detach log reader wq from devm (Tzung-Bi Shih) \n- drbd: remove usage of list iterator variable after loop (Jakob Koschel) \n- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) \n- fs: fix an infinite loop in iomap_fiemap (Guo Xuenan) \n- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (Mario Limonciello) \n- nvme-multipath: fix hang when disk goes live over reconnect (Anton Eidelman) \n- nvmet: use a private workqueue instead of the system workqueue (Sagi Grimberg) \n- tools/virtio: compile with -pthread (Michael S. Tsirkin) \n- vhost_vdpa: dont setup irq offloading when irq_num < 0 (Zhu Lingshan) \n- s390/pci: improve zpci_dev reference counting (Niklas Schnelle) \n- s390/traps: improve panic message for translation-specification exception (Heiko Carstens) \n- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (Kai-Heng Feng) \n- crypto: x86/chacha20 - Avoid spurious jumps to other functions (Peter Zijlstra) \n- crypto: stm32 - fix reference leak in stm32_crc_remove (Zheng Yongjun) \n- rtc: sun6i: Fix time overflow handling (Andre Przywara) \n- gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) \n- nvme-pci: add quirks for Samsung X5 SSDs (Monish Kumar R) \n- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) \n- Input: add bounds checking to input_set_capability() (Jeff LaBundy) \n- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow) \n- rtc: pcf2127: fix bug when reading alarm registers (Hugo Villeneuve) \n- rtc: fix use-after-free on device removal (Vincent Whitchurch) \n- Revert drm/i915/opregion: check port number bounds for SWSCI display power state (Greg Thelen) \n- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (Hyeonggon Yoo) \n- Watchdog: sp5100_tco: Enable Family 17h+ CPUs (Terry Bowman) \n- Watchdog: sp5100_tco: Add initialization using EFCH MMIO (Terry Bowman) \n- Watchdog: sp5100_tco: Refactor MMIO base address initialization (Terry Bowman) \n- Watchdog: sp5100_tco: Move timer initialization into function (Terry Bowman) \n- i2c: piix4: Enable EFCH MMIO for Family 17h+ (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support for SMBus port select (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support to SMBus base address detect (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support to region request and release (Terry Bowman) \n- i2c: piix4: Move SMBus port selection into function (Terry Bowman) \n- i2c: piix4: Move SMBus controller base address detect into function (Terry Bowman) \n- i2c: piix4: Move port I/O region request/release code into functions (Terry Bowman) \n- i2c: piix4: Replace hardcoded memory map size with a #define (Terry Bowman) \n- kernel/resource: Introduce request_mem_region_muxed() (Terry Bowman) \n- io_uring: arm poll for non-nowait files (Pavel Begunkov) \n- usb: gadget: fix race when gadget driver register via ioctl (Schspa Shi) \n- LTS version: v5.15.41 (Jack Vogel) \n- usb: gadget: uvc: allow for application to cleanly shutdown (Dan Vacura) \n- usb: gadget: uvc: rename function to be more consistent (Michael Tretter) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (Naoya Horiguchi) \n- dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (Charan Teja Reddy) \n- Revert drm/amd/pm: keep the BACO feature enabled for suspend (Alex Deucher) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- SUNRPC: Ensure that the gssproxy client can start in a connected state (Trond Myklebust) \n- net: phy: micrel: Pass .probe for KS8737 (Fabio Estevam) \n- net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (Fabio Estevam) \n- arm[64]/memremap: dont abuse pfn_valid() to ensure presence of linear map (Mike Rapoport) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- writeback: Avoid skipping inode writeback (Jing Xia) \n- net: phy: Fix race condition on link status change (Francesco Dolcini) \n- net: atlantic: always deep reset on pm op, fixing up my null deref regression (Manuel Ullmann) \n- i40e: i40e_main: fix a missing check on list iterator (Xiaomeng Tong) \n- drm/nouveau/tegra: Stop using iommu_present() (Robin Murphy) \n- drm/vmwgfx: Disable command buffers on svga3 without gbobjects (Zack Rusin) \n- mm/huge_memory: do not overkill when splitting huge_zero_page (Xu Yu) \n- Revert mm/memory-failure.c: skip huge_zero_page in memory_failure() (Xu Yu) \n- ceph: fix setting of xattrs on async created inodes (Jeff Layton) \n- serial: 8250_mtk: Fix register address for XON/XOFF character (AngeloGioacchino Del Regno) \n- serial: 8250_mtk: Fix UART_EFR register address (AngeloGioacchino Del Regno) \n- fsl_lpuart: Dont enable interrupts too early (Indan Zupancic) \n- slimbus: qcom: Fix IRQ check in qcom_slim_probe (Miaoqian Lin) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: typec: tcpci_mt6360: Update for BMC PHY setting (ChiYuan Huang) \n- usb: typec: tcpci: Dont skip cleanup in .remove() on error (Uwe Kleine-Konig) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tty: n_gsm: fix mux activation issues in gsm_config() (Daniel Starke) \n- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Daniel Starke) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- x86/mm: Fix marking of unused sub-pmd ranges (Adrian-Ken Rueegsegger) \n- usb: xhci-mtk: fix fs isocs transfer error (Chunfeng Yun) \n- KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (Alexander Graf) \n- firmware_loader: use kernel credentials when reading firmware (Thiebaud Weksteen) \n- interconnect: Restore sync state by ignoring ipa-virt in provider count (Stephen Boyd) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (Matthew Hagan) \n- net: emaclite: Dont advertise 1000BASE-T and do auto negotiation (Shravya Kumbham) \n- ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (Ajit Kumar Pandey) \n- s390: disable -Warray-bounds (Sven Schnelle) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (Ashish Mhetre) \n- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (Duoming Zhou) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) \n- drm/vmwgfx: Fix fencing on SVGAv3 (Zack Rusin) \n- tls: Fix context leak on tls_device_down (Maxim Mikityanskiy) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (Florian Fainelli) \n- drm/vc4: hdmi: Fix build error for implicit function declaration (Hui Tang) \n- net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (Florian Fainelli) \n- net: ethernet: mediatek: ppe: fix wrong size passed to memset() (Yang Yingliang) \n- net/sched: act_pedit: really ensure the skb is writable (Paolo Abeni) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- virtio: fix virtio transitional ids (Shunsuke Mie) \n- arm64: vdso: fix makefile dependency on vdso.so (Joey Gouly) \n- selftests: vm: Makefile: rename TARGETS to VMTARGETS (Joel Savitz) \n- procfs: prevent unprivileged processes accessing fdinfo dir (Kalesh Singh) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- dim: initialize all struct fields (Jesse Brandeburg) \n- ionic: fix missing pci_release_regions() on error in ionic_probe() (Yang Yingliang) \n- nfs: fix broken handling of the softreval mount option (Dan Aloni) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- net: sfc: fix memory leak due to ptp channel (Taehee Yoo) \n- sfc: Use swap() instead of open coding it (Jiapeng Chong) \n- fbdev: efifb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- net: chelsio: cxgb4: Avoid potential negative array offset (Kees Cook) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (Christophe JAILLET) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- ice: fix PTP stale Tx timestamps cleanup (Michal Michalik) \n- ice: Fix race during aux device (un)plugging (Ivan Vecera) \n- platform/surface: aggregator: Fix initialization order when compiling as builtin module (Maximilian Luz) \n- fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (Vladimir Oltean) \n- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (Vladimir Oltean) \n- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (Vladimir Oltean) \n- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (Vladimir Oltean) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- mac80211: Reset MBSSID parameters upon connection (Manikanta Pubbisetty) \n- hwmon: (tmp401) Add OF device ID table (Camel Guo) \n- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (Guenter Roeck) \n- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) \n- LTS version: v5.15.40 (Jack Vogel) \n- mm: fix invalid page pointer returned with FOLL_PIN gups (Peter Xu) \n- mm/mlock: fix potential imbalanced rlimit ucounts adjustment (Miaohe Lin) \n- mm/hwpoison: fix error page recovered but reported not recovered (Naoya Horiguchi) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mm: fix missing cache flush for all tail pages of compound page (Muchun Song) \n- udf: Avoid using stale lengthOfImpUse (Jan Kara) \n- rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (Gleb Fotengauer-Malinovskiy) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in perf bench mem memcpy (Arnaldo Carvalho de Melo) \n- kbuild: move objtool_args back to scripts/Makefile.build (Masahiro Yamada) \n- LTS version: v5.15.39 (Jack Vogel) \n- PCI: aardvark: Update comment about link going down after link-up (Marek Behun) \n- PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (Marek Behun) \n- PCI: aardvark: Dont mask irq when mapping (Pali Rohar) \n- PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (Pali Rohar) \n- PCI: aardvark: Use separate INTA interrupt for emulated root bridge (Pali Rohar) \n- PCI: aardvark: Fix support for PME requester on emulated bridge (Pali Rohar) \n- PCI: aardvark: Add support for PME interrupts (Pali Rohar) \n- PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (Pali Rohar) \n- PCI: aardvark: Add support for ERR interrupt on emulated bridge (Pali Rohar) \n- PCI: aardvark: Enable MSI-X support (Pali Rohar) \n- PCI: aardvark: Fix setting MSI address (Pali Rohar) \n- PCI: aardvark: Add support for masking MSI interrupts (Pali Rohar) \n- PCI: aardvark: Refactor unmasking summary MSI interrupt (Pali Rohar) \n- PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (Marek Behun) \n- PCI: aardvark: Make msi_domain_info structure a static driver structure (Marek Behun) \n- PCI: aardvark: Make MSI irq_chip structures static driver structures (Marek Behun) \n- PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (Pali Rohar) \n- PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) \n- PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (Pali Rohar) \n- PCI: aardvark: Disable common PHY when unbinding driver (Pali Rohar) \n- PCI: aardvark: Disable link training when unbinding driver (Pali Rohar) \n- PCI: aardvark: Assert PERST# when unbinding driver (Pali Rohar) \n- PCI: aardvark: Fix memory leak in driver unbind (Pali Rohar) \n- PCI: aardvark: Mask all interrupts when unbinding driver (Pali Rohar) \n- PCI: aardvark: Disable bus mastering when unbinding driver (Pali Rohar) \n- PCI: aardvark: Comment actions in driver remove method (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (Pali Rohar) \n- PCI: pci-bridge-emul: Add definitions for missing capabilities registers (Pali Rohar) \n- PCI: pci-bridge-emul: Add description for class_revision field (Pali Rohar) \n- rcu: Apply callbacks processing time limit only on softirq (Frederic Weisbecker) \n- rcu: Fix callbacks processing time limit retaining cond_resched() (Frederic Weisbecker) \n- Revert parisc: Mark sched_clock unstable only if clocks are not syncronized (Helge Deller) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) \n- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) \n- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (Wanpeng Li) \n- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (Paolo Bonzini) \n- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini) \n- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (Wanpeng Li) \n- KVM: selftests: Silence compiler warning in the kvm_page_table_test (Thomas Huth) \n- kvm: selftests: do not use bitfields larger than 32-bits for PTEs (Paolo Bonzini) \n- iommu/dart: Add missing module owner to ops structure (Hector Martin) \n- net/mlx5e: Lag, Dont skip fib events on current dst (Vlad Buslov) \n- net/mlx5e: Lag, Fix fib_info pointer assignment (Vlad Buslov) \n- net/mlx5e: Lag, Fix use-after-free in fib event handler (Vlad Buslov) \n- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Aya Levin) \n- fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- gpio: mvebu: drop pwm base assignment (Baruch Siach) \n- drm/amdgpu: Ensure HDA function is suspended before ASIC reset (Kai-Heng Feng) \n- drm/amdgpu: dont set s3 and s0ix at the same time (Mario Limonciello) \n- drm/amdgpu: explicitly check for s0ix when evicting resources (Mario Limonciello) \n- drm/amdgpu: unify BO evicting method in amdgpu_ttm (Nirmoy Das) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- btrfs: force v2 space cache usage for subpage mount (Qu Wenruo) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (Vladimir Oltean) \n- bnxt_en: Fix unnecessary dropping of RX packets (Michael Chan) \n- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (Somnath Kotur) \n- selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (Ido Schimmel) \n- rxrpc: Enable IPv6 checksums on transport socket (David Howells) \n- mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (Eric Dumazet) \n- hinic: fix bug of wq out of bound access (Qiao Ma) \n- btrfs: do not BUG_ON() on failure to update inode when setting xattr (Filipe Manana) \n- drm/msm/dp: remove fail safe mode related code (Kuogee Hsieh) \n- selftests/net: so_txtime: usage(): fix documentation of default clock (Marc Kleine-Budde) \n- selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (Marc Kleine-Budde) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (Yang Yingliang) \n- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (Niels Dossche) \n- net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (Yang Yingliang) \n- net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (Yang Yingliang) \n- net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (Yang Yingliang) \n- NFSv4: Dont invalidate inode attributes on delegation return (Trond Myklebust) \n- RDMA/irdma: Fix possible crash due to NULL netdev in notifier (Mustafa Ismail) \n- RDMA/irdma: Reduce iWARP QP destroy time (Shiraz Saleem) \n- RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (Tatyana Nikolova) \n- RDMA/siw: Fix a condition race issue in MPA request processing (Cheng Xu) \n- SUNRPC release the transport of a relocated task with an assigned transport (Olga Kornievskaia) \n- selftests/seccomp: Dont call read() on TTY from background pgrp (Jann Horn) \n- net/mlx5: Fix deadlock in sync reset flow (Moshe Shemesh) \n- net/mlx5: Avoid double clear or set of sync reset requested (Moshe Shemesh) \n- net/mlx5e: Fix the calling of update_buffer_lossy() API (Mark Zhang) \n- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Paul Blakey) \n- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Vlad Buslov) \n- net/mlx5e: Fix trust state reset in reload (Moshe Tal) \n- iommu/dart: check return value after calling platform_get_resource() (Yang Yingliang) \n- iommu/vt-d: Drop stop marker messages (Lu Baolu) \n- ASoC: soc-ops: fix error handling (Pierre-Louis Bossart) \n- ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu) \n- hwmon: (pmbus) disable PEC if not enabled (Adam Wujek) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (Puyou Lu) \n- gpio: visconti: Fix fwnode of GPIO IRQ (Nobuhiro Iwamatsu) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: isotp: remove re-binding of bound socket (Oliver Hartkopp) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- s390/dasd: Fix read inconsistency for ESE DASD devices (Jan Hoppner) \n- s390/dasd: Fix read for ESE with blksize < 4k (Jan Hoppner) \n- s390/dasd: prevent double format of tracks for ESE devices (Stefan Haberland) \n- s390/dasd: fix data corruption for ESE devices (Stefan Haberland) \n- ASoC: meson: Fix event generation for AUI CODEC mux (Mark Brown) \n- ASoC: meson: Fix event generation for G12A tohdmi mux (Mark Brown) \n- ASoC: meson: Fix event generation for AUI ACODEC mux (Mark Brown) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- ASoC: da7219: Fix change notifications for tone generator frequency (Mark Brown) \n- genirq: Synchronize interrupt thread startup (Thomas Pfaff) \n- net: stmmac: disable Split Header (SPH) for Intel platforms (Tan Tee Min) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- timekeeping: Mark NMI safe time accessors as notrace (Kurt Kanzenbach) \n- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) \n- RISC-V: relocate DTB if its outside memory region (Nick Kossifidis) \n- drm/amdgpu: do not use passthrough mode in Xen dom0 (Marek Marczykowski-Gorecki) \n- drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (Harry Wentland) \n- iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (Nicolin Chen) \n- iommu/vt-d: Calculate mask for non-aligned flushes (David Stevens) \n- KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (Kyle Huey) \n- x86/fpu: Prevent FPU state corruption (Thomas Gleixner) \n- gpiolib: of: fix bounds check for gpio-reserved-ranges (Andrei Lalaev) \n- mmc: core: Set HS clock speed before sending HS CMD13 (Brian Norris) \n- mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (Samuel Holland) \n- mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (Shaik Sajida Bhanu) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (Zihao Wang) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- LTS version: v5.15.38 (Jack Vogel) \n- powerpc/64: Add UADDR64 relocation support (Alexey Kardashevskiy) \n- objtool: Fix type of reloc::addend (Peter Zijlstra) \n- objtool: Fix code relocs vs weak symbols (Peter Zijlstra) \n- eeprom: at25: Use DMA safe buffers (Christophe Leroy) \n- perf symbol: Remove arch__symbols__fixup_end() (Namhyung Kim) \n- tty: n_gsm: fix software flow control handling (Daniel Starke) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix reset fifo race condition (Daniel Starke) \n- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Daniel Starke) \n- tty: n_gsm: fix wrong signal octets encoding in MSC (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix wrong DLCI release order (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- netfilter: nft_socket: only do sk lookups when indev is available (Florian Westphal) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- tty: n_gsm: fix mux cleanup after unregister tty device (Daniel Starke) \n- tty: n_gsm: fix decoupled mux resource (Daniel Starke) \n- tty: n_gsm: fix restart handling via CLD command (Daniel Starke) \n- perf symbol: Update symbols__fixup_end() (Namhyung Kim) \n- perf symbol: Pass is_kallsyms to symbols__fixup_end() (Namhyung Kim) \n- x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) \n- ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (Tim Harvey) \n- ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (Eugen Hristev) \n- btrfs: fix leaked plug after failure syncing log on zoned filesystems (Filipe Manana) \n- thermal: int340x: Fix attr.show callback prototype (Kees Cook) \n- ACPI: processor: idle: Avoid falling back to C3 type C-states (Ville Syrjala) \n- net: ethernet: stmmac: fix write to sgmii_adapter_base (Dinh Nguyen) \n- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (Imre Deak) \n- drm/i915: Check EDID for HDR static metadata when choosing blc (Jouni Hogander) \n- netfilter: Update ip6_route_me_harder to consider L3 domain (Martin Willi) \n- mtd: rawnand: qcom: fix memory corruption that causes panic (Md Sadre Alam) \n- kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (Zqiang) \n- zonefs: Clear inode information flags on inode creation (Damien Le Moal) \n- zonefs: Fix management of open zones (Damien Le Moal) \n- Revert ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (Ville Syrjala) \n- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) \n- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) \n- powerpc/perf: Fix 32bit compile (Alexey Kardashevskiy) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- bonding: do not discard lowest hash bit for non layer3+4 hashing (suresh kumar) \n- ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (Namjae Jeon) \n- ksmbd: increment reference count of parent fp (Namjae Jeon) \n- arch: xtensa: platforms: Fix deadlock in rs_close() (Duoming Zhou) \n- ext4: fix bug_on in start_this_handle during umount filesystem (Ye Bin) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- ASoC: Intel: soc-acpi: correct device endpoints for max98373 (Chao Song) \n- tcp: fix F-RTO may not work correctly when receiving DSACK (Pengcheng Yang) \n- Revert ibmvnic: Add ethtool private flag for driver-defined queue limits (Dany Madden) \n- ixgbe: ensure IPsec VF<->PF compatibility (Leon Romanovsky) \n- perf arm-spe: Fix addresses of synthesized SPE events (Timothy Hayes) \n- gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) \n- gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) \n- gfs2: Minor retry logic cleanup (Andreas Gruenbacher) \n- gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) \n- net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (Yang Yingliang) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- tls: Skip tls_append_frag on zero copy size (Maxim Mikityanskiy) \n- drm/amd/display: Fix memory leak in dcn21_clock_source_create (Miaoqian Lin) \n- drm/amdkfd: Fix GWS queue count (David Yat Sin) \n- netfilter: conntrack: fix udp offload timeout sysctl (Volodymyr Mytnyk) \n- io_uring: check reserved fields for recv/recvmsg (Jens Axboe) \n- io_uring: check reserved fields for send/sendmsg (Jens Axboe) \n- net: dsa: lantiq_gswip: Dont set GSWIP_MII_CFG_RMII_CLK (Martin Blumenstingl) \n- drm/sun4i: Remove obsolete references to PHYS_OFFSET (Samuel Holland) \n- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (Nathan Rossi) \n- net: phy: marvell10g: fix return value on error (Baruch Siach) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (Vladimir Zapolskiy) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: make sure treq->af_specific is initialized (Eric Dumazet) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (Peilin Ye) \n- ip6_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- net/smc: sync err code when tcp connection was refused (liuyacan) \n- net: hns3: add return value for mailbox handling in PF (Jian Shen) \n- net: hns3: add validity check for message data length (Jian Shen) \n- net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (Jie Wang) \n- net: hns3: clear inited state and stop client after failed to register netdev (Jian Shen) \n- cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (Xiaobing Luo) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (Fabio Estevam) \n- ARM: dts: imx6ull-colibri: fix vqmmc regulator (Max Krummenacher) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- wireguard: device: check for metadata_dst with skb_valid_dst() (Nikolay Aleksandrov) \n- tcp: ensure to use the most recently sent skb when filling the rate sample (Pengcheng Yang) \n- pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (Marek Vasut) \n- tcp: md5: incorrect tcp_header_len for incoming connections (Francesco Ruggeri) \n- pinctrl: rockchip: fix RK3308 pinmux bits (Luca Ceresoli) \n- bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (Eyal Birger) \n- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (Pablo Neira Ayuso) \n- net: dsa: Add missing of_node_put() in dsa_port_link_register_of (Miaoqian Lin) ", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9689", "href": "http://linux.oracle.com/errata/ELSA-2022-9689.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "rocky": [{"lastseen": "2023-07-29T20:17:47", "description": "An update is available for kernel-rt.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nThe kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n* Kernel: A kernel-info-leak issue in pfkey_register (CVE-2022-1353)\n\n* hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [Rocky Linux8-rt] BUG: using __this_cpu_add() in preemptible [00000000] - caller is __mod_memcg_lruvec_state+0x69/0x1c0 (BZ#2122600)\n\n* The latest Rocky Linux 8.6.z4 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2125396)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-25T07:38:43", "type": "rocky", "title": "kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-10-25T07:38:43", "id": "RLSA-2022:7134", "href": "https://errata.rockylinux.org/RLSA-2022:7134", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-07-29T20:17:47", "description": "An update is available for kernel.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* Information leak in scsi_ioctl() (CVE-2022-0494)\n\n* A kernel-info-leak issue in pfkey_register (CVE-2022-1353)\n\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Add s390_iommu_aperture kernel parameter (BZ#2081324)\n\n* Blackscreen and hangup after resume from hibernate or S3 with DFGX WX3200 (BZ#2091065)\n\n* Update NVME subsystem with bug fixes and minor changes (BZ#2106017)\n\n* Fix parsing of nw_proto for IPv6 fragments (BZ#2106703)\n\n* \"vmcore failed, _exitcode:139\" error observed while capturing vmcore during fadump after memory remove. incomplete vmcore is captured. (BZ#2107488)\n\n* 'disable_policy' is ignored for addresses configured on a down interface (BZ#2109971)\n\n* Backport request for new cpufreq.default_governor kernel command line parameter (BZ#2109996)\n\n* Panics in mpt3sas mpt3sas_halt_firmware() if mpt3sas_fwfault_debug=1 enabled when poweroff issued to server (BZ#2111140)\n\n* IOMMU/DMA update for 8.7 (BZ#2111692)\n\n* Update Broadcom Emulex lpfc driver for Rocky Linux8.7 with bug fixes (14.0.0.13) (BZ#2112103)\n\n* Incorrect Socket(s) & \"Core(s) per socket\" reported by lscpu command. (BZ#2112820)\n\n* Panic in ch_release() due to NULL ch->device pointer, backport upstream fix (BZ#2115965)\n\n* pyverbs-tests fail over qede IW HCAs on \"test_query_rc_qp\" (tests.test_qp.QPTest) (BZ#2119122)\n\n* qedi shutdown handler hangs upon reboot (BZ#2119847)\n\n* cache link_info for ethtool (BZ#2120197)\n\n* Important iavf bug fixes (BZ#2120225)\n\n* Hibernate crash with Aquantia 2.5/5 Gb LAN card (BZ#2124966)\n\n* While using PTimekeeper the qede driver produces excessive log messages (BZ#2125477)\n\n* general protection fault handling rpc_xprt.timer (BZ#2126184)\n\n* Not enough device MSI-X vectors (BZ#2126482)\n\n* Atlantic driver panic on wakeup after hybernate (BZ#2127845)\n\n* Memory leak in vxlan_xmit_one (BZ#2131255)\n\n* Missing hybernate/resume fixes (BZ#2131936)\n\nEnhancement(s):\n\n* Update smartpqi driver to latest upstream Second Set of Patches (BZ#2112354)\n\n* qed/qede/qedr - driver updates to latest upstream (BZ#2120611)\n\n* Update qedi driver to latest upstream (BZ#2120612)\n\n* Update qedf driver to latest upstream (BZ#2120613)\n\n* Include the support for new NVIDIA Mobile GFX GA103 on ADL Gen Laptops (BZ#2127122)\n\n* Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64) (BZ#2129923)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-25T07:23:52", "type": "rocky", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-10-25T07:23:52", "id": "RLSA-2022:7110", "href": "https://errata.rockylinux.org/RLSA-2022:7110", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "almalinux": [{"lastseen": "2023-09-19T11:21:26", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n* Information leak in scsi_ioctl() (CVE-2022-0494)\n* A kernel-info-leak issue in pfkey_register (CVE-2022-1353)\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n* Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Add s390_iommu_aperture kernel parameter (BZ#2081324)\n* Blackscreen and hangup after resume from hibernate or S3 with DFGX WX3200 (BZ#2091065)\n* Update NVME subsystem with bug fixes and minor changes (BZ#2106017)\n* Fix parsing of nw_proto for IPv6 fragments (BZ#2106703)\n* \"vmcore failed, _exitcode:139\" error observed while capturing vmcore during fadump after memory remove. incomplete vmcore is captured. (BZ#2107488)\n* 'disable_policy' is ignored for addresses configured on a down interface (BZ#2109971)\n* Backport request for new cpufreq.default_governor kernel command line parameter (BZ#2109996)\n* Panics in mpt3sas mpt3sas_halt_firmware() if mpt3sas_fwfault_debug=1 enabled when poweroff issued to server (BZ#2111140)\n* IOMMU/DMA update for 8.7 (BZ#2111692)\n* Update Broadcom Emulex lpfc driver for AlmaLinux8.7 with bug fixes (14.0.0.13) (BZ#2112103)\n* Incorrect Socket(s) & \"Core(s) per socket\" reported by lscpu command. (BZ#2112820)\n* Panic in ch_release() due to NULL ch->device pointer, backport upstream fix (BZ#2115965)\n* pyverbs-tests fail over qede IW HCAs on \"test_query_rc_qp\" (tests.test_qp.QPTest) (BZ#2119122)\n* qedi shutdown handler hangs upon reboot (BZ#2119847)\n* cache link_info for ethtool (BZ#2120197)\n* Important iavf bug fixes (BZ#2120225)\n* Hibernate crash with Aquantia 2.5/5 Gb LAN card (BZ#2124966)\n* While using PTimekeeper the qede driver produces excessive log messages (BZ#2125477)\n* general protection fault handling rpc_xprt.timer (BZ#2126184)\n* Not enough device MSI-X vectors (BZ#2126482)\n* Atlantic driver panic on wakeup after hybernate (BZ#2127845)\n* Memory leak in vxlan_xmit_one (BZ#2131255)\n* Missing hybernate/resume fixes (BZ#2131936)\n\nEnhancement(s):\n\n* Update smartpqi driver to latest upstream Second Set of Patches (BZ#2112354)\n* qed/qede/qedr - driver updates to latest upstream (BZ#2120611)\n* Update qedi driver to latest upstream (BZ#2120612)\n* Update qedf driver to latest upstream (BZ#2120613)\n* Include the support for new NVIDIA Mobile GFX GA103 on ADL Gen Laptops (BZ#2127122)\n* Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64) (BZ#2129923)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-25T00:00:00", "type": "almalinux", "title": "Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-10-27T09:56:47", "id": "ALSA-2022:7110", "href": "https://errata.almalinux.org/8/ALSA-2022-7110.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-07-29T20:16:46", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\nSecurity Fix(es):\n* information leak in scsi_ioctl() (CVE-2022-0494)\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nBug Fix(es):\n* update RT source tree to the latest AlmaLinux-9.0.z2 Batch (BZ#2105450)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T00:00:00", "type": "almalinux", "title": "Moderate: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1055"], "modified": "2022-08-10T17:13:29", "id": "ALSA-2022:6002", "href": "https://errata.almalinux.org/9/ALSA-2022-6002.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2023-08-09T15:25:20", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\nSecurity Fix(es):\n* information leak in scsi_ioctl() (CVE-2022-0494)\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\nBug Fix(es):\n* Power9 - LPAR fails to boot in shared processing mode and call traces are seen [Hash] (BZ#2092248)\n* Hard lockups are observed while running stress-ng and LPAR hangs (BZ#2092253)\n* FIPS module identification via name and version (BZ#2093384)\n* gfs2: File corruption with large writes when memory is tight (BZ#2097306)\n* i/o on initiator stuck when network is disrupted (4.18.0-372.9.1.el8.x86_64) (BZ#2098251)\n* AlmaLinux 9.1 doesn't support 3rd SATA (BZ#2099740)\n* Guest call trace when reboot after postcopy migration with high stress workload (BZ#2100903)\n* Oops or general protection fault with RIP decode_attr_security_label at decode_getfattr_attrs (BZ#2101854)\n* Oops as BUG: unable to handle page fault as free of uninitialized nfs4_label on nfs referral lookup (BZ#2101858)\n* lpar crash with Oops: Kernel access of bad area, sig: 11 [#1] when changing mtu of a bond interface (P10/ ibmvnic/ Haleakala) (BZ#2103085)\n* OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2109974)\nEnhancement(s):\n* iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2105326)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T00:00:00", "type": "almalinux", "title": "Moderate: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1055"], "modified": "2022-08-10T21:08:32", "id": "ALSA-2022:6003", "href": "https://errata.almalinux.org/9/ALSA-2022-6003.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}], "nessus": [{"lastseen": "2023-05-17T16:37:22", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7134 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : kernel-rt (RLSA-2022:7134)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:kernel-rt", "p-cpe:/a:rocky:linux:kernel-rt-core", "p-cpe:/a:rocky:linux:kernel-rt-debug", "p-cpe:/a:rocky:linux:kernel-rt-debug-core", "p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo", "p-cpe:/a:rocky:linux:kernel-rt-debug-devel", "p-cpe:/a:rocky:linux:kernel-rt-debug-kvm", "p-cpe:/a:rocky:linux:kernel-rt-debug-modules", "p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra", "p-cpe:/a:rocky:linux:kernel-rt-debuginfo", "p-cpe:/a:rocky:linux:kernel-rt-debuginfo-common-x86_64", "p-cpe:/a:rocky:linux:kernel-rt-devel", "p-cpe:/a:rocky:linux:kernel-rt-kvm", "p-cpe:/a:rocky:linux:kernel-rt-modules", "p-cpe:/a:rocky:linux:kernel-rt-modules-extra", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-7134.NASL", "href": "https://www.tenable.com/plugins/nessus/167807", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:7134.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167807);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RLSA\", value:\"2022:7134\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Rocky Linux 8 : kernel-rt (RLSA-2022:7134)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:7134 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:7134\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353', 'CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RLSA-2022:7134');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'kernel-rt-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-debuginfo-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debuginfo-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debuginfo-common-x86_64-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:20", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7110 advisory.\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-26T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2022-7110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:python3-perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs"], "id": "ORACLELINUX_ELSA-2022-7110.NASL", "href": "https://www.tenable.com/plugins/nessus/166553", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-7110.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166553);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2022-7110)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-7110 advisory.\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-7110.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-372.32.1.0.1.el8_6'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-7110');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-stablelists-4.18.0-372.32.1.0.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.0.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.0.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:26", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7134 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-26T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel-rt (ALSA-2022:7134)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:alma:linux:kernel-rt", "p-cpe:/a:alma:linux:kernel-rt-core", "p-cpe:/a:alma:linux:kernel-rt-debug", "p-cpe:/a:alma:linux:kernel-rt-debug-core", "p-cpe:/a:alma:linux:kernel-rt-debug-devel", "p-cpe:/a:alma:linux:kernel-rt-debug-kvm", "p-cpe:/a:alma:linux:kernel-rt-debug-modules", "p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-rt-devel", "p-cpe:/a:alma:linux:kernel-rt-kvm", "p-cpe:/a:alma:linux:kernel-rt-modules", "p-cpe:/a:alma:linux:kernel-rt-modules-extra", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::nfv", "cpe:/o:alma:linux:8::realtime"], "id": "ALMA_LINUX_ALSA-2022-7134.NASL", "href": "https://www.tenable.com/plugins/nessus/166523", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7134.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166523);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7134\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"AlmaLinux 8 : kernel-rt (ALSA-2022:7134)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7134 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7134.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 212, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::realtime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353', 'CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7134');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-rt-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:47", "description": "The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7110 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : kernel (RLSA-2022:7110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:rocky:linux:bpftool", "p-cpe:/a:rocky:linux:bpftool-debuginfo", "p-cpe:/a:rocky:linux:kernel", "p-cpe:/a:rocky:linux:kernel-abi-stablelists", "p-cpe:/a:rocky:linux:kernel-core", "p-cpe:/a:rocky:linux:kernel-cross-headers", "p-cpe:/a:rocky:linux:kernel-debug", "p-cpe:/a:rocky:linux:kernel-debug-core", "p-cpe:/a:rocky:linux:kernel-debug-debuginfo", "p-cpe:/a:rocky:linux:kernel-debug-devel", "p-cpe:/a:rocky:linux:kernel-debug-modules", "p-cpe:/a:rocky:linux:kernel-debug-modules-extra", "p-cpe:/a:rocky:linux:kernel-debuginfo", "p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:rocky:linux:kernel-devel", "p-cpe:/a:rocky:linux:kernel-headers", "p-cpe:/a:rocky:linux:kernel-modules", "p-cpe:/a:rocky:linux:kernel-modules-extra", "p-cpe:/a:rocky:linux:kernel-tools", "p-cpe:/a:rocky:linux:kernel-tools-debuginfo", "p-cpe:/a:rocky:linux:kernel-tools-libs", "p-cpe:/a:rocky:linux:kernel-tools-libs-devel", "p-cpe:/a:rocky:linux:perf", "p-cpe:/a:rocky:linux:perf-debuginfo", "p-cpe:/a:rocky:linux:python3-perf", "p-cpe:/a:rocky:linux:python3-perf-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-7110.NASL", "href": "https://www.tenable.com/plugins/nessus/167817", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:7110.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167817);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RLSA\", value:\"2022:7110\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Rocky Linux 8 : kernel (RLSA-2022:7110)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nRLSA-2022:7110 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:7110\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353', 'CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RLSA-2022:7110');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / bpftool-debuginfo / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:29", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7110 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-28T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2022:7110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump", "p-cpe:/a:alma:linux:kernel-zfcpdump-core", "p-cpe:/a:alma:linux:kernel-zfcpdump-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::baseos", "cpe:/o:alma:linux:8::powertools"], "id": "ALMA_LINUX_ALSA-2022-7110.NASL", "href": "https://www.tenable.com/plugins/nessus/166675", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7110.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166675);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7110\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2022:7110)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7110 advisory.\n\n - A kernel information leak flaw was identified in the scsi_ioctl function in drivers/scsi/scsi_ioctl.c in\n the Linux kernel. This flaw allows a local attacker with a special user privilege (CAP_SYS_ADMIN or\n CAP_SYS_RAWIO) to create issues with confidentiality. (CVE-2022-0494)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7110.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 212, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::powertools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353', 'CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7110');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:34:04", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7110 advisory.\n\n - kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2022:7110)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2022-7110.NASL", "href": "https://www.tenable.com/plugins/nessus/166478", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7110. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166478);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7110\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2022:7110)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7110 advisory.\n\n - kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7110\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 212, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353', 'CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7110');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.32.1.el8_6', 'sp':'6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.el8_6', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-372.32.1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-372.32.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-372.32.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-372.32.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-372.32.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-372.32.1.el8_6', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-372.32.1.el8_6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:48", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7134 advisory.\n\n - kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2022:7134)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2022-7134.NASL", "href": "https://www.tenable.com/plugins/nessus/166473", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7134. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166473);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2022-0494\",\n \"CVE-2022-1353\",\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7134\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2022:7134)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7134 advisory.\n\n - kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 212, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353', 'CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7134');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-372.32.1.rt7.189.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:45", "description": "The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-c69ef9c1dd advisory.\n\n - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - AMD: CVE-2022-23825 AMD CPU Branch Type Confusion (CVE-2022-23825)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-14T00:00:00", "type": "nessus", "title": "Fedora 36 : kernel (2022-c69ef9c1dd)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-12-05T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:36", "p-cpe:/a:fedoraproject:fedora:kernel"], "id": "FEDORA_2022-C69EF9C1DD.NASL", "href": "https://www.tenable.com/plugins/nessus/163090", "sourceData": "##\n# (C) Tenable, Inc.\n##\n# The descriptive text and package checks in this plugin were\n# extracted from Fedora Security Advisory FEDORA-2022-c69ef9c1dd\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163090);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"FEDORA\", value:\"2022-c69ef9c1dd\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Fedora 36 : kernel (2022-c69ef9c1dd)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Fedora host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nFEDORA-2022-c69ef9c1dd advisory.\n\n - AMD microprocessor families 15h to 18h are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - AMD: CVE-2022-23825 AMD CPU Branch Type Confusion (CVE-2022-23825)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2022-c69ef9c1dd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29901\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29900\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:36\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Fedora Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');\nvar os_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^36([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 36', 'Fedora ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for FEDORA-2022-c69ef9c1dd');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar pkgs = [\n {'reference':'kernel-5.18.11-200.fc36', 'release':'FC36', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:37:13", "description": "The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the SLSA-2022:7337-1 advisory.\n\n - a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900) Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-10T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64 (2022:7337)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:bpftool", "p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:kernel-tools", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs", "p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel", "p-cpe:/a:fermilab:scientific_linux:perf", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo"], "id": "SL_20221103_KERNEL_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/167258", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167258);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-2588\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RHSA\", value:\"RHSA-2022:7337\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL7.x x86_64 (2022:7337)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Scientific Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Scientific Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SLSA-2022:7337-1 advisory.\n\n - a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.scientificlinux.org/category/sl-errata/slsa-20227337-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23825\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fermilab:scientific_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Scientific Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Scientific Linux');\nvar os_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Scientific Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Scientific Linux 7.x', 'Scientific Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Scientific Linux', cpu);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.80.1.el7', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-debuginfo-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-debuginfo-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'SL7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && _release) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / bpftool-debuginfo / kernel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:35:18", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7337 advisory.\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-03T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2022:7337)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2022-7337.NASL", "href": "https://www.tenable.com/plugins/nessus/166885", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7337. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166885);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7337\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2022:7337)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7337 advisory.\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7337\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-26373', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7337');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-1160.80.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.80.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.80.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.80.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.80.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1160.80.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-bootwrapper-3.10.0-1160.80.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.80.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.80.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.80.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.80.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.80.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.80.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.80.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.80.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-kdump-devel-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.80.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.80.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.80.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.80.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.80.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.80.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.80.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.80.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.80.1.el7', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.80.1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.80.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.80.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-bootwrapper / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:37:26", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7337 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-03T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2022-7337)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-7337.NASL", "href": "https://www.tenable.com/plugins/nessus/166937", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-7337.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166937);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 7 : kernel (ELSA-2022-7337)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-7337 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-7337.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['3.10.0-1160.80.1.0.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-7337');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '3.10';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-3.10.0'},\n {'reference':'kernel-abi-whitelists-3.10.0-1160.80.1.0.1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-whitelists-3.10.0'},\n {'reference':'kernel-debug-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-3.10.0'},\n {'reference':'kernel-debug-devel-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-3.10.0'},\n {'reference':'kernel-devel-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-3.10.0'},\n {'reference':'kernel-headers-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-3.10.0'},\n {'reference':'kernel-tools-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-3.10.0'},\n {'reference':'kernel-tools-libs-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-3.10.0'},\n {'reference':'kernel-tools-libs-devel-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-3.10.0'},\n {'reference':'perf-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-1160.80.1.0.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:36:52", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7338 advisory.\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-03T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel-rt (RHSA-2022:7338)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace"], "id": "REDHAT-RHSA-2022-7338.NASL", "href": "https://www.tenable.com/plugins/nessus/166878", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7338. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166878);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\n \"CVE-2022-2588\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7338\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 7 : kernel-rt (RHSA-2022:7338)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7338 advisory.\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(200, 416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-2588', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-26373', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7338');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-doc-3.10.0-1160.80.1.rt56.1225.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-devel-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-trace-kvm-3.10.0-1160.80.1.rt56.1225.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-debug / kernel-rt-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:52", "description": "The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5565-1 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5565-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-lowlatency-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k", "p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency", "p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k"], "id": "UBUNTU_USN-5565-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164034", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5565-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164034);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2022-2585\",\n \"CVE-2022-2586\",\n \"CVE-2022-2588\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"USN\", value:\"5565-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : Linux kernel vulnerabilities (USN-5565-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5565-1 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5565-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.15.0-46-lowlatency-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-64k\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-generic-lpae\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-lowlatency-64k\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.15.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.15.0-\\d{2}-(generic|generic-64k|generic-lpae|lowlatency|lowlatency-64k)\" : \"5.15.0-46\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5565-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2585', 'CVE-2022-2586', 'CVE-2022-2588', 'CVE-2022-29900', 'CVE-2022-29901');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5565-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-09T15:31:03", "description": "The version of kernel installed on the remote host is prior to 5.15.57-29.131. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-006 advisory.\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel lockdown was enabled (CVE-2022-21505) (CVE-2022-28693)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-23T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-006)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21505", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-26373", "CVE-2022-28693", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36123"], "modified": "2023-09-05T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.57-29.131"], "id": "AL2_ALASKERNEL-5_15-2022-006.NASL", "href": "https://www.tenable.com/plugins/nessus/164362", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.15-2022-006.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164362);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/05\");\n\n script_cve_id(\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-28693\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36123\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.15-2022-006)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.15.57-29.131. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.15-2022-006 advisory.\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - A bug in the IMA subsystem was discovered which would incorrectly allow kexec to be used when kernel\n lockdown was enabled (CVE-2022-21505) (CVE-2022-28693)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.15-2022-006.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23816.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23825.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26373.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28693.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29900.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29901.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-36123.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-36123\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.57-29.131\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"kpatch.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-23816\", \"CVE-2022-23825\", \"CVE-2022-26373\", \"CVE-2022-28693\", \"CVE-2022-29900\", \"CVE-2022-29901\", \"CVE-2022-36123\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.15-2022-006\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'bpftool-debuginfo-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-aarch64-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-debuginfo-common-x86_64-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-devel-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.57-29.131.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-headers-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.57-29.131-1.0-0.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-livepatch-5.15.57-29.131-1.0-0.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-debuginfo-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'kernel-tools-devel-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'perf-debuginfo-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.57-29.131.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'},\n {'reference':'python-perf-debuginfo-5.15.57-29.131.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.15'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T18:32:53", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6243 advisory.\n\n - kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-31T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2022:6243)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353"], "modified": "2023-05-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core"], "id": "REDHAT-RHSA-2022-6243.NASL", "href": "https://www.tenable.com/plugins/nessus/164513", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6243. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164513);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2022-0494\", \"CVE-2022-1353\");\n script_xref(name:\"RHSA\", value:\"2022:6243\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2022:6243)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:6243 advisory.\n\n - kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066819\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 212);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:6243');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.62.1.el8_4', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.62.1.el8_4', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-305.62.1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.62.1.el8_4', 'sp':'4', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.62.1.el8_4', 'sp':'4', 'cpu':'ppc64le', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-305.62.1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-305.62.1.el8_4', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-305.62.1.el8_4', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-305.62.1.el8_4', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-305.62.1.el8_4', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-305.62.1.el8_4', 'sp':'4', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-305.62.1.el8_4', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:54", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:6248 advisory.\n\n - kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-31T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2022:6248)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2022-6248.NASL", "href": "https://www.tenable.com/plugins/nessus/164512", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6248. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164512);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-0494\", \"CVE-2022-1353\");\n script_xref(name:\"RHSA\", value:\"2022:6248\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2022:6248)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:6248 advisory.\n\n - kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0494\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6248\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2039448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066819\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0494\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-1353\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 212);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-0494', 'CVE-2022-1353');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:6248');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-305.62.1.rt7.134.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-305.62.1.rt7.134.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-305.62.1.rt7.134.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-305.62.1.rt7.134.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-305.62.1.rt7.134.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-305.62.1.rt7.134.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-305.62.1.rt7.134.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-305.62.1.rt7.134.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-305.62.1.rt7.134.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-305.62.1.rt7.134.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-305.62.1.rt7.134.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-305.62.1.rt7.134.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T20:28:39", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9709 advisory.\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. (CVE-2022-2153)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9709)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21505", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-2588", "CVE-2022-29901"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9709.NASL", "href": "https://www.tenable.com/plugins/nessus/164141", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9709.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164141);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-2153\",\n \"CVE-2022-2588\",\n \"CVE-2022-21505\",\n \"CVE-2022-23816\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9709)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9709 advisory.\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it\n possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This\n flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel\n oops condition that results in a denial of service. (CVE-2022-2153)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9709.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.310.7.el7uek', '5.4.17-2136.310.7.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9709');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2136.310.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.310.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.310.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.310.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.310.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.310.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.310.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.310.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.310.7.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.310.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.310.7.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2136.310.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2136.310.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2136.310.7.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2136.310.7.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.310.7.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.310.7.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.310.7.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.310.7.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.310.7.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.310.7.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.310.7.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.310.7.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:14", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9710 advisory.\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. (CVE-2022-2153)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-16T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9710)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21505", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-2588", "CVE-2022-29901"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9710.NASL", "href": "https://www.tenable.com/plugins/nessus/164136", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9710.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164136);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\n \"CVE-2022-2153\",\n \"CVE-2022-2588\",\n \"CVE-2022-21505\",\n \"CVE-2022-23816\",\n \"CVE-2022-29901\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9710)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9710 advisory.\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - A flaw was found in the Linux kernel's KVM when attempting to set a SynIC IRQ. This issue makes it\n possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This\n flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel\n oops condition that results in a denial of service. (CVE-2022-2153)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9710.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29901\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.310.7.el7', '5.4.17-2136.310.7.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9710');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2136.310.7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.310.7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2136.310.7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.310.7.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:00", "description": "The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9590 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9590)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1652", "CVE-2022-23816", "CVE-2022-29901"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-core", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-core", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-modules", "p-cpe:/a:oracle:linux:kernel-uek-modules-extra"], "id": "ORACLELINUX_ELSA-2022-9590.NASL", "href": "https://www.tenable.com/plugins/nessus/163036", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9590.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163036);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-23816\", \"CVE-2022-29901\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9590)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe ELSA-2022-9590 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9590.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(8|9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8 / 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-0.30.20.el8uek', '5.15.0-0.30.20.el9uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9590');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-0.30.20.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.20.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.20.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'bpftool-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-0.30.20.el9uek', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.20.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-0.30.20.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel-uek / kernel-uek-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:45", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9591 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. (CVE-2022-1652)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-12T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9591)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-1652", "CVE-2022-23816", "CVE-2022-29901"], "modified": "2023-03-21T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9591.NASL", "href": "https://www.tenable.com/plugins/nessus/163037", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9591.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163037);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2022-1652\", \"CVE-2022-23816\", \"CVE-2022-29901\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9591)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-9591 advisory.\n\n - Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency\n use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker\n could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the\n system. (CVE-2022-1652)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9591.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1652\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-0.30.20.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9591');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.15.0-0.30.20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.15.0'},\n {'reference':'kernel-uek-container-debug-5.15.0-0.30.20.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T18:34:46", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-125 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges. (CVE-2022-36123)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-125)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36123"], "modified": "2022-09-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.57-28.127", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python3-perf", "p-cpe:/a:amazon:linux:python3-perf-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-125.NASL", "href": "https://www.tenable.com/plugins/nessus/164742", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-125.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164742);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/06\");\n\n script_cve_id(\"CVE-2022-29900\", \"CVE-2022-29901\", \"CVE-2022-36123\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-125)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-125 advisory.\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This\n allows Xen PV guest OS users to cause a denial of service or gain privileges. (CVE-2022-36123)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-125.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29900.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-29901.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-36123.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update kernel --releasever=2022.0.20220810' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-36123\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.57-28.127\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-29900\", \"CVE-2022-29901\", \"CVE-2022-36123\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS2022-2022-125\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-aarch64-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debuginfo-common-x86_64-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.57-28.127.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-5.15.57-28.127-1.0-0.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-livepatch-5.15.57-28.127-1.0-0.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-devel-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-debuginfo-5.15.57-28.127.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T10:41:09", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2557-1 advisory.\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. (CVE-2022-33745)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : xen (SUSE-SU-2022:2557-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-29900", "CVE-2022-33745"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:xen", "p-cpe:/a:novell:suse_linux:xen-devel", "p-cpe:/a:novell:suse_linux:xen-doc-html", "p-cpe:/a:novell:suse_linux:xen-libs", "p-cpe:/a:novell:suse_linux:xen-libs-32bit", "p-cpe:/a:novell:suse_linux:xen-tools", "p-cpe:/a:novell:suse_linux:xen-tools-domu", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-2557-1.NASL", "href": "https://www.tenable.com/plugins/nessus/163506", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:2557-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163506);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-29900\",\n \"CVE-2022-33745\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:2557-1\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"SUSE SLES12 Security Update : xen (SUSE-SU-2022:2557-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:2557-1 advisory.\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels\n unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was\n moved inside a function in Xen. This code movement missed a variable changing meaning / value between old\n and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition,\n omitting flushes where such are necessary. (CVE-2022-33745)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1200549\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201394\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1201469\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-21166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-33745\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-July/011677.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?98331306\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-33745\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-doc-html\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-libs-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:xen-tools-domU\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'xen-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'xen-devel-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'xen-devel-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'xen-doc-html-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'xen-libs-32bit-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'xen-libs-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'xen-tools-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'xen-tools-domU-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'xen-devel-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'aarch64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'xen-devel-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-sdk-release-12.5', 'sles-release-12.5']},\n {'reference':'xen-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'xen-doc-html-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'xen-libs-32bit-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'xen-libs-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'xen-tools-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'xen-tools-domU-4.12.4_26-3.74.1', 'sp':'5', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xen / xen-devel / xen-doc-html / xen-libs / xen-libs-32bit / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:39", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-127 advisory.\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816) (CVE-2022-28693)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-127)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-26373", "CVE-2022-28693"], "modified": "2022-12-05T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-livepatch-5.15.57-29.131", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python3-perf", "p-cpe:/a:amazon:linux:python3-perf-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-127.NASL", "href": "https://www.tenable.com/plugins/nessus/164707", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-127.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164707);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/05\");\n\n script_cve_id(\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-28693\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-127)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-127 advisory.\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary\n speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-23816)\n (CVE-2022-28693)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-127.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23816.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23825.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-26373.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-28693.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update kernel --releasever=2022.0.20220817' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23825\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-livepatch-5.15.57-29.131\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-23816\", \"CVE-2022-23825\", \"CVE-2022-26373\", \"CVE-2022-28693\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALAS2022-2022-127\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.15.57-29.131.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.57-29.131.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-5.15.57-29.131.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-debuginfo-5.15.57-29.131.amzn2022', 'cpu':'x86_64', '

Important: kernel-rt security and bug fix update

Description

Affected Package

Related