Description
# 2022-LPE-UAF
Security researchers discovered 3 vulnerabilities...
Related
{"id": "027DC021-9759-5152-B253-BB124AAF3689", "vendorId": null, "type": "githubexploit", "bulletinFamily": "exploit", "title": "Exploit for CVE-2022-2588", "description": "# 2022-LPE-UAF\nSecurity researchers discovered 3 vulnerabilities...", "published": "2022-08-22T23:42:00", "modified": "2022-08-24T08:36:08", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "", "references": [], "cvelist": ["CVE-2022-2588"], "immutableFields": [], "lastseen": "2022-09-01T08:00:56", "viewCount": 135, "enchantments": {"dependencies": {"references": [{"type": "debian", "idList": ["DEBIAN:DSA-5207-1:0D465"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-2588"]}, {"type": "fedora", "idList": ["FEDORA:791D3304C27B", "FEDORA:A4846305797B"]}, {"type": "mageia", "idList": ["MGASA-2022-0305", "MGASA-2022-0308"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-5207.NASL", "ORACLELINUX_ELSA-2022-9689.NASL", "ORACLELINUX_ELSA-2022-9690.NASL", "ORACLELINUX_ELSA-2022-9691.NASL", "ORACLELINUX_ELSA-2022-9692.NASL", "ORACLELINUX_ELSA-2022-9693.NASL", "ORACLELINUX_ELSA-2022-9694.NASL", "ORACLELINUX_ELSA-2022-9699.NASL", "ORACLELINUX_ELSA-2022-9709.NASL", "ORACLELINUX_ELSA-2022-9710.NASL", "ORACLEVM_OVMSA-2022-0022.NASL", "SLACKWARE_SSA_2022-237-02.NASL", "UBUNTU_USN-5557-1.NASL", "UBUNTU_USN-5560-1.NASL", "UBUNTU_USN-5560-2.NASL", "UBUNTU_USN-5562-1.NASL", "UBUNTU_USN-5564-1.NASL", "UBUNTU_USN-5565-1.NASL", "UBUNTU_USN-5566-1.NASL", "UBUNTU_USN-5567-1.NASL", "UBUNTU_USN-5582-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-9689", "ELSA-2022-9690", "ELSA-2022-9691", "ELSA-2022-9692", "ELSA-2022-9693", "ELSA-2022-9694", "ELSA-2022-9699", "ELSA-2022-9709", "ELSA-2022-9710"]}, {"type": "osv", "idList": ["OSV:DSA-5207-1"]}, {"type": "photon", "idList": ["PHSA-2022-0226", "PHSA-2022-0433", "PHSA-2022-0506"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-2588"]}, {"type": "slackware", "idList": ["SSA-2022-237-02"]}, {"type": "thn", "idList": ["THN:7653AAD966BDC7D71A9D1981CA662AC3"]}, {"type": "ubuntu", "idList": ["USN-5557-1", "USN-5560-1", "USN-5560-2", "USN-5562-1", "USN-5564-1", "USN-5565-1", "USN-5566-1", "USN-5567-1", "USN-5582-1", "USN-5588-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-2588"]}, {"type": "zdi", "idList": ["ZDI-22-1117"]}]}, "score": {"value": 4.6, "vector": "NONE"}, "vulnersScore": 4.6}, "_state": {"dependencies": 1662019660, "score": 1662020539, "epss": 1679304688}, "_internal": {"score_hash": "2f73407776e20cfb79196561bf2fe1b7"}, "privateArea": 1}
{"oraclelinux": [{"lastseen": "2022-08-09T22:40:33", "description": "[5.4.17-2136.309.5.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza\n Cascardo) [Orabug: 34460937] {CVE-2022-2588}", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9691", "href": "http://linux.oracle.com/errata/ELSA-2022-9691.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T20:40:47", "description": "[4.1.12-124.65.1.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460939] {CVE-2022-2588}", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9694", "href": "http://linux.oracle.com/errata/ELSA-2022-9694.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T20:40:46", "description": "[5.15.0-1.43.4.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588}\n[5.15.0-1.43.4]\n- Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] \n- Revert selftests/bpf: Add test for reg2btf_ids out of bounds access (Alan Maguire) [Orabug: 34399286]\n[5.15.0-1.43.3]\n- x86/alternative: The retpoline alternative is not applied (Alexandre Chartre) [Orabug: 34395937] \n- x86/ftrace: Do not copy ftrace_stub() in ftrace trampoline (Alexandre Chartre) [Orabug: 34395937]\n[5.15.0-100.43.0]\n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364336] \n- ocfs2: dlmfs: dont clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364336] \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34364336] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34366723] \n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34393053] {CVE-2022-21505}\n[5.15.0-1.43.1]\n- LTS version: v5.15.43 (Jack Vogel) \n- mptcp: Do TCP fallback on early DSS checksum failure (Mat Martineau) \n- LTS version: v5.15.42 (Jack Vogel) \n- afs: Fix afs_getattr() to refetch file status if callback break occurred (David Howells) \n- i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (Yang Yingliang) \n- mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) \n- dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (Jae Hyun Yoo) \n- Input: ili210x - fix reset timing (Marek Vasut) \n- arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (Shreyas K K) \n- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) \n- net: atlantic: add check for MAX_SKB_FRAGS (Grant Grundler) \n- net: atlantic: reduce scope of is_rsc_complete (Grant Grundler) \n- net: atlantic: fix frag[0] not initialized (Grant Grundler) \n- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) \n- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) \n- nl80211: fix locking in nl80211_set_tx_bitrate_mask() (Johannes Berg) \n- net: fix wrong network header length (Lina Wang) \n- fbdev: Prevent possible use-after-free in fb_release() (Daniel Vetter) \n- Revert fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) \n- selftests: add ping test with ping_group_range tuned (Nicolas Dichtel) \n- nl80211: validate S1G channel width (Kieran Frewen) \n- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) \n- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) \n- scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (Brian Bunker) \n- perf bench numa: Address compiler error on s390 (Thomas Richter) \n- perf regs x86: Fix arch__intr_reg_mask() for the hybrid platform (Kan Liang) \n- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) \n- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) \n- perf build: Fix check for btf__load_from_kernel_by_id() in libbpf (Arnaldo Carvalho de Melo) \n- scsi: ufs: core: Fix referencing invalid rsp field (Daejun Park) \n- riscv: dts: sifive: fu540-c000: align dma node name with dtschema (Krzysztof Kozlowski) \n- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) \n- netfilter: flowtable: move dst_check to packet path (Ritaro Takenaka) \n- netfilter: flowtable: pass flowtable to nf_flow_table_iterate() (Pablo Neira Ayuso) \n- netfilter: flowtable: fix TCP flow teardown (Pablo Neira Ayuso) \n- igb: skip phy status check where unavailable (Kevin Mitchell) \n- mptcp: fix checksum byte order (Paolo Abeni) \n- mptcp: reuse __mptcp_make_csum in validate_data_csum (Geliang Tang) \n- mptcp: change the parameter of __mptcp_make_csum (Geliang Tang) \n- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) \n- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) \n- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) \n- net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) \n- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Maor Dickman) \n- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) \n- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) \n- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) \n- ice: Fix interrupt moderation settings getting cleared (Michal Wilczynski) \n- ice: move ice_container_type onto ice_ring_container (Maciej Fijalkowski) \n- ice: fix possible under reporting of ethtool Tx and Rx statistics (Paul Greenwalt) \n- ice: fix crash when writing timestamp on RX rings (Arkadiusz Kubalewski) \n- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) \n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) \n- net: systemport: Fix an error handling path in bcm_sysport_probe() (Christophe JAILLET) \n- Revert PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) \n- netfilter: nft_flow_offload: fix offload with pppoe + vlan (Felix Fietkau) \n- net: fix dev_fill_forward_path with pppoe + bridge (Felix Fietkau) \n- netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices (Felix Fietkau) \n- netfilter: flowtable: fix excessive hw offload attempts after failure (Felix Fietkau) \n- net/sched: act_pedit: sanitize shift argument before usage (Paolo Abeni) \n- xfrm: fix disable_policy flag use when arriving from different devices (Eyal Birger) \n- xfrm: rework default policy structure (Nicolas Dichtel) \n- net: macb: Increment rx bd head after allocating skb and buffer (Harini Katakam) \n- net: ipa: record proper RX transaction count (Alex Elder) \n- ALSA: hda - fix unused Realtek function when PM is not enabled (Randy Dunlap) \n- pinctrl: mediatek: mt8365: fix IES control pins (Mattijs Korpershoek) \n- ARM: dts: aspeed: Add video engine to g6 (Howard Chiu) \n- ARM: dts: aspeed: Add secure boot controller node (Joel Stanley) \n- ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (Eddie James) \n- ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (Jae Hyun Yoo) \n- pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (Jae Hyun Yoo) \n- ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (Jae Hyun Yoo) \n- dma-buf: ensure unique directory name for dmabuf stats (Charan Teja Kalla) \n- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (Jerome Pouiller) \n- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) \n- drm/i915/dmc: Add MMIO range restrictions (Anusha Srivatsa) \n- drm/amd: Dont reset dGPUs if the system is going to s2idle (Mario Limonciello) \n- libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov) \n- crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (Ondrej Mosnacek) \n- arm64: mte: Ensure the cleared tags are visible before setting the PTE (Catalin Marinas) \n- arm64: paravirt: Use RCU read locks to guard stolen_time (Prakruthi Deepak Heragu) \n- KVM: x86/mmu: Update number of zapped pages even if page list is stable (Sean Christopherson) \n- Revert can: m_can: pci: use custom bit timings for Elkhart Lake (Jarkko Nikula) \n- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (Rafael J. Wysocki) \n- Fix double fget() in vhost_net_set_backend() (Al Viro) \n- selinux: fix bad cleanup on error in hashtab_duplicate() (Ondrej Mosnacek) \n- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (Werner Sembach) \n- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) \n- ALSA: usb-audio: Restore Rane SL-1 quirk (Takashi Iwai) \n- nilfs2: fix lockdep warnings during disk space reclamation (Ryusuke Konishi) \n- nilfs2: fix lockdep warnings in page operations for btree nodes (Ryusuke Konishi) \n- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) \n- platform/chrome: cros_ec_debugfs: detach log reader wq from devm (Tzung-Bi Shih) \n- drbd: remove usage of list iterator variable after loop (Jakob Koschel) \n- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) \n- fs: fix an infinite loop in iomap_fiemap (Guo Xuenan) \n- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (Mario Limonciello) \n- nvme-multipath: fix hang when disk goes live over reconnect (Anton Eidelman) \n- nvmet: use a private workqueue instead of the system workqueue (Sagi Grimberg) \n- tools/virtio: compile with -pthread (Michael S. Tsirkin) \n- vhost_vdpa: dont setup irq offloading when irq_num < 0 (Zhu Lingshan) \n- s390/pci: improve zpci_dev reference counting (Niklas Schnelle) \n- s390/traps: improve panic message for translation-specification exception (Heiko Carstens) \n- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (Kai-Heng Feng) \n- crypto: x86/chacha20 - Avoid spurious jumps to other functions (Peter Zijlstra) \n- crypto: stm32 - fix reference leak in stm32_crc_remove (Zheng Yongjun) \n- rtc: sun6i: Fix time overflow handling (Andre Przywara) \n- gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) \n- nvme-pci: add quirks for Samsung X5 SSDs (Monish Kumar R) \n- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) \n- Input: add bounds checking to input_set_capability() (Jeff LaBundy) \n- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow) \n- rtc: pcf2127: fix bug when reading alarm registers (Hugo Villeneuve) \n- rtc: fix use-after-free on device removal (Vincent Whitchurch) \n- Revert drm/i915/opregion: check port number bounds for SWSCI display power state (Greg Thelen) \n- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (Hyeonggon Yoo) \n- Watchdog: sp5100_tco: Enable Family 17h+ CPUs (Terry Bowman) \n- Watchdog: sp5100_tco: Add initialization using EFCH MMIO (Terry Bowman) \n- Watchdog: sp5100_tco: Refactor MMIO base address initialization (Terry Bowman) \n- Watchdog: sp5100_tco: Move timer initialization into function (Terry Bowman) \n- i2c: piix4: Enable EFCH MMIO for Family 17h+ (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support for SMBus port select (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support to SMBus base address detect (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support to region request and release (Terry Bowman) \n- i2c: piix4: Move SMBus port selection into function (Terry Bowman) \n- i2c: piix4: Move SMBus controller base address detect into function (Terry Bowman) \n- i2c: piix4: Move port I/O region request/release code into functions (Terry Bowman) \n- i2c: piix4: Replace hardcoded memory map size with a #define (Terry Bowman) \n- kernel/resource: Introduce request_mem_region_muxed() (Terry Bowman) \n- io_uring: arm poll for non-nowait files (Pavel Begunkov) \n- usb: gadget: fix race when gadget driver register via ioctl (Schspa Shi) \n- LTS version: v5.15.41 (Jack Vogel) \n- usb: gadget: uvc: allow for application to cleanly shutdown (Dan Vacura) \n- usb: gadget: uvc: rename function to be more consistent (Michael Tretter) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (Naoya Horiguchi) \n- dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (Charan Teja Reddy) \n- Revert drm/amd/pm: keep the BACO feature enabled for suspend (Alex Deucher) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- SUNRPC: Ensure that the gssproxy client can start in a connected state (Trond Myklebust) \n- net: phy: micrel: Pass .probe for KS8737 (Fabio Estevam) \n- net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (Fabio Estevam) \n- arm[64]/memremap: dont abuse pfn_valid() to ensure presence of linear map (Mike Rapoport) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- writeback: Avoid skipping inode writeback (Jing Xia) \n- net: phy: Fix race condition on link status change (Francesco Dolcini) \n- net: atlantic: always deep reset on pm op, fixing up my null deref regression (Manuel Ullmann) \n- i40e: i40e_main: fix a missing check on list iterator (Xiaomeng Tong) \n- drm/nouveau/tegra: Stop using iommu_present() (Robin Murphy) \n- drm/vmwgfx: Disable command buffers on svga3 without gbobjects (Zack Rusin) \n- mm/huge_memory: do not overkill when splitting huge_zero_page (Xu Yu) \n- Revert mm/memory-failure.c: skip huge_zero_page in memory_failure() (Xu Yu) \n- ceph: fix setting of xattrs on async created inodes (Jeff Layton) \n- serial: 8250_mtk: Fix register address for XON/XOFF character (AngeloGioacchino Del Regno) \n- serial: 8250_mtk: Fix UART_EFR register address (AngeloGioacchino Del Regno) \n- fsl_lpuart: Dont enable interrupts too early (Indan Zupancic) \n- slimbus: qcom: Fix IRQ check in qcom_slim_probe (Miaoqian Lin) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: typec: tcpci_mt6360: Update for BMC PHY setting (ChiYuan Huang) \n- usb: typec: tcpci: Dont skip cleanup in .remove() on error (Uwe Kleine-Konig) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tty: n_gsm: fix mux activation issues in gsm_config() (Daniel Starke) \n- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Daniel Starke) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- x86/mm: Fix marking of unused sub-pmd ranges (Adrian-Ken Rueegsegger) \n- usb: xhci-mtk: fix fs isocs transfer error (Chunfeng Yun) \n- KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (Alexander Graf) \n- firmware_loader: use kernel credentials when reading firmware (Thiebaud Weksteen) \n- interconnect: Restore sync state by ignoring ipa-virt in provider count (Stephen Boyd) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (Matthew Hagan) \n- net: emaclite: Dont advertise 1000BASE-T and do auto negotiation (Shravya Kumbham) \n- ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (Ajit Kumar Pandey) \n- s390: disable -Warray-bounds (Sven Schnelle) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (Ashish Mhetre) \n- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (Duoming Zhou) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) \n- drm/vmwgfx: Fix fencing on SVGAv3 (Zack Rusin) \n- tls: Fix context leak on tls_device_down (Maxim Mikityanskiy) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (Florian Fainelli) \n- drm/vc4: hdmi: Fix build error for implicit function declaration (Hui Tang) \n- net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (Florian Fainelli) \n- net: ethernet: mediatek: ppe: fix wrong size passed to memset() (Yang Yingliang) \n- net/sched: act_pedit: really ensure the skb is writable (Paolo Abeni) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- virtio: fix virtio transitional ids (Shunsuke Mie) \n- arm64: vdso: fix makefile dependency on vdso.so (Joey Gouly) \n- selftests: vm: Makefile: rename TARGETS to VMTARGETS (Joel Savitz) \n- procfs: prevent unprivileged processes accessing fdinfo dir (Kalesh Singh) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- dim: initialize all struct fields (Jesse Brandeburg) \n- ionic: fix missing pci_release_regions() on error in ionic_probe() (Yang Yingliang) \n- nfs: fix broken handling of the softreval mount option (Dan Aloni) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- net: sfc: fix memory leak due to ptp channel (Taehee Yoo) \n- sfc: Use swap() instead of open coding it (Jiapeng Chong) \n- fbdev: efifb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- net: chelsio: cxgb4: Avoid potential negative array offset (Kees Cook) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (Christophe JAILLET) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- ice: fix PTP stale Tx timestamps cleanup (Michal Michalik) \n- ice: Fix race during aux device (un)plugging (Ivan Vecera) \n- platform/surface: aggregator: Fix initialization order when compiling as builtin module (Maximilian Luz) \n- fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (Vladimir Oltean) \n- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (Vladimir Oltean) \n- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (Vladimir Oltean) \n- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (Vladimir Oltean) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- mac80211: Reset MBSSID parameters upon connection (Manikanta Pubbisetty) \n- hwmon: (tmp401) Add OF device ID table (Camel Guo) \n- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (Guenter Roeck) \n- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) \n- LTS version: v5.15.40 (Jack Vogel) \n- mm: fix invalid page pointer returned with FOLL_PIN gups (Peter Xu) \n- mm/mlock: fix potential imbalanced rlimit ucounts adjustment (Miaohe Lin) \n- mm/hwpoison: fix error page recovered but reported not recovered (Naoya Horiguchi) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mm: fix missing cache flush for all tail pages of compound page (Muchun Song) \n- udf: Avoid using stale lengthOfImpUse (Jan Kara) \n- rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (Gleb Fotengauer-Malinovskiy) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in perf bench mem memcpy (Arnaldo Carvalho de Melo) \n- kbuild: move objtool_args back to scripts/Makefile.build (Masahiro Yamada) \n- LTS version: v5.15.39 (Jack Vogel) \n- PCI: aardvark: Update comment about link going down after link-up (Marek Behun) \n- PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (Marek Behun) \n- PCI: aardvark: Dont mask irq when mapping (Pali Rohar) \n- PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (Pali Rohar) \n- PCI: aardvark: Use separate INTA interrupt for emulated root bridge (Pali Rohar) \n- PCI: aardvark: Fix support for PME requester on emulated bridge (Pali Rohar) \n- PCI: aardvark: Add support for PME interrupts (Pali Rohar) \n- PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (Pali Rohar) \n- PCI: aardvark: Add support for ERR interrupt on emulated bridge (Pali Rohar) \n- PCI: aardvark: Enable MSI-X support (Pali Rohar) \n- PCI: aardvark: Fix setting MSI address (Pali Rohar) \n- PCI: aardvark: Add support for masking MSI interrupts (Pali Rohar) \n- PCI: aardvark: Refactor unmasking summary MSI interrupt (Pali Rohar) \n- PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (Marek Behun) \n- PCI: aardvark: Make msi_domain_info structure a static driver structure (Marek Behun) \n- PCI: aardvark: Make MSI irq_chip structures static driver structures (Marek Behun) \n- PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (Pali Rohar) \n- PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) \n- PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (Pali Rohar) \n- PCI: aardvark: Disable common PHY when unbinding driver (Pali Rohar) \n- PCI: aardvark: Disable link training when unbinding driver (Pali Rohar) \n- PCI: aardvark: Assert PERST# when unbinding driver (Pali Rohar) \n- PCI: aardvark: Fix memory leak in driver unbind (Pali Rohar) \n- PCI: aardvark: Mask all interrupts when unbinding driver (Pali Rohar) \n- PCI: aardvark: Disable bus mastering when unbinding driver (Pali Rohar) \n- PCI: aardvark: Comment actions in driver remove method (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (Pali Rohar) \n- PCI: pci-bridge-emul: Add definitions for missing capabilities registers (Pali Rohar) \n- PCI: pci-bridge-emul: Add description for class_revision field (Pali Rohar) \n- rcu: Apply callbacks processing time limit only on softirq (Frederic Weisbecker) \n- rcu: Fix callbacks processing time limit retaining cond_resched() (Frederic Weisbecker) \n- Revert parisc: Mark sched_clock unstable only if clocks are not syncronized (Helge Deller) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) \n- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) \n- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (Wanpeng Li) \n- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (Paolo Bonzini) \n- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini) \n- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (Wanpeng Li) \n- KVM: selftests: Silence compiler warning in the kvm_page_table_test (Thomas Huth) \n- kvm: selftests: do not use bitfields larger than 32-bits for PTEs (Paolo Bonzini) \n- iommu/dart: Add missing module owner to ops structure (Hector Martin) \n- net/mlx5e: Lag, Dont skip fib events on current dst (Vlad Buslov) \n- net/mlx5e: Lag, Fix fib_info pointer assignment (Vlad Buslov) \n- net/mlx5e: Lag, Fix use-after-free in fib event handler (Vlad Buslov) \n- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Aya Levin) \n- fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- gpio: mvebu: drop pwm base assignment (Baruch Siach) \n- drm/amdgpu: Ensure HDA function is suspended before ASIC reset (Kai-Heng Feng) \n- drm/amdgpu: dont set s3 and s0ix at the same time (Mario Limonciello) \n- drm/amdgpu: explicitly check for s0ix when evicting resources (Mario Limonciello) \n- drm/amdgpu: unify BO evicting method in amdgpu_ttm (Nirmoy Das) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- btrfs: force v2 space cache usage for subpage mount (Qu Wenruo) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (Vladimir Oltean) \n- bnxt_en: Fix unnecessary dropping of RX packets (Michael Chan) \n- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (Somnath Kotur) \n- selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (Ido Schimmel) \n- rxrpc: Enable IPv6 checksums on transport socket (David Howells) \n- mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (Eric Dumazet) \n- hinic: fix bug of wq out of bound access (Qiao Ma) \n- btrfs: do not BUG_ON() on failure to update inode when setting xattr (Filipe Manana) \n- drm/msm/dp: remove fail safe mode related code (Kuogee Hsieh) \n- selftests/net: so_txtime: usage(): fix documentation of default clock (Marc Kleine-Budde) \n- selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (Marc Kleine-Budde) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (Yang Yingliang) \n- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (Niels Dossche) \n- net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (Yang Yingliang) \n- net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (Yang Yingliang) \n- net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (Yang Yingliang) \n- NFSv4: Dont invalidate inode attributes on delegation return (Trond Myklebust) \n- RDMA/irdma: Fix possible crash due to NULL netdev in notifier (Mustafa Ismail) \n- RDMA/irdma: Reduce iWARP QP destroy time (Shiraz Saleem) \n- RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (Tatyana Nikolova) \n- RDMA/siw: Fix a condition race issue in MPA request processing (Cheng Xu) \n- SUNRPC release the transport of a relocated task with an assigned transport (Olga Kornievskaia) \n- selftests/seccomp: Dont call read() on TTY from background pgrp (Jann Horn) \n- net/mlx5: Fix deadlock in sync reset flow (Moshe Shemesh) \n- net/mlx5: Avoid double clear or set of sync reset requested (Moshe Shemesh) \n- net/mlx5e: Fix the calling of update_buffer_lossy() API (Mark Zhang) \n- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Paul Blakey) \n- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Vlad Buslov) \n- net/mlx5e: Fix trust state reset in reload (Moshe Tal) \n- iommu/dart: check return value after calling platform_get_resource() (Yang Yingliang) \n- iommu/vt-d: Drop stop marker messages (Lu Baolu) \n- ASoC: soc-ops: fix error handling (Pierre-Louis Bossart) \n- ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu) \n- hwmon: (pmbus) disable PEC if not enabled (Adam Wujek) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (Puyou Lu) \n- gpio: visconti: Fix fwnode of GPIO IRQ (Nobuhiro Iwamatsu) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: isotp: remove re-binding of bound socket (Oliver Hartkopp) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- s390/dasd: Fix read inconsistency for ESE DASD devices (Jan Hoppner) \n- s390/dasd: Fix read for ESE with blksize < 4k (Jan Hoppner) \n- s390/dasd: prevent double format of tracks for ESE devices (Stefan Haberland) \n- s390/dasd: fix data corruption for ESE devices (Stefan Haberland) \n- ASoC: meson: Fix event generation for AUI CODEC mux (Mark Brown) \n- ASoC: meson: Fix event generation for G12A tohdmi mux (Mark Brown) \n- ASoC: meson: Fix event generation for AUI ACODEC mux (Mark Brown) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- ASoC: da7219: Fix change notifications for tone generator frequency (Mark Brown) \n- genirq: Synchronize interrupt thread startup (Thomas Pfaff) \n- net: stmmac: disable Split Header (SPH) for Intel platforms (Tan Tee Min) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- timekeeping: Mark NMI safe time accessors as notrace (Kurt Kanzenbach) \n- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) \n- RISC-V: relocate DTB if its outside memory region (Nick Kossifidis) \n- drm/amdgpu: do not use passthrough mode in Xen dom0 (Marek Marczykowski-Gorecki) \n- drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (Harry Wentland) \n- iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (Nicolin Chen) \n- iommu/vt-d: Calculate mask for non-aligned flushes (David Stevens) \n- KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (Kyle Huey) \n- x86/fpu: Prevent FPU state corruption (Thomas Gleixner) \n- gpiolib: of: fix bounds check for gpio-reserved-ranges (Andrei Lalaev) \n- mmc: core: Set HS clock speed before sending HS CMD13 (Brian Norris) \n- mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (Samuel Holland) \n- mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (Shaik Sajida Bhanu) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (Zihao Wang) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- LTS version: v5.15.38 (Jack Vogel) \n- powerpc/64: Add UADDR64 relocation support (Alexey Kardashevskiy) \n- objtool: Fix type of reloc::addend (Peter Zijlstra) \n- objtool: Fix code relocs vs weak symbols (Peter Zijlstra) \n- eeprom: at25: Use DMA safe buffers (Christophe Leroy) \n- perf symbol: Remove arch__symbols__fixup_end() (Namhyung Kim) \n- tty: n_gsm: fix software flow control handling (Daniel Starke) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix reset fifo race condition (Daniel Starke) \n- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Daniel Starke) \n- tty: n_gsm: fix wrong signal octets encoding in MSC (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix wrong DLCI release order (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- netfilter: nft_socket: only do sk lookups when indev is available (Florian Westphal) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- tty: n_gsm: fix mux cleanup after unregister tty device (Daniel Starke) \n- tty: n_gsm: fix decoupled mux resource (Daniel Starke) \n- tty: n_gsm: fix restart handling via CLD command (Daniel Starke) \n- perf symbol: Update symbols__fixup_end() (Namhyung Kim) \n- perf symbol: Pass is_kallsyms to symbols__fixup_end() (Namhyung Kim) \n- x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) \n- ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (Tim Harvey) \n- ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (Eugen Hristev) \n- btrfs: fix leaked plug after failure syncing log on zoned filesystems (Filipe Manana) \n- thermal: int340x: Fix attr.show callback prototype (Kees Cook) \n- ACPI: processor: idle: Avoid falling back to C3 type C-states (Ville Syrjala) \n- net: ethernet: stmmac: fix write to sgmii_adapter_base (Dinh Nguyen) \n- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (Imre Deak) \n- drm/i915: Check EDID for HDR static metadata when choosing blc (Jouni Hogander) \n- netfilter: Update ip6_route_me_harder to consider L3 domain (Martin Willi) \n- mtd: rawnand: qcom: fix memory corruption that causes panic (Md Sadre Alam) \n- kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (Zqiang) \n- zonefs: Clear inode information flags on inode creation (Damien Le Moal) \n- zonefs: Fix management of open zones (Damien Le Moal) \n- Revert ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (Ville Syrjala) \n- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) \n- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) \n- powerpc/perf: Fix 32bit compile (Alexey Kardashevskiy) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- bonding: do not discard lowest hash bit for non layer3+4 hashing (suresh kumar) \n- ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (Namjae Jeon) \n- ksmbd: increment reference count of parent fp (Namjae Jeon) \n- arch: xtensa: platforms: Fix deadlock in rs_close() (Duoming Zhou) \n- ext4: fix bug_on in start_this_handle during umount filesystem (Ye Bin) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- ASoC: Intel: soc-acpi: correct device endpoints for max98373 (Chao Song) \n- tcp: fix F-RTO may not work correctly when receiving DSACK (Pengcheng Yang) \n- Revert ibmvnic: Add ethtool private flag for driver-defined queue limits (Dany Madden) \n- ixgbe: ensure IPsec VF<->PF compatibility (Leon Romanovsky) \n- perf arm-spe: Fix addresses of synthesized SPE events (Timothy Hayes) \n- gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) \n- gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) \n- gfs2: Minor retry logic cleanup (Andreas Gruenbacher) \n- gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) \n- net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (Yang Yingliang) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- tls: Skip tls_append_frag on zero copy size (Maxim Mikityanskiy) \n- drm/amd/display: Fix memory leak in dcn21_clock_source_create (Miaoqian Lin) \n- drm/amdkfd: Fix GWS queue count (David Yat Sin) \n- netfilter: conntrack: fix udp offload timeout sysctl (Volodymyr Mytnyk) \n- io_uring: check reserved fields for recv/recvmsg (Jens Axboe) \n- io_uring: check reserved fields for send/sendmsg (Jens Axboe) \n- net: dsa: lantiq_gswip: Dont set GSWIP_MII_CFG_RMII_CLK (Martin Blumenstingl) \n- drm/sun4i: Remove obsolete references to PHYS_OFFSET (Samuel Holland) \n- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (Nathan Rossi) \n- net: phy: marvell10g: fix return value on error (Baruch Siach) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (Vladimir Zapolskiy) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: make sure treq->af_specific is initialized (Eric Dumazet) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (Peilin Ye) \n- ip6_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- net/smc: sync err code when tcp connection was refused (liuyacan) \n- net: hns3: add return value for mailbox handling in PF (Jian Shen) \n- net: hns3: add validity check for message data length (Jian Shen) \n- net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (Jie Wang) \n- net: hns3: clear inited state and stop client after failed to register netdev (Jian Shen) \n- cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (Xiaobing Luo) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (Fabio Estevam) \n- ARM: dts: imx6ull-colibri: fix vqmmc regulator (Max Krummenacher) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- wireguard: device: check for metadata_dst with skb_valid_dst() (Nikolay Aleksandrov) \n- tcp: ensure to use the most recently sent skb when filling the rate sample (Pengcheng Yang) \n- pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (Marek Vasut) \n- tcp: md5: incorrect tcp_header_len for incoming connections (Francesco Ruggeri) \n- pinctrl: rockchip: fix RK3308 pinmux bits (Luca Ceresoli) \n- bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (Eyal Birger) \n- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (Pablo Neira Ayuso) \n- net: dsa: Add missing of_node_put() in dsa_port_link_register_of (Miaoqian Lin) ", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9689", "href": "http://linux.oracle.com/errata/ELSA-2022-9689.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T18:47:14", "description": "[4.14.35-2047.516.1.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588}\n[4.14.35-2047.516.1]\n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323860] {CVE-2022-2153}\n- xfs: dont use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34180868]\n[4.14.35-2047.516.0]\n- scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34328903] \n- uek: kabi: new protected symbols for USM in OL7 (Saeed Mirzamohammadi) [Orabug: 34233902] \n- vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 32967885] \n- mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: Fix vfio_find_dma_valid return (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: fix unmap all on ILP32 (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: block on invalid vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement notify callback (Steve Sistare) [Orabug: 32967885] \n- vfio: iommu driver notify callback (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: massage unmap iteration (Steve Sistare) [Orabug: 32967885] \n- vfio: interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement unmap all (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: unmap cleanup (Steve Sistare) [Orabug: 32967885] \n- vfio: option to unmap all (Steve Sistare) [Orabug: 32967885] \n- Linux 4.14.284 (Greg Kroah-Hartman) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) \n- x86/cpu: Add Comet Lake to the Intel CPU models header (Kan Liang) \n- x86/cpu: Add Cannonlake to Intel family (Rajneesh Bhardwaj) \n- x86/cpu: Add Jasper Lake to Intel family (Zhang Rui) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- x86/cpu: Add Elkhart Lake to Intel family (Gayatri Kammela) \n- Linux 4.14.283 (Greg Kroah-Hartman) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- Revert net: af_key: add check for pfkey_broadcast in function pfkey_process (Michal Kubecek) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: dont reset gadgets driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of out of frame object (Kees Cook) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- m68knommu: fix undefined reference to _init_sp (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sh-sci: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export cpm_setbrg for modules (Randy Dunlap) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- rxrpc: Dont try to resend the request if were receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Saeed Mirzamohammadi) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: dapm: Dont fold register value changes into notifications (Mark Brown) \n- ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VARENE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Slawinski) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add 0x prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- Linux 4.14.282 (Greg Kroah-Hartman) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- docs: submitting-patches: Fix crossref to The canonical patch format (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Haimin Zhang) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (Piyush Malgujar) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner) \n- Linux 4.14.281 (Greg Kroah-Hartman) \n- Reinstate some of swiotlb: rework fix info leak with DMA_FROM_DEVICE (Linus Torvalds) \n- swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) \n- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) \n- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) \n- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) \n- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) \n- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) \n- perf bench numa: Address compiler error on s390 (Thomas Richter) \n- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) \n- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) \n- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) \n- igb: skip phy status check where unavailable (Kevin Mitchell) \n- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) \n- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) \n- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) \n- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) \n- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) \n- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) \n- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) \n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) \n- mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() (Ulf Hansson) \n- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (Ulf Hansson) \n- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (Ulf Hansson) \n- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) \n- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) \n- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) \n- drbd: remove usage of list iterator variable after loop (Jakob Koschel) \n- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) \n- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) \n- Input: add bounds checking to input_set_capability() (Jeff LaBundy) \n- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow)\n[4.14.35-2047.515.3]\n- uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] \n- mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] \n- dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721]\n[4.14.35-2047.515.2]\n- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105319]\n[4.14.35-2047.515.1]\n- sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira) [Orabug: 34193333] \n- mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang) [Orabug: 34286148]\n[4.14.35-2047.515.0]\n- net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra) [Orabug: 34066209] \n- rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch) [Orabug: 34285241] \n- rds: Include congested flag in rds_sock struct. (Rohit Nair) [Orabug: 34261492] \n- cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike)) [Orabug: 34234771] \n- x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky) [Orabug: 34234771] \n- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218640] {CVE-2022-1652}\n- assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan) [Orabug: 34162064] \n- exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga) [Orabug: 32387887] \n- mm: madv_doexec_flag sysctl (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce MADV_DOEXEC (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 32387887] \n- mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga) [Orabug: 32387887] \n- mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga) [Orabug: 32387887] \n- ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga) [Orabug: 32387887] \n- Linux 4.14.280 (Greg Kroah-Hartman) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) \n- Linux 4.14.279 (Greg Kroah-Hartman) \n- VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) \n- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- block: drbd: drbd_nl: Make conversion to enum drbd_ret_code explicit (Lee Jones) \n- MIPS: Use address-of operator on section symbols (Nathan Chancellor) \n- Linux 4.14.278 (Greg Kroah-Hartman) \n- PCI: aardvark: Fix reading MSI interrupt number (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) \n- dm: fix mempool NULL pointer race when completing IO (Jiazi Li) \n- net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) \n- ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) \n- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) \n- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) \n- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) \n- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) \n- USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) \n- hex2bin: fix access beyond string end (Mikulas Patocka) \n- hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) \n- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) \n- serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) \n- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) \n- usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) \n- usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) \n- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) \n- iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) \n- iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) \n- xhci: stop polling roothubs after shutdown (Henry Lin) \n- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) \n- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) \n- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) \n- USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) \n- USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) \n- USB: quirks: add a Realtek card reader (Oliver Neukum) \n- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) \n- lightnvm: disable the subsystem (Greg Kroah-Hartman) \n- net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) \n- hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) \n- hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) \n- floppy: disable FDRAWCMD by default (Willy Tarreau) \n- Linux 4.14.277 (Greg Kroah-Hartman) \n- ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) \n- ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) \n- ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) \n- ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) \n- ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) \n- ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) \n- ax25: fix reference count leaks of ax25_dev (Duoming Zhou) \n- ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) \n- block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) \n- staging: ion: Prevent incorrect reference counting behavour (Lee Jones) \n- ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Tso) \n- ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Tso) \n- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) \n- ext4: fix symlink file size not match to file content (Ye Bin) \n- ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) \n- e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) \n- ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) \n- openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) \n- powerpc/perf: Fix power9 event alternatives (Athira Rajeev) \n- dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) \n- ata: pata_marvell: Check the bmdma_addr beforing reading (Zheyu Ma) \n- stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) \n- net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) \n- drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) \n- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) \n- vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) \n- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) \n- ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) \n- netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) \n- net/packet: fix packet_sock xmit return value checking (Hangbin Liu) \n- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) \n- tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) \n- tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) \n- ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) \n- gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) \n- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) \n- tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) \n- tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) \n- mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) \n- etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook)", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9693", "href": "http://linux.oracle.com/errata/ELSA-2022-9693.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T20:40:51", "description": "[4.14.35-2047.516.1.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588}\n[4.14.35-2047.516.1]\n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323860] {CVE-2022-2153}\n- xfs: dont use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34180868]\n[4.14.35-2047.516.0]\n- scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34328903] \n- uek: kabi: new protected symbols for USM in OL7 (Saeed Mirzamohammadi) [Orabug: 34233902] \n- vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 32967885] \n- mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: Fix vfio_find_dma_valid return (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: fix unmap all on ILP32 (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: block on invalid vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement notify callback (Steve Sistare) [Orabug: 32967885] \n- vfio: iommu driver notify callback (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: massage unmap iteration (Steve Sistare) [Orabug: 32967885] \n- vfio: interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement unmap all (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: unmap cleanup (Steve Sistare) [Orabug: 32967885] \n- vfio: option to unmap all (Steve Sistare) [Orabug: 32967885] \n- Linux 4.14.284 (Greg Kroah-Hartman) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) \n- x86/cpu: Add Comet Lake to the Intel CPU models header (Kan Liang) \n- x86/cpu: Add Cannonlake to Intel family (Rajneesh Bhardwaj) \n- x86/cpu: Add Jasper Lake to Intel family (Zhang Rui) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- x86/cpu: Add Elkhart Lake to Intel family (Gayatri Kammela) \n- Linux 4.14.283 (Greg Kroah-Hartman) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- Revert net: af_key: add check for pfkey_broadcast in function pfkey_process (Michal Kubecek) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: dont reset gadgets driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of out of frame object (Kees Cook) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- m68knommu: fix undefined reference to _init_sp (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sh-sci: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export cpm_setbrg for modules (Randy Dunlap) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- rxrpc: Dont try to resend the request if were receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Saeed Mirzamohammadi) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: dapm: Dont fold register value changes into notifications (Mark Brown) \n- ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VARENE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Slawinski) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add 0x prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- Linux 4.14.282 (Greg Kroah-Hartman) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- docs: submitting-patches: Fix crossref to The canonical patch format (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Haimin Zhang) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (Piyush Malgujar) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner) \n- Linux 4.14.281 (Greg Kroah-Hartman) \n- Reinstate some of swiotlb: rework fix info leak with DMA_FROM_DEVICE (Linus Torvalds) \n- swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) \n- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) \n- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) \n- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) \n- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) \n- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) \n- perf bench numa: Address compiler error on s390 (Thomas Richter) \n- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) \n- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) \n- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) \n- igb: skip phy status check where unavailable (Kevin Mitchell) \n- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) \n- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) \n- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) \n- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) \n- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) \n- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) \n- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) \n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) \n- mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() (Ulf Hansson) \n- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (Ulf Hansson) \n- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (Ulf Hansson) \n- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) \n- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) \n- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) \n- drbd: remove usage of list iterator variable after loop (Jakob Koschel) \n- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) \n- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) \n- Input: add bounds checking to input_set_capability() (Jeff LaBundy) \n- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow)\n[4.14.35-2047.515.3]\n- uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] \n- mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] \n- dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721]\n[4.14.35-2047.515.2]\n- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105319]\n[4.14.35-2047.515.1]\n- sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira) [Orabug: 34193333] \n- mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang) [Orabug: 34286148]\n[4.14.35-2047.515.0]\n- net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra) [Orabug: 34066209] \n- rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch) [Orabug: 34285241] \n- rds: Include congested flag in rds_sock struct. (Rohit Nair) [Orabug: 34261492] \n- cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike)) [Orabug: 34234771] \n- x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky) [Orabug: 34234771] \n- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218640] {CVE-2022-1652}\n- assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan) [Orabug: 34162064] \n- exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga) [Orabug: 32387887] \n- mm: madv_doexec_flag sysctl (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce MADV_DOEXEC (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 32387887] \n- mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga) [Orabug: 32387887] \n- mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga) [Orabug: 32387887] \n- ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga) [Orabug: 32387887] \n- Linux 4.14.280 (Greg Kroah-Hartman) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) \n- Linux 4.14.279 (Greg Kroah-Hartman) \n- VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) \n- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- block: drbd: drbd_nl: Make conversion to enum drbd_ret_code explicit (Lee Jones) \n- MIPS: Use address-of operator on section symbols (Nathan Chancellor) \n- Linux 4.14.278 (Greg Kroah-Hartman) \n- PCI: aardvark: Fix reading MSI interrupt number (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) \n- dm: fix mempool NULL pointer race when completing IO (Jiazi Li) \n- net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) \n- ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) \n- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) \n- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) \n- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) \n- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) \n- USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) \n- hex2bin: fix access beyond string end (Mikulas Patocka) \n- hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) \n- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) \n- serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) \n- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) \n- usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) \n- usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) \n- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) \n- iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) \n- iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) \n- xhci: stop polling roothubs after shutdown (Henry Lin) \n- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) \n- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) \n- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) \n- USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) \n- USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) \n- USB: quirks: add a Realtek card reader (Oliver Neukum) \n- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) \n- lightnvm: disable the subsystem (Greg Kroah-Hartman) \n- net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) \n- hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) \n- hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) \n- floppy: disable FDRAWCMD by default (Willy Tarreau) \n- Linux 4.14.277 (Greg Kroah-Hartman) \n- ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) \n- ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) \n- ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) \n- ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) \n- ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) \n- ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) \n- ax25: fix reference count leaks of ax25_dev (Duoming Zhou) \n- ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) \n- block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) \n- staging: ion: Prevent incorrect reference counting behavour (Lee Jones) \n- ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Tso) \n- ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Tso) \n- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) \n- ext4: fix symlink file size not match to file content (Ye Bin) \n- ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) \n- e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) \n- ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) \n- openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) \n- powerpc/perf: Fix power9 event alternatives (Athira Rajeev) \n- dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) \n- ata: pata_marvell: Check the bmdma_addr beforing reading (Zheyu Ma) \n- stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) \n- net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) \n- drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) \n- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) \n- vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) \n- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) \n- ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) \n- netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) \n- net/packet: fix packet_sock xmit return value checking (Hangbin Liu) \n- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) \n- tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) \n- tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) \n- ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) \n- gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) \n- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) \n- tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) \n- tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) \n- mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) \n- etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook)", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9699", "href": "http://linux.oracle.com/errata/ELSA-2022-9699.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T20:40:45", "description": "[5.15.0-1.43.4.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588}\n[5.15.0-1.43.4]\n- Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] \n- Revert selftests/bpf: Add test for reg2btf_ids out of bounds access (Alan Maguire) [Orabug: 34399286]\n[5.15.0-1.43.3]\n- x86/alternative: The retpoline alternative is not applied (Alexandre Chartre) [Orabug: 34395937] \n- x86/ftrace: Do not copy ftrace_stub() in ftrace trampoline (Alexandre Chartre) [Orabug: 34395937]\n[5.15.0-100.43.0]\n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364336] \n- ocfs2: dlmfs: dont clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364336] \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34364336] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34366723] \n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34393053] {CVE-2022-21505}\n[5.15.0-1.43.1]\n- LTS version: v5.15.43 (Jack Vogel) \n- mptcp: Do TCP fallback on early DSS checksum failure (Mat Martineau) \n- LTS version: v5.15.42 (Jack Vogel) \n- afs: Fix afs_getattr() to refetch file status if callback break occurred (David Howells) \n- i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (Yang Yingliang) \n- mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) \n- dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (Jae Hyun Yoo) \n- Input: ili210x - fix reset timing (Marek Vasut) \n- arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (Shreyas K K) \n- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) \n- net: atlantic: add check for MAX_SKB_FRAGS (Grant Grundler) \n- net: atlantic: reduce scope of is_rsc_complete (Grant Grundler) \n- net: atlantic: fix frag[0] not initialized (Grant Grundler) \n- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) \n- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) \n- nl80211: fix locking in nl80211_set_tx_bitrate_mask() (Johannes Berg) \n- net: fix wrong network header length (Lina Wang) \n- fbdev: Prevent possible use-after-free in fb_release() (Daniel Vetter) \n- Revert fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) \n- selftests: add ping test with ping_group_range tuned (Nicolas Dichtel) \n- nl80211: validate S1G channel width (Kieran Frewen) \n- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) \n- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) \n- scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (Brian Bunker) \n- perf bench numa: Address compiler error on s390 (Thomas Richter) \n- perf regs x86: Fix arch__intr_reg_mask() for the hybrid platform (Kan Liang) \n- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) \n- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) \n- perf build: Fix check for btf__load_from_kernel_by_id() in libbpf (Arnaldo Carvalho de Melo) \n- scsi: ufs: core: Fix referencing invalid rsp field (Daejun Park) \n- riscv: dts: sifive: fu540-c000: align dma node name with dtschema (Krzysztof Kozlowski) \n- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) \n- netfilter: flowtable: move dst_check to packet path (Ritaro Takenaka) \n- netfilter: flowtable: pass flowtable to nf_flow_table_iterate() (Pablo Neira Ayuso) \n- netfilter: flowtable: fix TCP flow teardown (Pablo Neira Ayuso) \n- igb: skip phy status check where unavailable (Kevin Mitchell) \n- mptcp: fix checksum byte order (Paolo Abeni) \n- mptcp: reuse __mptcp_make_csum in validate_data_csum (Geliang Tang) \n- mptcp: change the parameter of __mptcp_make_csum (Geliang Tang) \n- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) \n- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) \n- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) \n- net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) \n- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Maor Dickman) \n- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) \n- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) \n- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) \n- ice: Fix interrupt moderation settings getting cleared (Michal Wilczynski) \n- ice: move ice_container_type onto ice_ring_container (Maciej Fijalkowski) \n- ice: fix possible under reporting of ethtool Tx and Rx statistics (Paul Greenwalt) \n- ice: fix crash when writing timestamp on RX rings (Arkadiusz Kubalewski) \n- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) \n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) \n- net: systemport: Fix an error handling path in bcm_sysport_probe() (Christophe JAILLET) \n- Revert PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) \n- netfilter: nft_flow_offload: fix offload with pppoe + vlan (Felix Fietkau) \n- net: fix dev_fill_forward_path with pppoe + bridge (Felix Fietkau) \n- netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices (Felix Fietkau) \n- netfilter: flowtable: fix excessive hw offload attempts after failure (Felix Fietkau) \n- net/sched: act_pedit: sanitize shift argument before usage (Paolo Abeni) \n- xfrm: fix disable_policy flag use when arriving from different devices (Eyal Birger) \n- xfrm: rework default policy structure (Nicolas Dichtel) \n- net: macb: Increment rx bd head after allocating skb and buffer (Harini Katakam) \n- net: ipa: record proper RX transaction count (Alex Elder) \n- ALSA: hda - fix unused Realtek function when PM is not enabled (Randy Dunlap) \n- pinctrl: mediatek: mt8365: fix IES control pins (Mattijs Korpershoek) \n- ARM: dts: aspeed: Add video engine to g6 (Howard Chiu) \n- ARM: dts: aspeed: Add secure boot controller node (Joel Stanley) \n- ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (Eddie James) \n- ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (Jae Hyun Yoo) \n- pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (Jae Hyun Yoo) \n- ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (Jae Hyun Yoo) \n- dma-buf: ensure unique directory name for dmabuf stats (Charan Teja Kalla) \n- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (Jerome Pouiller) \n- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) \n- drm/i915/dmc: Add MMIO range restrictions (Anusha Srivatsa) \n- drm/amd: Dont reset dGPUs if the system is going to s2idle (Mario Limonciello) \n- libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov) \n- crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (Ondrej Mosnacek) \n- arm64: mte: Ensure the cleared tags are visible before setting the PTE (Catalin Marinas) \n- arm64: paravirt: Use RCU read locks to guard stolen_time (Prakruthi Deepak Heragu) \n- KVM: x86/mmu: Update number of zapped pages even if page list is stable (Sean Christopherson) \n- Revert can: m_can: pci: use custom bit timings for Elkhart Lake (Jarkko Nikula) \n- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (Rafael J. Wysocki) \n- Fix double fget() in vhost_net_set_backend() (Al Viro) \n- selinux: fix bad cleanup on error in hashtab_duplicate() (Ondrej Mosnacek) \n- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (Werner Sembach) \n- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) \n- ALSA: usb-audio: Restore Rane SL-1 quirk (Takashi Iwai) \n- nilfs2: fix lockdep warnings during disk space reclamation (Ryusuke Konishi) \n- nilfs2: fix lockdep warnings in page operations for btree nodes (Ryusuke Konishi) \n- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) \n- platform/chrome: cros_ec_debugfs: detach log reader wq from devm (Tzung-Bi Shih) \n- drbd: remove usage of list iterator variable after loop (Jakob Koschel) \n- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) \n- fs: fix an infinite loop in iomap_fiemap (Guo Xuenan) \n- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (Mario Limonciello) \n- nvme-multipath: fix hang when disk goes live over reconnect (Anton Eidelman) \n- nvmet: use a private workqueue instead of the system workqueue (Sagi Grimberg) \n- tools/virtio: compile with -pthread (Michael S. Tsirkin) \n- vhost_vdpa: dont setup irq offloading when irq_num < 0 (Zhu Lingshan) \n- s390/pci: improve zpci_dev reference counting (Niklas Schnelle) \n- s390/traps: improve panic message for translation-specification exception (Heiko Carstens) \n- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (Kai-Heng Feng) \n- crypto: x86/chacha20 - Avoid spurious jumps to other functions (Peter Zijlstra) \n- crypto: stm32 - fix reference leak in stm32_crc_remove (Zheng Yongjun) \n- rtc: sun6i: Fix time overflow handling (Andre Przywara) \n- gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) \n- nvme-pci: add quirks for Samsung X5 SSDs (Monish Kumar R) \n- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) \n- Input: add bounds checking to input_set_capability() (Jeff LaBundy) \n- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow) \n- rtc: pcf2127: fix bug when reading alarm registers (Hugo Villeneuve) \n- rtc: fix use-after-free on device removal (Vincent Whitchurch) \n- Revert drm/i915/opregion: check port number bounds for SWSCI display power state (Greg Thelen) \n- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (Hyeonggon Yoo) \n- Watchdog: sp5100_tco: Enable Family 17h+ CPUs (Terry Bowman) \n- Watchdog: sp5100_tco: Add initialization using EFCH MMIO (Terry Bowman) \n- Watchdog: sp5100_tco: Refactor MMIO base address initialization (Terry Bowman) \n- Watchdog: sp5100_tco: Move timer initialization into function (Terry Bowman) \n- i2c: piix4: Enable EFCH MMIO for Family 17h+ (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support for SMBus port select (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support to SMBus base address detect (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support to region request and release (Terry Bowman) \n- i2c: piix4: Move SMBus port selection into function (Terry Bowman) \n- i2c: piix4: Move SMBus controller base address detect into function (Terry Bowman) \n- i2c: piix4: Move port I/O region request/release code into functions (Terry Bowman) \n- i2c: piix4: Replace hardcoded memory map size with a #define (Terry Bowman) \n- kernel/resource: Introduce request_mem_region_muxed() (Terry Bowman) \n- io_uring: arm poll for non-nowait files (Pavel Begunkov) \n- usb: gadget: fix race when gadget driver register via ioctl (Schspa Shi) \n- LTS version: v5.15.41 (Jack Vogel) \n- usb: gadget: uvc: allow for application to cleanly shutdown (Dan Vacura) \n- usb: gadget: uvc: rename function to be more consistent (Michael Tretter) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (Naoya Horiguchi) \n- dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (Charan Teja Reddy) \n- Revert drm/amd/pm: keep the BACO feature enabled for suspend (Alex Deucher) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- SUNRPC: Ensure that the gssproxy client can start in a connected state (Trond Myklebust) \n- net: phy: micrel: Pass .probe for KS8737 (Fabio Estevam) \n- net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (Fabio Estevam) \n- arm[64]/memremap: dont abuse pfn_valid() to ensure presence of linear map (Mike Rapoport) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- writeback: Avoid skipping inode writeback (Jing Xia) \n- net: phy: Fix race condition on link status change (Francesco Dolcini) \n- net: atlantic: always deep reset on pm op, fixing up my null deref regression (Manuel Ullmann) \n- i40e: i40e_main: fix a missing check on list iterator (Xiaomeng Tong) \n- drm/nouveau/tegra: Stop using iommu_present() (Robin Murphy) \n- drm/vmwgfx: Disable command buffers on svga3 without gbobjects (Zack Rusin) \n- mm/huge_memory: do not overkill when splitting huge_zero_page (Xu Yu) \n- Revert mm/memory-failure.c: skip huge_zero_page in memory_failure() (Xu Yu) \n- ceph: fix setting of xattrs on async created inodes (Jeff Layton) \n- serial: 8250_mtk: Fix register address for XON/XOFF character (AngeloGioacchino Del Regno) \n- serial: 8250_mtk: Fix UART_EFR register address (AngeloGioacchino Del Regno) \n- fsl_lpuart: Dont enable interrupts too early (Indan Zupancic) \n- slimbus: qcom: Fix IRQ check in qcom_slim_probe (Miaoqian Lin) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: typec: tcpci_mt6360: Update for BMC PHY setting (ChiYuan Huang) \n- usb: typec: tcpci: Dont skip cleanup in .remove() on error (Uwe Kleine-Konig) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tty: n_gsm: fix mux activation issues in gsm_config() (Daniel Starke) \n- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Daniel Starke) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- x86/mm: Fix marking of unused sub-pmd ranges (Adrian-Ken Rueegsegger) \n- usb: xhci-mtk: fix fs isocs transfer error (Chunfeng Yun) \n- KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (Alexander Graf) \n- firmware_loader: use kernel credentials when reading firmware (Thiebaud Weksteen) \n- interconnect: Restore sync state by ignoring ipa-virt in provider count (Stephen Boyd) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (Matthew Hagan) \n- net: emaclite: Dont advertise 1000BASE-T and do auto negotiation (Shravya Kumbham) \n- ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (Ajit Kumar Pandey) \n- s390: disable -Warray-bounds (Sven Schnelle) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (Ashish Mhetre) \n- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (Duoming Zhou) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) \n- drm/vmwgfx: Fix fencing on SVGAv3 (Zack Rusin) \n- tls: Fix context leak on tls_device_down (Maxim Mikityanskiy) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (Florian Fainelli) \n- drm/vc4: hdmi: Fix build error for implicit function declaration (Hui Tang) \n- net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (Florian Fainelli) \n- net: ethernet: mediatek: ppe: fix wrong size passed to memset() (Yang Yingliang) \n- net/sched: act_pedit: really ensure the skb is writable (Paolo Abeni) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- virtio: fix virtio transitional ids (Shunsuke Mie) \n- arm64: vdso: fix makefile dependency on vdso.so (Joey Gouly) \n- selftests: vm: Makefile: rename TARGETS to VMTARGETS (Joel Savitz) \n- procfs: prevent unprivileged processes accessing fdinfo dir (Kalesh Singh) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- dim: initialize all struct fields (Jesse Brandeburg) \n- ionic: fix missing pci_release_regions() on error in ionic_probe() (Yang Yingliang) \n- nfs: fix broken handling of the softreval mount option (Dan Aloni) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- net: sfc: fix memory leak due to ptp channel (Taehee Yoo) \n- sfc: Use swap() instead of open coding it (Jiapeng Chong) \n- fbdev: efifb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- net: chelsio: cxgb4: Avoid potential negative array offset (Kees Cook) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (Christophe JAILLET) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- ice: fix PTP stale Tx timestamps cleanup (Michal Michalik) \n- ice: Fix race during aux device (un)plugging (Ivan Vecera) \n- platform/surface: aggregator: Fix initialization order when compiling as builtin module (Maximilian Luz) \n- fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (Vladimir Oltean) \n- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (Vladimir Oltean) \n- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (Vladimir Oltean) \n- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (Vladimir Oltean) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- mac80211: Reset MBSSID parameters upon connection (Manikanta Pubbisetty) \n- hwmon: (tmp401) Add OF device ID table (Camel Guo) \n- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (Guenter Roeck) \n- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) \n- LTS version: v5.15.40 (Jack Vogel) \n- mm: fix invalid page pointer returned with FOLL_PIN gups (Peter Xu) \n- mm/mlock: fix potential imbalanced rlimit ucounts adjustment (Miaohe Lin) \n- mm/hwpoison: fix error page recovered but reported not recovered (Naoya Horiguchi) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mm: fix missing cache flush for all tail pages of compound page (Muchun Song) \n- udf: Avoid using stale lengthOfImpUse (Jan Kara) \n- rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (Gleb Fotengauer-Malinovskiy) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in perf bench mem memcpy (Arnaldo Carvalho de Melo) \n- kbuild: move objtool_args back to scripts/Makefile.build (Masahiro Yamada) \n- LTS version: v5.15.39 (Jack Vogel) \n- PCI: aardvark: Update comment about link going down after link-up (Marek Behun) \n- PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (Marek Behun) \n- PCI: aardvark: Dont mask irq when mapping (Pali Rohar) \n- PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (Pali Rohar) \n- PCI: aardvark: Use separate INTA interrupt for emulated root bridge (Pali Rohar) \n- PCI: aardvark: Fix support for PME requester on emulated bridge (Pali Rohar) \n- PCI: aardvark: Add support for PME interrupts (Pali Rohar) \n- PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (Pali Rohar) \n- PCI: aardvark: Add support for ERR interrupt on emulated bridge (Pali Rohar) \n- PCI: aardvark: Enable MSI-X support (Pali Rohar) \n- PCI: aardvark: Fix setting MSI address (Pali Rohar) \n- PCI: aardvark: Add support for masking MSI interrupts (Pali Rohar) \n- PCI: aardvark: Refactor unmasking summary MSI interrupt (Pali Rohar) \n- PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (Marek Behun) \n- PCI: aardvark: Make msi_domain_info structure a static driver structure (Marek Behun) \n- PCI: aardvark: Make MSI irq_chip structures static driver structures (Marek Behun) \n- PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (Pali Rohar) \n- PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) \n- PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (Pali Rohar) \n- PCI: aardvark: Disable common PHY when unbinding driver (Pali Rohar) \n- PCI: aardvark: Disable link training when unbinding driver (Pali Rohar) \n- PCI: aardvark: Assert PERST# when unbinding driver (Pali Rohar) \n- PCI: aardvark: Fix memory leak in driver unbind (Pali Rohar) \n- PCI: aardvark: Mask all interrupts when unbinding driver (Pali Rohar) \n- PCI: aardvark: Disable bus mastering when unbinding driver (Pali Rohar) \n- PCI: aardvark: Comment actions in driver remove method (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (Pali Rohar) \n- PCI: pci-bridge-emul: Add definitions for missing capabilities registers (Pali Rohar) \n- PCI: pci-bridge-emul: Add description for class_revision field (Pali Rohar) \n- rcu: Apply callbacks processing time limit only on softirq (Frederic Weisbecker) \n- rcu: Fix callbacks processing time limit retaining cond_resched() (Frederic Weisbecker) \n- Revert parisc: Mark sched_clock unstable only if clocks are not syncronized (Helge Deller) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) \n- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) \n- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (Wanpeng Li) \n- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (Paolo Bonzini) \n- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini) \n- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (Wanpeng Li) \n- KVM: selftests: Silence compiler warning in the kvm_page_table_test (Thomas Huth) \n- kvm: selftests: do not use bitfields larger than 32-bits for PTEs (Paolo Bonzini) \n- iommu/dart: Add missing module owner to ops structure (Hector Martin) \n- net/mlx5e: Lag, Dont skip fib events on current dst (Vlad Buslov) \n- net/mlx5e: Lag, Fix fib_info pointer assignment (Vlad Buslov) \n- net/mlx5e: Lag, Fix use-after-free in fib event handler (Vlad Buslov) \n- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Aya Levin) \n- fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- gpio: mvebu: drop pwm base assignment (Baruch Siach) \n- drm/amdgpu: Ensure HDA function is suspended before ASIC reset (Kai-Heng Feng) \n- drm/amdgpu: dont set s3 and s0ix at the same time (Mario Limonciello) \n- drm/amdgpu: explicitly check for s0ix when evicting resources (Mario Limonciello) \n- drm/amdgpu: unify BO evicting method in amdgpu_ttm (Nirmoy Das) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- btrfs: force v2 space cache usage for subpage mount (Qu Wenruo) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (Vladimir Oltean) \n- bnxt_en: Fix unnecessary dropping of RX packets (Michael Chan) \n- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (Somnath Kotur) \n- selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (Ido Schimmel) \n- rxrpc: Enable IPv6 checksums on transport socket (David Howells) \n- mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (Eric Dumazet) \n- hinic: fix bug of wq out of bound access (Qiao Ma) \n- btrfs: do not BUG_ON() on failure to update inode when setting xattr (Filipe Manana) \n- drm/msm/dp: remove fail safe mode related code (Kuogee Hsieh) \n- selftests/net: so_txtime: usage(): fix documentation of default clock (Marc Kleine-Budde) \n- selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (Marc Kleine-Budde) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (Yang Yingliang) \n- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (Niels Dossche) \n- net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (Yang Yingliang) \n- net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (Yang Yingliang) \n- net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (Yang Yingliang) \n- NFSv4: Dont invalidate inode attributes on delegation return (Trond Myklebust) \n- RDMA/irdma: Fix possible crash due to NULL netdev in notifier (Mustafa Ismail) \n- RDMA/irdma: Reduce iWARP QP destroy time (Shiraz Saleem) \n- RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (Tatyana Nikolova) \n- RDMA/siw: Fix a condition race issue in MPA request processing (Cheng Xu) \n- SUNRPC release the transport of a relocated task with an assigned transport (Olga Kornievskaia) \n- selftests/seccomp: Dont call read() on TTY from background pgrp (Jann Horn) \n- net/mlx5: Fix deadlock in sync reset flow (Moshe Shemesh) \n- net/mlx5: Avoid double clear or set of sync reset requested (Moshe Shemesh) \n- net/mlx5e: Fix the calling of update_buffer_lossy() API (Mark Zhang) \n- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Paul Blakey) \n- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Vlad Buslov) \n- net/mlx5e: Fix trust state reset in reload (Moshe Tal) \n- iommu/dart: check return value after calling platform_get_resource() (Yang Yingliang) \n- iommu/vt-d: Drop stop marker messages (Lu Baolu) \n- ASoC: soc-ops: fix error handling (Pierre-Louis Bossart) \n- ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu) \n- hwmon: (pmbus) disable PEC if not enabled (Adam Wujek) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (Puyou Lu) \n- gpio: visconti: Fix fwnode of GPIO IRQ (Nobuhiro Iwamatsu) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: isotp: remove re-binding of bound socket (Oliver Hartkopp) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- s390/dasd: Fix read inconsistency for ESE DASD devices (Jan Hoppner) \n- s390/dasd: Fix read for ESE with blksize < 4k (Jan Hoppner) \n- s390/dasd: prevent double format of tracks for ESE devices (Stefan Haberland) \n- s390/dasd: fix data corruption for ESE devices (Stefan Haberland) \n- ASoC: meson: Fix event generation for AUI CODEC mux (Mark Brown) \n- ASoC: meson: Fix event generation for G12A tohdmi mux (Mark Brown) \n- ASoC: meson: Fix event generation for AUI ACODEC mux (Mark Brown) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- ASoC: da7219: Fix change notifications for tone generator frequency (Mark Brown) \n- genirq: Synchronize interrupt thread startup (Thomas Pfaff) \n- net: stmmac: disable Split Header (SPH) for Intel platforms (Tan Tee Min) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- timekeeping: Mark NMI safe time accessors as notrace (Kurt Kanzenbach) \n- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) \n- RISC-V: relocate DTB if its outside memory region (Nick Kossifidis) \n- drm/amdgpu: do not use passthrough mode in Xen dom0 (Marek Marczykowski-Gorecki) \n- drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (Harry Wentland) \n- iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (Nicolin Chen) \n- iommu/vt-d: Calculate mask for non-aligned flushes (David Stevens) \n- KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (Kyle Huey) \n- x86/fpu: Prevent FPU state corruption (Thomas Gleixner) \n- gpiolib: of: fix bounds check for gpio-reserved-ranges (Andrei Lalaev) \n- mmc: core: Set HS clock speed before sending HS CMD13 (Brian Norris) \n- mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (Samuel Holland) \n- mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (Shaik Sajida Bhanu) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (Zihao Wang) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- LTS version: v5.15.38 (Jack Vogel) \n- powerpc/64: Add UADDR64 relocation support (Alexey Kardashevskiy) \n- objtool: Fix type of reloc::addend (Peter Zijlstra) \n- objtool: Fix code relocs vs weak symbols (Peter Zijlstra) \n- eeprom: at25: Use DMA safe buffers (Christophe Leroy) \n- perf symbol: Remove arch__symbols__fixup_end() (Namhyung Kim) \n- tty: n_gsm: fix software flow control handling (Daniel Starke) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix reset fifo race condition (Daniel Starke) \n- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Daniel Starke) \n- tty: n_gsm: fix wrong signal octets encoding in MSC (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix wrong DLCI release order (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- netfilter: nft_socket: only do sk lookups when indev is available (Florian Westphal) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- tty: n_gsm: fix mux cleanup after unregister tty device (Daniel Starke) \n- tty: n_gsm: fix decoupled mux resource (Daniel Starke) \n- tty: n_gsm: fix restart handling via CLD command (Daniel Starke) \n- perf symbol: Update symbols__fixup_end() (Namhyung Kim) \n- perf symbol: Pass is_kallsyms to symbols__fixup_end() (Namhyung Kim) \n- x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) \n- ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (Tim Harvey) \n- ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (Eugen Hristev) \n- btrfs: fix leaked plug after failure syncing log on zoned filesystems (Filipe Manana) \n- thermal: int340x: Fix attr.show callback prototype (Kees Cook) \n- ACPI: processor: idle: Avoid falling back to C3 type C-states (Ville Syrjala) \n- net: ethernet: stmmac: fix write to sgmii_adapter_base (Dinh Nguyen) \n- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (Imre Deak) \n- drm/i915: Check EDID for HDR static metadata when choosing blc (Jouni Hogander) \n- netfilter: Update ip6_route_me_harder to consider L3 domain (Martin Willi) \n- mtd: rawnand: qcom: fix memory corruption that causes panic (Md Sadre Alam) \n- kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (Zqiang) \n- zonefs: Clear inode information flags on inode creation (Damien Le Moal) \n- zonefs: Fix management of open zones (Damien Le Moal) \n- Revert ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (Ville Syrjala) \n- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) \n- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) \n- powerpc/perf: Fix 32bit compile (Alexey Kardashevskiy) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- bonding: do not discard lowest hash bit for non layer3+4 hashing (suresh kumar) \n- ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (Namjae Jeon) \n- ksmbd: increment reference count of parent fp (Namjae Jeon) \n- arch: xtensa: platforms: Fix deadlock in rs_close() (Duoming Zhou) \n- ext4: fix bug_on in start_this_handle during umount filesystem (Ye Bin) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- ASoC: Intel: soc-acpi: correct device endpoints for max98373 (Chao Song) \n- tcp: fix F-RTO may not work correctly when receiving DSACK (Pengcheng Yang) \n- Revert ibmvnic: Add ethtool private flag for driver-defined queue limits (Dany Madden) \n- ixgbe: ensure IPsec VF<->PF compatibility (Leon Romanovsky) \n- perf arm-spe: Fix addresses of synthesized SPE events (Timothy Hayes) \n- gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) \n- gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) \n- gfs2: Minor retry logic cleanup (Andreas Gruenbacher) \n- gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) \n- net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (Yang Yingliang) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- tls: Skip tls_append_frag on zero copy size (Maxim Mikityanskiy) \n- drm/amd/display: Fix memory leak in dcn21_clock_source_create (Miaoqian Lin) \n- drm/amdkfd: Fix GWS queue count (David Yat Sin) \n- netfilter: conntrack: fix udp offload timeout sysctl (Volodymyr Mytnyk) \n- io_uring: check reserved fields for recv/recvmsg (Jens Axboe) \n- io_uring: check reserved fields for send/sendmsg (Jens Axboe) \n- net: dsa: lantiq_gswip: Dont set GSWIP_MII_CFG_RMII_CLK (Martin Blumenstingl) \n- drm/sun4i: Remove obsolete references to PHYS_OFFSET (Samuel Holland) \n- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (Nathan Rossi) \n- net: phy: marvell10g: fix return value on error (Baruch Siach) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (Vladimir Zapolskiy) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: make sure treq->af_specific is initialized (Eric Dumazet) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (Peilin Ye) \n- ip6_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- net/smc: sync err code when tcp connection was refused (liuyacan) \n- net: hns3: add return value for mailbox handling in PF (Jian Shen) \n- net: hns3: add validity check for message data length (Jian Shen) \n- net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (Jie Wang) \n- net: hns3: clear inited state and stop client after failed to register netdev (Jian Shen) \n- cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (Xiaobing Luo) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (Fabio Estevam) \n- ARM: dts: imx6ull-colibri: fix vqmmc regulator (Max Krummenacher) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- wireguard: device: check for metadata_dst with skb_valid_dst() (Nikolay Aleksandrov) \n- tcp: ensure to use the most recently sent skb when filling the rate sample (Pengcheng Yang) \n- pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (Marek Vasut) \n- tcp: md5: incorrect tcp_header_len for incoming connections (Francesco Ruggeri) \n- pinctrl: rockchip: fix RK3308 pinmux bits (Luca Ceresoli) \n- bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (Eyal Birger) \n- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (Pablo Neira Ayuso) \n- net: dsa: Add missing of_node_put() in dsa_port_link_register_of (Miaoqian Lin) ", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9690", "href": "http://linux.oracle.com/errata/ELSA-2022-9690.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T22:40:36", "description": "[5.4.17-2136.309.5.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460937] {CVE-2022-2588}", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9692", "href": "http://linux.oracle.com/errata/ELSA-2022-9692.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T00:43:27", "description": "[4.14.35-2047.517.3]\n- KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637] \n- KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637] \n- KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]\n[4.14.35-2047.517.2]\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476942] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476942] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476942] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476942] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476942] \n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465810] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465810] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419972] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414240] \n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510858] {CVE-2022-21385}\n[4.14.35-2047.517.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480752] {CVE-2022-2588}\n- Restore 'module, async: async_synchronize_full() on module init iff async is used' (Mridula Shastry) [Orabug: 34469834] \n- net/rds: Replace #ifdef DEBUG with CONFIG_SLUB_DEBUG (Freddy Carrillo) [Orabug: 34405766] \n- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34295843] \n- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34295843] \n- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34295843] \n- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34295843] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34211118] \n- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34211118] \n- Linux 4.14.288 (Greg Kroah-Hartman) \n- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) \n- ida: don't use BUG_ON() for debugging (Linus Torvalds) \n- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) \n- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) \n- xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) \n- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) \n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) \n- fbcon: Disallow setting font bigger than screen size (Helge Deller) \n- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) \n- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) \n- usbnet: fix memory leak in error case (Oliver Neukum) \n- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) \n- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) \n- mm/slub: add missing TID updates on slab deactivation (Jann Horn) \n- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) \n- Linux 4.14.287 (Greg Kroah-Hartman) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) \n- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) \n- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) \n- net: Rename and export copy_skb_header (Ilya Lesokhin) \n- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) \n- sit: use min (kernel test robot) \n- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) \n- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) \n- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) \n- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) \n- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) \n- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) \n- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) \n- usbnet: fix memory allocation in helpers (Oliver Neukum) \n- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) \n- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) \n- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) \n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) \n- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) \n- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) \n- nvdimm: Fix badblocks clear off-by-one error (Chris Ye) \n- Linux 4.14.286 (Greg Kroah-Hartman) \n- swiotlb: skip swiotlb_bounce when orig_addr is zero (Liu Shixin) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- fdt: Update CRC check for rng-seed (Hsin-Yi Wang) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- drm: remove drm_fb_helper_modinit (Christoph Hellwig) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- vt: drop old FONT ioctls (Jiri Slaby) \n- Linux 4.14.285 (Greg Kroah-Hartman) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- tcp: add some entropy in __inet_hash_connect() (Eric Dumazet) \n- xprtrdma: fix incorrect header size calculations (Colin Ian King) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable 'count' signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- misc: atmel-ssc: Fix IRQ check in ssc_probe (Miaoqian Lin) \n- tty: goldfish: Fix free_irq() on remove (Vincent Whitchurch) \n- i40e: Fix call trace in setup_tx_descriptors (Aleksandr Loktionov) \n- pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (Trond Myklebust) \n- random: credit cpu and bootloader seeds by default (Jason A. Donenfeld) \n- net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (Chen Lin) \n- ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (Wang Yufen) \n- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (Xiaohui Zhang) \n- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (chengkaitao) \n- scsi: pmcraid: Fix missing resource cleanup in error case (Chengguang Xu) \n- scsi: ipr: Fix missing/incorrect resource cleanup in error case (Chengguang Xu) \n- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (James Smart) \n- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (Wentao Wang) \n- ASoC: wm8962: Fix suspend while playing music (Adam Ford) \n- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (Sergey Shtylyov) \n- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (Charles Keepax) \n- ASoC: cs42l52: Correct TLV for Bypass Volume (Charles Keepax) \n- ASoC: cs53l30: Correct number of volume levels on SX controls (Charles Keepax) \n- ASoC: cs42l52: Fix TLV scales for mixer controls (Charles Keepax) \n- random: account for arch randomness in bits (Jason A. Donenfeld) \n- random: mark bootloader randomness code as __init (Jason A. Donenfeld) \n- random: avoid checking crng_ready() twice in random_init() (Jason A. Donenfeld) \n- crypto: drbg - make reseeding from get_random_bytes() synchronous (Nicolai Stange) \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) \n- crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (Nicolai Stange) \n- crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (Nicolai Stange) \n- crypto: drbg - prepare for more fine-grained tracking of seeding state (Nicolai Stange) \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) \n- crypto: drbg - add FIPS 140-2 CTRNG for noise source (Stephan Mueller) \n- Revert 'random: use static branch for crng_ready()' (Jason A. Donenfeld) \n- random: check for signals after page of pool writes (Jason A. Donenfeld) \n- random: wire up fops->splice_{read,write}_iter() (Jens Axboe) \n- random: convert to using fops->write_iter() (Jens Axboe) \n- random: move randomize_page() into mm where it belongs (Jason A. Donenfeld) \n- random: move initialization functions out of hot pages (Jason A. Donenfeld) \n- random: use proper jiffies comparison macro (Jason A. Donenfeld) \n- random: use symbolic constants for crng_init states (Jason A. Donenfeld) \n- siphash: use one source of truth for siphash permutations (Jason A. Donenfeld) \n- random: help compiler out with fast_mix() by using simpler arguments (Jason A. Donenfeld) \n- random: do not use input pool from hard IRQs (Saeed Mirzamohammadi) \n- random: order timer entropy functions below interrupt functions (Jason A. Donenfeld) \n- random: do not pretend to handle premature next security model (Jason A. Donenfeld) \n- random: do not use batches when !crng_ready() (Jason A. Donenfeld) \n- random: insist on random_get_entropy() existing in order to simplify (Jason A. Donenfeld) \n- xtensa: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- sparc: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- um: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- x86/tsc: Use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- nios2: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- arm: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- mips: use fallback for random_get_entropy() instead of just c0 random (Jason A. Donenfeld) \n- m68k: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- timekeeping: Add raw clock fallback for random_get_entropy() (Jason A. Donenfeld) \n- powerpc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- alpha: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- parisc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- s390: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- ia64: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- init: call time_init() before rand_initialize() (Jason A. Donenfeld) \n- random: fix sysctl documentation nits (Jason A. Donenfeld) \n- random: document crng_fast_key_erasure() destination possibility (Jason A. Donenfeld) \n- random: make random_get_entropy() return an unsigned long (Jason A. Donenfeld) \n- random: check for signals every PAGE_SIZE chunk of /dev/[u]random (Jason A. Donenfeld) \n- random: check for signal_pending() outside of need_resched() check (Jann Horn) \n- random: do not allow user to keep crng key around on stack (Jason A. Donenfeld) \n- random: do not split fast init input in add_hwgenerator_randomness() (Jan Varho) \n- random: mix build-time latent entropy into pool at init (Jason A. Donenfeld) \n- random: re-add removed comment about get_random_{u32,u64} reseeding (Jason A. Donenfeld) \n- random: treat bootloader trust toggle the same way as cpu trust toggle (Jason A. Donenfeld) \n- random: skip fast_init if hwrng provides large chunk of entropy (Jason A. Donenfeld) \n- random: check for signal and try earlier when generating entropy (Jason A. Donenfeld) \n- random: reseed more often immediately after booting (Jason A. Donenfeld) \n- random: make consistent usage of crng_ready() (Jason A. Donenfeld) \n- random: use SipHash as interrupt entropy accumulator (Jason A. Donenfeld) \n- random: replace custom notifier chain with standard one (Jason A. Donenfeld) \n- random: don't let 644 read-only sysctls be written to (Jason A. Donenfeld) \n- random: give sysctl_random_min_urandom_seed a more sensible value (Jason A. Donenfeld) \n- random: do crng pre-init loading in worker rather than irq (Jason A. Donenfeld) \n- random: unify cycles_t and jiffies usage and types (Jason A. Donenfeld) \n- random: cleanup UUID handling (Jason A. Donenfeld) \n- random: only wake up writers after zap if threshold was passed (Jason A. Donenfeld) \n- random: round-robin registers as ulong, not u32 (Jason A. Donenfeld) \n- random: pull add_hwgenerator_randomness() declaration into random.h (Jason A. Donenfeld) \n- random: check for crng_init == 0 in add_device_randomness() (Jason A. Donenfeld) \n- random: unify early init crng load accounting (Jason A. Donenfeld) \n- random: do not take pool spinlock at boot (Jason A. Donenfeld) \n- random: defer fast pool mixing to worker (Jason A. Donenfeld) \n- random: rewrite header introductory comment (Jason A. Donenfeld) \n- random: group sysctl functions (Jason A. Donenfeld) \n- random: group userspace read/write functions (Jason A. Donenfeld) \n- random: group entropy collection functions (Jason A. Donenfeld) \n- random: group entropy extraction functions (Jason A. Donenfeld) \n- random: remove useless header comment (Jason A. Donenfeld) \n- random: introduce drain_entropy() helper to declutter crng_reseed() (Jason A. Donenfeld) \n- random: deobfuscate irq u32/u64 contributions (Jason A. Donenfeld) \n- random: add proper SPDX header (Jason A. Donenfeld) \n- random: remove unused tracepoints (Jason A. Donenfeld) \n- random: remove ifdef'd out interrupt bench (Jason A. Donenfeld) \n- random: tie batched entropy generation to base_crng generation (Jason A. Donenfeld) \n- random: zero buffer after reading entropy from userspace (Jason A. Donenfeld) \n- random: remove outdated INT_MAX >> 6 check in urandom_read() (Jason A. Donenfeld) \n- random: use hash function for crng_slow_load() (Jason A. Donenfeld) \n- random: absorb fast pool into input pool after fast load (Jason A. Donenfeld) \n- random: do not xor RDRAND when writing into /dev/random (Jason A. Donenfeld) \n- random: ensure early RDSEED goes through mixer on init (Jason A. Donenfeld) \n- random: inline leaves of rand_initialize() (Jason A. Donenfeld) \n- random: use RDSEED instead of RDRAND in entropy extraction (Jason A. Donenfeld) \n- random: fix locking in crng_fast_load() (Dominik Brodowski) \n- random: remove batched entropy locking (Jason A. Donenfeld) \n- random: remove use_input_pool parameter from crng_reseed() (Eric Biggers) \n- random: make credit_entropy_bits() always safe (Jason A. Donenfeld) \n- random: always wake up entropy writers after extraction (Jason A. Donenfeld) \n- random: use linear min-entropy accumulation crediting (Jason A. Donenfeld) \n- random: simplify entropy debiting (Jason A. Donenfeld) \n- random: use computational hash for entropy extraction (Jason A. Donenfeld) \n- random: only call crng_finalize_init() for primary_crng (Dominik Brodowski) \n- random: access primary_pool directly rather than through pointer (Dominik Brodowski) \n- random: continually use hwgenerator randomness (Dominik Brodowski) \n- random: simplify arithmetic function flow in account() (Jason A. Donenfeld) \n- random: access input_pool_data directly rather than through pointer (Jason A. Donenfeld) \n- random: cleanup fractional entropy shift constants (Jason A. Donenfeld) \n- random: prepend remaining pool constants with POOL_ (Jason A. Donenfeld) \n- random: de-duplicate INPUT_POOL constants (Jason A. Donenfeld) \n- random: remove unused OUTPUT_POOL constants (Jason A. Donenfeld) \n- random: rather than entropy_store abstraction, use global (Jason A. Donenfeld) \n- random: try to actively add entropy rather than passively wait for it (Linus Torvalds) \n- random: remove unused extract_entropy() reserved argument (Jason A. Donenfeld) \n- random: remove incomplete last_data logic (Jason A. Donenfeld) \n- random: cleanup integer types (Jason A. Donenfeld) \n- crypto: chacha20 - Fix chacha20_block() keystream alignment (again) (Eric Biggers) \n- random: cleanup poolinfo abstraction (Jason A. Donenfeld) \n- random: fix typo in comments (Schspa Shi) \n- random: don't reset crng_init_cnt on urandom_read() (Jann Horn) \n- random: avoid superfluous call to RDRAND in CRNG extraction (Jason A. Donenfeld) \n- random: early initialization of ChaCha constants (Dominik Brodowski) \n- random: initialize ChaCha20 constants with correct endianness (Eric Biggers) \n- random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs (Jason A. Donenfeld) \n- random: harmonize 'crng init done' messages (Dominik Brodowski) \n- random: mix bootloader randomness into pool (Jason A. Donenfeld) \n- random: do not re-init if crng_reseed completes before primary init (Jason A. Donenfeld) \n- random: do not sign extend bytes for rotation when mixing (Jason A. Donenfeld) \n- random: use BLAKE2s instead of SHA1 in extraction (Jason A. Donenfeld) \n- random: remove unused irq_flags argument from add_interrupt_randomness() (Saeed Mirzamohammadi) \n- random: document add_hwgenerator_randomness() with other input functions (Mark Brown) \n- crypto: blake2s - adjust include guard naming (Eric Biggers) \n(Eric Biggers) \n- MAINTAINERS: co-maintain random.c (Jason A. Donenfeld) \n- random: remove dead code left over from blocking pool (Eric Biggers) \n- random: avoid arch_get_random_seed_long() when collecting IRQ randomness (Ard Biesheuvel) \n- random: add arch_get_random_*long_early() (Mark Rutland) \n- powerpc: Use bool in archrandom.h (Richard Henderson) \n- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (Richard Henderson) \n- linux/random.h: Use false with bool (Richard Henderson) \n- linux/random.h: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- s390: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- powerpc: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- x86: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- random: avoid warnings for !CONFIG_NUMA builds (Mark Rutland) \n- random: split primary/secondary crng init paths (Mark Rutland) \n- random: remove some dead code of poolinfo (Yangtao Li) \n- random: fix typo in add_timer_randomness() (Yangtao Li) \n- random: Add and use pr_fmt() (Yangtao Li) \n- random: convert to ENTROPY_BITS for better code readability (Yangtao Li) \n- random: remove unnecessary unlikely() (Yangtao Li) \n- random: remove kernel.random.read_wakeup_threshold (Andy Lutomirski) \n- random: delete code to pull data into pools (Andy Lutomirski) \n- random: remove the blocking pool (Andy Lutomirski) \n- random: fix crash on multiple early calls to add_bootloader_randomness() (Dominik Brodowski) \n- char/random: silence a lockdep splat with printk() (Sergey Senozhatsky) \n- random: make /dev/random be almost like /dev/urandom (Andy Lutomirski) \n- random: ignore GRND_RANDOM in getentropy(2) (Andy Lutomirski) \n- random: add GRND_INSECURE to return best-effort non-cryptographic bytes (Andy Lutomirski) \n- random: Add a urandom_read_nowait() for random APIs that don't warn (Andy Lutomirski) \n- random: Don't wake crng_init_wait when crng_init == 1 (Andy Lutomirski) \n- lib/crypto: sha1: re-roll loops to reduce code size (Jason A. Donenfeld) \n- lib/crypto: blake2s: move hmac construction into wireguard (Jason A. Donenfeld) \n- crypto: blake2s - generic C library implementation and selftest (Jason A. Donenfeld) \n- crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() (Andy Shevchenko) \n- Revert 'hwrng: core - Freeze khwrng thread during suspend' (Herbert Xu) \n- char/random: Add a newline at the end of the file (Borislav Petkov) \n- random: Use wait_event_freezable() in add_hwgenerator_randomness() (Stephen Boyd) \n- fdt: add support for rng-seed (Hsin-Yi Wang) \n- random: Support freezable kthreads in add_hwgenerator_randomness() (Stephen Boyd) \n- random: fix soft lockup when trying to read from an uninitialized blocking pool (Theodore Ts'o) \n- latent_entropy: avoid build error when plugin cflags are not set (Vasily Gorbik) \n- random: document get_random_int() family (George Spelvin) \n- random: move rand_initialize() earlier (Kees Cook) \n- random: only read from /dev/random after its pool has received 128 bits (Theodore Ts'o) \n- drivers/char/random.c: make primary_crng static (Rasmus Villemoes) \n- drivers/char/random.c: remove unused stuct poolinfo::poolbits (Rasmus Villemoes) \n- drivers/char/random.c: constify poolinfo_table (Rasmus Villemoes) \n- random: make CPU trust a boot parameter (Kees Cook) \n- random: Make crng state queryable (Jason A. Donenfeld) \n- random: remove preempt disabled region (Ingo Molnar) \n- random: add a config option to trust the CPU's hwrng (Theodore Ts'o) \n- random: Return nbytes filled from hw RNG (Tobin C. Harding) \n- random: Fix whitespace pre random-bytes work (Tobin C. Harding) \n- drivers/char/random.c: remove unused dont_count_entropy (Rasmus Villemoes) \n- random: optimize add_interrupt_randomness (Andi Kleen) \n- random: always fill buffer in get_random_bytes_wait (Jason A. Donenfeld) \n- crypto: chacha20 - Fix keystream alignment for chacha20_block() (Eric Biggers) \n- 9p: missing chunk of 'fs/9p: Don't update file type when updating file attributes' (Al Viro)\n[4.14.35-2047.517.0]\n- mpt3sas: Fix panic observed while accessing the hw ctx queue (Gulam Mohamed) [Orabug: 34446738] \n- driver: marvell: mmc: Add new bus modes overrides from DT (Wojciech Bartczak) [Orabug: 34440004] \n- octeontx2: mmc: Adds mechanism to modify all MMC bus modes timings (Wojciech Bartczak) [Orabug: 34440004] \n- rds/rdma: correctly assign the dest qp num in rds ib connection (Rohit Nair) [Orabug: 34429478] \n- Revert 'uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT' (Gulam Mohamed) [Orabug: 34419153] \n- net/rds : Adding support to print SCQ and RCQ completion vectors in rds-info. (Anand Khoje) [Orabug: 34398210] \n- IB/mlx5: Disable BME for unbound devices too (Hakon Bugge) [Orabug: 34395378] \n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) [Orabug: 34387281] \n- net/mlx5: FW tracer, Add debug prints (Saeed Mahameed) [Orabug: 34387281] \n- perf script: Fix crash because of missing evsel->priv (Ravi Bangoria) [Orabug: 34382257] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371946] \n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364338] \n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364338] \n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 33665743]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2022-09-16T00:00:00", "id": "ELSA-2022-9787", "href": "http://linux.oracle.com/errata/ELSA-2022-9787.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T00:43:27", "description": "[4.14.35-2047.517.3.el7]\n- KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637]\n- KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637]\n- KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]\n[4.14.35-2047.517.2.el7]\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476942]\n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476942]\n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476942]\n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476942]\n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476942]\n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419972] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414240]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510858] {CVE-2022-21385}\n[4.14.35-2047.517.1.el7]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480752] {CVE-2022-2588}\n- Restore 'module, async: async_synchronize_full() on module init iff async is used' (Mridula Shastry) [Orabug: 34469834]\n- net/rds: Replace #ifdef DEBUG with CONFIG_SLUB_DEBUG (Freddy Carrillo) [Orabug: 34405766]\n- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34295843]\n- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34295843]\n- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34295843]\n- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34295843]\n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34211118]\n- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34211118]\n- Linux 4.14.288 (Greg Kroah-Hartman) \n- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) \n- ida: don't use BUG_ON() for debugging (Linus Torvalds) \n- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) \n- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) \n- xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) \n- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) \n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) \n- fbcon: Disallow setting font bigger than screen size (Helge Deller) \n- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) \n- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) \n- usbnet: fix memory leak in error case (Oliver Neukum) \n- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) \n- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) \n- mm/slub: add missing TID updates on slab deactivation (Jann Horn) \n- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) \n- Linux 4.14.287 (Greg Kroah-Hartman) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) \n- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) \n- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) {CVE-2022-33744}\n- net: Rename and export copy_skb_header (Ilya Lesokhin) \n- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) \n- sit: use min (kernel test robot) \n- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) \n- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) \n- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) \n- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) \n- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) \n- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) \n- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) \n- usbnet: fix memory allocation in helpers (Oliver Neukum) \n- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) \n- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) \n- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) \n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) \n- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) \n- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) \n- nvdimm: Fix badblocks clear off-by-one error (Chris Ye) \n- Linux 4.14.286 (Greg Kroah-Hartman) \n- swiotlb: skip swiotlb_bounce when orig_addr is zero (Liu Shixin) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- fdt: Update CRC check for rng-seed (Hsin-Yi Wang) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- drm: remove drm_fb_helper_modinit (Christoph Hellwig) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- vt: drop old FONT ioctls (Jiri Slaby) \n- Linux 4.14.285 (Greg Kroah-Hartman) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- tcp: add some entropy in __inet_hash_connect() (Eric Dumazet) \n- xprtrdma: fix incorrect header size calculations (Colin Ian King) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable 'count' signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- misc: atmel-ssc: Fix IRQ check in ssc_probe (Miaoqian Lin) \n- tty: goldfish: Fix free_irq() on remove (Vincent Whitchurch) \n- i40e: Fix call trace in setup_tx_descriptors (Aleksandr Loktionov) \n- pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (Trond Myklebust) \n- random: credit cpu and bootloader seeds by default (Jason A. Donenfeld) \n- net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (Chen Lin) \n- ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (Wang Yufen) \n- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (Xiaohui Zhang) \n- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (chengkaitao) \n- scsi: pmcraid: Fix missing resource cleanup in error case (Chengguang Xu) \n- scsi: ipr: Fix missing/incorrect resource cleanup in error case (Chengguang Xu) \n- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (James Smart) \n- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (Wentao Wang) \n- ASoC: wm8962: Fix suspend while playing music (Adam Ford) \n- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (Sergey Shtylyov) \n- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (Charles Keepax) \n- ASoC: cs42l52: Correct TLV for Bypass Volume (Charles Keepax) \n- ASoC: cs53l30: Correct number of volume levels on SX controls (Charles Keepax) \n- ASoC: cs42l52: Fix TLV scales for mixer controls (Charles Keepax) \n- random: account for arch randomness in bits (Jason A. Donenfeld) \n- random: mark bootloader randomness code as __init (Jason A. Donenfeld) \n- random: avoid checking crng_ready() twice in random_init() (Jason A. Donenfeld) \n- crypto: drbg - make reseeding from get_random_bytes() synchronous (Nicolai Stange) \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) \n- crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (Nicolai Stange) \n- crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (Nicolai Stange) \n- crypto: drbg - prepare for more fine-grained tracking of seeding state (Nicolai Stange) \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) \n- crypto: drbg - add FIPS 140-2 CTRNG for noise source (Stephan Mueller) \n- Revert 'random: use static branch for crng_ready()' (Jason A. Donenfeld) \n- random: check for signals after page of pool writes (Jason A. Donenfeld) \n- random: wire up fops->splice_{read,write}_iter() (Jens Axboe) \n- random: convert to using fops->write_iter() (Jens Axboe) \n- random: move randomize_page() into mm where it belongs (Jason A. Donenfeld) \n- random: move initialization functions out of hot pages (Jason A. Donenfeld) \n- random: use proper jiffies comparison macro (Jason A. Donenfeld) \n- random: use symbolic constants for crng_init states (Jason A. Donenfeld) \n- siphash: use one source of truth for siphash permutations (Jason A. Donenfeld) \n- random: help compiler out with fast_mix() by using simpler arguments (Jason A. Donenfeld) \n- random: do not use input pool from hard IRQs (Saeed Mirzamohammadi) \n- random: order timer entropy functions below interrupt functions (Jason A. Donenfeld) \n- random: do not pretend to handle premature next security model (Jason A. Donenfeld) \n- random: do not use batches when !crng_ready() (Jason A. Donenfeld) \n- random: insist on random_get_entropy() existing in order to simplify (Jason A. Donenfeld) \n- xtensa: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- sparc: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- um: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- x86/tsc: Use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- nios2: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- arm: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- mips: use fallback for random_get_entropy() instead of just c0 random (Jason A. Donenfeld) \n- m68k: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- timekeeping: Add raw clock fallback for random_get_entropy() (Jason A. Donenfeld) \n- powerpc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- alpha: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- parisc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- s390: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- ia64: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- init: call time_init() before rand_initialize() (Jason A. Donenfeld) \n- random: fix sysctl documentation nits (Jason A. Donenfeld) \n- random: document crng_fast_key_erasure() destination possibility (Jason A. Donenfeld) \n- random: make random_get_entropy() return an unsigned long (Jason A. Donenfeld) \n- random: check for signals every PAGE_SIZE chunk of /dev/[u]random (Jason A. Donenfeld) \n- random: check for signal_pending() outside of need_resched() check (Jann Horn) \n- random: do not allow user to keep crng key around on stack (Jason A. Donenfeld) \n- random: do not split fast init input in add_hwgenerator_randomness() (Jan Varho) \n- random: mix build-time latent entropy into pool at init (Jason A. Donenfeld) \n- random: re-add removed comment about get_random_{u32,u64} reseeding (Jason A. Donenfeld) \n- random: treat bootloader trust toggle the same way as cpu trust toggle (Jason A. Donenfeld) \n- random: skip fast_init if hwrng provides large chunk of entropy (Jason A. Donenfeld) \n- random: check for signal and try earlier when generating entropy (Jason A. Donenfeld) \n- random: reseed more often immediately after booting (Jason A. Donenfeld) \n- random: make consistent usage of crng_ready() (Jason A. Donenfeld) \n- random: use SipHash as interrupt entropy accumulator (Jason A. Donenfeld) \n- random: replace custom notifier chain with standard one (Jason A. Donenfeld) \n- random: don't let 644 read-only sysctls be written to (Jason A. Donenfeld) \n- random: give sysctl_random_min_urandom_seed a more sensible value (Jason A. Donenfeld) \n- random: do crng pre-init loading in worker rather than irq (Jason A. Donenfeld) \n- random: unify cycles_t and jiffies usage and types (Jason A. Donenfeld) \n- random: cleanup UUID handling (Jason A. Donenfeld) \n- random: only wake up writers after zap if threshold was passed (Jason A. Donenfeld) \n- random: round-robin registers as ulong, not u32 (Jason A. Donenfeld) \n- random: pull add_hwgenerator_randomness() declaration into random.h (Jason A. Donenfeld) \n- random: check for crng_init == 0 in add_device_randomness() (Jason A. Donenfeld) \n- random: unify early init crng load accounting (Jason A. Donenfeld) \n- random: do not take pool spinlock at boot (Jason A. Donenfeld) \n- random: defer fast pool mixing to worker (Jason A. Donenfeld) \n- random: rewrite header introductory comment (Jason A. Donenfeld) \n- random: group sysctl functions (Jason A. Donenfeld) \n- random: group userspace read/write functions (Jason A. Donenfeld) \n- random: group entropy collection functions (Jason A. Donenfeld) \n- random: group entropy extraction functions (Jason A. Donenfeld) \n- random: remove useless header comment (Jason A. Donenfeld) \n- random: introduce drain_entropy() helper to declutter crng_reseed() (Jason A. Donenfeld) \n- random: deobfuscate irq u32/u64 contributions (Jason A. Donenfeld) \n- random: add proper SPDX header (Jason A. Donenfeld) \n- random: remove unused tracepoints (Jason A. Donenfeld) \n- random: remove ifdef'd out interrupt bench (Jason A. Donenfeld) \n- random: tie batched entropy generation to base_crng generation (Jason A. Donenfeld) \n- random: zero buffer after reading entropy from userspace (Jason A. Donenfeld) \n- random: remove outdated INT_MAX >> 6 check in urandom_read() (Jason A. Donenfeld) \n- random: use hash function for crng_slow_load() (Jason A. Donenfeld) \n- random: absorb fast pool into input pool after fast load (Jason A. Donenfeld) \n- random: do not xor RDRAND when writing into /dev/random (Jason A. Donenfeld) \n- random: ensure early RDSEED goes through mixer on init (Jason A. Donenfeld) \n- random: inline leaves of rand_initialize() (Jason A. Donenfeld) \n- random: use RDSEED instead of RDRAND in entropy extraction (Jason A. Donenfeld) \n- random: fix locking in crng_fast_load() (Dominik Brodowski) \n- random: remove batched entropy locking (Jason A. Donenfeld) \n- random: remove use_input_pool parameter from crng_reseed() (Eric Biggers) \n- random: make credit_entropy_bits() always safe (Jason A. Donenfeld) \n- random: always wake up entropy writers after extraction (Jason A. Donenfeld) \n- random: use linear min-entropy accumulation crediting (Jason A. Donenfeld) \n- random: simplify entropy debiting (Jason A. Donenfeld) \n- random: use computational hash for entropy extraction (Jason A. Donenfeld) \n- random: only call crng_finalize_init() for primary_crng (Dominik Brodowski) \n- random: access primary_pool directly rather than through pointer (Dominik Brodowski) \n- random: continually use hwgenerator randomness (Dominik Brodowski) \n- random: simplify arithmetic function flow in account() (Jason A. Donenfeld) \n- random: access input_pool_data directly rather than through pointer (Jason A. Donenfeld) \n- random: cleanup fractional entropy shift constants (Jason A. Donenfeld) \n- random: prepend remaining pool constants with POOL_ (Jason A. Donenfeld) \n- random: de-duplicate INPUT_POOL constants (Jason A. Donenfeld) \n- random: remove unused OUTPUT_POOL constants (Jason A. Donenfeld) \n- random: rather than entropy_store abstraction, use global (Jason A. Donenfeld) \n- random: try to actively add entropy rather than passively wait for it (Linus Torvalds) \n- random: remove unused extract_entropy() reserved argument (Jason A. Donenfeld) \n- random: remove incomplete last_data logic (Jason A. Donenfeld) \n- random: cleanup integer types (Jason A. Donenfeld) \n- crypto: chacha20 - Fix chacha20_block() keystream alignment (again) (Eric Biggers) \n- random: cleanup poolinfo abstraction (Jason A. Donenfeld) \n- random: fix typo in comments (Schspa Shi) \n- random: don't reset crng_init_cnt on urandom_read() (Jann Horn) \n- random: avoid superfluous call to RDRAND in CRNG extraction (Jason A. Donenfeld) \n- random: early initialization of ChaCha constants (Dominik Brodowski) \n- random: initialize ChaCha20 constants with correct endianness (Eric Biggers) \n- random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs (Jason A. Donenfeld) \n- random: harmonize 'crng init done' messages (Dominik Brodowski) \n- random: mix bootloader randomness into pool (Jason A. Donenfeld) \n- random: do not re-init if crng_reseed completes before primary init (Jason A. Donenfeld) \n- random: do not sign extend bytes for rotation when mixing (Jason A. Donenfeld) \n- random: use BLAKE2s instead of SHA1 in extraction (Jason A. Donenfeld) \n- random: remove unused irq_flags argument from add_interrupt_randomness() (Saeed Mirzamohammadi) \n- random: document add_hwgenerator_randomness() with other input functions (Mark Brown) \n- crypto: blake2s - adjust include guard naming (Eric Biggers) \n- crypto: blake2s - include \n instead of \n (Eric Biggers) \n- MAINTAINERS: co-maintain random.c (Jason A. Donenfeld) \n- random: remove dead code left over from blocking pool (Eric Biggers) \n- random: avoid arch_get_random_seed_long() when collecting IRQ randomness (Ard Biesheuvel) \n- random: add arch_get_random_*long_early() (Mark Rutland) \n- powerpc: Use bool in archrandom.h (Richard Henderson) \n- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (Richard Henderson) \n- linux/random.h: Use false with bool (Richard Henderson) \n- linux/random.h: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- s390: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- powerpc: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- x86: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- random: avoid warnings for !CONFIG_NUMA builds (Mark Rutland) \n- random: split primary/secondary crng init paths (Mark Rutland) \n- random: remove some dead code of poolinfo (Yangtao Li) \n- random: fix typo in add_timer_randomness() (Yangtao Li) \n- random: Add and use pr_fmt() (Yangtao Li) \n- random: convert to ENTROPY_BITS for better code readability (Yangtao Li) \n- random: remove unnecessary unlikely() (Yangtao Li) \n- random: remove kernel.random.read_wakeup_threshold (Andy Lutomirski) \n- random: delete code to pull data into pools (Andy Lutomirski) \n- random: remove the blocking pool (Andy Lutomirski) \n- random: fix crash on multiple early calls to add_bootloader_randomness() (Dominik Brodowski) \n- char/random: silence a lockdep splat with printk() (Sergey Senozhatsky) \n- random: make /dev/random be almost like /dev/urandom (Andy Lutomirski) \n- random: ignore GRND_RANDOM in getentropy(2) (Andy Lutomirski) \n- random: add GRND_INSECURE to return best-effort non-cryptographic bytes (Andy Lutomirski) \n- random: Add a urandom_read_nowait() for random APIs that don't warn (Andy Lutomirski) \n- random: Don't wake crng_init_wait when crng_init == 1 (Andy Lutomirski) \n- lib/crypto: sha1: re-roll loops to reduce code size (Jason A. Donenfeld) \n- lib/crypto: blake2s: move hmac construction into wireguard (Jason A. Donenfeld) \n- crypto: blake2s - generic C library implementation and selftest (Jason A. Donenfeld) \n- crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() (Andy Shevchenko) \n- Revert 'hwrng: core - Freeze khwrng thread during suspend' (Herbert Xu) \n- char/random: Add a newline at the end of the file (Borislav Petkov) \n- random: Use wait_event_freezable() in add_hwgenerator_randomness() (Stephen Boyd) \n- fdt: add support for rng-seed (Hsin-Yi Wang) \n- random: Support freezable kthreads in add_hwgenerator_randomness() (Stephen Boyd) \n- random: fix soft lockup when trying to read from an uninitialized blocking pool (Theodore Ts'o) \n- latent_entropy: avoid build error when plugin cflags are not set (Vasily Gorbik) \n- random: document get_random_int() family (George Spelvin) \n- random: move rand_initialize() earlier (Kees Cook) \n- random: only read from /dev/random after its pool has received 128 bits (Theodore Ts'o) \n- drivers/char/random.c: make primary_crng static (Rasmus Villemoes) \n- drivers/char/random.c: remove unused stuct poolinfo::poolbits (Rasmus Villemoes) \n- drivers/char/random.c: constify poolinfo_table (Rasmus Villemoes) \n- random: make CPU trust a boot parameter (Kees Cook) \n- random: Make crng state queryable (Jason A. Donenfeld) \n- random: remove preempt disabled region (Ingo Molnar) \n- random: add a config option to trust the CPU's hwrng (Theodore Ts'o) \n- random: Return nbytes filled from hw RNG (Tobin C. Harding) \n- random: Fix whitespace pre random-bytes work (Tobin C. Harding) \n- drivers/char/random.c: remove unused dont_count_entropy (Rasmus Villemoes) \n- random: optimize add_interrupt_randomness (Andi Kleen) \n- random: always fill buffer in get_random_bytes_wait (Jason A. Donenfeld) \n- crypto: chacha20 - Fix keystream alignment for chacha20_block() (Eric Biggers) \n- 9p: missing chunk of 'fs/9p: Don't update file type when updating file attributes' (Al Viro)\n[4.14.35-2047.517.0.el7]\n- mpt3sas: Fix panic observed while accessing the hw ctx queue (Gulam Mohamed) [Orabug: 34446738]\n- driver: marvell: mmc: Add new bus modes overrides from DT (Wojciech Bartczak) [Orabug: 34440004]\n- octeontx2: mmc: Adds mechanism to modify all MMC bus modes timings (Wojciech Bartczak) [Orabug: 34440004]\n- rds/rdma: correctly assign the dest qp num in rds ib connection (Rohit Nair) [Orabug: 34429478]\n- Revert 'uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT' (Gulam Mohamed) [Orabug: 34419153]\n- net/rds : Adding support to print SCQ and RCQ completion vectors in rds-info. (Anand Khoje) [Orabug: 34398210]\n- IB/mlx5: Disable BME for unbound devices too (Hakon Bugge) [Orabug: 34395378]\n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) [Orabug: 34387281]\n- net/mlx5: FW tracer, Add debug prints (Saeed Mahameed) [Orabug: 34387281]\n- perf script: Fix crash because of missing evsel->priv (Ravi Bangoria) [Orabug: 34382257]\n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371946]\n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364338]\n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364338]\n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 33665743]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2022-09-16T00:00:00", "id": "ELSA-2022-9788", "href": "http://linux.oracle.com/errata/ELSA-2022-9788.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-15T18:31:24", "description": "[5.4.17-2136.310.7]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588}\n- x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: remove incorrect __init/__ro_after_init annotations (Ankur Arora) [Orabug: 34455621]\n[5.4.17-2136.310.6]\n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- Revert 'hwmon: Make chip parameter for with_info API mandatory' (Greg Kroah-Hartman) [Orabug: 34423806] \n- ext4: make variable 'count' signed (Ding Xiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf)\n[5.4.17-2136.310.5]\n- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Paolo Bonzini) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Disable RRSBA behavior (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/exec: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/VMX: Use TEST %REG,%REG instead of CMP /u03/ksharma/errata_processing/work/el7uek6/db_7uek6.ELSA-2022-9709,%REG in vmenter.S (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kbuild/objtool: Add objtool-vmlinux.o pass (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add retbleed=ibpb (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/xen: Rename SYS* entry points (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Update Retpoline validation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- intel_idle: Disable IBRS during long idle (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Add kernel IBRS implementation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report AMD retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add magic AMD return-thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vmlinux: Use INT3 instead of NOP for linker fill bytes (Kees Cook) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/realmode: build with __DISABLE_EXPORTS (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Use return-thunk in asm code (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bpf: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/ftrace: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86,objtool: Create .return_sites (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/mm: elide references to .discard.* from .return_sites (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Undo return-thunk damage (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Use -mfunction-return (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/alternative: Support not-feature (Juergen Gross) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/features: Move RETPOLINE flags to word 11 (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Classify symbols (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Create reloc sections implicitly (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add elf_create_reloc() helper (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rework the elf_rebuild_reloc_section() logic (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Handle per arch retpoline naming (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Correctly handle retpoline thunk calls (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Support retpoline jump detection for vmlinux.o (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add 'alt_group' struct (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Clean up elf_write() condition (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add support for relocations without addends (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename rela to reloc (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: optimize add_dead_ends for split sections (Sami Tolvanen) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Move the IRET hack into the arch decoder (Miroslav Benes) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename elf_read() to elf_open_read() (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Constify 'struct elf *' parameters (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize !vmlinux.o again (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Better handle IRET (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/unwind_hints: define unwind_hint_save, unwind_hint_restore (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add abstraction for destination offsets (Raphael Gault) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix off-by-one in symbol_by_offset() (Julien Thierry) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_rela_by_dest_range() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize read_sections() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename find_containing_func() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_*() and read_symbols() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add a statistics mode (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn_all() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Introduce validate_return() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Improve call destination function detection (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix clang switch table edge case (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add relocation check for alternative sections (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add is_static_jump() helper (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n[5.4.17-2136.310.4]\n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34400675] {CVE-2022-21505}\n- bnxt_en: Use page frag RX buffers for better software GRO performance (Jakub Kicinski) [Orabug: 34083551] \n- bnxt_en: enable interrupt sampling on 5750X for DIM (Andy Gospodarek) [Orabug: 34083551] \n- bnxt_en: Add event handler for PAUSE Storm event (Somnath Kotur) [Orabug: 34083551] \n- bnxt_en: reject indirect blk offload when hw-tc-offload is off (Sriharsha Basavapatna) [Orabug: 34083551] \n- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (Edwin Peer) [Orabug: 34083551] \n- bnxt_en: Fix error recovery regression (Michael Chan) [Orabug: 34083551] \n- bnxt_en: Fix possible unintended driver initiated error recovery (Michael Chan) [Orabug: 34083551] \n- bnxt: count discards due to memory allocation errors (Jakub Kicinski) [Orabug: 34083551] \n- bnxt: count packets discarded because of netpoll (Jakub Kicinski) [Orabug: 34083551] \n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364337] \n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364337] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371884]\n[5.4.17-2136.310.3]\n- RDS/IB: Fix RDS IB SRQ implementation and tune it (Hans Westgaard Ry) [Orabug: 31899472] \n- RDS/IB: Introduce bit_flag routines with memory-barrier for bit flags (Hans Westgaard Ry) [Orabug: 31899472] \n- xfs: don't fail unwritten extent conversion on writeback due to edquot (Darrick J. Wong) [Orabug: 33786167] \n- mm/page_alloc: reuse tail struct pages for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: improve memory savings for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: refactor core of vmemmap_populate_basepages() to helper (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: add a pgmap argument to section activation (Joao Martins) [Orabug: 34314763] \n- memory-failure: fetch compound_head after pgmap_pfn_valid() (Joao Martins) [Orabug: 34314763] \n- device-dax: compound devmap support (Joao Martins) [Orabug: 34314763] \n- device-dax: factor out page mapping initialization (Joao Martins) [Orabug: 34314763] \n- device-dax: ensure dev_dax->pgmap is valid for dynamic devices (Joao Martins) [Orabug: 34314763] \n- device-dax: use struct_size() (Joao Martins) [Orabug: 34314763] \n- device-dax: use ALIGN() for determining pgoff (Joao Martins) [Orabug: 34314763] \n- mm/memremap: add ZONE_DEVICE support for compound pages (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: refactor memmap_init_zone_device() page init (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: split prep_compound_page into head and tail subparts (Joao Martins) [Orabug: 34314763] \n- RDMA/umem: batch page unpin in __ib_umem_release() (Joao Martins) [Orabug: 34314763] \n- mm/gup: add a range variant of unpin_user_pages_dirty_lock() (Joao Martins) [Orabug: 34314763] \n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323859] {CVE-2022-2153}\n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 34330922] \n- x86/boot/compressed/64: Disable 5-level page tables on AMD (Boris Ostrovsky) [Orabug: 34366382]\n[5.4.17-2136.310.2]\n- LTS tag: v5.4.199 (Sherry Yang) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- LTS tag: v5.4.198 (Sherry Yang) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- mmc: block: Fix CQE recovery reset success (Adrian Hunter) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- scripts/gdb: change kernel config dumping method (Kuan-Ying Lee) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- cifs: version operations for smb20 unneeded when legacy support disabled (Steve French) \n- s390/gmap: voluntarily schedule during key setting (Christian Borntraeger) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- x86/cpu: Elide KCSAN for cpu_has() and friends (Peter Zijlstra) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- ceph: allow ceph.dir.rctime xattr to be updatable (Venky Shankar) \n- Revert 'net: af_key: add check for pfkey_broadcast in function pfkey_process' (Michal Kubecek) \n- scsi: myrb: Fix up null pointer access on myrb_cleanup() (Hannes Reinecke) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- watchdog: wdat_wdt: Stop watchdog when rebooting the system (Liu Xinpeng) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- staging: rtl8712: fix uninit-value in usb_read8() and friends (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: don't reset gadget's driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of 'out of frame' object (Kees Cook) \n- iio: st_sensors: Add a local lock for protecting odr (Miquel Raynal) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- ip_gre: test csum_start instead of transport header (Willem de Bruijn) \n- net/mlx5: fs, fail conflicting actions (Mark Bloch) \n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (Miaoqian Lin) \n- bpf, arm64: Clear prog->jited_len along prog->jited (Eric Dumazet) \n- af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- netfilter: nf_tables: memleak flow rule from commit path (Pablo Neira Ayuso) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- netfilter: nat: really support inet nat without l3 address (Florian Westphal) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- NFSv4: Don't hold the layoutget locks across multiple RPC calls (Trond Myklebust) \n- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (Radhey Shyam Pandey) \n- m68knommu: fix undefined reference to _init_sp' (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (Dongliang Mu) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tipc: check attribute length for bearer name (Hoang Le) \n- afs: Fix infinite loop found by xfstest generic/676 (David Howells) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- net: sched: add barrier to fix packet stuck problem for lockless qdisc (Guoju Fang) \n- net/mlx5e: Update netdev features after changing XDP state (Maxim Mikityanskiy) \n- net/mlx5: Don't use already freed action pointer (Leon Romanovsky) \n- nfp: only report pause frame configuration for physical device (Yu Xiao) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (Vincent Ray) \n- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (Jann Horn) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (Shengjiu Wang) \n- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (Miaoqian Lin) \n- driver core: fix deadlock in __device_attach (Zhang Wensheng) \n- driver: base: fix UAF when driver_attach failed (Schspa Shi) \n- bus: ti-sysc: Fix warnings for unbind for serial (Tony Lindgren) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: stm32-usart: Correct CSIZE, bits, and parity (Ilpo Jarvinen) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sifive: Sanitize CSIZE and c_iflag (Ilpo Jarvinen) \n- serial: sh-sci: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: rda-uart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- MIPS: IP27: Remove incorrect cpu_has_fpu' override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- Kconfig: add config option for asm goto w/ outputs (Nick Desaulniers) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: don't overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: don't need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Don't report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- PCI: imx6: Fix PERST# start-up sequence (Francesco Dolcini) \n- ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (Waiman Long) \n- proc: fix dentry/inode overinstantiating under /proc//net (Alexey Dobriyan) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export 'cpm_setbrg' for modules (Randy Dunlap) \n- dax: fix cache flush on PMD-mapped pages (Muchun Song) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- nvdimm: Allow overwrite in the presence of disabled dimms (Dan Williams) \n- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (Cristian Marussi) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- powerpc/fadump: fix PT_LOAD segment for boot memory area (Hari Bathini) \n- arm: mediatek: select arch timer for mt7629 (Chuanhong Guo) \n- crypto: marvell/cesa - ECB does not IV (Corentin Labbe) \n- misc: ocxl: fix possible double free in ocxl_file_register_afu (Hangyu Hua) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (Phil Elwell) \n- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (Phil Elwell) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- can: xilinx_can: mark bit timing constants as const (Marc Kleine-Budde) \n- KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (Sean Christopherson) \n- PCI: rockchip: Fix find_first_zero_bit() limit (Dan Carpenter) \n- PCI: cadence: Fix find_first_zero_bit() limit (Dan Carpenter) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- ARM: dts: suniv: F1C100: fix watchdog compatible (Andre Przywara) \n- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (Shawn Lin) \n- net/smc: postpone sk_refcnt increment in connect() (liuyacan) \n- rxrpc: Fix decision on when to generate an IDLE ACK (David Howells) \n- rxrpc: Don't let ack.previousPacket regress (David Howells) \n- rxrpc: Fix overlapping ACK accounting (David Howells) \n- rxrpc: Don't try to resend the request if we're receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (Duoming Zhou) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (Zheng Yongjun) \n- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (Hangyu Hua) \n- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (Miaoqian Lin) \n- ext4: reject the 'commit' option on ext2 filesystems (Eric Biggers) \n- media: ov7670: remove ov7670_power_off from ov7670_remove (Dongliang Mu) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: vsp1: Fix offset calculation for plane cropping (Michael Rodin) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- media: aspeed: Fix an error handling path in aspeed_video_probe() (Christophe JAILLET) \n- scripts/faddr2line: Fix overlapping text section failures (Josh Poimboeuf) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (Miaoqian Lin) \n- perf/amd/ibs: Use interrupt regs ip for stack unwinding (Ravi Bangoria) \n- Revert 'cpufreq: Fix possible race in cpufreq online error path' (Viresh Kumar) \n- iomap: iomap_write_failed fix (Andreas Gruenbacher) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (Jessica Zhang) \n- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (Jessica Zhang) \n- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (Zev Weiss) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (Daniel Thompson) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- virtio_blk: fix the discard_granularity and discard_alignment queue limits (Christoph Hellwig) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (Vinod Polimera) \n- perf tools: Add missing headers needed by util/data.h (Yang Jihong) \n- ASoC: rk3328: fix disabling mclk on pclk probe failure (Nicolas Frattaroli) \n- x86/speculation: Add missing prototype for unpriv_ebpf_notify() (Josh Poimboeuf) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- scsi: ufs: core: Exclude UECxx from SFR dump list (Kiwoong Kim) \n- of: overlay: do not break notify on NOTIFY_{OK|STOP} (Nuno Sa) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- cpufreq: Fix possible race in cpufreq online error path (Schspa Shi) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (Chengming Zhou) \n- drm/bridge: Fix error handling in analogix_dp_probe (Miaoqian Lin) \n- HID: elan: Fix potential double free in elan_input_configured (Miaoqian Lin) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- drbd: fix duplicate array initializer (Arnd Bergmann) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm: mali-dp: potential dereference of null pointer (Jiasheng Jiang) \n- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (Zhou Qingyang) \n- nl80211: show SSID for P2P_GO interfaces (Johannes Berg) \n- bpf: Fix excessive memory allocation in stack_map_alloc() (Yuntao Wang) \n- drm/vc4: txp: Force alpha to be 0xff if it's disabled (Maxime Ripard) \n- drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (Maxime Ripard) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- drm/bridge: adv7511: clean up CEC adapter when probe fails (Lucas Stach) \n- drm/edid: fix invalid EDID extension block filtering (Jani Nikula) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Linus Torvalds) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (Peng Wu) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/powernv: fix missing of_node_put in uv_init() (Lv Ruyi) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- powerpc/fadump: Fix fadump to work with a different endian capture kernel (Hari Bathini) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- PM / devfreq: rk3399_dmc: Disable edev on remove() (Brian Norris) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- IB/rdmavt: add missing locks in rvt_ruc_loopback (Niels Dossche) \n- selftests/bpf: fix btf_dump/btf_dump due to recent clang change (Yonghong Song) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- hwmon: Make chip parameter for with_info API mandatory (Guenter Roeck) \n- ASoC: max98357a: remove dependency on GPIOLIB (Pierre-Louis Bossart) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- nbd: Fix hung on disconnect request if socket is closed before (Xie Yongji) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- media: cec-adap.c: fix is_configuring state (Hans Verkuil) \n- media: coda: limit frame interval enumeration to supported encoder frame sizes (Philipp Zabel) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi: Fix pr_fmt to avoid compilation issues (Corey Minyard) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (Mario Limonciello) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (Patrice Chotard) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (Charles Keepax) \n- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (Dongliang Mu) \n- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (Alice Wong) \n- mlxsw: spectrum_dcb: Do not warn about priority changes (Petr Machata) \n- ASoC: dapm: Don't fold register value changes into notifications (Mark Brown) \n- net/mlx5: fs, delete the FTE when there are no rules attached to it (Mark Bloch) \n- ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm: msm: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (Alexandru Elisei) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- drm/plane: Move range check for format_count earlier (Steven Price) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- mmc: jz4740: Apply DMA engine limits to maximum segment size (Aidan MacDonald) \n- md/bitmap: don't set sb values if can't pass sanity check (Heming Zhao) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VAReNE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- tools/power turbostat: fix ICX DRAM power numbers (Len Brown) \n- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (Biju Das) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Siawinski) \n- drm/komeda: return early if drm_universal_plane_init() fails. (Liviu Dudau) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- fbcon: Consistently protect deferred_takeover with console_lock() (Daniel Vetter) \n- ipv6: fix locking issues with loops over idev->addr_list (Niels Dossche) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add '0x' prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (Eric W. Biederman) \n- perf/x86/intel: Fix event constraints for ICL (Kan Liang) \n- usb: core: hcd: Add support for deferring roothub registration (Kishon Vijay Abraham I) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (Marios Levogiannis) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- LTS tag: v5.4.197 (Sherry Yang) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- NFS: Memory allocation failures are not server fatal errors (Trond Myklebust) \n- docs: submitting-patches: Fix crossref to 'The canonical patch format' (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- tpm: Fix buffer access in tpm2_get_tpm_pt() (Stefan Mahnke-Hartmann) \n- HID: multitouch: Add support for Google Whiskers Touchpad (Marek Maslanka) \n- raid5: introduce MD_BROKEN (Mariusz Tkaczyk) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- crypto: ecrdsa - Fix incorrect use of vli_cmp (Vitaly Chikunov) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- cfg80211: set custom regdomain after wiphy registration (Miri Korenblit) \n- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (Mika Westerberg) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- pinctrl: sunxi: fix f1c100s uart2 function (IotaHydrae) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- media: vim2m: initialize the media device earlier (Hans Verkuil) \n- media: vim2m: Register video device after setting up internals (Sakari Ailus) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- Input: goodix - fix spurious key release events (Dmitry Mastykin) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner)\n[5.4.17-2136.310.1]\n- intel_idle: Fix max_cstate for processor models without C-state tables (Chen Yu) [Orabug: 34081688] \n- intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add 'preferred_cstates' module argument (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: Adjust the SKX C6 parameters if PC6 is disabled (Chen Yu) [Orabug: 34081688] \n- intel_idle: Clean up kerneldoc comments for multiple functions (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add __initdata annotations to init time variables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Relocate definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Simplify LAPIC timer reliability checks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'states_off' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'use_acpi' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up irtl_2_usec() (Rafael J. Wysocki) [Orabug: 34081688] \n- Documentation: admin-guide: PM: Add intel_idle document (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move 3 functions closer to their callers (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Annotate initialization code and data structures (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move and clean up intel_idle_cpuidle_devices_uninit() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Rearrange intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Fold intel_idle_probe() into intel_idle_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Eliminate __setup_broadcast_timer() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add module parameter to prevent ACPI _CST from being used (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Allow ACPI _CST to be used for selected known processors (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Allow idle states to be disabled by default (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Refactor intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Drop disabled field from struct cpuidle_state (Thomas Tai) [Orabug: 34081688] \n- cpuidle: Consolidate disabled state checks (Rafael J. Wysocki) [Orabug: 34081688] \n- Revert 'intel_idle: Use ACPI _CST for processor models without C-state tables' (Thomas Tai) [Orabug: 34081688]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-08-15T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21505", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-2588", "CVE-2022-29901"], "modified": "2022-08-15T00:00:00", "id": "ELSA-2022-9709", "href": "http://linux.oracle.com/errata/ELSA-2022-9709.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-15T18:31:19", "description": "r[ 5.4.17-2136.310.7]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588}\n- x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: remove incorrect __init/__ro_after_init annotations (Ankur Arora) [Orabug: 34455621]\n[5.4.17-2136.310.6]\n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- Revert 'hwmon: Make chip parameter for with_info API mandatory' (Greg Kroah-Hartman) [Orabug: 34423806] \n- ext4: make variable 'count' signed (Ding Xiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf)\n[5.4.17-2136.310.5]\n- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Paolo Bonzini) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Disable RRSBA behavior (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/exec: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/VMX: Use TEST %REG,%REG instead of CMP /u03/ksharma/errata_processing/work/el7uek6/db_7uek6.ELSA-2022-9710,%REG in vmenter.S (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kbuild/objtool: Add objtool-vmlinux.o pass (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add retbleed=ibpb (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/xen: Rename SYS* entry points (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Update Retpoline validation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- intel_idle: Disable IBRS during long idle (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Add kernel IBRS implementation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report AMD retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add magic AMD return-thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vmlinux: Use INT3 instead of NOP for linker fill bytes (Kees Cook) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/realmode: build with __DISABLE_EXPORTS (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Use return-thunk in asm code (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bpf: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/ftrace: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86,objtool: Create .return_sites (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/mm: elide references to .discard.* from .return_sites (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Undo return-thunk damage (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Use -mfunction-return (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/alternative: Support not-feature (Juergen Gross) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/features: Move RETPOLINE flags to word 11 (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Classify symbols (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Create reloc sections implicitly (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add elf_create_reloc() helper (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rework the elf_rebuild_reloc_section() logic (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Handle per arch retpoline naming (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Correctly handle retpoline thunk calls (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Support retpoline jump detection for vmlinux.o (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add 'alt_group' struct (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Clean up elf_write() condition (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add support for relocations without addends (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename rela to reloc (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: optimize add_dead_ends for split sections (Sami Tolvanen) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Move the IRET hack into the arch decoder (Miroslav Benes) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename elf_read() to elf_open_read() (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Constify 'struct elf *' parameters (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize !vmlinux.o again (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Better handle IRET (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/unwind_hints: define unwind_hint_save, unwind_hint_restore (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add abstraction for destination offsets (Raphael Gault) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix off-by-one in symbol_by_offset() (Julien Thierry) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_rela_by_dest_range() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize read_sections() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename find_containing_func() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_*() and read_symbols() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add a statistics mode (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn_all() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Introduce validate_return() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Improve call destination function detection (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix clang switch table edge case (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add relocation check for alternative sections (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add is_static_jump() helper (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n[5.4.17-2136.310.4]\n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34400675] {CVE-2022-21505}\n- bnxt_en: Use page frag RX buffers for better software GRO performance (Jakub Kicinski) [Orabug: 34083551] \n- bnxt_en: enable interrupt sampling on 5750X for DIM (Andy Gospodarek) [Orabug: 34083551] \n- bnxt_en: Add event handler for PAUSE Storm event (Somnath Kotur) [Orabug: 34083551] \n- bnxt_en: reject indirect blk offload when hw-tc-offload is off (Sriharsha Basavapatna) [Orabug: 34083551] \n- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (Edwin Peer) [Orabug: 34083551] \n- bnxt_en: Fix error recovery regression (Michael Chan) [Orabug: 34083551] \n- bnxt_en: Fix possible unintended driver initiated error recovery (Michael Chan) [Orabug: 34083551] \n- bnxt: count discards due to memory allocation errors (Jakub Kicinski) [Orabug: 34083551] \n- bnxt: count packets discarded because of netpoll (Jakub Kicinski) [Orabug: 34083551] \n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364337] \n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364337] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371884]\n[5.4.17-2136.310.3]\n- RDS/IB: Fix RDS IB SRQ implementation and tune it (Hans Westgaard Ry) [Orabug: 31899472] \n- RDS/IB: Introduce bit_flag routines with memory-barrier for bit flags (Hans Westgaard Ry) [Orabug: 31899472] \n- xfs: don't fail unwritten extent conversion on writeback due to edquot (Darrick J. Wong) [Orabug: 33786167] \n- mm/page_alloc: reuse tail struct pages for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: improve memory savings for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: refactor core of vmemmap_populate_basepages() to helper (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: add a pgmap argument to section activation (Joao Martins) [Orabug: 34314763] \n- memory-failure: fetch compound_head after pgmap_pfn_valid() (Joao Martins) [Orabug: 34314763] \n- device-dax: compound devmap support (Joao Martins) [Orabug: 34314763] \n- device-dax: factor out page mapping initialization (Joao Martins) [Orabug: 34314763] \n- device-dax: ensure dev_dax->pgmap is valid for dynamic devices (Joao Martins) [Orabug: 34314763] \n- device-dax: use struct_size() (Joao Martins) [Orabug: 34314763] \n- device-dax: use ALIGN() for determining pgoff (Joao Martins) [Orabug: 34314763] \n- mm/memremap: add ZONE_DEVICE support for compound pages (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: refactor memmap_init_zone_device() page init (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: split prep_compound_page into head and tail subparts (Joao Martins) [Orabug: 34314763] \n- RDMA/umem: batch page unpin in __ib_umem_release() (Joao Martins) [Orabug: 34314763] \n- mm/gup: add a range variant of unpin_user_pages_dirty_lock() (Joao Martins) [Orabug: 34314763] \n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323859] {CVE-2022-2153}\n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 34330922] \n- x86/boot/compressed/64: Disable 5-level page tables on AMD (Boris Ostrovsky) [Orabug: 34366382]\n[5.4.17-2136.310.2]\n- LTS tag: v5.4.199 (Sherry Yang) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- LTS tag: v5.4.198 (Sherry Yang) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- mmc: block: Fix CQE recovery reset success (Adrian Hunter) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- scripts/gdb: change kernel config dumping method (Kuan-Ying Lee) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- cifs: version operations for smb20 unneeded when legacy support disabled (Steve French) \n- s390/gmap: voluntarily schedule during key setting (Christian Borntraeger) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- x86/cpu: Elide KCSAN for cpu_has() and friends (Peter Zijlstra) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- ceph: allow ceph.dir.rctime xattr to be updatable (Venky Shankar) \n- Revert 'net: af_key: add check for pfkey_broadcast in function pfkey_process' (Michal Kubecek) \n- scsi: myrb: Fix up null pointer access on myrb_cleanup() (Hannes Reinecke) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- watchdog: wdat_wdt: Stop watchdog when rebooting the system (Liu Xinpeng) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- staging: rtl8712: fix uninit-value in usb_read8() and friends (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: don't reset gadget's driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of 'out of frame' object (Kees Cook) \n- iio: st_sensors: Add a local lock for protecting odr (Miquel Raynal) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- ip_gre: test csum_start instead of transport header (Willem de Bruijn) \n- net/mlx5: fs, fail conflicting actions (Mark Bloch) \n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (Miaoqian Lin) \n- bpf, arm64: Clear prog->jited_len along prog->jited (Eric Dumazet) \n- af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- netfilter: nf_tables: memleak flow rule from commit path (Pablo Neira Ayuso) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- netfilter: nat: really support inet nat without l3 address (Florian Westphal) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- NFSv4: Don't hold the layoutget locks across multiple RPC calls (Trond Myklebust) \n- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (Radhey Shyam Pandey) \n- m68knommu: fix undefined reference to _init_sp' (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (Dongliang Mu) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tipc: check attribute length for bearer name (Hoang Le) \n- afs: Fix infinite loop found by xfstest generic/676 (David Howells) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- net: sched: add barrier to fix packet stuck problem for lockless qdisc (Guoju Fang) \n- net/mlx5e: Update netdev features after changing XDP state (Maxim Mikityanskiy) \n- net/mlx5: Don't use already freed action pointer (Leon Romanovsky) \n- nfp: only report pause frame configuration for physical device (Yu Xiao) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (Vincent Ray) \n- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (Jann Horn) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (Shengjiu Wang) \n- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (Miaoqian Lin) \n- driver core: fix deadlock in __device_attach (Zhang Wensheng) \n- driver: base: fix UAF when driver_attach failed (Schspa Shi) \n- bus: ti-sysc: Fix warnings for unbind for serial (Tony Lindgren) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: stm32-usart: Correct CSIZE, bits, and parity (Ilpo Jarvinen) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sifive: Sanitize CSIZE and c_iflag (Ilpo Jarvinen) \n- serial: sh-sci: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: rda-uart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- MIPS: IP27: Remove incorrect cpu_has_fpu' override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- Kconfig: add config option for asm goto w/ outputs (Nick Desaulniers) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: don't overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: don't need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Don't report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- PCI: imx6: Fix PERST# start-up sequence (Francesco Dolcini) \n- ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (Waiman Long) \n- proc: fix dentry/inode overinstantiating under /proc//net (Alexey Dobriyan) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export 'cpm_setbrg' for modules (Randy Dunlap) \n- dax: fix cache flush on PMD-mapped pages (Muchun Song) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- nvdimm: Allow overwrite in the presence of disabled dimms (Dan Williams) \n- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (Cristian Marussi) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- powerpc/fadump: fix PT_LOAD segment for boot memory area (Hari Bathini) \n- arm: mediatek: select arch timer for mt7629 (Chuanhong Guo) \n- crypto: marvell/cesa - ECB does not IV (Corentin Labbe) \n- misc: ocxl: fix possible double free in ocxl_file_register_afu (Hangyu Hua) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (Phil Elwell) \n- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (Phil Elwell) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- can: xilinx_can: mark bit timing constants as const (Marc Kleine-Budde) \n- KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (Sean Christopherson) \n- PCI: rockchip: Fix find_first_zero_bit() limit (Dan Carpenter) \n- PCI: cadence: Fix find_first_zero_bit() limit (Dan Carpenter) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- ARM: dts: suniv: F1C100: fix watchdog compatible (Andre Przywara) \n- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (Shawn Lin) \n- net/smc: postpone sk_refcnt increment in connect() (liuyacan) \n- rxrpc: Fix decision on when to generate an IDLE ACK (David Howells) \n- rxrpc: Don't let ack.previousPacket regress (David Howells) \n- rxrpc: Fix overlapping ACK accounting (David Howells) \n- rxrpc: Don't try to resend the request if we're receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (Duoming Zhou) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (Zheng Yongjun) \n- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (Hangyu Hua) \n- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (Miaoqian Lin) \n- ext4: reject the 'commit' option on ext2 filesystems (Eric Biggers) \n- media: ov7670: remove ov7670_power_off from ov7670_remove (Dongliang Mu) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: vsp1: Fix offset calculation for plane cropping (Michael Rodin) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- media: aspeed: Fix an error handling path in aspeed_video_probe() (Christophe JAILLET) \n- scripts/faddr2line: Fix overlapping text section failures (Josh Poimboeuf) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (Miaoqian Lin) \n- perf/amd/ibs: Use interrupt regs ip for stack unwinding (Ravi Bangoria) \n- Revert 'cpufreq: Fix possible race in cpufreq online error path' (Viresh Kumar) \n- iomap: iomap_write_failed fix (Andreas Gruenbacher) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (Jessica Zhang) \n- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (Jessica Zhang) \n- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (Zev Weiss) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (Daniel Thompson) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- virtio_blk: fix the discard_granularity and discard_alignment queue limits (Christoph Hellwig) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (Vinod Polimera) \n- perf tools: Add missing headers needed by util/data.h (Yang Jihong) \n- ASoC: rk3328: fix disabling mclk on pclk probe failure (Nicolas Frattaroli) \n- x86/speculation: Add missing prototype for unpriv_ebpf_notify() (Josh Poimboeuf) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- scsi: ufs: core: Exclude UECxx from SFR dump list (Kiwoong Kim) \n- of: overlay: do not break notify on NOTIFY_{OK|STOP} (Nuno Sa) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- cpufreq: Fix possible race in cpufreq online error path (Schspa Shi) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (Chengming Zhou) \n- drm/bridge: Fix error handling in analogix_dp_probe (Miaoqian Lin) \n- HID: elan: Fix potential double free in elan_input_configured (Miaoqian Lin) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- drbd: fix duplicate array initializer (Arnd Bergmann) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm: mali-dp: potential dereference of null pointer (Jiasheng Jiang) \n- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (Zhou Qingyang) \n- nl80211: show SSID for P2P_GO interfaces (Johannes Berg) \n- bpf: Fix excessive memory allocation in stack_map_alloc() (Yuntao Wang) \n- drm/vc4: txp: Force alpha to be 0xff if it's disabled (Maxime Ripard) \n- drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (Maxime Ripard) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- drm/bridge: adv7511: clean up CEC adapter when probe fails (Lucas Stach) \n- drm/edid: fix invalid EDID extension block filtering (Jani Nikula) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Linus Torvalds) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (Peng Wu) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/powernv: fix missing of_node_put in uv_init() (Lv Ruyi) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- powerpc/fadump: Fix fadump to work with a different endian capture kernel (Hari Bathini) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- PM / devfreq: rk3399_dmc: Disable edev on remove() (Brian Norris) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- IB/rdmavt: add missing locks in rvt_ruc_loopback (Niels Dossche) \n- selftests/bpf: fix btf_dump/btf_dump due to recent clang change (Yonghong Song) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- hwmon: Make chip parameter for with_info API mandatory (Guenter Roeck) \n- ASoC: max98357a: remove dependency on GPIOLIB (Pierre-Louis Bossart) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- nbd: Fix hung on disconnect request if socket is closed before (Xie Yongji) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- media: cec-adap.c: fix is_configuring state (Hans Verkuil) \n- media: coda: limit frame interval enumeration to supported encoder frame sizes (Philipp Zabel) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi: Fix pr_fmt to avoid compilation issues (Corey Minyard) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (Mario Limonciello) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (Patrice Chotard) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (Charles Keepax) \n- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (Dongliang Mu) \n- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (Alice Wong) \n- mlxsw: spectrum_dcb: Do not warn about priority changes (Petr Machata) \n- ASoC: dapm: Don't fold register value changes into notifications (Mark Brown) \n- net/mlx5: fs, delete the FTE when there are no rules attached to it (Mark Bloch) \n- ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm: msm: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (Alexandru Elisei) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- drm/plane: Move range check for format_count earlier (Steven Price) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- mmc: jz4740: Apply DMA engine limits to maximum segment size (Aidan MacDonald) \n- md/bitmap: don't set sb values if can't pass sanity check (Heming Zhao) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VAReNE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- tools/power turbostat: fix ICX DRAM power numbers (Len Brown) \n- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (Biju Das) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Siawinski) \n- drm/komeda: return early if drm_universal_plane_init() fails. (Liviu Dudau) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- fbcon: Consistently protect deferred_takeover with console_lock() (Daniel Vetter) \n- ipv6: fix locking issues with loops over idev->addr_list (Niels Dossche) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add '0x' prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (Eric W. Biederman) \n- perf/x86/intel: Fix event constraints for ICL (Kan Liang) \n- usb: core: hcd: Add support for deferring roothub registration (Kishon Vijay Abraham I) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (Marios Levogiannis) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- LTS tag: v5.4.197 (Sherry Yang) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- NFS: Memory allocation failures are not server fatal errors (Trond Myklebust) \n- docs: submitting-patches: Fix crossref to 'The canonical patch format' (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- tpm: Fix buffer access in tpm2_get_tpm_pt() (Stefan Mahnke-Hartmann) \n- HID: multitouch: Add support for Google Whiskers Touchpad (Marek Maslanka) \n- raid5: introduce MD_BROKEN (Mariusz Tkaczyk) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- crypto: ecrdsa - Fix incorrect use of vli_cmp (Vitaly Chikunov) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- cfg80211: set custom regdomain after wiphy registration (Miri Korenblit) \n- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (Mika Westerberg) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- pinctrl: sunxi: fix f1c100s uart2 function (IotaHydrae) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- media: vim2m: initialize the media device earlier (Hans Verkuil) \n- media: vim2m: Register video device after setting up internals (Sakari Ailus) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- Input: goodix - fix spurious key release events (Dmitry Mastykin) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner)\n[5.4.17-2136.310.1]\n- intel_idle: Fix max_cstate for processor models without C-state tables (Chen Yu) [Orabug: 34081688] \n- intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add 'preferred_cstates' module argument (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: Adjust the SKX C6 parameters if PC6 is disabled (Chen Yu) [Orabug: 34081688] \n- intel_idle: Clean up kerneldoc comments for multiple functions (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add __initdata annotations to init time variables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Relocate definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Simplify LAPIC timer reliability checks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'states_off' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'use_acpi' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up irtl_2_usec() (Rafael J. Wysocki) [Orabug: 34081688] \n- Documentation: admin-guide: PM: Add intel_idle document (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move 3 functions closer to their callers (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Annotate initialization code and data structures (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move and clean up intel_idle_cpuidle_devices_uninit() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Rearrange intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Fold intel_idle_probe() into intel_idle_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Eliminate __setup_broadcast_timer() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add module parameter to prevent ACPI _CST from being used (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Allow ACPI _CST to be used for selected known processors (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Allow idle states to be disabled by default (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Refactor intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Drop disabled field from struct cpuidle_state (Thomas Tai) [Orabug: 34081688] \n- cpuidle: Consolidate disabled state checks (Rafael J. Wysocki) [Orabug: 34081688] \n- Revert 'intel_idle: Use ACPI _CST for processor models without C-state tables' (Thomas Tai) [Orabug: 34081688]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-08-15T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21505", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-2588", "CVE-2022-29901"], "modified": "2022-08-15T00:00:00", "id": "ELSA-2022-9710", "href": "http://linux.oracle.com/errata/ELSA-2022-9710.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-09-21T22:44:06", "description": "[5.15.0-2.52.3.el8]\n- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585}\n- fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] \n- rds: ib: Add preemption control when using per-cpu variables (Hakon Bugge) [Orabug: 34505120] \n- ocfs2: fix handle refcount leak in two exception handling paths (Chenyuan Mi) [Orabug: 34436530] \n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510687] {CVE-2022-21385}\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476940] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476940] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476940] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476940] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476940] \n- Revert net/rds: Connect TCP backends deterministically (Gerd Rausch) [Orabug: 34476561] \n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- uek-rpm: Set CONFIG_VSOCKETS=m and CONFIG_VSOCKETS_DIAG=m (Victor Erminpour) [Orabug: 34461322] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419970] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414238]\n[5.15.0-2.52.2]\n- PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358322] \n- net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477072] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480751] \n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34484536] {CVE-2022-2588}\n[5.15.0-2.52.1]\n- LTS version: v5.15.52 (Jack Vogel) \n- io_uring: fix not locked access to fixed buf table (Pavel Begunkov) \n- net: mscc: ocelot: allow unregistered IP multicast flooding to CPU (Vladimir Oltean) \n- rtw88: rtw8821c: enable rfe 6 devices (Ping-Ke Shih) \n- rtw88: 8821c: support RFE type4 wifi NIC (Guo-Feng Fan) \n- fs: account for group membership (Christian Brauner) \n- fs: fix acl translation (Christian Brauner) \n- fs: support mapped mounts of mapped filesystems (Christian Brauner) \n- fs: add i_user_ns() helper (Christian Brauner) \n- fs: port higher-level mapping helpers (Christian Brauner) \n- fs: remove unused low-level mapping helpers (Christian Brauner) \n- fs: use low-level mapping helpers (Christian Brauner) \n- docs: update mapping documentation (Christian Brauner) \n- fs: account for filesystem mappings (Christian Brauner) \n- fs: tweak fsuidgid_has_mapping() (Christian Brauner) \n- fs: move mapping helpers (Christian Brauner) \n- fs: add is_idmapped_mnt() helper (Christian Brauner) \n- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) \n- xfs: Fix the free logic of state in xfs_attr_node_hasname (Yang Xu) \n- xfs: use kmem_cache_free() for kmem_cache objects (Rustam Kovhaev) \n- bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (Coly Li) \n- tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Masahiro Yamada) \n- LTS version: v5.15.51 (Jack Vogel) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) \n- dma-direct: use the correct size for dma_set_encrypted() (Dexuan Cui) \n- perf build-id: Fix caching files with a wrong build ID (Adrian Hunter) \n- random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) \n- ARM: dts: bcm2711-rpi-400: Fix GPIO line names (Stefan Wahren) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (Aswath Govindraju) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (Alexander Stein) \n- drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (Kuogee Hsieh) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- powerpc/microwatt: wire up rng during setup_arch() (Jason A. Donenfeld) \n- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) \n- parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (Helge Deller) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (Jialin Zhang) \n- iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (Miaoqian Lin) \n- iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (Jialin Zhang) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (Yannick Brosseau) \n- iio: adc: stm32: Fix ADCs iteration in irq handler (Yannick Brosseau) \n- iio: afe: rescale: Fix boolean logic bug (Linus Walleij) \n- iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (Jean-Baptiste Maneyrol) \n- iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:kxcjk-1013: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:humidity:hts221: rearrange iio trigger get and register (Dmitry Rokosov) \n- f2fs: attach inline_data after setting compression (Jaegeuk Kim) \n- btrfs: fix deadlock with fsync+fiemap+transaction commit (Josef Bacik) \n- btrfs: dont set lock_owner when locking extent buffer for reading (Zygo Blaxell) \n- dt-bindings: usb: ehci: Increase the number of PHYs (Geert Uytterhoeven) \n- dt-bindings: usb: ohci: Increase the number of PHYs (Geert Uytterhoeven) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- USB: gadget: Fix double-free bug in raw_gadget driver (Alan Stern) \n- usb: gadget: Fix non-unique driver names in raw-gadget driver (Alan Stern) \n- xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (Utkarsh Patel) \n- xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (Tanveer Alam) \n- xhci: turn off port power in shutdown (Mathias Nyman) \n- usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (Andy Shevchenko) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- iio: magnetometer: yas530: Fix memchr_inv() misuse (Linus Walleij) \n- iio: mma8452: fix probe fail when device tree compatible is used. (Haibo Chen) \n- s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) \n- gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) \n- nvme: move the Samsung X5 quirk entry to the core quirks (Christoph Hellwig) \n- nvme-pci: add NO APST quirk for Kioxia device (Enzo Matsumiya) \n- sock: redo the psock vs ULP protection check (Jakub Kicinski) \n- Revert net/tls: fix tls_sk_proto_close executed repeatedly (Jakub Kicinski) \n- virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (Aidan MacDonald) \n- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) \n- ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) \n- afs: Fix dynamic root getattr (David Howells) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- xen-blkfront: Handle NULL gendisk (Jason Andryuk) \n- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (Jie2x Zhou) \n- udmabuf: add back sanity check (Gerd Hoffmann) \n- net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) \n- erspan: do not assume transport header is always set (Eric Dumazet) \n- perf arm-spe: Dont set data source if its not a memory operation (Leo Yan) \n- drm/msm/dp: force link training for display resolution change (Kuogee Hsieh) \n- drm/msm/dp: do not initialize phy until plugin interrupt received (Kuogee Hsieh) \n- drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (Kuogee Hsieh) \n- drm/msm/dp: Drop now unused hpd_high member (Bjorn Andersson) \n- drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (Kuogee Hsieh) \n- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) \n- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) \n- ethtool: Fix get module eeprom fallback (Ivan Vecera) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- igb: fix a use-after-free issue in igb_clean_tx_ring (Lorenzo Bianconi) \n- tipc: fix use-after-free Read in tipc_named_reinit (Hoang Le) \n- net: fix data-race in dev_isalive() (Eric Dumazet) \n- net: Write lock dev_base_lock without disabling bottom halves. (Sebastian Andrzej Siewior) \n- KVM: arm64: Prevent kmemleak from accessing pKVM memory (Quentin Perret) \n- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) \n- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (Saurabh Sengar) \n- bpf, x86: Fix tail call count offset calculation on bpf2bpf call (Jakub Sitnicki) \n- drm/sun4i: Fix crash during suspend after component bind failure (Samuel Holland) \n- bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) \n- drm/msm: use for_each_sgtable_sg to iterate over scatterlist (Jonathan Marek) \n- xsk: Fix generic transmit when completion queue reservation fails (Ciara Loftus) \n- scsi: iscsi: Exclude zero from the endpoint ID range (Sergey Gorenko) \n- drm/msm: Switch ordering of runpm put vs devfreq_idle (Rob Clark) \n- scsi: scsi_debug: Fix zone transition to full condition (Damien Le Moal) \n- netfilter: use get_random_u32 instead of prandom (Florian Westphal) \n- drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) \n- drm/msm: Ensure mmap offset is initialized (Rob Clark) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- USB: serial: pl2303: add support for more HXN (G) types (Johan Hovold) \n- drm/i915: Implement w/a 22010492432 for adl-s (Ville Syrjala) \n- tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (Masami Hiramatsu (Google)) \n- dm mirror log: clear log bits up to BITS_PER_LONG boundary (Mikulas Patocka) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- mtd: rawnand: gpmi: Fix setting busy timeout setting (Sascha Hauer) \n- MAINTAINERS: Add new IOMMU development mailing list (Joerg Roedel) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- mmc: mediatek: wait dma stop bit reset to 0 (Mengqi Zhang) \n- mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (Chevron Li) \n- scsi: ibmvfc: Allocate/free queue resource only during probe/remove (Tyrel Datwyler) \n- scsi: ibmvfc: Store vhost pointer during subcrq allocation (Tyrel Datwyler) \n- btrfs: add error messages to all unrecognized mount options (David Sterba) \n- btrfs: prevent remounting to v1 space cache for subpage mount (Qu Wenruo) \n- btrfs: fix hang during unmount when block group reclaim task is running (Filipe Manana) \n- 9p: fix fid refcount leak in v9fs_vfs_get_link (Dominique Martinet) \n- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (Dominique Martinet) \n- 9p: Fix refcounting during full path walks for fid lookups (Tyler Hicks) \n- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Rosemarie ORiorden) \n- ALSA: hda/realtek: Add quirk for Clevo NS50PU (Tim Crawford) \n- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (Tim Crawford) \n- ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (Takashi Iwai) \n- ALSA: hda/realtek - ALC897 headset MIC no sound (Kailang Yang) \n- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (Soham Sen) \n- ALSA: hda/conexant: Fix missing beep setup (Takashi Iwai) \n- ALSA: hda/via: Fix missing beep setup (Takashi Iwai) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- LTS version: v5.15.50 (Jack Vogel) \n- arm64: mm: Dont invalidate FROM_DEVICE buffers at start of DMA transfer (Will Deacon) \n- serial: core: Initialize rs485 RTS polarity already on probe (Lukas Wunner) \n- selftests/bpf: Add selftest for calling global functions from freplace (Toke Hoiland-Jorgensen) \n- bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (Toke Hoiland-Jorgensen) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- zonefs: fix zonefs_iomap_begin() for reads (Damien Le Moal) \n- drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Nicholas Kazlauskas) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- LTS version: v5.15.49 (Jack Vogel) \n- clk: imx8mp: fix usb_root_clk parent (Peng Fan) \n(Masahiro Yamada) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (Andy Chi) \n- KVM: arm64: Dont read a HW interrupt pending state in user context (Marc Zyngier) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable count signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- ext4: fix super block checksum incorrect after mount (Ye Bin) \n- cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (Sami Tolvanen) \n- drm/amd/display: Cap OLED brightness per max frame-average luminance (Roman Li) \n- dm mirror log: round up region bitmap size to BITS_PER_LONG (Mikulas Patocka) \n- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (Shinichiro Kawasaki) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Tony Lindgren) \n- usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: cdnsp: Fixed setting last_trb incorrectly (Jing Leng) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- crypto: memneq - move into lib/ (Jason A. Donenfeld) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- mei: me: add raptor lake point S DID (Alexander Usyskin) \n- mei: hbm: drop capability response on early shutdown (Alexander Usyskin) \n- i2c: designware: Use standard optional ref clock implementation (Serge Semin) \n- sched: Fix balance_push() vs __sched_setscheduler() (Peter Zijlstra) \n- irqchip/realtek-rtl: Fix refcount leak in map_interrupts (Miaoqian Lin) \n- irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- i2c: npcm7xx: Add check for platform_driver_register (Jiasheng Jiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) \n- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (Bart Van Assche) \n- init: Initialize noop_backing_dev_info early (Jan Kara) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: consistently handle PLTs. (Mark Rutland) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (Duoming Zhou) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- mlxsw: spectrum_cnt: Reorder counter pools (Petr Machata) \n- nvme: add device name to warning in uuid_show() (Thomas WeiBschuh) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (Howard Chiu) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- extcon: ptn5150: Add queue work sync before driver release (Li Jun) \n- ksmbd: fix reference count leak in smb_check_perm_dacl() (Xin Xiong) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- soundwire: intel: prevent pm_runtime resume prior to system suspend (Pierre-Louis Bossart) \n- export: fix string handling of namespace in EXPORT_SYMBOL_NS (Greg Kroah-Hartman) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- power: supply: axp288_fuel_gauge: Drop BIOS version check from T3 MRD DMI quirk (Hans de Goede) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- misc/pvpanic: Convert regular spinlock into trylock on panic path (Guilherme G. Piccoli) \n- pvpanic: Fix typos in the comments (Andy Shevchenko) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (Arnaud Pouliquen) \n- rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (Hangyu Hua) \n- rpmsg: virtio: Fix possible double free in rpmsg_probe() (Hangyu Hua) \n- usb: typec: mux: Check dev_set_name() return value (Bjorn Andersson) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- misc: fastrpc: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (Wesley Cheng) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: raspberrypi-poe: Fix endianness in firmware struct (Uwe Kleine-Konig) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- remoteproc: imx_rproc: Ignore create mem entry for resource table (Peng Fan) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (Miaoqian Lin) \n- tty: n_tty: Restore EOF push handling behavior (Daniel Gibson) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP (Christophe Leroy) \n- lkdtm/bugs: Check for the NULL pointer after calling kmalloc (Jiasheng Jiang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- LTS version: v5.15.46 (Jack Vogel) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- pinctrl/rockchip: support setting input-enable param (Caleb Connolly) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- md: fix double free of io_acct_set bioset (Xiao Ni) \n- md: Dont set mddev private to NULL in raid0 pers->free (Xiao Ni) \n- fs/ntfs3: Fix invalid free in log_replay (Namjae Jeon) \n- exportfs: support idmapped mounts (Christian Brauner) \n- fs: add two trivial lookup helpers (Christian Brauner) \n- interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate (Mike Tipton) \n- interconnect: qcom: sc7180: Drop IP0 interconnects (Stephen Boyd) \n- ext4: only allow test_dummy_encryption when supported (Eric Biggers) \n- MIPS: IP30: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- RDMA/hns: Remove the num_cqc_timer variable (Yixing Liu) \n- staging: r8188eu: delete rtw_wx_read/write32() (Dan Carpenter) \n- Revert random: use static branch for crng_ready() (Jason A. Donenfeld) \n- list: test: Add a test for list_is_head() (David Gow) \n- kseltest/cgroup: Make test_stress.sh work if run interactively (Waiman Long) \n- net: ipa: fix page free in ipa_endpoint_replenish_one() (Alex Elder) \n- net: ipa: fix page free in ipa_endpoint_trans_release() (Alex Elder) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- coresight: core: Fix coresight device probe failure issue (Mao Jinlong) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- vdpasim: allow to enable a vq repeatedly (Eugenio Perez) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Steve French) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (Jonathan Bakker) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- clk: tegra: Add missing reset deassertion (Diogo Ivo) \n- arm64: tegra: Add missing DFLL reset on Tegra210 (Diogo Ivo) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: dont overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- bcache: avoid journal no-space deadlock by reserving 1 journal bucket (Coly Li) \n- bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_btree_check() (Coly Li) \n- stm: ltdc: fix two incorrect NULL checks on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- xtensa/simdisk: fix proc_read_simdisk() (Yi Yang) \n- mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (Miaohe Lin) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- mm/page_alloc: always attempt to allocate at least one page during bulk allocation (Mel Gorman) \n- Revert mm/cma.c: remove redundant cma_mutex lock (Dong Aisheng) \n- iommu/dma: Fix iova map result check bug (Yunfei Wang) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- ksmbd: fix outstanding credits related bugs (Hyunchul Lee) \n- ftrace: Clean up hash direct_functions on register failures (Song Liu) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- um: Use asm-generic/dma-mapping.h (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- cfg80211: declare MODULE_FIRMWARE for regulatory.db (Dimitri John Ledkov) \n- thermal: devfreq_cooling: use local ops instead of global ops (Kant Fan) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- csky: patch_text: Fixup last cpu should be master (Guo Ren) \n- mmc: core: Allows to override the timeout value for ioctl() path (Bean Huo) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/i915/dsi: fix VBT send packet port selection for ICL+ (Jani Nikula) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/nouveau/subdev/bus: Ratelimit logging for fault errors (Lyude Paul) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- landlock: Fix same-layer rule unions (Mickael Salaun) \n- landlock: Create find_rule() from unmask_layers() (Mickael Salaun) \n- landlock: Reduce the maximum number of layers to 16 (Mickael Salaun) \n- landlock: Define access_mask_t to enforce a consistent access mask size (Mickael Salaun) \n- selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (Mickael Salaun) \n- landlock: Change landlock_restrict_self(2) check ordering (Mickael Salaun) \n- landlock: Change landlock_add_rule(2) argument check ordering (Mickael Salaun) \n- selftests/landlock: Add tests for O_PATH (Mickael Salaun) \n- selftests/landlock: Fully test file rename with remove access (Mickael Salaun) \n- selftests/landlock: Extend access right tests to directories (Mickael Salaun) \n- selftests/landlock: Add tests for unknown access rights (Mickael Salaun) \n- selftests/landlock: Extend tests for minimal valid attribute size (Mickael Salaun) \n- selftests/landlock: Make tests build with old libc (Mickael Salaun) \n- landlock: Fix landlock_add_rule(2) documentation (Mickael Salaun) \n- samples/landlock: Format with clang-format (Mickael Salaun) \n- samples/landlock: Add clang-format exceptions (Mickael Salaun) \n- selftests/landlock: Format with clang-format (Mickael Salaun) \n- selftests/landlock: Normalize array assignment (Mickael Salaun) \n- selftests/landlock: Add clang-format exceptions (Mickael Salaun) \n- landlock: Format with clang-format (Mickael Salaun) \n- landlock: Add clang-format exceptions (Mickael Salaun) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: uninitialized variable on error in dlm_listen_for_all() (Dan Carpenter) \n- dlm: fix plock invalid read (Alexander Aring) \n- s390/stp: clock_delta should be signed (Sven Schnelle) \n- s390/perf: obtain sie_block from the right address (Nico Boehr) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- drm/amdgpu: add beige goby PCI ID (Alex Deucher) \n- tracing: Initialize integer variable to prevent garbage return value (Gautam Menghani) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (Laurent Vivier) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in __es_tree_search (Baokun Li) \n- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (Theodore Tso) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- bfq: Avoid false marking of bic as stably merged (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- objtool: Fix symbol creation (Peter Zijlstra) \n- objtool: Fix objtool regression on x32 systems (Mikulas Patocka) \n- f2fs: fix to do sanity check for inline inode (Chao Yu) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: dont use casefolded comparison for . and .. (Eric Biggers) \n- f2fs: fix to do sanity check on total_data_blocks (Chao Yu) \n- f2fs: dont need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- NFSv4.1 mark qualified async operations as MOVEABLE tasks (Olga Kornievskaia) \n- NFS: Convert GFP_NOFS to GFP_KERNEL (Trond Myklebust) \n- NFS: Create a new nfs_alloc_fattr_with_label() function (Anna Schumaker) \n- NFS: Always initialise fattr->label in nfs_fattr_alloc() (Trond Myklebust) \n- video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- perf build: Fix btf__load_from_kernel_by_id() feature check (Jiri Olsa) \n- i2c: rcar: fix PM ref counts in probe error paths (Kuninori Morimoto) \n- i2c: npcm: Handle spurious interrupts (Tali Perry) \n- i2c: npcm: Correct register access width (Tyrone Ting) \n- i2c: npcm: Fix timeout calculation (Tali Perry) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (Amelie Delaunay) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFS: Further fixes to the writeback error handling (Trond Myklebust) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Dont report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Dont report ENOSPC write errors twice (Trond Myklebust) \n- NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (Christophe JAILLET) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- iommu/mediatek: Fix NULL pointer dereference when printing dev_name (Miles Chen) \n- MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (Guenter Roeck) \n- iommu/arm-smmu-v3-sva: Fix mm use-after-free (Jean-Philippe Brucker) \n- cpufreq: mediatek: Unregister platform device on exit (Rex-BC Chen) \n- cpufreq: mediatek: Use module_init and add module_exit (Jia-Wei Chang) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (Yong Wu) \n- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Fix 2 HW sharing pgtable issue (Yong Wu) \n- iommu/amd: Enable swiotlb in all cases (Mario Limonciello) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- f2fs: fix to do sanity check on inline_dots inode (Chao Yu) \n- f2fs: support fault injection for dquot_initialize() (Chao Yu) \n- OPP: call of_node_put() on error path in _bandwidth_supported() (Dan Carpenter) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (Wanpeng Li) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- nfsd: destroy percpu stats counters after reply cache shutdown (Julian Schroeder) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/xive: Fix refcount leak in xive_spapr_init (Miaoqian Lin) \n- powerpc/xive: Add some error handling code to xive_spapr_init() (Christophe JAILLET) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/perf: Fix the threshold compare group constraint for power10 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (Yang Yingliang) \n- PCI: microchip: Fix potential race in interrupt handling (Daire McNamara) \n- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (Kuppuswamy Sathyanarayanan) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- hugetlbfs: fix hugetlbfs_statfs() locking (Mina Almasry) \n- ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (Eugen Hristev) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-21T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-34918"], "modified": "2022-09-21T00:00:00", "id": "ELSA-2022-9830", "href": "http://linux.oracle.com/errata/ELSA-2022-9830.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-03T16:36:33", "description": "[3.10.0-1160.80.1.0.1.OL7]\n- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}\n[3.10.0-1160.80.1.OL7]\n- Update Oracle Linux certificates (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9\n- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)\n[3.10.0-1160.80.1]\n- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (Dick Kennedy) [1969988]\n- scsi: lpfc: Fix illegal memory access on Abort IOCBs (Dick Kennedy) [1969988]\n- NFS: Fix extra call to dput() in nfs_prime_dcache (Benjamin Coddington) [2117856]\n[3.10.0-1160.79.1]\n- x86/speculation: Add LFENCE to RSB fill sequence (Rafael Aquini) [2115073] {CVE-2022-26373}\n- x86/speculation: Protect against userspace-userspace spectreRSB (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/speculation: cope with spectre_v2=retpoline cmdline on retbleed-affected Intel CPUs (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/speculation: Disable RRSBA behavior (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kexec: Disable RET on kexec (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpu/amd: Enumerate BTC_NO (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/common: Stamp out the stepping madness (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpu/amd: Add Spectral Chicken (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Do IBPB fallback check only once (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Add retbleed=ibpb (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Report Intel retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Enable STIBP for JMP2RET (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Add AMD retbleed= boot parameter (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Report AMD retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Add magic AMD return-thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Use return-thunk in asm code (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/sev: Avoid using __x86_return_thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: Fix SETcc emulation for return thunks (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86,objtool: Create .return_sites (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Undo return-thunk damage (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/retpoline: Use -mfunction-return (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Move RETPOLINE flags to word 11 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- objtool: Add ELF writing capability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Prepare asm files for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Prepare inline-asm for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: Fix fastop function ELF metadata (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: Move kvm_fastop_exception to .fixup section (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/vdso: Fix vDSO build if a retpoline is emitted (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Carve out CQM features retrieval (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Re-tabulate the X86_FEATURE definitions (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeature: Move processor tracing out of scattered features (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/alternatives: Cleanup DPRINTK macro (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n[3.10.0-1160.78.1]\n- net_sched: cls_route: remove from list when handle is 0 (Davide Caratti) [2121809] {CVE-2022-2588}\n[3.10.0-1160.77.1]\n- net/mlx5: Add Fast teardown support (Jay Shin) [2077711]\n- net/mlx5: Free IRQs in shutdown path (Jay Shin) [2077711]\n- net/mlx5: Change teardown with force mode failure message to warning (Jay Shin) [2077711]\n- net/mlx5: Cancel health poll before sending panic teardown command (Jay Shin) [2077711]\n- net/mlx5: Add fast unload support in shutdown flow (Jay Shin) [2077711]\n- net/mlx5: Expose command polling interface (Jay Shin) [2077711]\n- posix-timers: Remove remaining uses of tasklist_lock (Oleg Nesterov) [2115147]\n- posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (Oleg Nesterov) [2115147]\n- posix-cpu-timers: remove tasklist_lock in posix_cpu_clock_get() (Oleg Nesterov) [2115147]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-11-03T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-11-03T00:00:00", "id": "ELSA-2022-7337", "href": "http://linux.oracle.com/errata/ELSA-2022-7337.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-09-21T22:44:04", "description": "[5.15.0-2.52.3]\n- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585}\n- fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] \n- rds: ib: Add preemption control when using per-cpu variables (Hakon Bugge) [Orabug: 34505120] \n- ocfs2: fix handle refcount leak in two exception handling paths (Chenyuan Mi) [Orabug: 34436530] \n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510687] {CVE-2022-21385}\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476940] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476940] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476940] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476940] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476940] \n- Revert net/rds: Connect TCP backends deterministically (Gerd Rausch) [Orabug: 34476561] \n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- uek-rpm: Set CONFIG_VSOCKETS=m and CONFIG_VSOCKETS_DIAG=m (Victor Erminpour) [Orabug: 34461322] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419970] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414238]\n[5.15.0-2.52.2]\n- PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358322] \n- net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477072] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480751] \n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34484536] {CVE-2022-2588}\n[5.15.0-2.52.1]\n- LTS version: v5.15.52 (Jack Vogel) \n- io_uring: fix not locked access to fixed buf table (Pavel Begunkov) \n- net: mscc: ocelot: allow unregistered IP multicast flooding to CPU (Vladimir Oltean) \n- rtw88: rtw8821c: enable rfe 6 devices (Ping-Ke Shih) \n- rtw88: 8821c: support RFE type4 wifi NIC (Guo-Feng Fan) \n- fs: account for group membership (Christian Brauner) \n- fs: fix acl translation (Christian Brauner) \n- fs: support mapped mounts of mapped filesystems (Christian Brauner) \n- fs: add i_user_ns() helper (Christian Brauner) \n- fs: port higher-level mapping helpers (Christian Brauner) \n- fs: remove unused low-level mapping helpers (Christian Brauner) \n- fs: use low-level mapping helpers (Christian Brauner) \n- docs: update mapping documentation (Christian Brauner) \n- fs: account for filesystem mappings (Christian Brauner) \n- fs: tweak fsuidgid_has_mapping() (Christian Brauner) \n- fs: move mapping helpers (Christian Brauner) \n- fs: add is_idmapped_mnt() helper (Christian Brauner) \n- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) \n- xfs: Fix the free logic of state in xfs_attr_node_hasname (Yang Xu) \n- xfs: use kmem_cache_free() for kmem_cache objects (Rustam Kovhaev) \n- bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (Coly Li) \n- tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Masahiro Yamada) \n- LTS version: v5.15.51 (Jack Vogel) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) \n- dma-direct: use the correct size for dma_set_encrypted() (Dexuan Cui) \n- perf build-id: Fix caching files with a wrong build ID (Adrian Hunter) \n- random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) \n- ARM: dts: bcm2711-rpi-400: Fix GPIO line names (Stefan Wahren) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (Aswath Govindraju) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (Alexander Stein) \n- drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (Kuogee Hsieh) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- powerpc/microwatt: wire up rng during setup_arch() (Jason A. Donenfeld) \n- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) \n- parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (Helge Deller) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (Jialin Zhang) \n- iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (Miaoqian Lin) \n- iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (Jialin Zhang) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (Yannick Brosseau) \n- iio: adc: stm32: Fix ADCs iteration in irq handler (Yannick Brosseau) \n- iio: afe: rescale: Fix boolean logic bug (Linus Walleij) \n- iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (Jean-Baptiste Maneyrol) \n- iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:kxcjk-1013: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:humidity:hts221: rearrange iio trigger get and register (Dmitry Rokosov) \n- f2fs: attach inline_data after setting compression (Jaegeuk Kim) \n- btrfs: fix deadlock with fsync+fiemap+transaction commit (Josef Bacik) \n- btrfs: dont set lock_owner when locking extent buffer for reading (Zygo Blaxell) \n- dt-bindings: usb: ehci: Increase the number of PHYs (Geert Uytterhoeven) \n- dt-bindings: usb: ohci: Increase the number of PHYs (Geert Uytterhoeven) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- USB: gadget: Fix double-free bug in raw_gadget driver (Alan Stern) \n- usb: gadget: Fix non-unique driver names in raw-gadget driver (Alan Stern) \n- xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (Utkarsh Patel) \n- xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (Tanveer Alam) \n- xhci: turn off port power in shutdown (Mathias Nyman) \n- usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (Andy Shevchenko) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- iio: magnetometer: yas530: Fix memchr_inv() misuse (Linus Walleij) \n- iio: mma8452: fix probe fail when device tree compatible is used. (Haibo Chen) \n- s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) \n- gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) \n- nvme: move the Samsung X5 quirk entry to the core quirks (Christoph Hellwig) \n- nvme-pci: add NO APST quirk for Kioxia device (Enzo Matsumiya) \n- sock: redo the psock vs ULP protection check (Jakub Kicinski) \n- Revert net/tls: fix tls_sk_proto_close executed repeatedly (Jakub Kicinski) \n- virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (Aidan MacDonald) \n- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) \n- ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) \n- afs: Fix dynamic root getattr (David Howells) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- xen-blkfront: Handle NULL gendisk (Jason Andryuk) \n- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (Jie2x Zhou) \n- udmabuf: add back sanity check (Gerd Hoffmann) \n- net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) \n- erspan: do not assume transport header is always set (Eric Dumazet) \n- perf arm-spe: Dont set data source if its not a memory operation (Leo Yan) \n- drm/msm/dp: force link training for display resolution change (Kuogee Hsieh) \n- drm/msm/dp: do not initialize phy until plugin interrupt received (Kuogee Hsieh) \n- drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (Kuogee Hsieh) \n- drm/msm/dp: Drop now unused hpd_high member (Bjorn Andersson) \n- drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (Kuogee Hsieh) \n- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) \n- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) \n- ethtool: Fix get module eeprom fallback (Ivan Vecera) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- igb: fix a use-after-free issue in igb_clean_tx_ring (Lorenzo Bianconi) \n- tipc: fix use-after-free Read in tipc_named_reinit (Hoang Le) \n- net: fix data-race in dev_isalive() (Eric Dumazet) \n- net: Write lock dev_base_lock without disabling bottom halves. (Sebastian Andrzej Siewior) \n- KVM: arm64: Prevent kmemleak from accessing pKVM memory (Quentin Perret) \n- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) \n- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (Saurabh Sengar) \n- bpf, x86: Fix tail call count offset calculation on bpf2bpf call (Jakub Sitnicki) \n- drm/sun4i: Fix crash during suspend after component bind failure (Samuel Holland) \n- bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) \n- drm/msm: use for_each_sgtable_sg to iterate over scatterlist (Jonathan Marek) \n- xsk: Fix generic transmit when completion queue reservation fails (Ciara Loftus) \n- scsi: iscsi: Exclude zero from the endpoint ID range (Sergey Gorenko) \n- drm/msm: Switch ordering of runpm put vs devfreq_idle (Rob Clark) \n- scsi: scsi_debug: Fix zone transition to full condition (Damien Le Moal) \n- netfilter: use get_random_u32 instead of prandom (Florian Westphal) \n- drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) \n- drm/msm: Ensure mmap offset is initialized (Rob Clark) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- USB: serial: pl2303: add support for more HXN (G) types (Johan Hovold) \n- drm/i915: Implement w/a 22010492432 for adl-s (Ville Syrjala) \n- tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (Masami Hiramatsu (Google)) \n- dm mirror log: clear log bits up to BITS_PER_LONG boundary (Mikulas Patocka) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- mtd: rawnand: gpmi: Fix setting busy timeout setting (Sascha Hauer) \n- MAINTAINERS: Add new IOMMU development mailing list (Joerg Roedel) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- mmc: mediatek: wait dma stop bit reset to 0 (Mengqi Zhang) \n- mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (Chevron Li) \n- scsi: ibmvfc: Allocate/free queue resource only during probe/remove (Tyrel Datwyler) \n- scsi: ibmvfc: Store vhost pointer during subcrq allocation (Tyrel Datwyler) \n- btrfs: add error messages to all unrecognized mount options (David Sterba) \n- btrfs: prevent remounting to v1 space cache for subpage mount (Qu Wenruo) \n- btrfs: fix hang during unmount when block group reclaim task is running (Filipe Manana) \n- 9p: fix fid refcount leak in v9fs_vfs_get_link (Dominique Martinet) \n- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (Dominique Martinet) \n- 9p: Fix refcounting during full path walks for fid lookups (Tyler Hicks) \n- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Rosemarie ORiorden) \n- ALSA: hda/realtek: Add quirk for Clevo NS50PU (Tim Crawford) \n- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (Tim Crawford) \n- ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (Takashi Iwai) \n- ALSA: hda/realtek - ALC897 headset MIC no sound (Kailang Yang) \n- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (Soham Sen) \n- ALSA: hda/conexant: Fix missing beep setup (Takashi Iwai) \n- ALSA: hda/via: Fix missing beep setup (Takashi Iwai) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- LTS version: v5.15.50 (Jack Vogel) \n- arm64: mm: Dont invalidate FROM_DEVICE buffers at start of DMA transfer (Will Deacon) \n- serial: core: Initialize rs485 RTS polarity already on probe (Lukas Wunner) \n- selftests/bpf: Add selftest for calling global functions from freplace (Toke Hoiland-Jorgensen) \n- bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (Toke Hoiland-Jorgensen) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- zonefs: fix zonefs_iomap_begin() for reads (Damien Le Moal) \n- drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Nicholas Kazlauskas) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- LTS version: v5.15.49 (Jack Vogel) \n- clk: imx8mp: fix usb_root_clk parent (Peng Fan) \n(Masahiro Yamada) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (Andy Chi) \n- KVM: arm64: Dont read a HW interrupt pending state in user context (Marc Zyngier) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable count signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- ext4: fix super block checksum incorrect after mount (Ye Bin) \n- cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (Sami Tolvanen) \n- drm/amd/display: Cap OLED brightness per max frame-average luminance (Roman Li) \n- dm mirror log: round up region bitmap size to BITS_PER_LONG (Mikulas Patocka) \n- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (Shinichiro Kawasaki) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Tony Lindgren) \n- usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: cdnsp: Fixed setting last_trb incorrectly (Jing Leng) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- crypto: memneq - move into lib/ (Jason A. Donenfeld) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- mei: me: add raptor lake point S DID (Alexander Usyskin) \n- mei: hbm: drop capability response on early shutdown (Alexander Usyskin) \n- i2c: designware: Use standard optional ref clock implementation (Serge Semin) \n- sched: Fix balance_push() vs __sched_setscheduler() (Peter Zijlstra) \n- irqchip/realtek-rtl: Fix refcount leak in map_interrupts (Miaoqian Lin) \n- irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- i2c: npcm7xx: Add check for platform_driver_register (Jiasheng Jiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) \n- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (Bart Van Assche) \n- init: Initialize noop_backing_dev_info early (Jan Kara) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: consistently handle PLTs. (Mark Rutland) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (Duoming Zhou) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- mlxsw: spectrum_cnt: Reorder counter pools (Petr Machata) \n- nvme: add device name to warning in uuid_show() (Thomas WeiBschuh) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (Howard Chiu) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- extcon: ptn5150: Add queue work sync before driver release (Li Jun) \n- ksmbd: fix reference count leak in smb_check_perm_dacl() (Xin Xiong) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- soundwire: intel: prevent pm_runtime resume prior to system suspend (Pierre-Louis Bossart) \n- export: fix string handling of namespace in EXPORT_SYMBOL_NS (Greg Kroah-Hartman) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- power: supply: axp288_fuel_gauge: Drop BIOS version check from T3 MRD DMI quirk (Hans de Goede) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- misc/pvpanic: Convert regular spinlock into trylock on panic path (Guilherme G. Piccoli) \n- pvpanic: Fix typos in the comments (Andy Shevchenko) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (Arnaud Pouliquen) \n- rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (Hangyu Hua) \n- rpmsg: virtio: Fix possible double free in rpmsg_probe() (Hangyu Hua) \n- usb: typec: mux: Check dev_set_name() return value (Bjorn Andersson) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- misc: fastrpc: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (Wesley Cheng) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: raspberrypi-poe: Fix endianness in firmware struct (Uwe Kleine-Konig) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- remoteproc: imx_rproc: Ignore create mem entry for resource table (Peng Fan) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (Miaoqian Lin) \n- tty: n_tty: Restore EOF push handling behavior (Daniel Gibson) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP (Christophe Leroy) \n- lkdtm/bugs: Check for the NULL pointer after calling kmalloc (Jiasheng Jiang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- LTS version: v5.15.46 (Jack Vogel) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- pinctrl/rockchip: support setting input-enable param (Caleb Connolly) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- md: fix double free of io_acct_set bioset (Xiao Ni) \n- md: Dont set mddev private to NULL in raid0 pers->free (Xiao Ni) \n- fs/ntfs3: Fix invalid free in log_replay (Namjae Jeon) \n- exportfs: support idmapped mounts (Christian Brauner) \n- fs: add two trivial lookup helpers (Christian Brauner) \n- interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate (Mike Tipton) \n- interconnect: qcom: sc7180: Drop IP0 interconnects (Stephen Boyd) \n- ext4: only allow test_dummy_encryption when supported (Eric Biggers) \n- MIPS: IP30: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- RDMA/hns: Remove the num_cqc_timer variable (Yixing Liu) \n- staging: r8188eu: delete rtw_wx_read/write32() (Dan Carpenter) \n- Revert random: use static branch for crng_ready() (Jason A. Donenfeld) \n- list: test: Add a test for list_is_head() (David Gow) \n- kseltest/cgroup: Make test_stress.sh work if run interactively (Waiman Long) \n- net: ipa: fix page free in ipa_endpoint_replenish_one() (Alex Elder) \n- net: ipa: fix page free in ipa_endpoint_trans_release() (Alex Elder) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- coresight: core: Fix coresight device probe failure issue (Mao Jinlong) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- vdpasim: allow to enable a vq repeatedly (Eugenio Perez) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Steve French) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (Jonathan Bakker) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- clk: tegra: Add missing reset deassertion (Diogo Ivo) \n- arm64: tegra: Add missing DFLL reset on Tegra210 (Diogo Ivo) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: dont overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- bcache: avoid journal no-space deadlock by reserving 1 journal bucket (Coly Li) \n- bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_btree_check() (Coly Li) \n- stm: ltdc: fix two incorrect NULL checks on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- xtensa/simdisk: fix proc_read_simdisk() (Yi Yang) \n- mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (Miaohe Lin) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- mm/page_alloc: always attempt to allocate at least one page during bulk allocation (Mel Gorman) \n- Revert mm/cma.c: remove redundant cma_mutex lock (Dong Aisheng) \n- iommu/dma: Fix iova map result check bug (Yunfei Wang) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- ksmbd: fix outstanding credits related bugs (Hyunchul Lee) \n- ftrace: Clean up hash direct_functions on register failures (Song Liu) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- um: Use asm-generic/dma-mapping.h (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- cfg80211: declare MODULE_FIRMWARE for regulatory.db (Dimitri John Ledkov) \n- thermal: devfreq_cooling: use local ops instead of global ops (Kant Fan) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- csky: patch_text: Fixup last cpu should be master (Guo Ren) \n- mmc: core: Allows to override the timeout value for ioctl() path (Bean Huo) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/i915/dsi: fix VBT send packet port selection for ICL+ (Jani Nikula) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/nouveau/subdev/bus: Ratelimit logging for fault errors (Lyude Paul) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- landlock: Fix same-layer rule unions (Mickael Salaun) \n- landlock: Create find_rule() from unmask_layers() (Mickael Salaun) \n- landlock: Reduce the maximum number of layers to 16 (Mickael Salaun) \n- landlock: Define access_mask_t to enforce a consistent access mask size (Mickael Salaun) \n- selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (Mickael Salaun) \n- landlock: Change landlock_restrict_self(2) check ordering (Mickael Salaun) \n- landlock: Change landlock_add_rule(2) argument check ordering (Mickael Salaun) \n- selftests/landlock: Add tests for O_PATH (Mickael Salaun) \n- selftests/landlock: Fully test file rename with remove access (Mickael Salaun) \n- selftests/landlock: Extend access right tests to directories (Mickael Salaun) \n- selftests/landlock: Add tests for unknown access rights (Mickael Salaun) \n- selftests/landlock: Extend tests for minimal valid attribute size (Mickael Salaun) \n- selftests/landlock: Make tests build with old libc (Mickael Salaun) \n- landlock: Fix landlock_add_rule(2) documentation (Mickael Salaun) \n- samples/landlock: Format with clang-format (Mickael Salaun) \n- samples/landlock: Add clang-format exceptions (Mickael Salaun) \n- selftests/landlock: Format with clang-format (Mickael Salaun) \n- selftests/landlock: Normalize array assignment (Mickael Salaun) \n- selftests/landlock: Add clang-format exceptions (Mickael Salaun) \n- landlock: Format with clang-format (Mickael Salaun) \n- landlock: Add clang-format exceptions (Mickael Salaun) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: uninitialized variable on error in dlm_listen_for_all() (Dan Carpenter) \n- dlm: fix plock invalid read (Alexander Aring) \n- s390/stp: clock_delta should be signed (Sven Schnelle) \n- s390/perf: obtain sie_block from the right address (Nico Boehr) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- drm/amdgpu: add beige goby PCI ID (Alex Deucher) \n- tracing: Initialize integer variable to prevent garbage return value (Gautam Menghani) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (Laurent Vivier) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in __es_tree_search (Baokun Li) \n- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (Theodore Tso) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- bfq: Avoid false marking of bic as stably merged (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- objtool: Fix symbol creation (Peter Zijlstra) \n- objtool: Fix objtool regression on x32 systems (Mikulas Patocka) \n- f2fs: fix to do sanity check for inline inode (Chao Yu) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: dont use casefolded comparison for . and .. (Eric Biggers) \n- f2fs: fix to do sanity check on total_data_blocks (Chao Yu) \n- f2fs: dont need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- NFSv4.1 mark qualified async operations as MOVEABLE tasks (Olga Kornievskaia) \n- NFS: Convert GFP_NOFS to GFP_KERNEL (Trond Myklebust) \n- NFS: Create a new nfs_alloc_fattr_with_label() function (Anna Schumaker) \n- NFS: Always initialise fattr->label in nfs_fattr_alloc() (Trond Myklebust) \n- video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- perf build: Fix btf__load_from_kernel_by_id() feature check (Jiri Olsa) \n- i2c: rcar: fix PM ref counts in probe error paths (Kuninori Morimoto) \n- i2c: npcm: Handle spurious interrupts (Tali Perry) \n- i2c: npcm: Correct register access width (Tyrone Ting) \n- i2c: npcm: Fix timeout calculation (Tali Perry) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (Amelie Delaunay) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFS: Further fixes to the writeback error handling (Trond Myklebust) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Dont report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Dont report ENOSPC write errors twice (Trond Myklebust) \n- NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (Christophe JAILLET) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- iommu/mediatek: Fix NULL pointer dereference when printing dev_name (Miles Chen) \n- MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (Guenter Roeck) \n- iommu/arm-smmu-v3-sva: Fix mm use-after-free (Jean-Philippe Brucker) \n- cpufreq: mediatek: Unregister platform device on exit (Rex-BC Chen) \n- cpufreq: mediatek: Use module_init and add module_exit (Jia-Wei Chang) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (Yong Wu) \n- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Fix 2 HW sharing pgtable issue (Yong Wu) \n- iommu/amd: Enable swiotlb in all cases (Mario Limonciello) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- f2fs: fix to do sanity check on inline_dots inode (Chao Yu) \n- f2fs: support fault injection for dquot_initialize() (Chao Yu) \n- OPP: call of_node_put() on error path in _bandwidth_supported() (Dan Carpenter) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (Wanpeng Li) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- nfsd: destroy percpu stats counters after reply cache shutdown (Julian Schroeder) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/xive: Fix refcount leak in xive_spapr_init (Miaoqian Lin) \n- powerpc/xive: Add some error handling code to xive_spapr_init() (Christophe JAILLET) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/perf: Fix the threshold compare group constraint for power10 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (Yang Yingliang) \n- PCI: microchip: Fix potential race in interrupt handling (Daire McNamara) \n- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (Kuppuswamy Sathyanarayanan) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- hugetlbfs: fix hugetlbfs_statfs() locking (Mina Almasry) \n- ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (Eugen Hristev) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-21T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-34918"], "modified": "2022-09-21T00:00:00", "id": "ELSA-2022-9827", "href": "http://linux.oracle.com/errata/ELSA-2022-9827.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-26T15:28:41", "description": "[4.18.0-372.32.1.0.1_6.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\n- debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499}\n[4.18.0-372.32.1_6]\n- net: atlantic: remove aq_nic_deinit() when resume (Inigo Huguet) [2131936 2130839]\n- net: atlantic: remove deep parameter on suspend/resume functions (Inigo Huguet) [2131936 2130839]\n- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2129923 2123508]\n- drm/nouveau: recognise GA103 (Karol Herbst) [2127122 1923125]\n- net: fix a memleak when uncloning an skb dst and its metadata (Hangbin Liu) [2131255 2068355]\n- net: do not keep the dst cache when uncloning an skb dst and its metadata (Hangbin Liu) [2131255 2068355]\n- intel_idle: Fix false positive RCU splats due to incorrect hardirqs state (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/spec_ctrl: Enable RHEL only ibrs_always & retpoline,ibrs_user spectre_v2 options (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- efi/x86: use naked RET on mixed mode call wrapper (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Remove apostrophe typo (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Mark retbleed_strings static (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Disable RRSBA behavior (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kexec: Disable RET on kexec (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- redhat/configs: Add new mitigation configs for RetBleed CVEs (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retbleed: Add fine grained Kconfig knobs (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/amd: Enumerate BTC_NO (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/common: Stamp out the stepping madness (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Prevent RSB underflow before vmenter (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Fill RSB on vmexit for IBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Fix IBRS handling after vmexit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Convert launched argument to flags (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Remove x86_spec_ctrl_mask (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/amd: Add Spectral Chicken (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Do IBPB fallback check only once (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Add retbleed=ibpb (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Update Retpoline validation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- intel_idle: Disable IBRS during long idle (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Report Intel retbleed vulnerability (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Add kernel IBRS implementation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Enable STIBP for JMP2RET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Add AMD retbleed= boot parameter (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Report AMD retbleed vulnerability (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Add magic AMD return-thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Use return-thunk in asm code (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/sev: Avoid using __x86_return_thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kvm: Fix SETcc emulation for return thunks (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bpf: Use alternative RET encoding (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use alternative RET encoding (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86,objtool: Create .return_sites (Josh Poimboeuf) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Undo return-thunk damage (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retpoline: Use -mfunction-return (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retpoline: Swizzle retpoline thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retpoline: Cleanup some #ifdefery (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpufeatures: Move RETPOLINE flags to word 11 (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kvm/vmx: Make noinstr clean (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- arch/x86/boot/compressed: Add -D__DISABLE_EXPORTS to kbuild flags (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: (Ab)use __DISABLE_EXPORTS to disable RETHUNK in real mode (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Remove skip_r11rcx (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation/srbds: Do not try to turn mitigation off when not supported (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/module: Fix the paravirt vs alternative order (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Add straight-line-speculation mitigation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Prepare inline-asm for straight-line-speculation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Prepare asm files for straight-line-speculation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Move RETPOLINE*_CFLAGS to arch Makefile (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- Makefile: remove stale cc-option checks (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tools headers: Remove broken definition of __LITTLE_ENDIAN (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf bench mem memcpy' (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Add insn_decode_kernel() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tools/insn: Restore the relative include paths for cross building (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Use insn_decode() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/insn: Add an insn_decode() API (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/insn: Rename insn_decode() to insn_decode_from_regs() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Add new features for paravirt patching (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Support not-feature (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Merge include files (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Fix error handling for STD/CLD warnings (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Teach text_poke_bp() to emulate RET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Have ftrace trampolines turn read-only at the end of system boot up (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Add support for intra-function calls (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Rework allocating stack_ops on decode (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Better handle IRET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Support multiple stack_op per instruction (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Make BP scratch register warning more robust (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kexec: Make relocate_kernel_64.S objtool clean (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Introduce validate_return() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- Makefile: disallow data races on gcc-10 as well (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Improve call destination function detection (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Implement a better poke_int3_handler() completion scheme (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- lib/: fix Kconfig indentation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Use INT3_INSN_SIZE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kprobes: Fix ordering while text-patching (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kprobes: Convert to text-patching.h (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Shrink text_poke_loc (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Remove text_poke_loc::len (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use text_gen_insn() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Add text_opcode_size() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use text_poke() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use vmalloc special flag (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Explicitly include vmalloc.h for set_vm_flush_reset_perms() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Add and use text_gen_insn() helper (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives, jump_label: Provide better text_poke() batching interface (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/asm: Annotate relocate_kernel_{32,64}.c (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: kprobes: Prohibit probing on instruction which has emulate prefix (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Correct misc typos (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation/mds: Apply more accurate check on hypervisor platform (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Convert insn type to enum (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Track original function across branches (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Make enable parameter bool where applicable (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Fix function fallthrough detection (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Detect over-sized patching bugs in paravirt_patch_call() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/amd: Exclude 32bit only assembler from 64bit build (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/asm: Mark all top level asm statements as .text (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/bugs: Use __initconst for 'const' init data (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Add Direction Flag validation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Rewrite add_ignores() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/nospec, objtool: Introduce ANNOTATE_IGNORE_ALTERNATIVE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- kbuild: Disable extra debugging info in .s output (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/CPU/AMD: Set the CPB bit unconditionally on F17h (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Print containing function (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Do not call function graph from dynamic trampolines (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- ftrace: Create new ftrace_internal.h header (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- kprobes/x86: Fix instruction patching corruption when copying more than one RIP-relative instruction (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tracing/Makefile: Fix handling redefinition of CC_FLAGS_FTRACE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Remove unused paravirt bits (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Remove clobbers parameter from paravirt patch functions (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Make paravirt_patch_call() and paravirt_patch_jmp() static (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- ftrace: Remove unused pointer ftrace_swapper_pid (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/spec_ctrl: Temporarily remove RHEL specific IBRS code (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- intel_idle: enable interrupts before C1 on Xeons (Steve Best) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (Vitaly Kuznetsov) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- atlantic: Fix issue in the pm resume flow. (Igor Russkikh) [2127845 2002395]\n- atlantic: Fix driver resume flow. (Igor Russkikh) [2127845 2002395]\n- net: atlantic: always deep reset on pm op, fixing up my null deref regression (Foggy Liu) [2124966 2039680]\n- net: atlantic: invert deep par in pm functions, preventing null derefs (Foggy Liu) [2124966 2039680]\n[4.18.0-372.31.1_6]\n- ice: Allow operation with reduced device MSI-X (Petr Oros) [2126482 2102844]\n- redhat: kernel depends on new linux-firmware (John Meneghini) [2120613 2044843]\n- scsi: qedi: Use QEDI_MODE_NORMAL for error handling (John Meneghini) [2119847 2101760]\n- qede: Reduce verbosity of ptp tx timestamp (John Meneghini) [2125477 2080655]\n- qede: confirm skb is allocated before using (John Meneghini) [2120611 2040267]\n- qed: fix ethtool register dump (John Meneghini) [2120611 2040267]\n- scsi: qedf: Stop using the SCSI pointer (John Meneghini) [2120613 2044843]\n- scsi: qedf: Change context reset messages to ratelimited (John Meneghini) [2120613 2044843]\n- scsi: qedf: Fix refcount issue when LOGO is received during TMF (John Meneghini) [2120613 2044843]\n- scsi: qedf: Add stag_work to all the vports (John Meneghini) [2120613 2044843]\n- scsi: qedf: Fix potential dereference of NULL pointer (John Meneghini) [2120613 2044843]\n- scsi: qedi: Remove redundant flush_workqueue() calls (John Meneghini) [2120612 2044837]\n- scsi: qedi: Fix SYSFS_FLAG_FW_SEL_BOOT formatting (John Meneghini) [2120612 2044837]\n- qed: remove unnecessary memset in qed_init_fw_funcs (John Meneghini) [2120611 2040267]\n- qed: return status of qed_iov_get_link (John Meneghini) [2120611 2040267]\n- net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (John Meneghini) [2120611 2040267]\n- qed: validate and restrict untrusted VFs vlan promisc mode (John Meneghini) [2120611 2040267]\n- qed: display VF trust config (John Meneghini) [2120611 2040267]\n- qed: prevent a fw assert during device shutdown (John Meneghini) [2120611 2040267]\n- qed: use msleep() in qed_mcp_cmd() and add qed_mcp_cmd_nosleep() for udelay. (John Meneghini) [2120611 2040267]\n- qed: Use dma_set_mask_and_coherent() and simplify code (John Meneghini) [2120611 2040267]\n- qed*: esl priv flag support through ethtool (John Meneghini) [2120611 2040267]\n- qed*: enhance tx timeout debug info (John Meneghini) [2120611 2040267]\n- qede: validate non LSO skb length (John Meneghini) [2120611 2040267]\n- qed: Enhance rammod debug prints to provide pretty details (John Meneghini) [2120611 2040267]\n- net: qed: fix the array may be out of bound (John Meneghini) [2120611 2040267]\n- qed: Use the bitmap API to simplify some functions (John Meneghini) [2120611 2040267]\n- RDMA/qed: Use helper function to set GUIDs (John Meneghini) [2120611 2040267]\n- net: qed_dev: fix check of true !rc expression (John Meneghini) [2120611 2040267]\n- net: qed_ptp: fix check of true !rc expression (John Meneghini) [2120611 2040267]\n- RDMA/qedr: Remove unsupported qedr_resize_cq callback (John Meneghini) [2120611 2040267]\n- qed: Change the TCP common variable - 'iscsi_ooo' (John Meneghini) [2120611 2040267]\n- qed: Optimize the ll2 ooo flow (John Meneghini) [2120611 2040267]\n- net: qed_debug: fix check of false (grc_param < 0) expression (John Meneghini) [2120611 2040267]\n- qed: Fix missing error code in qed_slowpath_start() (John Meneghini) [2120611 2040267]\n- qed: Fix compilation for CONFIG_QED_SRIOV undefined scenario (John Meneghini) [2120611 2040267]\n- qed: Initialize debug string array (John Meneghini) [2120611 2040267]\n- qed: Fix spelling mistake 'ctx_bsaed' -> 'ctx_based' (John Meneghini) [2120611 2040267]\n- qed: fix ll2 establishment during load of RDMA driver (John Meneghini) [2120611 2040267]\n- qed: Update the TCP active termination 2 MSL timer ('TIME_WAIT') (John Meneghini) [2120611 2040267]\n- qed: Update TCP silly-window-syndrome timeout for iwarp, scsi (John Meneghini) [2120611 2040267]\n- qed: Update debug related changes (John Meneghini) [2120611 2040267]\n- qed: Add '_GTT' suffix to the IRO RAM macros (John Meneghini) [2120611 2040267]\n- qed: Update FW init functions to support FW 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Use enum as per FW 8.59.1.0 in qed_iro_hsi.h (John Meneghini) [2120611 2040267]\n- qed: Update qed_hsi.h for fw 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Update qed_mfw_hsi.h for FW ver 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Update common_hsi for FW ver 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Split huge qed_hsi.h header file (John Meneghini) [2120611 2040267]\n- qed: Remove e4_ and _e4 from FW HSI (John Meneghini) [2120611 2040267]\n- qed: Fix kernel-doc warnings (John Meneghini) [2120611 2040267]\n- qed: Don't ignore devlink allocation failures (John Meneghini) [2120611 2040267]\n- qed: Improve the stack space of filter_config() (John Meneghini) [2120611 2040267]\n- RDMA/qedr: Move variables reset to qedr_set_common_qp_params() (John Meneghini) [2120611 2040267]\n- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (John Meneghini) [2119122 2051524]\n[4.18.0-372.30.1_6]\n- af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Xin Long) [2107611 2075181] {CVE-2022-1353}\n- SUNRPC: avoid race between mod_timer() and del_timer_sync() (Benjamin Coddington) [2126184 2104507]\n- powerpc/fadump: print start of preserved area (Diego Domingos) [2107488 2075092]\n- powerpc/fadump: align destination address to pagesize (Diego Domingos) [2107488 2075092]\n- powerpc/fadump: fix PT_LOAD segment for boot memory area (Diego Domingos) [2107488 2075092]\n- drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (Michel Danzer) [2091065 2066918]\n- drm/amd: Use amdgpu_device_should_use_aspm on navi umd pstate switching (Michel Danzer) [2091065 2066918]\n- drm/amd: Refactor amdgpu_aspm to be evaluated per device (Michel Danzer) [2091065 2066918]\n- drm/amd: Check if ASPM is enabled from PCIe subsystem (Michel Danzer) [2091065 2066918]\n[4.18.0-372.29.1_6]\n- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Ewan D. Milne) [2107627 2049198] {CVE-2022-0494}\n- cpufreq: Specify default governor on command line (Prarit Bhargava) [2109996 2083766]\n- cpufreq: Fix locking issues with governors (Prarit Bhargava) [2109996 2083766]\n- cpufreq: Register governors at core_initcall (Prarit Bhargava) [2109996 2083766]\n- net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2121817 2116328] {CVE-2022-2588}\n[4.18.0-372.28.1_6]\n- powerpc/smp: Update cpu_core_map on all PowerPc systems (Diego Domingos) [2112820 2064104]\n- iavf: Fix reset error handling (Petr Oros) [2120225 2119759]\n- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2120225 2119759]\n- iavf: Fix adminq error handling (Petr Oros) [2120225 2119759]\n- iavf: Fix missing state logs (Petr Oros) [2120225 2119759]\n- scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (Tomas Henzl) [2111140 2106413]\n- s390/qeth: cache link_info for ethtool (Michal Schmidt) [2120197 2117098]\n- nvme: fix RCU hole that allowed for endless looping in multipath round robin (Gopal Tiwari) [2106017 2078806]\n- nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (Gopal Tiwari) [2106017 2078806]\n- nvme: fix use after free when disconnecting a reconnecting ctrl (Gopal Tiwari) [2106017 2078806]\n- nvme: only call synchronize_srcu when clearing current path (Gopal Tiwari) [2106017 2078806]\n- nvme-multipath: revalidate paths during rescan (Gopal Tiwari) [2106017 2078806]\n- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (Dick Kennedy) [2112103 2034425]\n[4.18.0-372.27.1_6]\n- [s390] s390/pci: add s390_iommu_aperture kernel parameter (Claudio Imbrenda) [2081324 2039181]\n- ipv6: take care of disable_policy when restoring routes (Andrea Claudi) [2109971 2103894]\n- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Eelco Chaudron) [2106703 2101537]\n- scsi: ch: Make it possible to open a ch device multiple times again (Ewan D. Milne) [2115965 2108649]\n- scsi: smartpqi: Fix DMA direction for RAID requests (Don Brace) [2112354 2101548]\n- iommu/vt-d: Calculate mask for non-aligned flushes (Jerry Snitselaar) [2111692 2072179]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-26T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-10-26T00:00:00", "id": "ELSA-2022-7110", "href": "http://linux.oracle.com/errata/ELSA-2022-7110.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-09-06T17:18:13", "description": "[4.1.12-124.66.3]\n- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [Orabug: 33981149] {CVE-2022-1011}\n- vt: drop old FONT ioctls (Jiri Slaby) [Orabug: 34408794] {CVE-2021-33656}\n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) [Orabug: 34408910] {CVE-2021-33655}\n- fbcon: Disallow setting font bigger than screen size (Helge Deller) [Orabug: 34408910] {CVE-2021-33655}\n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419974] {CVE-2022-21546}\n- scsi/eh: fix hang adding ehandler wakeups after decrementing host_busy (Gulam Mohamed) [Orabug: 33349684] [Orabug: 34492498]\n[4.1.12-124.66.2]\n- mm: enforce min addr even if capable() in expand_downwards() (Jann Horn) [Orabug: 29501997] {CVE-2019-9213}\n- ACPICA: Reference Counts: increase max to 0x4000 for large servers (Erik Schmauss) \n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- ipv4: Cache net in ip_build_and_send_pkt and ip_queue_xmit (Eric W. Biederman) [Orabug: 33917058] {CVE-2020-36516}\n- ipv4: igmp: guard against silly MTU values (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- inet: constify ip_dont_fragment() arguments (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- ip: constify ip_build_and_send_pkt() socket argument (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (Eric Biggers) [Orabug: 34433461] {CVE-2020-36557}\n- vt: vt_ioctl: fix race in VT_RESIZEX (Eric Dumazet) [Orabug: 34433476] {CVE-2020-36558}\n- VT_RESIZEX: get rid of field-by-field copyin (Al Viro) [Orabug: 34433476] \n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460939] [Orabug: 34484730] {CVE-2022-2588}\n[4.1.12-124.66.1]\n- net: fix uninit-value in __hw_addr_add_ex() (Eric Dumazet) [Orabug: 34395887] \n- mac80211: silence an uninitialized variable warning (Dan Carpenter) [Orabug: 34396283]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9213", "CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1011", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2022-09-06T00:00:00", "id": "ELSA-2022-9761", "href": "http://linux.oracle.com/errata/ELSA-2022-9761.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2022-10-18T08:49:58", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2022-10-18T07:29:11", "type": "redhat", "title": "(RHSA-2022:6978) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-10-18T07:30:05", "id": "RHSA-2022:6978", "href": "https://access.redhat.com/errata/RHSA-2022:6978", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T12:05:11", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2022-10-25T10:23:30", "type": "redhat", "title": "(RHSA-2022:7146) Important: kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-10-25T10:24:16", "id": "RHSA-2022:7146", "href": "https://access.redhat.com/errata/RHSA-2022:7146", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-11T16:08:32", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2022-10-11T12:20:23", "type": "redhat", "title": "(RHSA-2022:6875) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-10-11T12:21:32", "id": "RHSA-2022:6875", "href": "https://access.redhat.com/errata/RHSA-2022:6875", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T10:08:22", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2022-10-25T07:52:27", "type": "redhat", "title": "(RHSA-2022:7137) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-10-25T07:58:49", "id": "RHSA-2022:7137", "href": "https://access.redhat.com/errata/RHSA-2022:7137", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T14:55:11", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* backports from upstream for netfilter (BZ#2120635)", "cvss3": {}, "published": "2022-10-25T12:36:50", "type": "redhat", "title": "(RHSA-2022:7171) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-10-25T12:37:49", "id": "RHSA-2022:7171", "href": "https://access.redhat.com/errata/RHSA-2022:7171", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-09T10:06:02", "description": "The kpatch management tool provides a kernel patching infrastructure which\nallows you to patch a running kernel without rebooting or restarting any\nprocesses.\n\nSecurity Fix(es):\n\n* kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2022-11-09T09:36:07", "type": "redhat", "title": "(RHSA-2022:7885) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-11-09T09:36:29", "id": "RHSA-2022:7885", "href": "https://access.redhat.com/errata/RHSA-2022:7885", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-11-03T00:05:38", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {}, "published": "2022-11-02T16:05:12", "type": "redhat", "title": "(RHSA-2022:7344) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-11-02T16:07:20", "id": "RHSA-2022:7344", "href": "https://access.redhat.com/errata/RHSA-2022:7344", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-10-25T14:55:11", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n* kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-25T12:37:18", "type": "redhat", "title": "(RHSA-2022:7173) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3715", "CVE-2022-2588"], "modified": "2022-10-25T12:37:50", "id": "RHSA-2022:7173", "href": "https://access.redhat.com/errata/RHSA-2022:7173", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-10-11T16:08:32", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-11T12:19:05", "type": "redhat", "title": "(RHSA-2022:6872) Important: kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2588"], "modified": "2022-10-11T12:19:56", "id": "RHSA-2022:6872", "href": "https://access.redhat.com/errata/RHSA-2022:6872", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-01T15:40:26", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* RHEL8.6[64TB/240c Denali]:\" vmcore failed, _exitcode:139\" error observed while capturing vmcore during fadump after memory remove. incomplete vmcore is captured. (BZ#2107491)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-01T14:04:32", "type": "redhat", "title": "(RHSA-2022:7279) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2588"], "modified": "2022-11-01T14:05:55", "id": "RHSA-2022:7279", "href": "https://access.redhat.com/errata/RHSA-2022:7279", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-01T15:40:26", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Update RT source tree to the latest RHEL-8.2.z21 Batch (BZ#2100575)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-01T14:04:44", "type": "redhat", "title": "(RHSA-2022:7280) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2588"], "modified": "2022-11-01T14:05:54", "id": "RHSA-2022:7280", "href": "https://access.redhat.com/errata/RHSA-2022:7280", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T08:49:58", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* Information leak in the IPv6 implementation (CVE-2021-45485)\n\n* Information leak in the IPv4 implementation (CVE-2021-45486)\n\n* Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* update RT source tree to the RHEL-8.4.z12 source tree (BZ#2119160)\n\n* using __this_cpu_add() in preemptible [00000000] - caller is __mod_memcg_lruvec_state+0x69/0x1c0 [None8.4.0.z] (BZ#2124454)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-18T07:47:39", "type": "redhat", "title": "(RHSA-2022:6991) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45485", "CVE-2021-45486", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2588"], "modified": "2022-10-18T07:56:39", "id": "RHSA-2022:6991", "href": "https://access.redhat.com/errata/RHSA-2022:6991", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-18T08:49:58", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThe following packages have been upgraded to a later upstream version: kernel (4.18.0).\n\nSecurity Fix(es):\n\n* A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* Information leak in the IPv6 implementation (CVE-2021-45485)\n\n* Information leak in the IPv4 implementation (CVE-2021-45486)\n\n* Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* DR, Ignore modify TTL if ConnectX-5 doesn't support it (BZ#2075549)\n\n* execve exit tracepoint not called (BZ#2106663)\n\n* Unable to boot RHEL-8.6 on Brazos max. config (Install is success) (BZ#2107475)\n\n* \"vmcore failed, _exitcode:139\" error observed while capturing vmcore during fadump after memory remove. incomplete vmcore is captured. (BZ#2107490)\n\n* soft lockups under heavy I/O load to ahci connected SSDs (BZ#2110773)\n\n* Allow substituting custom vmlinux.h for the build (BZ#2116407)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-18T07:38:45", "type": "redhat", "title": "(RHSA-2022:6983) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45485", "CVE-2021-45486", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2588"], "modified": "2022-10-18T07:40:08", "id": "RHSA-2022:6983", "href": "https://access.redhat.com/errata/RHSA-2022:6983", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-03T00:05:38", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Update to the latest RHEL7.9.z18 source tree (BZ#2117337)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-11-02T16:04:02", "type": "redhat", "title": "(RHSA-2022:7338) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-11-02T16:07:17", "id": "RHSA-2022:7338", "href": "https://access.redhat.com/errata/RHSA-2022:7338", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-09-19T12:03:11", "description": "The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. \n\nThe ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.\n\nThe following packages have been upgraded to a later upstream version: redhat-release-virtualization-host (4.5.2), redhat-virtualization-host (4.5.2), redhat-virtualization-host-productimg (4.5.2). (BZ#2070049, BZ#2093195)\n\nSecurity Fix(es):\n\n* kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)\n\n* dpdk: DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs (CVE-2022-2132)\n\n* systemd-resolved: use-after-free when dealing with DnsStream in resolved-dns-stream.c (CVE-2022-2526)\n\n* kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* rsync: remote arbitrary files write inside the directories of connecting peers (CVE-2022-29154)\n\n* kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-32250)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-19T11:45:21", "type": "redhat", "title": "(RHSA-2022:6551) Important: Red Hat Virtualization security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1012", "CVE-2022-2132", "CVE-2022-2526", "CVE-2022-2588", "CVE-2022-29154", "CVE-2022-32250"], "modified": "2022-09-19T11:45:42", "id": "RHSA-2022:6551", "href": "https://access.redhat.com/errata/RHSA-2022:6551", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-03T00:05:38", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* lpfc panics in lpfc_els_free_iocb() during port recovery (BZ#1969988)\n\n* mlx5 reports error messages during shutdown then panic with mce (BZ#2077711)\n\n* Kernel panic due to hard lockup caused by deadlock between tasklist_lock and k_itimer->it_lock (BZ#2115147)\n\n* fix excess double put in nfs_prime_dcache (BZ#2117856)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-11-02T16:03:50", "type": "redhat", "title": "(RHSA-2022:7337) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-11-02T16:07:18", "id": "RHSA-2022:7337", "href": "https://access.redhat.com/errata/RHSA-2022:7337", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-25T08:07:16", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n* Kernel: A kernel-info-leak issue in pfkey_register (CVE-2022-1353)\n\n* hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [rhel8-rt] BUG: using __this_cpu_add() in preemptible [00000000] - caller is __mod_memcg_lruvec_state+0x69/0x1c0 (BZ#2122600)\n\n* The latest RHEL 8.6.z4 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2125396)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-25T07:38:43", "type": "redhat", "title": "(RHSA-2022:7134) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-10-25T07:42:45", "id": "RHSA-2022:7134", "href": "https://access.redhat.com/errata/RHSA-2022:7134", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-10-27T08:51:59", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* Information leak in scsi_ioctl() (CVE-2022-0494)\n\n* A kernel-info-leak issue in pfkey_register (CVE-2022-1353)\n\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Add s390_iommu_aperture kernel parameter (BZ#2081324)\n\n* Blackscreen and hangup after resume from hibernate or S3 with DFGX WX3200 (BZ#2091065)\n\n* Update NVME subsystem with bug fixes and minor changes (BZ#2106017)\n\n* Fix parsing of nw_proto for IPv6 fragments (BZ#2106703)\n\n* \"vmcore failed, _exitcode:139\" error observed while capturing vmcore during fadump after memory remove. incomplete vmcore is captured. (BZ#2107488)\n\n* 'disable_policy' is ignored for addresses configured on a down interface (BZ#2109971)\n\n* Backport request for new cpufreq.default_governor kernel command line parameter (BZ#2109996)\n\n* Panics in mpt3sas mpt3sas_halt_firmware() if mpt3sas_fwfault_debug=1 enabled when poweroff issued to server (BZ#2111140)\n\n* IOMMU/DMA update for 8.7 (BZ#2111692)\n\n* Update Broadcom Emulex lpfc driver for RHEL8.7 with bug fixes (14.0.0.13) (BZ#2112103)\n\n* Incorrect Socket(s) & \"Core(s) per socket\" reported by lscpu command. (BZ#2112820)\n\n* Panic in ch_release() due to NULL ch->device pointer, backport upstream fix (BZ#2115965)\n\n* pyverbs-tests fail over qede IW HCAs on \"test_query_rc_qp\" (tests.test_qp.QPTest) (BZ#2119122)\n\n* qedi shutdown handler hangs upon reboot (BZ#2119847)\n\n* cache link_info for ethtool (BZ#2120197)\n\n* Important iavf bug fixes (BZ#2120225)\n\n* Hibernate crash with Aquantia 2.5/5 Gb LAN card (BZ#2124966)\n\n* While using PTimekeeper the qede driver produces excessive log messages (BZ#2125477)\n\n* general protection fault handling rpc_xprt.timer (BZ#2126184)\n\n* Not enough device MSI-X vectors (BZ#2126482)\n\n* Atlantic driver panic on wakeup after hybernate (BZ#2127845)\n\n* Memory leak in vxlan_xmit_one (BZ#2131255)\n\n* Missing hybernate/resume fixes (BZ#2131936)\n\nEnhancement(s):\n\n* Update smartpqi driver to latest upstream Second Set of Patches (BZ#2112354)\n\n* qed/qede/qedr - driver updates to latest upstream (BZ#2120611)\n\n* Update qedi driver to latest upstream (BZ#2120612)\n\n* Update qedf driver to latest upstream (BZ#2120613)\n\n* Include the support for new NVIDIA Mobile GFX GA103 on ADL Gen Laptops (BZ#2127122)\n\n* Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64) (BZ#2129923)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-25T07:23:52", "type": "redhat", "title": "(RHSA-2022:7110) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-10-25T07:27:06", "id": "RHSA-2022:7110", "href": "https://access.redhat.com/errata/RHSA-2022:7110", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-11-22T16:30:23", "description": "OpenShift Virtualization is Red Hat's virtualization solution designed for Red Hat OpenShift Container Platform.\n\nThis advisory contains OpenShift Virtualization 4.9.7 images.\n\nSecurity Fix(es):\n\n* go-restful: Authorization Bypass Through User-Controlled Key (CVE-2022-1996)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-22T16:06:58", "type": "redhat", "title": "(RHSA-2022:8609) Important: OpenShift Virtualization 4.9.7 Images security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45485", "CVE-2021-45486", "CVE-2022-1996", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2588", "CVE-2022-3515", "CVE-2022-38177", "CVE-2022-38178", "CVE-2022-40674", "CVE-2022-41974"], "modified": "2022-11-22T16:07:17", "id": "RHSA-2022:8609", "href": "https://access.redhat.com/errata/RHSA-2022:8609", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2022-11-02T08:05:37", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.10.39. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:7210\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* go-getter: command injection vulnerability (CVE-2022-26945)\n* go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)\n* go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)\n* go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.39-x86_64\n\nThe image digest is sha256:59d7ac85da072fea542d7c43498e764c72933e306117a105eac7bd5dda4e6bbe\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.39-s390x\n\nThe image digest is sha256:6b243bd6078b0a0e570c7bdf88a345f0c145009f929844f4c8ceb4dc828c0a7a\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.39-ppc64le\n\nThe image digest is sha256:e28554de454e8955fe72cd124fa9893e2c1761d39452e05610ec062d637baf2e\n\n(For aarch64 architecture)\n\n$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.10.39-aarch64\n\nThe image digest is sha256:cc0860b33c3631ee3624cc280d796fb01ce8f802c5d7ecde8ef4010aad941dc0\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-02T07:17:44", "type": "redhat", "title": "(RHSA-2022:7211) Important: OpenShift Container Platform 4.10.39 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45485", "CVE-2021-45486", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-2588", "CVE-2022-26945", "CVE-2022-30321", "CVE-2022-30322", "CVE-2022-30323", "CVE-2022-39399"], "modified": "2022-11-02T07:19:43", "id": "RHSA-2022:7211", "href": "https://access.redhat.com/errata/RHSA-2022:7211", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-03T06:05:40", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.9.51. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:7215\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html\n\nSecurity Fix(es):\n\n* go-getter: command injection vulnerability (CVE-2022-26945)\n* go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)\n* go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)\n* go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.51-x86_64\n\nThe image digest is sha256:ffbbbac3b3f719d993c0afd199c95efea7071817ddb1b744f817247efe4e7486\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.51-s390x\n\nThe image digest is sha256:5aed1dd6a7f96acd437bcc1c8d40ae23125dc07d2358ea354783d65d6008846d\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.9.51-ppc64le\n\nThe image digest is sha256:32bdc794a83bc6a81412b4f0908f5830e2a02e5c8730808c848328d0335fbc92\n\nAll OpenShift Container Platform 4.9 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.9/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-03T05:50:10", "type": "redhat", "title": "(RHSA-2022:7216) Important: OpenShift Container Platform 4.9.51 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45485", "CVE-2021-45486", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-2588", "CVE-2022-26945", "CVE-2022-30321", "CVE-2022-30322", "CVE-2022-30323", "CVE-2022-39399"], "modified": "2022-11-03T05:51:33", "id": "RHSA-2022:7216", "href": "https://access.redhat.com/errata/RHSA-2022:7216", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-18T06:06:38", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.8.53. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:7873\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.8/release_notes/ocp-4-8-release-notes.html\n\nSecurity Fix(es):\n\n* go-getter: command injection vulnerability (CVE-2022-26945)\n* go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)\n* go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)\n* go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s)\nlisted in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-18T05:08:50", "type": "redhat", "title": "(RHSA-2022:7874) Important: OpenShift Container Platform 4.8.53 bug fix and security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-45485", "CVE-2021-45486", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-2588", "CVE-2022-26945", "CVE-2022-30321", "CVE-2022-30322", "CVE-2022-30323", "CVE-2022-39399", "CVE-2022-41974"], "modified": "2022-11-18T05:10:30", "id": "RHSA-2022:7874", "href": "https://access.redhat.com/errata/RHSA-2022:7874", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-02T08:05:37", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.11.12. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:7200\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.11/release_notes/ocp-4-11-release-notes.html\n\nSecurity Fix(es):\n\n* go-getter: command injection vulnerability (CVE-2022-26945)\n* go-getter: unsafe download (issue 1 of 3) (CVE-2022-30321)\n* go-getter: unsafe download (issue 2 of 3) (CVE-2022-30322)\n* go-getter: unsafe download (issue 3 of 3) (CVE-2022-30323)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.12-x86_64\n\nThe image digest is sha256:0ca14e0f692391970fc23f88188f2a21f35a5ba24fe2f3cb908fd79fa46458e6\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.12-s390x\n\nThe image digest is sha256:7b9b21e35286e67473a0c4c28c84e3d806eb30364682a6b072b79109c2d22c6b\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.12-ppc64le\n\nThe image digest is sha256:c61315b1257695b5f86d2782a70909227e004cd7cd30236c6f94a9e4ecf24ecb\n\n(For aarch64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.11.12-aarch64\n\nThe image digest is sha256:c70dc68aef64280d3cba9a056af29438943b30c260a7156893e1bae5c6c5ce3f\n\nAll OpenShift Container Platform 4.11 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.11/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-02T06:13:44", "type": "redhat", "title": "(RHSA-2022:7201) Important: OpenShift Container Platform 4.11.12 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35525", "CVE-2020-35527", "CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2509", "CVE-2022-2588", "CVE-2022-26945", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-30321", "CVE-2022-30322", "CVE-2022-30323", "CVE-2022-32742", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-40674", "CVE-2022-41974"], "modified": "2022-11-02T06:17:32", "id": "RHSA-2022:7201", "href": "https://access.redhat.com/errata/RHSA-2022:7201", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-11-09T20:08:28", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.6.2 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* passport: incorrect session regeneration (CVE-2022-25896)\n\n* sanitize-html: insecure global regular expression replacement logic may lead to ReDoS (CVE-2022-25887)\n\n* terser: insecure use of regular expressions leads to ReDoS (CVE-2022-25858)\n\n* search-api: SQL injection leads to remote denial of service (CVE-2022-2238)\n\nBug fixes:\n\n* ACM 2.6.2 images (BZ# 2126195)\n\n* Infra MachineSet Replicate Taint (BZ# 2116528)\n\n* Work agent panic when apply the manifestwork (BZ# 2120920)\n\n* unexpected difference of behavior in inform policies with lists of apiGroups for ClusterRole resources (BZ# 2130985)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-02T12:28:55", "type": "redhat", "title": "(RHSA-2022:7313) Moderate: Red Hat Advanced Cluster Management 2.6.2 security update and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "COMPLETE", "baseScore": 8.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:C/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2020-35525", "CVE-2020-35527", "CVE-2022-0391", "CVE-2022-0494", "CVE-2022-1353", "CVE-2022-2238", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2509", "CVE-2022-25858", "CVE-2022-2588", "CVE-2022-25887", "CVE-2022-25896", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-31129", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-40674"], "modified": "2022-11-02T12:29:15", "id": "RHSA-2022:7313", "href": "https://access.redhat.com/errata/RHSA-2022:7313", "cvss": {"score": 8.0, "vector": "AV:N/AC:L/Au:S/C:P/I:C/A:P"}}, {"lastseen": "2022-11-10T04:06:05", "description": "Logging Subsystem 5.5.4 - Red Hat OpenShift\n\nSecurity Fix(es):\n\n* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-10T03:48:39", "type": "redhat", "title": "(RHSA-2022:7434) Moderate: Logging Subsystem 5.5.4 - Red Hat OpenShift security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35525", "CVE-2020-35527", "CVE-2022-0494", "CVE-2022-1353", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2509", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32149", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-39399", "CVE-2022-40674"], "modified": "2022-11-10T03:48:55", "id": "RHSA-2022:7434", "href": "https://access.redhat.com/errata/RHSA-2022:7434", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-11-09T12:06:02", "description": "Openshift Logging 5.3.13 security and bug fix release\n\nSecurity Fix(es):\n\n* golang: golang.org/x/text/language: ParseAcceptLanguage takes a long time to parse complex tags (CVE-2022-32149)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-09T12:00:56", "type": "redhat", "title": "(RHSA-2022:6882) Moderate: Openshift Logging 5.3.13 security and bug fix release", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35525", "CVE-2020-35527", "CVE-2022-0494", "CVE-2022-1353", "CVE-2022-21618", "CVE-2022-21619", "CVE-2022-21624", "CVE-2022-21626", "CVE-2022-21628", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2509", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-32149", "CVE-2022-3515", "CVE-2022-37434", "CVE-2022-39399", "CVE-2022-40674"], "modified": "2022-11-09T12:01:12", "id": "RHSA-2022:6882", "href": "https://access.redhat.com/errata/RHSA-2022:6882", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-11-01T15:40:26", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.4.8 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity fixes:\n\n* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)\n\n* nodejs: undici vulnerable to CRLF via content headers (CVE-2022-35948)\n\n* nodejs: undici.request vulnerable to SSRF (CVE-2022-35949)\n\n* terser: insecure use of regular expressions leads to ReDoS (CVE-2022-25858)\n\n* search-api: SQL injection leads to remote denial of service (CVE-2022-2238)\n\nBug fix: \n\n* RHACM 2.4.8 images (BZ# 2130745)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-01T13:17:42", "type": "redhat", "title": "(RHSA-2022:7276) Moderate: Red Hat Advanced Cluster Management 2.4.8 security fixes and container updates", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-35525", "CVE-2020-35527", "CVE-2022-0494", "CVE-2022-1353", "CVE-2022-2238", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2509", "CVE-2022-25858", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-31129", "CVE-2022-34903", "CVE-2022-3515", "CVE-2022-35948", "CVE-2022-35949", "CVE-2022-37434", "CVE-2022-38177", "CVE-2022-38178", "CVE-2022-40674", "CVE-2022-41974"], "modified": "2022-11-01T13:18:07", "id": "RHSA-2022:7276", "href": "https://access.redhat.com/errata/RHSA-2022:7276", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}], "f5": [{"lastseen": "2023-02-08T15:44:53", "description": "** [RESERVED](<https://www.cve.org/ResourcesSupport/FAQs#pc_cve_recordsreserved_signify_in_cve_record>) ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. ([CVE-2022-2588](<https://vulners.com/cve/CVE-2022-2588>))\n\nImpact\n\nThis flaw allows a local user to cause a denial-of-service (DoS) on the system and possibly lead to a local privilege escalation problem.\n", "cvss3": {}, "published": "2022-10-20T03:33:00", "type": "f5", "title": "Linux kernel vulnerability CVE-2022-2588", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-10-20T03:33:00", "id": "F5:K32615023", "href": "https://support.f5.com/csp/article/K32615023", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-02-18T13:25:04", "description": "It was discovered that the cls_route filter implementation in the\nLinux kernel would not remove an old filter from the hashtable before\nfreeing it if its handle had the value 0.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | ZDI-CAN-17440\n", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "ubuntucve", "title": "CVE-2022-2588", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "UB:CVE-2022-2588", "href": "https://ubuntu.com/security/CVE-2022-2588", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2022-10-24T12:36:44", "description": "kernel is vulnerable to denial of service. The vulnerability exists in `route4_change` in the `net/sched/cls_route.c` filter implementation in the Linux kernel. This flaw allows a local user to crash the system and possibly lead to a local privilege escalation problem.\n", "cvss3": {}, "published": "2022-10-07T05:17:07", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-10-07T13:32:24", "id": "VERACODE:37434", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37434/summary", "cvss": {"score": 0.0, "vector": "NONE"}}], "githubexploit": [{"lastseen": "2022-12-17T08:10:02", "description": "# CVE-2022-2588\nCode adapted for one cpu, and with a vagrant fil...", "cvss3": {}, "published": "2022-12-04T22:10:57", "type": "githubexploit", "title": "Exploit for CVE-2022-2588", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-12-17T07:30:53", "id": "F3F45FED-B716-5B56-9880-08CA523A08B7", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}, {"lastseen": "2022-09-27T08:03:35", "description": "# CVE-2022-2588 - Linux kernel cls_route UAF\n\nIt was discovered ...", "cvss3": {}, "published": "2022-09-18T21:35:19", "type": "githubexploit", "title": "Exploit for CVE-2022-2588", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-09-27T06:02:47", "id": "9E1C498D-25A3-57B2-A391-764CDA0E674F", "href": "", "cvss": {"score": 0.0, "vector": "NONE"}, "privateArea": 1}], "nessus": [{"lastseen": "2023-01-25T00:42:33", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7171 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2022:7171)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2022-7171.NASL", "href": "https://www.tenable.com/plugins/nessus/166470", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7171. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166470);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:7171\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2022:7171)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:7171 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-2588');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7171');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.99.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T10:36:11", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7146 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2022:7146)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2022-7146.NASL", "href": "https://www.tenable.com/plugins/nessus/166477", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7146. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166477);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:7146\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2022:7146)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:7146 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-2588');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7146');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-693.106.1.el7', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T17:06:35", "description": "The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:7137 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kpatch-patch (ALSA-2022:7137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:alma:linux:kernel", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::baseos"], "id": "ALMA_LINUX_ALSA-2022-7137.NASL", "href": "https://www.tenable.com/plugins/nessus/166510", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7137.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166510);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"ALSA\", value:\"2022:7137\");\n\n script_name(english:\"AlmaLinux 8 : kpatch-patch (ALSA-2022:7137)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the\nALSA-2022:7137 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7137.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::baseos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-2588');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7137');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T05:06:33", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7344 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-03T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2022:7344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_62_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_66_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_71_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_76_1"], "id": "REDHAT-RHSA-2022-7344.NASL", "href": "https://www.tenable.com/plugins/nessus/166879", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7344. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166879);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:7344\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2022:7344)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:7344 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_62_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_66_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_71_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_76_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-1160.62.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1160_62_1-1-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1160.66.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1160_66_1-1-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1160.71.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1160_71_1-1-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1160.76.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1160_76_1-1-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-3_10_0-1160_62_1 / kpatch-patch-3_10_0-1160_66_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T00:45:36", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7885 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-09T00:00:00", "type": "nessus", "title": "RHEL 8 : kpatch-patch (RHSA-2022:7885)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_80_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_81_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_87_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_90_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_91_1"], "id": "REDHAT-RHSA-2022-7885.NASL", "href": "https://www.tenable.com/plugins/nessus/167205", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7885. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167205);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:7885\");\n\n script_name(english:\"RHEL 8 : kpatch-patch (RHSA-2022:7885)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:7885 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_80_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_81_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_87_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_90_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_91_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS'\n ],\n 'kernels': {\n '4.18.0-193.80.1.el8_2.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-193_80_1-1-2.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-193.81.1.el8_2.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-193_81_1-1-2.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-193.87.1.el8_2.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-193_87_1-1-1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-193.90.1.el8_2.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-193_90_1-1-1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-193.91.1.el8_2.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-193_91_1-1-1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-4_18_0-193_80_1 / kpatch-patch-4_18_0-193_81_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T00:40:46", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6875 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "RHEL 8 : kpatch-patch (RHSA-2022:6875)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_64_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_65_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_67_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_70_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_74_1"], "id": "REDHAT-RHSA-2022-6875.NASL", "href": "https://www.tenable.com/plugins/nessus/166018", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6875. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166018);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:6875\");\n\n script_name(english:\"RHEL 8 : kpatch-patch (RHSA-2022:6875)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:6875 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_64_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_65_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_67_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_70_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_74_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS'\n ],\n 'kernels': {\n '4.18.0-147.64.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_64_1-1-4.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.65.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_65_1-1-3.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.67.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_67_1-1-2.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.70.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_70_1-1-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.74.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_74_1-1-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-4_18_0-147_64_1 / kpatch-patch-4_18_0-147_65_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T03:25:43", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6978 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-18T00:00:00", "type": "nessus", "title": "RHEL 8 : kpatch-patch (RHSA-2022:6978)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_25_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_45_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_49_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_57_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_62_1"], "id": "REDHAT-RHSA-2022-6978.NASL", "href": "https://www.tenable.com/plugins/nessus/166180", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6978. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166180);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:6978\");\n\n script_name(english:\"RHEL 8 : kpatch-patch (RHSA-2022:6978)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:6978 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_25_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_45_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_49_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_57_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_62_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'kernels': {\n '4.18.0-305.25.1.el8_4.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-305_25_1-1-9.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-305.45.1.el8_4.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-305_45_1-1-3.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-305.49.1.el8_4.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-305_49_1-1-2.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-305.57.1.el8_4.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-305_57_1-1-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-305.62.1.el8_4.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-305_62_1-1-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-4_18_0-305_25_1 / kpatch-patch-4_18_0-305_45_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T03:18:55", "description": "The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9689 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9689)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-core", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-core", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-modules", "p-cpe:/a:oracle:linux:kernel-uek-modules-extra"], "id": "ORACLELINUX_ELSA-2022-9689.NASL", "href": "https://www.tenable.com/plugins/nessus/163965", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9689.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163965);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9689)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9689 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9689.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(8|9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8 / 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-1.43.4.1.el8uek', '5.15.0-1.43.4.1.el9uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9689');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-1.43.4.1.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'bpftool-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-1.43.4.1.el9uek', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel-uek / kernel-uek-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T00:00:29", "description": "The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9699 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9699)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2022-9699.NASL", "href": "https://www.tenable.com/plugins/nessus/163969", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9699.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163969);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9699)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2022-9699 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9699.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.516.1.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9699');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.516.1.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T08:43:05", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9691 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9691)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9691.NASL", "href": "https://www.tenable.com/plugins/nessus/163966", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9691.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163966);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9691)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9691 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9691.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.309.5.1.el7', '5.4.17-2136.309.5.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9691');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2136.309.5.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.309.5.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2136.309.5.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.309.5.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T16:39:49", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9693 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9693)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9693.NASL", "href": "https://www.tenable.com/plugins/nessus/163971", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9693.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163971);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9693)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9693 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9693.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.516.1.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9693');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.516.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.516.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.516.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.516.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.516.1.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.516.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T00:00:43", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9690 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9690)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9690.NASL", "href": "https://www.tenable.com/plugins/nessus/163968", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9690.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163968);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9690)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9690 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9690.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-1.43.4.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9690');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.15.0-1.43.4.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.15.0'},\n {'reference':'kernel-uek-container-debug-5.15.0-1.43.4.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T08:43:06", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9694)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2022-9694.NASL", "href": "https://www.tenable.com/plugins/nessus/163970", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9694.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163970);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9694)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9694.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.65.1.1.el6uek', '4.1.12-124.65.1.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9694');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.65.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.65.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.65.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.65.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.65.1.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.65.1.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.65.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.65.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.65.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.65.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.65.1.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.65.1.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T04:58:39", "description": "The remote OracleVM system is missing necessary patches to address security updates:\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : kernel-uek (OVMSA-2022-0022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2022-0022.NASL", "href": "https://www.tenable.com/plugins/nessus/164039", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were\n# extracted from OracleVM Security Advisory OVMSA-2022-0022.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164039);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"OracleVM 3.4 : kernel-uek (OVMSA-2022-0022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address security updates:\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-2588.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/OVMSA-2022-0022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek / kernel-uek-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.65.1.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for OVMSA-2022-0022');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.65.1.1.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.65.1.1.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'OVS' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-firmware');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-04T03:02:12", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7137 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-26T00:00:00", "type": "nessus", "title": "RHEL 8 : kpatch-patch (RHSA-2022:7137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_13_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_16_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_19_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_26_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_9_1"], "id": "REDHAT-RHSA-2022-7137.NASL", "href": "https://www.tenable.com/plugins/nessus/166542", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7137. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166542);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:7137\");\n\n script_name(english:\"RHEL 8 : kpatch-patch (RHSA-2022:7137)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:7137 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_13_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_16_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_19_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_26_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_9_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'kernels': {\n '4.18.0-372.13.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_13_1-1-2.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.16.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_16_1-1-2.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.19.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_19_1-1-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.26.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_26_1-1-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.9.1.el8.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_9_1-1-3.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'kernels': {\n '4.18.0-372.13.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_13_1-1-2.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.16.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_16_1-1-2.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.19.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_19_1-1-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.26.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_26_1-1-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.9.1.el8.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_9_1-1-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-4_18_0-372_13_1 / kpatch-patch-4_18_0-372_16_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T08:43:21", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9692 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9692)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9692.NASL", "href": "https://www.tenable.com/plugins/nessus/163967", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9692.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163967);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9692)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9692 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9692.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.309.5.1.el7uek', '5.4.17-2136.309.5.1.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9692');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.309.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.309.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.309.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.309.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.309.5.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.309.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2136.309.5.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.309.5.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.309.5.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.309.5.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.309.5.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.309.5.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.309.5.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.309.5.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.309.5.1.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T16:41:24", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5557-1 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5557-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2586", "CVE-2022-2588"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1112-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1147-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm"], "id": "UBUNTU_USN-5557-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164005", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5557-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164005);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-2586\", \"CVE-2022-2588\");\n script_xref(name:\"USN\", value:\"5557-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5557-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5557-1 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5557-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1112-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1147-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.4.0-\\d{4}-(aws|kvm))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.4.0-\\d{4}-aws\" : \"4.4.0-1147\",\n \"4.4.0-\\d{4}-kvm\" : \"4.4.0-1112\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5557-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2586', 'CVE-2022-2588');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5557-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T03:28:26", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7173 advisory.\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-26T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2022:7173)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3715", "CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:7.6", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_84_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_92_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_94_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_95_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_97_1"], "id": "REDHAT-RHSA-2022-7173.NASL", "href": "https://www.tenable.com/plugins/nessus/166539", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7173. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166539);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-3715\", \"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:7173\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2022:7173)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7173 advisory.\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1993988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3715\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_84_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_92_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_94_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_95_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_97_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-957.84.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_84_1-1-6.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.92.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_92_1-1-3.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.94.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_94_1-1-2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.95.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_95_1-1-1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.97.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_97_1-1-1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-3_10_0-957_84_1 / kpatch-patch-3_10_0-957_92_1 / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-08T10:51:46", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4030-1 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 29 for SLE 12 SP4) (SUSE-SU-2022:4030-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588", "CVE-2022-42703"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_130-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_98-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_105-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_126-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_120-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-4030-1.NASL", "href": "https://www.tenable.com/plugins/nessus/167753", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4030-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167753);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2022-2588\", \"CVE-2022-42703\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4030-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 29 for SLE 12 SP4) (SUSE-SU-2022:4030-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:4030-1 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204170\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-November/012950.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d95eeed\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42703\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42703\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_98-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_120-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_126-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_130-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_105-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.130-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_130-default-4-2.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-150000.150.98-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150000_150_98-default-4-150000.2.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n },\n '4.12.14-150100.197.120-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150100_197_120-default-4-150100.2.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-95.105-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_105-default-4-2.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n },\n '5.3.18-150200.24.126-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150200_24_126-default-5-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150000_150_98-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T12:43:25", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5567-1 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5567-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1048-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.17.0-1015-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem"], "id": "UBUNTU_USN-5567-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164037", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5567-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164037);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-2585\", \"CVE-2022-2586\", \"CVE-2022-2588\");\n script_xref(name:\"USN\", value:\"5567-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5567-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5567-1 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5567-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1048-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.17.0-1015-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.14.0-\\d{4}-oem|5.17.0-\\d{4}-oem)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.14.0-\\d{4}-oem\" : \"5.14.0-1048\",\n \"5.17.0-\\d{4}-oem\" : \"5.17.0-1015\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5567-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2585', 'CVE-2022-2586', 'CVE-2022-2588');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5567-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T00:33:25", "description": "The version of kernel installed on the remote host is prior to 5.4.209-116.367. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-035 advisory.\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586, CVE-2022-2588)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-035)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1462", "CVE-2022-2586", "CVE-2022-2588"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-035.NASL", "href": "https://www.tenable.com/plugins/nessus/165104", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-035.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165104);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2022-1462\", \"CVE-2022-2586\", \"CVE-2022-2588\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-035)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.209-116.367. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-035 advisory.\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586, CVE-2022-2588)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-035.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1462.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2586.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2588.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1462\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1462\", \"CVE-2022-2586\", \"CVE-2022-2588\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-035\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'bpftool-debuginfo-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-aarch64-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-debuginfo-common-x86_64-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-devel-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.209-116.367.amzn2', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-headers-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-debuginfo-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'kernel-tools-devel-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'perf-debuginfo-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'},\n {'reference':'python-perf-debuginfo-5.4.209-116.367.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.4'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"bpftool / bpftool-debuginfo / kernel / etc\");\n}", "cvss": {"score": 3.3, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2023-02-07T19:05:45", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4024-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 28 for SLE 12 SP4) (SUSE-SU-2022:4024-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2588", "CVE-2022-42703"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_127-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_102-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_117-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-4024-1.NASL", "href": "https://www.tenable.com/plugins/nessus/167759", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4024-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167759);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-33655\", \"CVE-2022-2588\", \"CVE-2022-42703\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4024-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 28 for SLE 12 SP4) (SUSE-SU-2022:4024-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:4024-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204170\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-November/012957.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0b4db598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42703\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-4_12_14-150100_197_117-default, kgraft-patch-4_12_14-122_127-default and / or\nkgraft-patch-4_12_14-95_102-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33655\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_117-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_127-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.127-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_127-default-4-2.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-150100.197.117-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150100_197_117-default-4-150100.2.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-95.102-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_102-default-4-2.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150100_197_117-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-07T08:52:28", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4112-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-19T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP2) (SUSE-SU-2022:4112-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2588", "CVE-2022-42703"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_98-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_93-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_103-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-197_102-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_96-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_83-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_106-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_110-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-197_105-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_88-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_113-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_93-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-197_108-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_107-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_116-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_112-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_111-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_96-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_121-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_99-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_115-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_114-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_124-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-4112-1.NASL", "href": "https://www.tenable.com/plugins/nessus/167940", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4112-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167940);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-33655\", \"CVE-2022-2588\", \"CVE-2022-42703\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4112-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP2) (SUSE-SU-2022:4112-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:4112-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204381\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-November/013002.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?427cee28\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42703\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33655\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_111-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_114-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_105-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_108-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_112-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_115-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_107-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_93-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_96-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_103-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_106-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_110-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_113-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_116-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_121-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_124-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_98-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_83-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_88-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_1