Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* backports from upstream for netfilter (BZ#2120635)
Affected Package
Related
{"id": "RHSA-2022:7171", "vendorId": null, "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2022:7171) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* backports from upstream for netfilter (BZ#2120635)", "published": "2022-10-25T12:36:50", "modified": "2022-10-25T12:37:49", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2022:7171", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2022-2588"], "immutableFields": [], "lastseen": "2022-10-25T14:55:11", "viewCount": 21, "enchantments": {"dependencies": {"references": [{"type": "amazon", "idList": ["ALAS-2022-1636", "ALAS2-2022-1838", "ALAS2-2022-1852"]}, {"type": "debian", "idList": ["DEBIAN:DLA-3102-1:8DD52", "DEBIAN:DLA-3131-1:083C4", "DEBIAN:DSA-5207-1:0D465"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2022-2588"]}, {"type": "f5", "idList": ["F5:K32615023"]}, {"type": "fedora", "idList": ["FEDORA:791D3304C27B", "FEDORA:A4846305797B"]}, {"type": "githubexploit", "idList": ["027DC021-9759-5152-B253-BB124AAF3689", "9E1C498D-25A3-57B2-A391-764CDA0E674F"]}, {"type": "mageia", "idList": ["MGASA-2022-0305", "MGASA-2022-0308"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-150.NASL", "AL2_ALAS-2022-1838.NASL", "AL2_ALAS-2022-1852.NASL", "AL2_ALASKERNEL-5_10-2022-020.NASL", "AL2_ALASKERNEL-5_15-2022-008.NASL", "AL2_ALASKERNEL-5_4-2022-035.NASL", "AL2_ALASKERNEL-5_4-2022-036.NASL", "ALA_ALAS-2022-1636.NASL", "DEBIAN_DLA-3102.NASL", "DEBIAN_DLA-3131.NASL", "DEBIAN_DSA-5207.NASL", "EULEROS_SA-2022-2441.NASL", "EULEROS_SA-2022-2466.NASL", "ORACLELINUX_ELSA-2022-9689.NASL", "ORACLELINUX_ELSA-2022-9690.NASL", "ORACLELINUX_ELSA-2022-9691.NASL", "ORACLELINUX_ELSA-2022-9692.NASL", "ORACLELINUX_ELSA-2022-9693.NASL", "ORACLELINUX_ELSA-2022-9694.NASL", "ORACLELINUX_ELSA-2022-9699.NASL", "ORACLELINUX_ELSA-2022-9709.NASL", "ORACLELINUX_ELSA-2022-9710.NASL", "ORACLELINUX_ELSA-2022-9761.NASL", "ORACLELINUX_ELSA-2022-9787.NASL", "ORACLELINUX_ELSA-2022-9788.NASL", "ORACLELINUX_ELSA-2022-9827.NASL", "ORACLELINUX_ELSA-2022-9830.NASL", "ORACLEVM_OVMSA-2022-0022.NASL", "ORACLEVM_OVMSA-2022-0024.NASL", "REDHAT-RHSA-2022-6551.NASL", "REDHAT-RHSA-2022-6872.NASL", "REDHAT-RHSA-2022-6875.NASL", "REDHAT-RHSA-2022-6978.NASL", "REDHAT-RHSA-2022-6983.NASL", "REDHAT-RHSA-2022-6991.NASL", "SLACKWARE_SSA_2022-237-02.NASL", "SUSE_SU-2022-3263-1.NASL", "SUSE_SU-2022-3264-1.NASL", "SUSE_SU-2022-3265-1.NASL", "SUSE_SU-2022-3274-1.NASL", "SUSE_SU-2022-3282-1.NASL", "SUSE_SU-2022-3288-1.NASL", "SUSE_SU-2022-3291-1.NASL", "SUSE_SU-2022-3293-1.NASL", "SUSE_SU-2022-3294-1.NASL", "SUSE_SU-2022-3408-1.NASL", "SUSE_SU-2022-3422-1.NASL", "SUSE_SU-2022-3450-1.NASL", "SUSE_SU-2022-3609-1.NASL", "UBUNTU_USN-5557-1.NASL", "UBUNTU_USN-5560-1.NASL", "UBUNTU_USN-5560-2.NASL", "UBUNTU_USN-5562-1.NASL", "UBUNTU_USN-5564-1.NASL", "UBUNTU_USN-5565-1.NASL", "UBUNTU_USN-5566-1.NASL", "UBUNTU_USN-5567-1.NASL", "UBUNTU_USN-5582-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-9689", "ELSA-2022-9690", "ELSA-2022-9691", "ELSA-2022-9692", "ELSA-2022-9693", "ELSA-2022-9694", "ELSA-2022-9699", "ELSA-2022-9709", "ELSA-2022-9710", "ELSA-2022-9761", "ELSA-2022-9787", "ELSA-2022-9788", "ELSA-2022-9827", "ELSA-2022-9830"]}, {"type": "osv", "idList": ["OSV:DLA-3102-1", "OSV:DLA-3131-1", "OSV:DSA-5207-1"]}, {"type": "photon", "idList": ["PHSA-2022-0226", "PHSA-2022-0433", "PHSA-2022-0506"]}, {"type": "redhat", "idList": ["RHSA-2022:6551", "RHSA-2022:6872", "RHSA-2022:6875", "RHSA-2022:6978", "RHSA-2022:6983", "RHSA-2022:6991", "RHSA-2022:7134", "RHSA-2022:7137", "RHSA-2022:7146", "RHSA-2022:7173"]}, {"type": "redhatcve", "idList": ["RH:CVE-2022-2588"]}, {"type": "slackware", "idList": ["SSA-2022-237-02"]}, {"type": "suse", "idList": ["SUSE-SU-2022:3264-1", "SUSE-SU-2022:3288-1", "SUSE-SU-2022:3293-1", "SUSE-SU-2022:3408-1", "SUSE-SU-2022:3609-1"]}, {"type": "thn", "idList": ["THN:7653AAD966BDC7D71A9D1981CA662AC3"]}, {"type": "ubuntu", "idList": ["LSN-0089-1", "USN-5557-1", "USN-5560-1", "USN-5560-2", "USN-5562-1", "USN-5564-1", "USN-5565-1", "USN-5566-1", "USN-5567-1", "USN-5582-1", "USN-5588-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2022-2588"]}, {"type": "veracode", "idList": ["VERACODE:37434"]}, {"type": "zdi", "idList": ["ZDI-22-1117"]}]}, "score": {"value": 1.6, "vector": "NONE"}, "vulnersScore": 1.6}, "_state": {"dependencies": 1666709794, "score": 1666712335}, "_internal": {"score_hash": "0172753b6846ee9d96f8ce5d5f2298da"}, "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-tools-libs-devel-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools-libs-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "python-perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "python-perf-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-headers-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "perf-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "perf-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-bootwrapper-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-bootwrapper"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-tools-libs-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-tools-libs"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-devel-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-3.10.0-957.99.1.el7.src.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "perf-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "perf-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "python-perf-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "python-perf"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "python-perf-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "python-perf"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-debuginfo-common-x86_64-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-debuginfo-common-x86_64"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-devel-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-doc-3.10.0-957.99.1.el7.noarch.rpm", "operator": "lt", "packageName": "kernel-doc"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-tools-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-abi-whitelists-3.10.0-957.99.1.el7.noarch.rpm", "operator": "lt", "packageName": "kernel-abi-whitelists"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-tools-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-tools-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-debug-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-debug"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "bpftool-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "bpftool"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-tools-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "python-perf-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "python-perf-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-headers-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-headers"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-debug-devel-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "perf-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "perf"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-debug-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-debug-devel-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-debug-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-debug-debuginfo-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-debug-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-debuginfo-common-ppc64le-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-debuginfo-common-ppc64le"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-debug-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-debug-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-tools-libs-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools-libs"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "perf-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "perf"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-tools-libs-devel-3.10.0-957.99.1.el7.ppc64le.rpm", "operator": "lt", "packageName": "kernel-tools-libs-devel"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.10.0-957.99.1.el7", "packageFilename": "kernel-tools-debuginfo-3.10.0-957.99.1.el7.x86_64.rpm", "operator": "lt", "packageName": "kernel-tools-debuginfo"}], "vendorCvss": {"severity": "important"}}
{"oraclelinux": [{"lastseen": "2022-08-09T22:40:36", "description": "[5.4.17-2136.309.5.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460937] {CVE-2022-2588}", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9692", "href": "http://linux.oracle.com/errata/ELSA-2022-9692.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T20:40:51", "description": "[4.14.35-2047.516.1.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588}\n[4.14.35-2047.516.1]\n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323860] {CVE-2022-2153}\n- xfs: dont use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34180868]\n[4.14.35-2047.516.0]\n- scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34328903] \n- uek: kabi: new protected symbols for USM in OL7 (Saeed Mirzamohammadi) [Orabug: 34233902] \n- vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 32967885] \n- mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: Fix vfio_find_dma_valid return (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: fix unmap all on ILP32 (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: block on invalid vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement notify callback (Steve Sistare) [Orabug: 32967885] \n- vfio: iommu driver notify callback (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: massage unmap iteration (Steve Sistare) [Orabug: 32967885] \n- vfio: interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement unmap all (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: unmap cleanup (Steve Sistare) [Orabug: 32967885] \n- vfio: option to unmap all (Steve Sistare) [Orabug: 32967885] \n- Linux 4.14.284 (Greg Kroah-Hartman) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) \n- x86/cpu: Add Comet Lake to the Intel CPU models header (Kan Liang) \n- x86/cpu: Add Cannonlake to Intel family (Rajneesh Bhardwaj) \n- x86/cpu: Add Jasper Lake to Intel family (Zhang Rui) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- x86/cpu: Add Elkhart Lake to Intel family (Gayatri Kammela) \n- Linux 4.14.283 (Greg Kroah-Hartman) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- Revert net: af_key: add check for pfkey_broadcast in function pfkey_process (Michal Kubecek) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: dont reset gadgets driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of out of frame object (Kees Cook) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- m68knommu: fix undefined reference to _init_sp (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sh-sci: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export cpm_setbrg for modules (Randy Dunlap) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- rxrpc: Dont try to resend the request if were receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Saeed Mirzamohammadi) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: dapm: Dont fold register value changes into notifications (Mark Brown) \n- ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VARENE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Slawinski) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add 0x prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- Linux 4.14.282 (Greg Kroah-Hartman) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- docs: submitting-patches: Fix crossref to The canonical patch format (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Haimin Zhang) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (Piyush Malgujar) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner) \n- Linux 4.14.281 (Greg Kroah-Hartman) \n- Reinstate some of swiotlb: rework fix info leak with DMA_FROM_DEVICE (Linus Torvalds) \n- swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) \n- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) \n- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) \n- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) \n- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) \n- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) \n- perf bench numa: Address compiler error on s390 (Thomas Richter) \n- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) \n- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) \n- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) \n- igb: skip phy status check where unavailable (Kevin Mitchell) \n- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) \n- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) \n- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) \n- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) \n- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) \n- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) \n- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) \n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) \n- mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() (Ulf Hansson) \n- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (Ulf Hansson) \n- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (Ulf Hansson) \n- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) \n- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) \n- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) \n- drbd: remove usage of list iterator variable after loop (Jakob Koschel) \n- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) \n- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) \n- Input: add bounds checking to input_set_capability() (Jeff LaBundy) \n- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow)\n[4.14.35-2047.515.3]\n- uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] \n- mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] \n- dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721]\n[4.14.35-2047.515.2]\n- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105319]\n[4.14.35-2047.515.1]\n- sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira) [Orabug: 34193333] \n- mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang) [Orabug: 34286148]\n[4.14.35-2047.515.0]\n- net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra) [Orabug: 34066209] \n- rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch) [Orabug: 34285241] \n- rds: Include congested flag in rds_sock struct. (Rohit Nair) [Orabug: 34261492] \n- cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike)) [Orabug: 34234771] \n- x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky) [Orabug: 34234771] \n- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218640] {CVE-2022-1652}\n- assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan) [Orabug: 34162064] \n- exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga) [Orabug: 32387887] \n- mm: madv_doexec_flag sysctl (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce MADV_DOEXEC (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 32387887] \n- mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga) [Orabug: 32387887] \n- mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga) [Orabug: 32387887] \n- ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga) [Orabug: 32387887] \n- Linux 4.14.280 (Greg Kroah-Hartman) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) \n- Linux 4.14.279 (Greg Kroah-Hartman) \n- VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) \n- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- block: drbd: drbd_nl: Make conversion to enum drbd_ret_code explicit (Lee Jones) \n- MIPS: Use address-of operator on section symbols (Nathan Chancellor) \n- Linux 4.14.278 (Greg Kroah-Hartman) \n- PCI: aardvark: Fix reading MSI interrupt number (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) \n- dm: fix mempool NULL pointer race when completing IO (Jiazi Li) \n- net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) \n- ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) \n- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) \n- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) \n- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) \n- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) \n- USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) \n- hex2bin: fix access beyond string end (Mikulas Patocka) \n- hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) \n- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) \n- serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) \n- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) \n- usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) \n- usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) \n- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) \n- iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) \n- iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) \n- xhci: stop polling roothubs after shutdown (Henry Lin) \n- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) \n- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) \n- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) \n- USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) \n- USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) \n- USB: quirks: add a Realtek card reader (Oliver Neukum) \n- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) \n- lightnvm: disable the subsystem (Greg Kroah-Hartman) \n- net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) \n- hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) \n- hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) \n- floppy: disable FDRAWCMD by default (Willy Tarreau) \n- Linux 4.14.277 (Greg Kroah-Hartman) \n- ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) \n- ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) \n- ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) \n- ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) \n- ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) \n- ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) \n- ax25: fix reference count leaks of ax25_dev (Duoming Zhou) \n- ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) \n- block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) \n- staging: ion: Prevent incorrect reference counting behavour (Lee Jones) \n- ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Tso) \n- ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Tso) \n- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) \n- ext4: fix symlink file size not match to file content (Ye Bin) \n- ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) \n- e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) \n- ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) \n- openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) \n- powerpc/perf: Fix power9 event alternatives (Athira Rajeev) \n- dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) \n- ata: pata_marvell: Check the bmdma_addr beforing reading (Zheyu Ma) \n- stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) \n- net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) \n- drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) \n- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) \n- vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) \n- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) \n- ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) \n- netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) \n- net/packet: fix packet_sock xmit return value checking (Hangbin Liu) \n- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) \n- tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) \n- tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) \n- ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) \n- gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) \n- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) \n- tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) \n- tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) \n- mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) \n- etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook)", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9699", "href": "http://linux.oracle.com/errata/ELSA-2022-9699.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T20:40:45", "description": "[5.15.0-1.43.4.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588}\n[5.15.0-1.43.4]\n- Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] \n- Revert selftests/bpf: Add test for reg2btf_ids out of bounds access (Alan Maguire) [Orabug: 34399286]\n[5.15.0-1.43.3]\n- x86/alternative: The retpoline alternative is not applied (Alexandre Chartre) [Orabug: 34395937] \n- x86/ftrace: Do not copy ftrace_stub() in ftrace trampoline (Alexandre Chartre) [Orabug: 34395937]\n[5.15.0-100.43.0]\n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364336] \n- ocfs2: dlmfs: dont clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364336] \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34364336] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34366723] \n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34393053] {CVE-2022-21505}\n[5.15.0-1.43.1]\n- LTS version: v5.15.43 (Jack Vogel) \n- mptcp: Do TCP fallback on early DSS checksum failure (Mat Martineau) \n- LTS version: v5.15.42 (Jack Vogel) \n- afs: Fix afs_getattr() to refetch file status if callback break occurred (David Howells) \n- i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (Yang Yingliang) \n- mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) \n- dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (Jae Hyun Yoo) \n- Input: ili210x - fix reset timing (Marek Vasut) \n- arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (Shreyas K K) \n- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) \n- net: atlantic: add check for MAX_SKB_FRAGS (Grant Grundler) \n- net: atlantic: reduce scope of is_rsc_complete (Grant Grundler) \n- net: atlantic: fix frag[0] not initialized (Grant Grundler) \n- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) \n- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) \n- nl80211: fix locking in nl80211_set_tx_bitrate_mask() (Johannes Berg) \n- net: fix wrong network header length (Lina Wang) \n- fbdev: Prevent possible use-after-free in fb_release() (Daniel Vetter) \n- Revert fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) \n- selftests: add ping test with ping_group_range tuned (Nicolas Dichtel) \n- nl80211: validate S1G channel width (Kieran Frewen) \n- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) \n- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) \n- scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (Brian Bunker) \n- perf bench numa: Address compiler error on s390 (Thomas Richter) \n- perf regs x86: Fix arch__intr_reg_mask() for the hybrid platform (Kan Liang) \n- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) \n- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) \n- perf build: Fix check for btf__load_from_kernel_by_id() in libbpf (Arnaldo Carvalho de Melo) \n- scsi: ufs: core: Fix referencing invalid rsp field (Daejun Park) \n- riscv: dts: sifive: fu540-c000: align dma node name with dtschema (Krzysztof Kozlowski) \n- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) \n- netfilter: flowtable: move dst_check to packet path (Ritaro Takenaka) \n- netfilter: flowtable: pass flowtable to nf_flow_table_iterate() (Pablo Neira Ayuso) \n- netfilter: flowtable: fix TCP flow teardown (Pablo Neira Ayuso) \n- igb: skip phy status check where unavailable (Kevin Mitchell) \n- mptcp: fix checksum byte order (Paolo Abeni) \n- mptcp: reuse __mptcp_make_csum in validate_data_csum (Geliang Tang) \n- mptcp: change the parameter of __mptcp_make_csum (Geliang Tang) \n- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) \n- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) \n- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) \n- net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) \n- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Maor Dickman) \n- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) \n- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) \n- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) \n- ice: Fix interrupt moderation settings getting cleared (Michal Wilczynski) \n- ice: move ice_container_type onto ice_ring_container (Maciej Fijalkowski) \n- ice: fix possible under reporting of ethtool Tx and Rx statistics (Paul Greenwalt) \n- ice: fix crash when writing timestamp on RX rings (Arkadiusz Kubalewski) \n- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) \n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) \n- net: systemport: Fix an error handling path in bcm_sysport_probe() (Christophe JAILLET) \n- Revert PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) \n- netfilter: nft_flow_offload: fix offload with pppoe + vlan (Felix Fietkau) \n- net: fix dev_fill_forward_path with pppoe + bridge (Felix Fietkau) \n- netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices (Felix Fietkau) \n- netfilter: flowtable: fix excessive hw offload attempts after failure (Felix Fietkau) \n- net/sched: act_pedit: sanitize shift argument before usage (Paolo Abeni) \n- xfrm: fix disable_policy flag use when arriving from different devices (Eyal Birger) \n- xfrm: rework default policy structure (Nicolas Dichtel) \n- net: macb: Increment rx bd head after allocating skb and buffer (Harini Katakam) \n- net: ipa: record proper RX transaction count (Alex Elder) \n- ALSA: hda - fix unused Realtek function when PM is not enabled (Randy Dunlap) \n- pinctrl: mediatek: mt8365: fix IES control pins (Mattijs Korpershoek) \n- ARM: dts: aspeed: Add video engine to g6 (Howard Chiu) \n- ARM: dts: aspeed: Add secure boot controller node (Joel Stanley) \n- ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (Eddie James) \n- ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (Jae Hyun Yoo) \n- pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (Jae Hyun Yoo) \n- ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (Jae Hyun Yoo) \n- dma-buf: ensure unique directory name for dmabuf stats (Charan Teja Kalla) \n- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (Jerome Pouiller) \n- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) \n- drm/i915/dmc: Add MMIO range restrictions (Anusha Srivatsa) \n- drm/amd: Dont reset dGPUs if the system is going to s2idle (Mario Limonciello) \n- libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov) \n- crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (Ondrej Mosnacek) \n- arm64: mte: Ensure the cleared tags are visible before setting the PTE (Catalin Marinas) \n- arm64: paravirt: Use RCU read locks to guard stolen_time (Prakruthi Deepak Heragu) \n- KVM: x86/mmu: Update number of zapped pages even if page list is stable (Sean Christopherson) \n- Revert can: m_can: pci: use custom bit timings for Elkhart Lake (Jarkko Nikula) \n- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (Rafael J. Wysocki) \n- Fix double fget() in vhost_net_set_backend() (Al Viro) \n- selinux: fix bad cleanup on error in hashtab_duplicate() (Ondrej Mosnacek) \n- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (Werner Sembach) \n- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) \n- ALSA: usb-audio: Restore Rane SL-1 quirk (Takashi Iwai) \n- nilfs2: fix lockdep warnings during disk space reclamation (Ryusuke Konishi) \n- nilfs2: fix lockdep warnings in page operations for btree nodes (Ryusuke Konishi) \n- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) \n- platform/chrome: cros_ec_debugfs: detach log reader wq from devm (Tzung-Bi Shih) \n- drbd: remove usage of list iterator variable after loop (Jakob Koschel) \n- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) \n- fs: fix an infinite loop in iomap_fiemap (Guo Xuenan) \n- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (Mario Limonciello) \n- nvme-multipath: fix hang when disk goes live over reconnect (Anton Eidelman) \n- nvmet: use a private workqueue instead of the system workqueue (Sagi Grimberg) \n- tools/virtio: compile with -pthread (Michael S. Tsirkin) \n- vhost_vdpa: dont setup irq offloading when irq_num < 0 (Zhu Lingshan) \n- s390/pci: improve zpci_dev reference counting (Niklas Schnelle) \n- s390/traps: improve panic message for translation-specification exception (Heiko Carstens) \n- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (Kai-Heng Feng) \n- crypto: x86/chacha20 - Avoid spurious jumps to other functions (Peter Zijlstra) \n- crypto: stm32 - fix reference leak in stm32_crc_remove (Zheng Yongjun) \n- rtc: sun6i: Fix time overflow handling (Andre Przywara) \n- gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) \n- nvme-pci: add quirks for Samsung X5 SSDs (Monish Kumar R) \n- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) \n- Input: add bounds checking to input_set_capability() (Jeff LaBundy) \n- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow) \n- rtc: pcf2127: fix bug when reading alarm registers (Hugo Villeneuve) \n- rtc: fix use-after-free on device removal (Vincent Whitchurch) \n- Revert drm/i915/opregion: check port number bounds for SWSCI display power state (Greg Thelen) \n- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (Hyeonggon Yoo) \n- Watchdog: sp5100_tco: Enable Family 17h+ CPUs (Terry Bowman) \n- Watchdog: sp5100_tco: Add initialization using EFCH MMIO (Terry Bowman) \n- Watchdog: sp5100_tco: Refactor MMIO base address initialization (Terry Bowman) \n- Watchdog: sp5100_tco: Move timer initialization into function (Terry Bowman) \n- i2c: piix4: Enable EFCH MMIO for Family 17h+ (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support for SMBus port select (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support to SMBus base address detect (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support to region request and release (Terry Bowman) \n- i2c: piix4: Move SMBus port selection into function (Terry Bowman) \n- i2c: piix4: Move SMBus controller base address detect into function (Terry Bowman) \n- i2c: piix4: Move port I/O region request/release code into functions (Terry Bowman) \n- i2c: piix4: Replace hardcoded memory map size with a #define (Terry Bowman) \n- kernel/resource: Introduce request_mem_region_muxed() (Terry Bowman) \n- io_uring: arm poll for non-nowait files (Pavel Begunkov) \n- usb: gadget: fix race when gadget driver register via ioctl (Schspa Shi) \n- LTS version: v5.15.41 (Jack Vogel) \n- usb: gadget: uvc: allow for application to cleanly shutdown (Dan Vacura) \n- usb: gadget: uvc: rename function to be more consistent (Michael Tretter) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (Naoya Horiguchi) \n- dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (Charan Teja Reddy) \n- Revert drm/amd/pm: keep the BACO feature enabled for suspend (Alex Deucher) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- SUNRPC: Ensure that the gssproxy client can start in a connected state (Trond Myklebust) \n- net: phy: micrel: Pass .probe for KS8737 (Fabio Estevam) \n- net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (Fabio Estevam) \n- arm[64]/memremap: dont abuse pfn_valid() to ensure presence of linear map (Mike Rapoport) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- writeback: Avoid skipping inode writeback (Jing Xia) \n- net: phy: Fix race condition on link status change (Francesco Dolcini) \n- net: atlantic: always deep reset on pm op, fixing up my null deref regression (Manuel Ullmann) \n- i40e: i40e_main: fix a missing check on list iterator (Xiaomeng Tong) \n- drm/nouveau/tegra: Stop using iommu_present() (Robin Murphy) \n- drm/vmwgfx: Disable command buffers on svga3 without gbobjects (Zack Rusin) \n- mm/huge_memory: do not overkill when splitting huge_zero_page (Xu Yu) \n- Revert mm/memory-failure.c: skip huge_zero_page in memory_failure() (Xu Yu) \n- ceph: fix setting of xattrs on async created inodes (Jeff Layton) \n- serial: 8250_mtk: Fix register address for XON/XOFF character (AngeloGioacchino Del Regno) \n- serial: 8250_mtk: Fix UART_EFR register address (AngeloGioacchino Del Regno) \n- fsl_lpuart: Dont enable interrupts too early (Indan Zupancic) \n- slimbus: qcom: Fix IRQ check in qcom_slim_probe (Miaoqian Lin) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: typec: tcpci_mt6360: Update for BMC PHY setting (ChiYuan Huang) \n- usb: typec: tcpci: Dont skip cleanup in .remove() on error (Uwe Kleine-Konig) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tty: n_gsm: fix mux activation issues in gsm_config() (Daniel Starke) \n- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Daniel Starke) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- x86/mm: Fix marking of unused sub-pmd ranges (Adrian-Ken Rueegsegger) \n- usb: xhci-mtk: fix fs isocs transfer error (Chunfeng Yun) \n- KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (Alexander Graf) \n- firmware_loader: use kernel credentials when reading firmware (Thiebaud Weksteen) \n- interconnect: Restore sync state by ignoring ipa-virt in provider count (Stephen Boyd) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (Matthew Hagan) \n- net: emaclite: Dont advertise 1000BASE-T and do auto negotiation (Shravya Kumbham) \n- ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (Ajit Kumar Pandey) \n- s390: disable -Warray-bounds (Sven Schnelle) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (Ashish Mhetre) \n- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (Duoming Zhou) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) \n- drm/vmwgfx: Fix fencing on SVGAv3 (Zack Rusin) \n- tls: Fix context leak on tls_device_down (Maxim Mikityanskiy) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (Florian Fainelli) \n- drm/vc4: hdmi: Fix build error for implicit function declaration (Hui Tang) \n- net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (Florian Fainelli) \n- net: ethernet: mediatek: ppe: fix wrong size passed to memset() (Yang Yingliang) \n- net/sched: act_pedit: really ensure the skb is writable (Paolo Abeni) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- virtio: fix virtio transitional ids (Shunsuke Mie) \n- arm64: vdso: fix makefile dependency on vdso.so (Joey Gouly) \n- selftests: vm: Makefile: rename TARGETS to VMTARGETS (Joel Savitz) \n- procfs: prevent unprivileged processes accessing fdinfo dir (Kalesh Singh) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- dim: initialize all struct fields (Jesse Brandeburg) \n- ionic: fix missing pci_release_regions() on error in ionic_probe() (Yang Yingliang) \n- nfs: fix broken handling of the softreval mount option (Dan Aloni) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- net: sfc: fix memory leak due to ptp channel (Taehee Yoo) \n- sfc: Use swap() instead of open coding it (Jiapeng Chong) \n- fbdev: efifb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- net: chelsio: cxgb4: Avoid potential negative array offset (Kees Cook) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (Christophe JAILLET) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- ice: fix PTP stale Tx timestamps cleanup (Michal Michalik) \n- ice: Fix race during aux device (un)plugging (Ivan Vecera) \n- platform/surface: aggregator: Fix initialization order when compiling as builtin module (Maximilian Luz) \n- fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (Vladimir Oltean) \n- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (Vladimir Oltean) \n- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (Vladimir Oltean) \n- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (Vladimir Oltean) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- mac80211: Reset MBSSID parameters upon connection (Manikanta Pubbisetty) \n- hwmon: (tmp401) Add OF device ID table (Camel Guo) \n- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (Guenter Roeck) \n- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) \n- LTS version: v5.15.40 (Jack Vogel) \n- mm: fix invalid page pointer returned with FOLL_PIN gups (Peter Xu) \n- mm/mlock: fix potential imbalanced rlimit ucounts adjustment (Miaohe Lin) \n- mm/hwpoison: fix error page recovered but reported not recovered (Naoya Horiguchi) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mm: fix missing cache flush for all tail pages of compound page (Muchun Song) \n- udf: Avoid using stale lengthOfImpUse (Jan Kara) \n- rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (Gleb Fotengauer-Malinovskiy) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in perf bench mem memcpy (Arnaldo Carvalho de Melo) \n- kbuild: move objtool_args back to scripts/Makefile.build (Masahiro Yamada) \n- LTS version: v5.15.39 (Jack Vogel) \n- PCI: aardvark: Update comment about link going down after link-up (Marek Behun) \n- PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (Marek Behun) \n- PCI: aardvark: Dont mask irq when mapping (Pali Rohar) \n- PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (Pali Rohar) \n- PCI: aardvark: Use separate INTA interrupt for emulated root bridge (Pali Rohar) \n- PCI: aardvark: Fix support for PME requester on emulated bridge (Pali Rohar) \n- PCI: aardvark: Add support for PME interrupts (Pali Rohar) \n- PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (Pali Rohar) \n- PCI: aardvark: Add support for ERR interrupt on emulated bridge (Pali Rohar) \n- PCI: aardvark: Enable MSI-X support (Pali Rohar) \n- PCI: aardvark: Fix setting MSI address (Pali Rohar) \n- PCI: aardvark: Add support for masking MSI interrupts (Pali Rohar) \n- PCI: aardvark: Refactor unmasking summary MSI interrupt (Pali Rohar) \n- PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (Marek Behun) \n- PCI: aardvark: Make msi_domain_info structure a static driver structure (Marek Behun) \n- PCI: aardvark: Make MSI irq_chip structures static driver structures (Marek Behun) \n- PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (Pali Rohar) \n- PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) \n- PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (Pali Rohar) \n- PCI: aardvark: Disable common PHY when unbinding driver (Pali Rohar) \n- PCI: aardvark: Disable link training when unbinding driver (Pali Rohar) \n- PCI: aardvark: Assert PERST# when unbinding driver (Pali Rohar) \n- PCI: aardvark: Fix memory leak in driver unbind (Pali Rohar) \n- PCI: aardvark: Mask all interrupts when unbinding driver (Pali Rohar) \n- PCI: aardvark: Disable bus mastering when unbinding driver (Pali Rohar) \n- PCI: aardvark: Comment actions in driver remove method (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (Pali Rohar) \n- PCI: pci-bridge-emul: Add definitions for missing capabilities registers (Pali Rohar) \n- PCI: pci-bridge-emul: Add description for class_revision field (Pali Rohar) \n- rcu: Apply callbacks processing time limit only on softirq (Frederic Weisbecker) \n- rcu: Fix callbacks processing time limit retaining cond_resched() (Frederic Weisbecker) \n- Revert parisc: Mark sched_clock unstable only if clocks are not syncronized (Helge Deller) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) \n- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) \n- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (Wanpeng Li) \n- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (Paolo Bonzini) \n- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini) \n- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (Wanpeng Li) \n- KVM: selftests: Silence compiler warning in the kvm_page_table_test (Thomas Huth) \n- kvm: selftests: do not use bitfields larger than 32-bits for PTEs (Paolo Bonzini) \n- iommu/dart: Add missing module owner to ops structure (Hector Martin) \n- net/mlx5e: Lag, Dont skip fib events on current dst (Vlad Buslov) \n- net/mlx5e: Lag, Fix fib_info pointer assignment (Vlad Buslov) \n- net/mlx5e: Lag, Fix use-after-free in fib event handler (Vlad Buslov) \n- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Aya Levin) \n- fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- gpio: mvebu: drop pwm base assignment (Baruch Siach) \n- drm/amdgpu: Ensure HDA function is suspended before ASIC reset (Kai-Heng Feng) \n- drm/amdgpu: dont set s3 and s0ix at the same time (Mario Limonciello) \n- drm/amdgpu: explicitly check for s0ix when evicting resources (Mario Limonciello) \n- drm/amdgpu: unify BO evicting method in amdgpu_ttm (Nirmoy Das) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- btrfs: force v2 space cache usage for subpage mount (Qu Wenruo) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (Vladimir Oltean) \n- bnxt_en: Fix unnecessary dropping of RX packets (Michael Chan) \n- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (Somnath Kotur) \n- selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (Ido Schimmel) \n- rxrpc: Enable IPv6 checksums on transport socket (David Howells) \n- mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (Eric Dumazet) \n- hinic: fix bug of wq out of bound access (Qiao Ma) \n- btrfs: do not BUG_ON() on failure to update inode when setting xattr (Filipe Manana) \n- drm/msm/dp: remove fail safe mode related code (Kuogee Hsieh) \n- selftests/net: so_txtime: usage(): fix documentation of default clock (Marc Kleine-Budde) \n- selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (Marc Kleine-Budde) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (Yang Yingliang) \n- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (Niels Dossche) \n- net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (Yang Yingliang) \n- net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (Yang Yingliang) \n- net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (Yang Yingliang) \n- NFSv4: Dont invalidate inode attributes on delegation return (Trond Myklebust) \n- RDMA/irdma: Fix possible crash due to NULL netdev in notifier (Mustafa Ismail) \n- RDMA/irdma: Reduce iWARP QP destroy time (Shiraz Saleem) \n- RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (Tatyana Nikolova) \n- RDMA/siw: Fix a condition race issue in MPA request processing (Cheng Xu) \n- SUNRPC release the transport of a relocated task with an assigned transport (Olga Kornievskaia) \n- selftests/seccomp: Dont call read() on TTY from background pgrp (Jann Horn) \n- net/mlx5: Fix deadlock in sync reset flow (Moshe Shemesh) \n- net/mlx5: Avoid double clear or set of sync reset requested (Moshe Shemesh) \n- net/mlx5e: Fix the calling of update_buffer_lossy() API (Mark Zhang) \n- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Paul Blakey) \n- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Vlad Buslov) \n- net/mlx5e: Fix trust state reset in reload (Moshe Tal) \n- iommu/dart: check return value after calling platform_get_resource() (Yang Yingliang) \n- iommu/vt-d: Drop stop marker messages (Lu Baolu) \n- ASoC: soc-ops: fix error handling (Pierre-Louis Bossart) \n- ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu) \n- hwmon: (pmbus) disable PEC if not enabled (Adam Wujek) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (Puyou Lu) \n- gpio: visconti: Fix fwnode of GPIO IRQ (Nobuhiro Iwamatsu) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: isotp: remove re-binding of bound socket (Oliver Hartkopp) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- s390/dasd: Fix read inconsistency for ESE DASD devices (Jan Hoppner) \n- s390/dasd: Fix read for ESE with blksize < 4k (Jan Hoppner) \n- s390/dasd: prevent double format of tracks for ESE devices (Stefan Haberland) \n- s390/dasd: fix data corruption for ESE devices (Stefan Haberland) \n- ASoC: meson: Fix event generation for AUI CODEC mux (Mark Brown) \n- ASoC: meson: Fix event generation for G12A tohdmi mux (Mark Brown) \n- ASoC: meson: Fix event generation for AUI ACODEC mux (Mark Brown) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- ASoC: da7219: Fix change notifications for tone generator frequency (Mark Brown) \n- genirq: Synchronize interrupt thread startup (Thomas Pfaff) \n- net: stmmac: disable Split Header (SPH) for Intel platforms (Tan Tee Min) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- timekeeping: Mark NMI safe time accessors as notrace (Kurt Kanzenbach) \n- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) \n- RISC-V: relocate DTB if its outside memory region (Nick Kossifidis) \n- drm/amdgpu: do not use passthrough mode in Xen dom0 (Marek Marczykowski-Gorecki) \n- drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (Harry Wentland) \n- iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (Nicolin Chen) \n- iommu/vt-d: Calculate mask for non-aligned flushes (David Stevens) \n- KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (Kyle Huey) \n- x86/fpu: Prevent FPU state corruption (Thomas Gleixner) \n- gpiolib: of: fix bounds check for gpio-reserved-ranges (Andrei Lalaev) \n- mmc: core: Set HS clock speed before sending HS CMD13 (Brian Norris) \n- mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (Samuel Holland) \n- mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (Shaik Sajida Bhanu) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (Zihao Wang) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- LTS version: v5.15.38 (Jack Vogel) \n- powerpc/64: Add UADDR64 relocation support (Alexey Kardashevskiy) \n- objtool: Fix type of reloc::addend (Peter Zijlstra) \n- objtool: Fix code relocs vs weak symbols (Peter Zijlstra) \n- eeprom: at25: Use DMA safe buffers (Christophe Leroy) \n- perf symbol: Remove arch__symbols__fixup_end() (Namhyung Kim) \n- tty: n_gsm: fix software flow control handling (Daniel Starke) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix reset fifo race condition (Daniel Starke) \n- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Daniel Starke) \n- tty: n_gsm: fix wrong signal octets encoding in MSC (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix wrong DLCI release order (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- netfilter: nft_socket: only do sk lookups when indev is available (Florian Westphal) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- tty: n_gsm: fix mux cleanup after unregister tty device (Daniel Starke) \n- tty: n_gsm: fix decoupled mux resource (Daniel Starke) \n- tty: n_gsm: fix restart handling via CLD command (Daniel Starke) \n- perf symbol: Update symbols__fixup_end() (Namhyung Kim) \n- perf symbol: Pass is_kallsyms to symbols__fixup_end() (Namhyung Kim) \n- x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) \n- ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (Tim Harvey) \n- ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (Eugen Hristev) \n- btrfs: fix leaked plug after failure syncing log on zoned filesystems (Filipe Manana) \n- thermal: int340x: Fix attr.show callback prototype (Kees Cook) \n- ACPI: processor: idle: Avoid falling back to C3 type C-states (Ville Syrjala) \n- net: ethernet: stmmac: fix write to sgmii_adapter_base (Dinh Nguyen) \n- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (Imre Deak) \n- drm/i915: Check EDID for HDR static metadata when choosing blc (Jouni Hogander) \n- netfilter: Update ip6_route_me_harder to consider L3 domain (Martin Willi) \n- mtd: rawnand: qcom: fix memory corruption that causes panic (Md Sadre Alam) \n- kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (Zqiang) \n- zonefs: Clear inode information flags on inode creation (Damien Le Moal) \n- zonefs: Fix management of open zones (Damien Le Moal) \n- Revert ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (Ville Syrjala) \n- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) \n- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) \n- powerpc/perf: Fix 32bit compile (Alexey Kardashevskiy) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- bonding: do not discard lowest hash bit for non layer3+4 hashing (suresh kumar) \n- ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (Namjae Jeon) \n- ksmbd: increment reference count of parent fp (Namjae Jeon) \n- arch: xtensa: platforms: Fix deadlock in rs_close() (Duoming Zhou) \n- ext4: fix bug_on in start_this_handle during umount filesystem (Ye Bin) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- ASoC: Intel: soc-acpi: correct device endpoints for max98373 (Chao Song) \n- tcp: fix F-RTO may not work correctly when receiving DSACK (Pengcheng Yang) \n- Revert ibmvnic: Add ethtool private flag for driver-defined queue limits (Dany Madden) \n- ixgbe: ensure IPsec VF<->PF compatibility (Leon Romanovsky) \n- perf arm-spe: Fix addresses of synthesized SPE events (Timothy Hayes) \n- gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) \n- gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) \n- gfs2: Minor retry logic cleanup (Andreas Gruenbacher) \n- gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) \n- net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (Yang Yingliang) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- tls: Skip tls_append_frag on zero copy size (Maxim Mikityanskiy) \n- drm/amd/display: Fix memory leak in dcn21_clock_source_create (Miaoqian Lin) \n- drm/amdkfd: Fix GWS queue count (David Yat Sin) \n- netfilter: conntrack: fix udp offload timeout sysctl (Volodymyr Mytnyk) \n- io_uring: check reserved fields for recv/recvmsg (Jens Axboe) \n- io_uring: check reserved fields for send/sendmsg (Jens Axboe) \n- net: dsa: lantiq_gswip: Dont set GSWIP_MII_CFG_RMII_CLK (Martin Blumenstingl) \n- drm/sun4i: Remove obsolete references to PHYS_OFFSET (Samuel Holland) \n- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (Nathan Rossi) \n- net: phy: marvell10g: fix return value on error (Baruch Siach) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (Vladimir Zapolskiy) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: make sure treq->af_specific is initialized (Eric Dumazet) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (Peilin Ye) \n- ip6_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- net/smc: sync err code when tcp connection was refused (liuyacan) \n- net: hns3: add return value for mailbox handling in PF (Jian Shen) \n- net: hns3: add validity check for message data length (Jian Shen) \n- net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (Jie Wang) \n- net: hns3: clear inited state and stop client after failed to register netdev (Jian Shen) \n- cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (Xiaobing Luo) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (Fabio Estevam) \n- ARM: dts: imx6ull-colibri: fix vqmmc regulator (Max Krummenacher) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- wireguard: device: check for metadata_dst with skb_valid_dst() (Nikolay Aleksandrov) \n- tcp: ensure to use the most recently sent skb when filling the rate sample (Pengcheng Yang) \n- pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (Marek Vasut) \n- tcp: md5: incorrect tcp_header_len for incoming connections (Francesco Ruggeri) \n- pinctrl: rockchip: fix RK3308 pinmux bits (Luca Ceresoli) \n- bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (Eyal Birger) \n- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (Pablo Neira Ayuso) \n- net: dsa: Add missing of_node_put() in dsa_port_link_register_of (Miaoqian Lin) ", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9690", "href": "http://linux.oracle.com/errata/ELSA-2022-9690.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T22:40:33", "description": "[5.4.17-2136.309.5.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza\n Cascardo) [Orabug: 34460937] {CVE-2022-2588}", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9691", "href": "http://linux.oracle.com/errata/ELSA-2022-9691.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T20:40:46", "description": "[5.15.0-1.43.4.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460936] {CVE-2022-2588}\n[5.15.0-1.43.4]\n- Revert selftests/bpf: add tests verifying unprivileged bpf behaviour (Alan Maguire) [Orabug: 34399286] \n- Revert selftests/bpf: Add test for reg2btf_ids out of bounds access (Alan Maguire) [Orabug: 34399286]\n[5.15.0-1.43.3]\n- x86/alternative: The retpoline alternative is not applied (Alexandre Chartre) [Orabug: 34395937] \n- x86/ftrace: Do not copy ftrace_stub() in ftrace trampoline (Alexandre Chartre) [Orabug: 34395937]\n[5.15.0-100.43.0]\n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364336] \n- ocfs2: dlmfs: dont clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364336] \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) [Orabug: 34364336] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34366723] \n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34393053] {CVE-2022-21505}\n[5.15.0-1.43.1]\n- LTS version: v5.15.43 (Jack Vogel) \n- mptcp: Do TCP fallback on early DSS checksum failure (Mat Martineau) \n- LTS version: v5.15.42 (Jack Vogel) \n- afs: Fix afs_getattr() to refetch file status if callback break occurred (David Howells) \n- i2c: mt7621: fix missing clk_disable_unprepare() on error in mtk_i2c_probe() (Yang Yingliang) \n- mt76: mt7921e: fix possible probe failure after reboot (Sean Wang) \n- dt-bindings: pinctrl: aspeed-g6: remove FWQSPID group (Jae Hyun Yoo) \n- Input: ili210x - fix reset timing (Marek Vasut) \n- arm64: Enable repeat tlbi workaround on KRYO4XX gold CPUs (Shreyas K K) \n- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) \n- net: atlantic: add check for MAX_SKB_FRAGS (Grant Grundler) \n- net: atlantic: reduce scope of is_rsc_complete (Grant Grundler) \n- net: atlantic: fix frag[0] not initialized (Grant Grundler) \n- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) \n- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) \n- nl80211: fix locking in nl80211_set_tx_bitrate_mask() (Johannes Berg) \n- net: fix wrong network header length (Lina Wang) \n- fbdev: Prevent possible use-after-free in fb_release() (Daniel Vetter) \n- Revert fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) \n- selftests: add ping test with ping_group_range tuned (Nicolas Dichtel) \n- nl80211: validate S1G channel width (Kieran Frewen) \n- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) \n- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) \n- scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (Brian Bunker) \n- perf bench numa: Address compiler error on s390 (Thomas Richter) \n- perf regs x86: Fix arch__intr_reg_mask() for the hybrid platform (Kan Liang) \n- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) \n- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) \n- perf build: Fix check for btf__load_from_kernel_by_id() in libbpf (Arnaldo Carvalho de Melo) \n- scsi: ufs: core: Fix referencing invalid rsp field (Daejun Park) \n- riscv: dts: sifive: fu540-c000: align dma node name with dtschema (Krzysztof Kozlowski) \n- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) \n- netfilter: flowtable: move dst_check to packet path (Ritaro Takenaka) \n- netfilter: flowtable: pass flowtable to nf_flow_table_iterate() (Pablo Neira Ayuso) \n- netfilter: flowtable: fix TCP flow teardown (Pablo Neira Ayuso) \n- igb: skip phy status check where unavailable (Kevin Mitchell) \n- mptcp: fix checksum byte order (Paolo Abeni) \n- mptcp: reuse __mptcp_make_csum in validate_data_csum (Geliang Tang) \n- mptcp: change the parameter of __mptcp_make_csum (Geliang Tang) \n- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) \n- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) \n- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) \n- net/mlx5e: Properly block LRO when XDP is enabled (Maxim Mikityanskiy) \n- net/mlx5: DR, Fix missing flow_source when creating multi-destination FW table (Maor Dickman) \n- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) \n- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) \n- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) \n- ice: Fix interrupt moderation settings getting cleared (Michal Wilczynski) \n- ice: move ice_container_type onto ice_ring_container (Maciej Fijalkowski) \n- ice: fix possible under reporting of ethtool Tx and Rx statistics (Paul Greenwalt) \n- ice: fix crash when writing timestamp on RX rings (Arkadiusz Kubalewski) \n- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) \n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) \n- net: systemport: Fix an error handling path in bcm_sysport_probe() (Christophe JAILLET) \n- Revert PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) \n- netfilter: nft_flow_offload: fix offload with pppoe + vlan (Felix Fietkau) \n- net: fix dev_fill_forward_path with pppoe + bridge (Felix Fietkau) \n- netfilter: nft_flow_offload: skip dst neigh lookup for ppp devices (Felix Fietkau) \n- netfilter: flowtable: fix excessive hw offload attempts after failure (Felix Fietkau) \n- net/sched: act_pedit: sanitize shift argument before usage (Paolo Abeni) \n- xfrm: fix disable_policy flag use when arriving from different devices (Eyal Birger) \n- xfrm: rework default policy structure (Nicolas Dichtel) \n- net: macb: Increment rx bd head after allocating skb and buffer (Harini Katakam) \n- net: ipa: record proper RX transaction count (Alex Elder) \n- ALSA: hda - fix unused Realtek function when PM is not enabled (Randy Dunlap) \n- pinctrl: mediatek: mt8365: fix IES control pins (Mattijs Korpershoek) \n- ARM: dts: aspeed: Add video engine to g6 (Howard Chiu) \n- ARM: dts: aspeed: Add secure boot controller node (Joel Stanley) \n- ARM: dts: aspeed: Add ADC for AST2600 and enable for Rainier and Everest (Eddie James) \n- ARM: dts: aspeed-g6: fix SPI1/SPI2 quad pin group (Jae Hyun Yoo) \n- pinctrl: pinctrl-aspeed-g6: remove FWQSPID group in pinctrl (Jae Hyun Yoo) \n- ARM: dts: aspeed-g6: remove FWQSPID group in pinctrl dtsi (Jae Hyun Yoo) \n- dma-buf: ensure unique directory name for dmabuf stats (Charan Teja Kalla) \n- dma-buf: fix use of DMA_BUF_SET_NAME_{A,B} in userspace (Jerome Pouiller) \n- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) \n- drm/i915/dmc: Add MMIO range restrictions (Anusha Srivatsa) \n- drm/amd: Dont reset dGPUs if the system is going to s2idle (Mario Limonciello) \n- libceph: fix potential use-after-free on linger ping and resends (Ilya Dryomov) \n- crypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ (Ondrej Mosnacek) \n- arm64: mte: Ensure the cleared tags are visible before setting the PTE (Catalin Marinas) \n- arm64: paravirt: Use RCU read locks to guard stolen_time (Prakruthi Deepak Heragu) \n- KVM: x86/mmu: Update number of zapped pages even if page list is stable (Sean Christopherson) \n- Revert can: m_can: pci: use custom bit timings for Elkhart Lake (Jarkko Nikula) \n- PCI/PM: Avoid putting Elo i2 PCIe Ports in D3cold (Rafael J. Wysocki) \n- Fix double fget() in vhost_net_set_backend() (Al Viro) \n- selinux: fix bad cleanup on error in hashtab_duplicate() (Ondrej Mosnacek) \n- ALSA: hda/realtek: Add quirk for TongFang devices with pop noise (Werner Sembach) \n- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) \n- ALSA: usb-audio: Restore Rane SL-1 quirk (Takashi Iwai) \n- nilfs2: fix lockdep warnings during disk space reclamation (Ryusuke Konishi) \n- nilfs2: fix lockdep warnings in page operations for btree nodes (Ryusuke Konishi) \n- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) \n- platform/chrome: cros_ec_debugfs: detach log reader wq from devm (Tzung-Bi Shih) \n- drbd: remove usage of list iterator variable after loop (Jakob Koschel) \n- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) \n- fs: fix an infinite loop in iomap_fiemap (Guo Xuenan) \n- rtc: mc146818-lib: Fix the AltCentury for AMD platforms (Mario Limonciello) \n- nvme-multipath: fix hang when disk goes live over reconnect (Anton Eidelman) \n- nvmet: use a private workqueue instead of the system workqueue (Sagi Grimberg) \n- tools/virtio: compile with -pthread (Michael S. Tsirkin) \n- vhost_vdpa: dont setup irq offloading when irq_num < 0 (Zhu Lingshan) \n- s390/pci: improve zpci_dev reference counting (Niklas Schnelle) \n- s390/traps: improve panic message for translation-specification exception (Heiko Carstens) \n- ALSA: hda/realtek: Enable headset mic on Lenovo P360 (Kai-Heng Feng) \n- crypto: x86/chacha20 - Avoid spurious jumps to other functions (Peter Zijlstra) \n- crypto: stm32 - fix reference leak in stm32_crc_remove (Zheng Yongjun) \n- rtc: sun6i: Fix time overflow handling (Andre Przywara) \n- gfs2: Disable page faults during lockless buffered reads (Andreas Gruenbacher) \n- nvme-pci: add quirks for Samsung X5 SSDs (Monish Kumar R) \n- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) \n- Input: add bounds checking to input_set_capability() (Jeff LaBundy) \n- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow) \n- rtc: pcf2127: fix bug when reading alarm registers (Hugo Villeneuve) \n- rtc: fix use-after-free on device removal (Vincent Whitchurch) \n- Revert drm/i915/opregion: check port number bounds for SWSCI display power state (Greg Thelen) \n- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (Hyeonggon Yoo) \n- Watchdog: sp5100_tco: Enable Family 17h+ CPUs (Terry Bowman) \n- Watchdog: sp5100_tco: Add initialization using EFCH MMIO (Terry Bowman) \n- Watchdog: sp5100_tco: Refactor MMIO base address initialization (Terry Bowman) \n- Watchdog: sp5100_tco: Move timer initialization into function (Terry Bowman) \n- i2c: piix4: Enable EFCH MMIO for Family 17h+ (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support for SMBus port select (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support to SMBus base address detect (Terry Bowman) \n- i2c: piix4: Add EFCH MMIO support to region request and release (Terry Bowman) \n- i2c: piix4: Move SMBus port selection into function (Terry Bowman) \n- i2c: piix4: Move SMBus controller base address detect into function (Terry Bowman) \n- i2c: piix4: Move port I/O region request/release code into functions (Terry Bowman) \n- i2c: piix4: Replace hardcoded memory map size with a #define (Terry Bowman) \n- kernel/resource: Introduce request_mem_region_muxed() (Terry Bowman) \n- io_uring: arm poll for non-nowait files (Pavel Begunkov) \n- usb: gadget: fix race when gadget driver register via ioctl (Schspa Shi) \n- LTS version: v5.15.41 (Jack Vogel) \n- usb: gadget: uvc: allow for application to cleanly shutdown (Dan Vacura) \n- usb: gadget: uvc: rename function to be more consistent (Michael Tretter) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- mm/hwpoison: use pr_err() instead of dump_page() in get_any_page() (Naoya Horiguchi) \n- dma-buf: call dma_buf_stats_setup after dmabuf is in valid list (Charan Teja Reddy) \n- Revert drm/amd/pm: keep the BACO feature enabled for suspend (Alex Deucher) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- SUNRPC: Ensure that the gssproxy client can start in a connected state (Trond Myklebust) \n- net: phy: micrel: Pass .probe for KS8737 (Fabio Estevam) \n- net: phy: micrel: Do not use kszphy_suspend/resume for KSZ8061 (Fabio Estevam) \n- arm[64]/memremap: dont abuse pfn_valid() to ensure presence of linear map (Mike Rapoport) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- writeback: Avoid skipping inode writeback (Jing Xia) \n- net: phy: Fix race condition on link status change (Francesco Dolcini) \n- net: atlantic: always deep reset on pm op, fixing up my null deref regression (Manuel Ullmann) \n- i40e: i40e_main: fix a missing check on list iterator (Xiaomeng Tong) \n- drm/nouveau/tegra: Stop using iommu_present() (Robin Murphy) \n- drm/vmwgfx: Disable command buffers on svga3 without gbobjects (Zack Rusin) \n- mm/huge_memory: do not overkill when splitting huge_zero_page (Xu Yu) \n- Revert mm/memory-failure.c: skip huge_zero_page in memory_failure() (Xu Yu) \n- ceph: fix setting of xattrs on async created inodes (Jeff Layton) \n- serial: 8250_mtk: Fix register address for XON/XOFF character (AngeloGioacchino Del Regno) \n- serial: 8250_mtk: Fix UART_EFR register address (AngeloGioacchino Del Regno) \n- fsl_lpuart: Dont enable interrupts too early (Indan Zupancic) \n- slimbus: qcom: Fix IRQ check in qcom_slim_probe (Miaoqian Lin) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: typec: tcpci_mt6360: Update for BMC PHY setting (ChiYuan Huang) \n- usb: typec: tcpci: Dont skip cleanup in .remove() on error (Uwe Kleine-Konig) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tty: n_gsm: fix mux activation issues in gsm_config() (Daniel Starke) \n- tty: n_gsm: fix buffer over-read in gsm_dlci_data() (Daniel Starke) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- x86/mm: Fix marking of unused sub-pmd ranges (Adrian-Ken Rueegsegger) \n- usb: xhci-mtk: fix fs isocs transfer error (Chunfeng Yun) \n- KVM: PPC: Book3S PR: Enable MSR_DR for switch_mmu_context() (Alexander Graf) \n- firmware_loader: use kernel credentials when reading firmware (Thiebaud Weksteen) \n- interconnect: Restore sync state by ignoring ipa-virt in provider count (Stephen Boyd) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- net: sfp: Add tx-fault workaround for Huawei MA5671A SFP ONT (Matthew Hagan) \n- net: emaclite: Dont advertise 1000BASE-T and do auto negotiation (Shravya Kumbham) \n- ASoC: SOF: Fix NULL pointer exception in sof_pci_probe callback (Ajit Kumar Pandey) \n- s390: disable -Warray-bounds (Sven Schnelle) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- iommu: arm-smmu: disable large page mappings for Nvidia arm-smmu (Ashish Mhetre) \n- RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (Duoming Zhou) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- gfs2: Fix filesystem block deallocation for short writes (Andreas Gruenbacher) \n- drm/vmwgfx: Fix fencing on SVGAv3 (Zack Rusin) \n- tls: Fix context leak on tls_device_down (Maxim Mikityanskiy) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- net: dsa: bcm_sf2: Fix Wake-on-LAN with mac_link_down() (Florian Fainelli) \n- drm/vc4: hdmi: Fix build error for implicit function declaration (Hui Tang) \n- net: bcmgenet: Check for Wake-on-LAN interrupt probe deferral (Florian Fainelli) \n- net: ethernet: mediatek: ppe: fix wrong size passed to memset() (Yang Yingliang) \n- net/sched: act_pedit: really ensure the skb is writable (Paolo Abeni) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- virtio: fix virtio transitional ids (Shunsuke Mie) \n- arm64: vdso: fix makefile dependency on vdso.so (Joey Gouly) \n- selftests: vm: Makefile: rename TARGETS to VMTARGETS (Joel Savitz) \n- procfs: prevent unprivileged processes accessing fdinfo dir (Kalesh Singh) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- dim: initialize all struct fields (Jesse Brandeburg) \n- ionic: fix missing pci_release_regions() on error in ionic_probe() (Yang Yingliang) \n- nfs: fix broken handling of the softreval mount option (Dan Aloni) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- net: sfc: fix memory leak due to ptp channel (Taehee Yoo) \n- sfc: Use swap() instead of open coding it (Jiapeng Chong) \n- fbdev: efifb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- net: chelsio: cxgb4: Avoid potential negative array offset (Kees Cook) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- drm/nouveau: Fix a potential theorical leak in nouveau_get_backlight_name() (Christophe JAILLET) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- ice: fix PTP stale Tx timestamps cleanup (Michal Michalik) \n- ice: Fix race during aux device (un)plugging (Ivan Vecera) \n- platform/surface: aggregator: Fix initialization order when compiling as builtin module (Maximilian Luz) \n- fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- fbdev: efifb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- fbdev: simplefb: Cleanup fb_info in .fb_destroy rather than .remove (Javier Martinez Canillas) \n- net: mscc: ocelot: avoid corrupting hardware counters when moving VCAP filters (Vladimir Oltean) \n- net: mscc: ocelot: restrict tc-trap actions to VCAP IS2 lookup 0 (Vladimir Oltean) \n- net: mscc: ocelot: fix VCAP IS2 filters matching on both lookups (Vladimir Oltean) \n- net: mscc: ocelot: fix last VCAP IS1/IS2 filter persisting in hardware when deleted (Vladimir Oltean) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- mac80211: Reset MBSSID parameters upon connection (Manikanta Pubbisetty) \n- hwmon: (tmp401) Add OF device ID table (Camel Guo) \n- iwlwifi: iwl-dbg: Use del_timer_sync() before freeing (Guenter Roeck) \n- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) \n- LTS version: v5.15.40 (Jack Vogel) \n- mm: fix invalid page pointer returned with FOLL_PIN gups (Peter Xu) \n- mm/mlock: fix potential imbalanced rlimit ucounts adjustment (Miaohe Lin) \n- mm/hwpoison: fix error page recovered but reported not recovered (Naoya Horiguchi) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: shmem: fix missing cache flush in shmem_mfill_atomic_pte() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mm: fix missing cache flush for all tail pages of compound page (Muchun Song) \n- udf: Avoid using stale lengthOfImpUse (Jan Kara) \n- rfkill: uapi: fix RFKILL_IOCTL_MAX_SIZE ioctl request definition (Gleb Fotengauer-Malinovskiy) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in perf bench mem memcpy (Arnaldo Carvalho de Melo) \n- kbuild: move objtool_args back to scripts/Makefile.build (Masahiro Yamada) \n- LTS version: v5.15.39 (Jack Vogel) \n- PCI: aardvark: Update comment about link going down after link-up (Marek Behun) \n- PCI: aardvark: Drop __maybe_unused from advk_pcie_disable_phy() (Marek Behun) \n- PCI: aardvark: Dont mask irq when mapping (Pali Rohar) \n- PCI: aardvark: Remove irq_mask_ack() callback for INTx interrupts (Pali Rohar) \n- PCI: aardvark: Use separate INTA interrupt for emulated root bridge (Pali Rohar) \n- PCI: aardvark: Fix support for PME requester on emulated bridge (Pali Rohar) \n- PCI: aardvark: Add support for PME interrupts (Pali Rohar) \n- PCI: aardvark: Optimize writing PCI_EXP_RTCTL_PMEIE and PCI_EXP_RTSTA_PME on emulated bridge (Pali Rohar) \n- PCI: aardvark: Add support for ERR interrupt on emulated bridge (Pali Rohar) \n- PCI: aardvark: Enable MSI-X support (Pali Rohar) \n- PCI: aardvark: Fix setting MSI address (Pali Rohar) \n- PCI: aardvark: Add support for masking MSI interrupts (Pali Rohar) \n- PCI: aardvark: Refactor unmasking summary MSI interrupt (Pali Rohar) \n- PCI: aardvark: Use dev_fwnode() instead of of_node_to_fwnode(dev->of_node) (Marek Behun) \n- PCI: aardvark: Make msi_domain_info structure a static driver structure (Marek Behun) \n- PCI: aardvark: Make MSI irq_chip structures static driver structures (Marek Behun) \n- PCI: aardvark: Check return value of generic_handle_domain_irq() when processing INTx IRQ (Pali Rohar) \n- PCI: aardvark: Rewrite IRQ code to chained IRQ handler (Pali Rohar) \n- PCI: aardvark: Replace custom PCIE_CORE_INT_* macros with PCI_INTERRUPT_* (Pali Rohar) \n- PCI: aardvark: Disable common PHY when unbinding driver (Pali Rohar) \n- PCI: aardvark: Disable link training when unbinding driver (Pali Rohar) \n- PCI: aardvark: Assert PERST# when unbinding driver (Pali Rohar) \n- PCI: aardvark: Fix memory leak in driver unbind (Pali Rohar) \n- PCI: aardvark: Mask all interrupts when unbinding driver (Pali Rohar) \n- PCI: aardvark: Disable bus mastering when unbinding driver (Pali Rohar) \n- PCI: aardvark: Comment actions in driver remove method (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- PCI: aardvark: Add support for DEVCAP2, DEVCTL2, LNKCAP2 and LNKCTL2 registers on emulated bridge (Pali Rohar) \n- PCI: pci-bridge-emul: Add definitions for missing capabilities registers (Pali Rohar) \n- PCI: pci-bridge-emul: Add description for class_revision field (Pali Rohar) \n- rcu: Apply callbacks processing time limit only on softirq (Frederic Weisbecker) \n- rcu: Fix callbacks processing time limit retaining cond_resched() (Frederic Weisbecker) \n- Revert parisc: Mark sched_clock unstable only if clocks are not syncronized (Helge Deller) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) \n- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) \n- KVM: LAPIC: Enable timer posted-interrupt only when mwait/hlt is advertised (Wanpeng Li) \n- KVM: x86/mmu: avoid NULL-pointer dereference on page freeing bugs (Paolo Bonzini) \n- KVM: x86: Do not change ICR on write to APIC_SELF_IPI (Paolo Bonzini) \n- x86/kvm: Preserve BSP MSR_KVM_POLL_CONTROL across suspend/resume (Wanpeng Li) \n- KVM: selftests: Silence compiler warning in the kvm_page_table_test (Thomas Huth) \n- kvm: selftests: do not use bitfields larger than 32-bits for PTEs (Paolo Bonzini) \n- iommu/dart: Add missing module owner to ops structure (Hector Martin) \n- net/mlx5e: Lag, Dont skip fib events on current dst (Vlad Buslov) \n- net/mlx5e: Lag, Fix fib_info pointer assignment (Vlad Buslov) \n- net/mlx5e: Lag, Fix use-after-free in fib event handler (Vlad Buslov) \n- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Aya Levin) \n- fbdev: Make fb_release() return -ENODEV if fbdev was unregistered (Javier Martinez Canillas) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- gpio: mvebu: drop pwm base assignment (Baruch Siach) \n- drm/amdgpu: Ensure HDA function is suspended before ASIC reset (Kai-Heng Feng) \n- drm/amdgpu: dont set s3 and s0ix at the same time (Mario Limonciello) \n- drm/amdgpu: explicitly check for s0ix when evicting resources (Mario Limonciello) \n- drm/amdgpu: unify BO evicting method in amdgpu_ttm (Nirmoy Das) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- btrfs: force v2 space cache usage for subpage mount (Qu Wenruo) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- selftests: ocelot: tc_flower_chains: specify conform-exceed action for policer (Vladimir Oltean) \n- bnxt_en: Fix unnecessary dropping of RX packets (Michael Chan) \n- bnxt_en: Fix possible bnxt_open() failure caused by wrong RFS flag (Somnath Kotur) \n- selftests: mirror_gre_bridge_1q: Avoid changing PVID while interface is operational (Ido Schimmel) \n- rxrpc: Enable IPv6 checksums on transport socket (David Howells) \n- mld: respect RCU rules in ip6_mc_source() and ip6_mc_msfilter() (Eric Dumazet) \n- hinic: fix bug of wq out of bound access (Qiao Ma) \n- btrfs: do not BUG_ON() on failure to update inode when setting xattr (Filipe Manana) \n- drm/msm/dp: remove fail safe mode related code (Kuogee Hsieh) \n- selftests/net: so_txtime: usage(): fix documentation of default clock (Marc Kleine-Budde) \n- selftests/net: so_txtime: fix parsing of start time stamp on 32 bit systems (Marc Kleine-Budde) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- net: cpsw: add missing of_node_put() in cpsw_probe_dt() (Yang Yingliang) \n- net: mdio: Fix ENOMEM return value in BCM6368 mux bus controller (Niels Dossche) \n- net: stmmac: dwmac-sun8i: add missing of_node_put() in sun8i_dwmac_register_mdio_mux() (Yang Yingliang) \n- net: dsa: mt7530: add missing of_node_put() in mt7530_setup() (Yang Yingliang) \n- net: ethernet: mediatek: add missing of_node_put() in mtk_sgmii_init() (Yang Yingliang) \n- NFSv4: Dont invalidate inode attributes on delegation return (Trond Myklebust) \n- RDMA/irdma: Fix possible crash due to NULL netdev in notifier (Mustafa Ismail) \n- RDMA/irdma: Reduce iWARP QP destroy time (Shiraz Saleem) \n- RDMA/irdma: Flush iWARP QP if modified to ERR from RTR state (Tatyana Nikolova) \n- RDMA/siw: Fix a condition race issue in MPA request processing (Cheng Xu) \n- SUNRPC release the transport of a relocated task with an assigned transport (Olga Kornievskaia) \n- selftests/seccomp: Dont call read() on TTY from background pgrp (Jann Horn) \n- net/mlx5: Fix deadlock in sync reset flow (Moshe Shemesh) \n- net/mlx5: Avoid double clear or set of sync reset requested (Moshe Shemesh) \n- net/mlx5e: Fix the calling of update_buffer_lossy() API (Mark Zhang) \n- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Paul Blakey) \n- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Vlad Buslov) \n- net/mlx5e: Fix trust state reset in reload (Moshe Tal) \n- iommu/dart: check return value after calling platform_get_resource() (Yang Yingliang) \n- iommu/vt-d: Drop stop marker messages (Lu Baolu) \n- ASoC: soc-ops: fix error handling (Pierre-Louis Bossart) \n- ASoC: dmaengine: Restore NULL prepare_slave_config() callback (Codrin Ciubotariu) \n- hwmon: (pmbus) disable PEC if not enabled (Adam Wujek) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- gpio: pca953x: fix irq_stat not updated when irq is disabled (irq_mask not set) (Puyou Lu) \n- gpio: visconti: Fix fwnode of GPIO IRQ (Nobuhiro Iwamatsu) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: isotp: remove re-binding of bound socket (Oliver Hartkopp) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- s390/dasd: Fix read inconsistency for ESE DASD devices (Jan Hoppner) \n- s390/dasd: Fix read for ESE with blksize < 4k (Jan Hoppner) \n- s390/dasd: prevent double format of tracks for ESE devices (Stefan Haberland) \n- s390/dasd: fix data corruption for ESE devices (Stefan Haberland) \n- ASoC: meson: Fix event generation for AUI CODEC mux (Mark Brown) \n- ASoC: meson: Fix event generation for G12A tohdmi mux (Mark Brown) \n- ASoC: meson: Fix event generation for AUI ACODEC mux (Mark Brown) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- ASoC: da7219: Fix change notifications for tone generator frequency (Mark Brown) \n- genirq: Synchronize interrupt thread startup (Thomas Pfaff) \n- net: stmmac: disable Split Header (SPH) for Intel platforms (Tan Tee Min) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- timekeeping: Mark NMI safe time accessors as notrace (Kurt Kanzenbach) \n- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) \n- RISC-V: relocate DTB if its outside memory region (Nick Kossifidis) \n- drm/amdgpu: do not use passthrough mode in Xen dom0 (Marek Marczykowski-Gorecki) \n- drm/amd/display: Avoid reading audio pattern past AUDIO_CHANNELS_COUNT (Harry Wentland) \n- iommu/arm-smmu-v3: Fix size calculation in arm_smmu_mm_invalidate_range() (Nicolin Chen) \n- iommu/vt-d: Calculate mask for non-aligned flushes (David Stevens) \n- KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (Kyle Huey) \n- x86/fpu: Prevent FPU state corruption (Thomas Gleixner) \n- gpiolib: of: fix bounds check for gpio-reserved-ranges (Andrei Lalaev) \n- mmc: core: Set HS clock speed before sending HS CMD13 (Brian Norris) \n- mmc: sunxi-mmc: Fix DMA descriptors allocated above 32 bits (Samuel Holland) \n- mmc: sdhci-msm: Reset GCC_SDCC_BCR register for SDHC (Shaik Sajida Bhanu) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- ALSA: hda/realtek: Add quirk for Yoga Duet 7 13ITL6 speakers (Zihao Wang) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- LTS version: v5.15.38 (Jack Vogel) \n- powerpc/64: Add UADDR64 relocation support (Alexey Kardashevskiy) \n- objtool: Fix type of reloc::addend (Peter Zijlstra) \n- objtool: Fix code relocs vs weak symbols (Peter Zijlstra) \n- eeprom: at25: Use DMA safe buffers (Christophe Leroy) \n- perf symbol: Remove arch__symbols__fixup_end() (Namhyung Kim) \n- tty: n_gsm: fix software flow control handling (Daniel Starke) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix reset fifo race condition (Daniel Starke) \n- tty: n_gsm: fix missing tty wakeup in convergence layer type 2 (Daniel Starke) \n- tty: n_gsm: fix wrong signal octets encoding in MSC (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix wrong DLCI release order (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- netfilter: nft_socket: only do sk lookups when indev is available (Florian Westphal) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- tty: n_gsm: fix mux cleanup after unregister tty device (Daniel Starke) \n- tty: n_gsm: fix decoupled mux resource (Daniel Starke) \n- tty: n_gsm: fix restart handling via CLD command (Daniel Starke) \n- perf symbol: Update symbols__fixup_end() (Namhyung Kim) \n- perf symbol: Pass is_kallsyms to symbols__fixup_end() (Namhyung Kim) \n- x86/cpu: Load microcode during restore_processor_state() (Borislav Petkov) \n- ARM: dts: imx8mm-venice-gw{71xx,72xx,73xx}: fix OTG controller OC mode (Tim Harvey) \n- ARM: dts: at91: sama7g5ek: enable pull-up on flexcom3 console lines (Eugen Hristev) \n- btrfs: fix leaked plug after failure syncing log on zoned filesystems (Filipe Manana) \n- thermal: int340x: Fix attr.show callback prototype (Kees Cook) \n- ACPI: processor: idle: Avoid falling back to C3 type C-states (Ville Syrjala) \n- net: ethernet: stmmac: fix write to sgmii_adapter_base (Dinh Nguyen) \n- drm/i915: Fix SEL_FETCH_PLANE_*(PIPE_B+) register addresses (Imre Deak) \n- drm/i915: Check EDID for HDR static metadata when choosing blc (Jouni Hogander) \n- netfilter: Update ip6_route_me_harder to consider L3 domain (Martin Willi) \n- mtd: rawnand: qcom: fix memory corruption that causes panic (Md Sadre Alam) \n- kasan: prevent cpu_quarantine corruption when CPU offline and cache shrink occur at same time (Zqiang) \n- zonefs: Clear inode information flags on inode creation (Damien Le Moal) \n- zonefs: Fix management of open zones (Damien Le Moal) \n- Revert ACPI: processor: idle: fix lockup regression on 32-bit ThinkPad T40 (Ville Syrjala) \n- selftest/vm: verify remap destination address in mremap_test (Sidhartha Kumar) \n- selftest/vm: verify mmap addr in mremap_test (Sidhartha Kumar) \n- powerpc/perf: Fix 32bit compile (Alexey Kardashevskiy) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- bonding: do not discard lowest hash bit for non layer3+4 hashing (suresh kumar) \n- ksmbd: set fixed sector size to FS_SECTOR_SIZE_INFORMATION (Namjae Jeon) \n- ksmbd: increment reference count of parent fp (Namjae Jeon) \n- arch: xtensa: platforms: Fix deadlock in rs_close() (Duoming Zhou) \n- ext4: fix bug_on in start_this_handle during umount filesystem (Ye Bin) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- ASoC: Intel: soc-acpi: correct device endpoints for max98373 (Chao Song) \n- tcp: fix F-RTO may not work correctly when receiving DSACK (Pengcheng Yang) \n- Revert ibmvnic: Add ethtool private flag for driver-defined queue limits (Dany Madden) \n- ixgbe: ensure IPsec VF<->PF compatibility (Leon Romanovsky) \n- perf arm-spe: Fix addresses of synthesized SPE events (Timothy Hayes) \n- gfs2: No short reads or writes upon glock contention (Andreas Gruenbacher) \n- gfs2: Make sure not to return short direct writes (Andreas Gruenbacher) \n- gfs2: Minor retry logic cleanup (Andreas Gruenbacher) \n- gfs2: Prevent endless loops in gfs2_file_buffered_write (Andreas Gruenbacher) \n- net: fec: add missing of_node_put() in fec_enet_init_stop_mode() (Yang Yingliang) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- tls: Skip tls_append_frag on zero copy size (Maxim Mikityanskiy) \n- drm/amd/display: Fix memory leak in dcn21_clock_source_create (Miaoqian Lin) \n- drm/amdkfd: Fix GWS queue count (David Yat Sin) \n- netfilter: conntrack: fix udp offload timeout sysctl (Volodymyr Mytnyk) \n- io_uring: check reserved fields for recv/recvmsg (Jens Axboe) \n- io_uring: check reserved fields for send/sendmsg (Jens Axboe) \n- net: dsa: lantiq_gswip: Dont set GSWIP_MII_CFG_RMII_CLK (Martin Blumenstingl) \n- drm/sun4i: Remove obsolete references to PHYS_OFFSET (Samuel Holland) \n- net: dsa: mv88e6xxx: Fix port_hidden_wait to account for port_base_addr (Nathan Rossi) \n- net: phy: marvell10g: fix return value on error (Baruch Siach) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- cpufreq: qcom-cpufreq-hw: Clear dcvs interrupts (Vladimir Zapolskiy) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: make sure treq->af_specific is initialized (Eric Dumazet) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode (Peilin Ye) \n- ip6_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- net/smc: sync err code when tcp connection was refused (liuyacan) \n- net: hns3: add return value for mailbox handling in PF (Jian Shen) \n- net: hns3: add validity check for message data length (Jian Shen) \n- net: hns3: modify the return code of hclge_get_ring_chain_from_mbx (Jie Wang) \n- net: hns3: clear inited state and stop client after failed to register netdev (Jian Shen) \n- cpufreq: fix memory leak in sun50i_cpufreq_nvmem_probe (Xiaobing Luo) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: dts: imx8mn-ddr4-evk: Describe the 32.768 kHz PMIC clock (Fabio Estevam) \n- ARM: dts: imx6ull-colibri: fix vqmmc regulator (Max Krummenacher) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- wireguard: device: check for metadata_dst with skb_valid_dst() (Nikolay Aleksandrov) \n- tcp: ensure to use the most recently sent skb when filling the rate sample (Pengcheng Yang) \n- pinctrl: stm32: Keep pinctrl block clock enabled when LEVEL IRQ requested (Marek Vasut) \n- tcp: md5: incorrect tcp_header_len for incoming connections (Francesco Ruggeri) \n- pinctrl: rockchip: fix RK3308 pinmux bits (Luca Ceresoli) \n- bpf, lwt: Fix crash when using bpf_skb_set_tunnel_key() from bpf_xmit lwt hook (Eyal Birger) \n- netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion (Pablo Neira Ayuso) \n- net: dsa: Add missing of_node_put() in dsa_port_link_register_of (Miaoqian Lin) ", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9689", "href": "http://linux.oracle.com/errata/ELSA-2022-9689.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T18:47:14", "description": "[4.14.35-2047.516.1.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460938] {CVE-2022-2588}\n[4.14.35-2047.516.1]\n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323860] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323860] {CVE-2022-2153}\n- xfs: dont use delalloc extents for COW on files with extsize hints (Christoph Hellwig) [Orabug: 34180868]\n[4.14.35-2047.516.0]\n- scsi: mpt3sas: Remove scsi_dma_map() error messages (Sreekanth Reddy) [Orabug: 34328903] \n- uek: kabi: new protected symbols for USM in OL7 (Saeed Mirzamohammadi) [Orabug: 34233902] \n- vfio/type1: add ioctl to check for correct pin accounting (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: track pages pinned by vfio across exec (Anthony Yznaga) [Orabug: 32967885] \n- mm: track driver pinned pages across exec (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: Fix vfio_find_dma_valid return (Anthony Yznaga) [Orabug: 32967885] \n- vfio/type1: fix unmap all on ILP32 (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: block on invalid vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement notify callback (Steve Sistare) [Orabug: 32967885] \n- vfio: iommu driver notify callback (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: massage unmap iteration (Steve Sistare) [Orabug: 32967885] \n- vfio: interfaces to update vaddr (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: implement unmap all (Steve Sistare) [Orabug: 32967885] \n- vfio/type1: unmap cleanup (Steve Sistare) [Orabug: 32967885] \n- vfio: option to unmap all (Steve Sistare) [Orabug: 32967885] \n- Linux 4.14.284 (Greg Kroah-Hartman) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- x86/cpu: Add Lakefield, Alder Lake and Rocket Lake models to the to Intel CPU family (Tony Luck) \n- x86/cpu: Add Comet Lake to the Intel CPU models header (Kan Liang) \n- x86/cpu: Add Cannonlake to Intel family (Rajneesh Bhardwaj) \n- x86/cpu: Add Jasper Lake to Intel family (Zhang Rui) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- x86/cpu: Add Elkhart Lake to Intel family (Gayatri Kammela) \n- Linux 4.14.283 (Greg Kroah-Hartman) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- Revert net: af_key: add check for pfkey_broadcast in function pfkey_process (Michal Kubecek) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: dont reset gadgets driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of out of frame object (Kees Cook) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- m68knommu: fix undefined reference to _init_sp (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sh-sci: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Dont allow CS5-6 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export cpm_setbrg for modules (Randy Dunlap) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- rxrpc: Dont try to resend the request if were receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Saeed Mirzamohammadi) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: dapm: Dont fold register value changes into notifications (Mark Brown) \n- ipv6: Dont send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VARENE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Slawinski) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add 0x prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- Linux 4.14.282 (Greg Kroah-Hartman) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- docs: submitting-patches: Fix crossref to The canonical patch format (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Haimin Zhang) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- drivers: i2c: thunderx: Allow driver to work with ACPI defined TWSI controllers (Piyush Malgujar) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner) \n- Linux 4.14.281 (Greg Kroah-Hartman) \n- Reinstate some of swiotlb: rework fix info leak with DMA_FROM_DEVICE (Linus Torvalds) \n- swiotlb: fix info leak with DMA_FROM_DEVICE (Halil Pasic) \n- net: atlantic: verify hw_head_ lies within TX buffer ring (Grant Grundler) \n- net: stmmac: fix missing pci_disable_device() on error in stmmac_pci_probe() (Yang Yingliang) \n- ethernet: tulip: fix missing pci_disable_device() on error in tulip_init_one() (Yang Yingliang) \n- mac80211: fix rx reordering with non explicit / psmp ack policy (Felix Fietkau) \n- scsi: qla2xxx: Fix missed DMA unmap for aborted commands (Gleb Chesnokov) \n- perf bench numa: Address compiler error on s390 (Thomas Richter) \n- gpio: mvebu/pwm: Refuse requests with inverted polarity (Uwe Kleine-Konig) \n- gpio: gpio-vf610: do not touch other bits when set the target bit (Haibo Chen) \n- net: bridge: Clear offload_fwd_mark when passing frame up bridge interface. (Andrew Lunn) \n- igb: skip phy status check where unavailable (Kevin Mitchell) \n- ARM: 9197/1: spectre-bhb: fix loop8 sequence for Thumb2 (Ard Biesheuvel) \n- ARM: 9196/1: spectre-bhb: enable for Cortex-A15 (Ard Biesheuvel) \n- net: af_key: add check for pfkey_broadcast in function pfkey_process (Jiasheng Jiang) \n- NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc (Duoming Zhou) \n- net/qla3xxx: Fix a test in ql_reset_work() (Christophe JAILLET) \n- clk: at91: generated: consider range when calculating best rate (Codrin Ciubotariu) \n- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) \n- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) \n- mmc: core: Default to generic_cmd6_time as timeout in __mmc_switch() (Ulf Hansson) \n- mmc: block: Use generic_cmd6_time when modifying INAND_CMD38_ARG_EXT_CSD (Ulf Hansson) \n- mmc: core: Specify timeouts for BKOPS and CACHE_FLUSH for eMMC (Ulf Hansson) \n- drm/dp/mst: fix a possible memory leak in fetch_monitor_name() (Hangyu Hua) \n- ALSA: wavefront: Proper check of get_user() error (Takashi Iwai) \n- ARM: 9191/1: arm/stacktrace, kasan: Silence KASAN warnings in unwind_frame() (linyujun) \n- drbd: remove usage of list iterator variable after loop (Jakob Koschel) \n- MIPS: lantiq: check the return value of kzalloc() (Xiaoke Wang) \n- Input: stmfts - fix reference leak in stmfts_input_open (Zheng Yongjun) \n- Input: add bounds checking to input_set_capability() (Jeff LaBundy) \n- um: Cleanup syscall_handler_t definition/cast, fix warning (David Gow)\n[4.14.35-2047.515.3]\n- uek-rpm: Enable Pensando EMMC reset controller (Thomas Tai) [Orabug: 34325721] \n- mfd: pensando_elbasr: Add Pensando Elba System Resource Chip (Brad Larson) [Orabug: 34325721] \n- dsc-drivers: update drivers for 1.15.9-C-65 (Shannon Nelson) [Orabug: 34325721]\n[4.14.35-2047.515.2]\n- net/rds: Delayed DR_SOCK_CANCEL (Gerd Rausch) [Orabug: 34105319]\n[4.14.35-2047.515.1]\n- sched/rt: Disable RT_RUNTIME_SHARE by default (Daniel Bristot de Oliveira) [Orabug: 34193333] \n- mstflint_access: Update driver code to v4.20.1-1 from Github (Qing Huang) [Orabug: 34286148]\n[4.14.35-2047.515.0]\n- net: ip: avoid OOM kills with large UDP sends over loopback (Venkat Venkatsubra) [Orabug: 34066209] \n- rdmaip: Flush ARP cache after address has been cleared (Gerd Rausch) [Orabug: 34285241] \n- rds: Include congested flag in rds_sock struct. (Rohit Nair) [Orabug: 34261492] \n- cpu/hotplug: Allow the CPU in CPU_UP_PREPARE state to be brought up again. (Longpeng(Mike)) [Orabug: 34234771] \n- x86/xen: Allow to retry if cpu_initialize_context() failed. (Boris Ostrovsky) [Orabug: 34234771] \n- floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218640] {CVE-2022-1652}\n- assoc_array: Fix BUG_ON during garbage collect (Stephen Brennan) [Orabug: 34162064] \n- exec, elf: fix reserve_va_range() sanity check (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: use already allocated notes data in reserve_va_range() (Anthony Yznaga) [Orabug: 32387887] \n- mm: madv_doexec_flag sysctl (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce MADV_DOEXEC (Anthony Yznaga) [Orabug: 32387887] \n- exec, elf: require opt-in for accepting preserved mem (Anthony Yznaga) [Orabug: 32387887] \n- mm: introduce VM_EXEC_KEEP (Anthony Yznaga) [Orabug: 32387887] \n- mm: fail exec if stack expansion will overlap another vma (Anthony Yznaga) [Orabug: 32387887] \n- mm: do not assume only the stack vma exists in setup_arg_pages() (Anthony Yznaga) [Orabug: 32387887] \n- ELF: when loading PIE binaries check for overlap with existing mappings (Anthony Yznaga) [Orabug: 32387887] \n- Linux 4.14.280 (Greg Kroah-Hartman) \n- tty/serial: digicolor: fix possible null-ptr-deref in digicolor_uart_probe() (Yang Yingliang) \n- ping: fix address binding wrt vrf (Nicolas Dichtel) \n- drm/vmwgfx: Initialize drm_mode_fb_cmd2 (Zack Rusin) \n- cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp() (Waiman Long) \n- USB: serial: option: add Fibocom MA510 modem (Sven Schwermer) \n- USB: serial: option: add Fibocom L610 modem (Sven Schwermer) \n- USB: serial: qcserial: add support for Sierra Wireless EM7590 (Ethan Yang) \n- USB: serial: pl2303: add device id for HP LM930 Display (Scott Chen) \n- usb: cdc-wdm: fix reading stuck on device close (Sergey Ryazanov) \n- tcp: resalt the secret every 10 seconds (Eric Dumazet) \n- ASoC: ops: Validate input values in snd_soc_put_volsw_range() (Mark Brown) \n- ASoC: max98090: Generate notifications on changes for custom control (Mark Brown) \n- ASoC: max98090: Reject invalid values in custom control put() (Mark Brown) \n- hwmon: (f71882fg) Fix negative temperature (Ji-Ze Hong (Peter Hong)) \n- net: sfc: ef10: fix memory leak in efx_ef10_mtd_probe() (Taehee Yoo) \n- net/smc: non blocking recvmsg() return -EAGAIN when no data and signal_pending (Guangguan Wang) \n- s390/lcs: fix variable dereferenced before check (Alexandra Winter) \n- s390/ctcm: fix potential memory leak (Alexandra Winter) \n- s390/ctcm: fix variable dereferenced before check (Alexandra Winter) \n- hwmon: (ltq-cputemp) restrict it to SOC_XWAY (Randy Dunlap) \n- mac80211_hwsim: call ieee80211_tx_prepare_skb under RCU protection (Johannes Berg) \n- netlink: do not reset transport header in netlink_recvmsg() (Eric Dumazet) \n- ipv4: drop dst in multicast routing path (Lokesh Dhoundiyal) \n- net: Fix features skip in for_each_netdev_feature() (Tariq Toukan) \n- batman-adv: Dont skb_split skbuffs with frag_list (Sven Eckelmann) \n- Linux 4.14.279 (Greg Kroah-Hartman) \n- VFS: Fix memory leak caused by concurrently mounting fs with subtype (ChenXiaoSong) \n- ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock (Takashi Iwai) \n- mm: userfaultfd: fix missing cache flush in mcopy_atomic_pte() and __mcopy_atomic() (Muchun Song) \n- mm: hugetlb: fix missing cache flush in copy_huge_page_from_user() (Muchun Song) \n- mmc: rtsx: add 74 Clocks in power on flow (Ricky WU) \n- Bluetooth: Fix the creation of hdev->name (Itay Iellin) \n- can: grcan: only use the NAPI poll budget for RX (Andreas Larsson) \n- can: grcan: grcan_probe(): fix broken system id check for errata workaround needs (Andreas Larsson) \n- block: drbd: drbd_nl: Make conversion to enum drbd_ret_code explicit (Lee Jones) \n- MIPS: Use address-of operator on section symbols (Nathan Chancellor) \n- Linux 4.14.278 (Greg Kroah-Hartman) \n- PCI: aardvark: Fix reading MSI interrupt number (Pali Rohar) \n- PCI: aardvark: Clear all MSIs at setup (Pali Rohar) \n- dm: interlock pending dm_io and dm_wait_for_bios_completion (Mike Snitzer) \n- dm: fix mempool NULL pointer race when completing IO (Jiazi Li) \n- net: ipv6: ensure we call ipv6_mc_down() at most once (j.nixdorf@avm.de) \n- kvm: x86/cpuid: Only provide CPUID leaf 0xA if host has architectural PMU (Sandipan Das) \n- net: igmp: respect RCU rules in ip_mc_source() and ip_mc_msfilter() (Eric Dumazet) \n- btrfs: always log symlinks in full mode (Filipe Manana) \n- smsc911x: allow using IRQ0 (Sergey Shtylyov) \n- net: emaclite: Add error handling for of_address_to_resource() (Shravya Kumbham) \n- hwmon: (adt7470) Fix warning on module removal (Armin Wolf) \n- NFC: netlink: fix sleep in atomic bug when firmware download timeout (Duoming Zhou) \n- nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs (Duoming Zhou) \n- nfc: replace improper check device_is_registered() in netlink related functions (Duoming Zhou) \n- can: grcan: use ofdev->dev when allocating DMA memory (Daniel Hellstrom) \n- can: grcan: grcan_close(): fix deadlock (Duoming Zhou) \n- ASoC: wm8958: Fix change notifications for DSP controls (Mark Brown) \n- firewire: core: extend card->lock in fw_core_handle_bus_reset (Niels Dossche) \n- firewire: remove check of list iterator against head past the loop body (Jakob Koschel) \n- firewire: fix potential uaf in outbound_phy_packet_callback() (Chengfeng Ye) \n- Revert SUNRPC: attempt AF_LOCAL connect on setup (Trond Myklebust) \n- ALSA: fireworks: fix wrong return count shorter than expected by 4 bytes (Takashi Sakamoto) \n- parisc: Merge model and model name into one line in /proc/cpuinfo (Helge Deller) \n- MIPS: Fix CP0 counter erratum detection for R4k CPUs (Maciej W. Rozycki) \n- tty: n_gsm: fix incorrect UA handling (Daniel Starke) \n- tty: n_gsm: fix wrong command frame length field encoding (Daniel Starke) \n- tty: n_gsm: fix wrong command retry handling (Daniel Starke) \n- tty: n_gsm: fix missing explicit ldisc flush (Daniel Starke) \n- tty: n_gsm: fix insufficient txframe size (Daniel Starke) \n- tty: n_gsm: fix malformed counter for out of frame data (Daniel Starke) \n- tty: n_gsm: fix wrong signal octet encoding in convergence layer type 2 (Daniel Starke) \n- drivers: net: hippi: Fix deadlock in rr_close() (Duoming Zhou) \n- cifs: destage any unwritten data to the server before calling copychunk_write (Ronnie Sahlberg) \n- x86: __memcpy_flushcache: fix wrong alignment if size > 2^32 (Mikulas Patocka) \n- ASoC: wm8731: Disable the regulator when probing fails (Zheyu Ma) \n- bnx2x: fix napi API usage sequence (Manish Chopra) \n- net: bcmgenet: hide status block before TX timestamping (Jonathan Lemon) \n- clk: sunxi: sun9i-mmc: check return value after calling platform_get_resource() (Yang Yingliang) \n- bus: sunxi-rsb: Fix the return value of sunxi_rsb_device_create() (Christophe JAILLET) \n- tcp: fix potential xmit stalls caused by TCP_NOTSENT_LOWAT (Eric Dumazet) \n- ip_gre: Make o_seqno start from 0 in native mode (Peilin Ye) \n- pinctrl: pistachio: fix use of irq_of_parse_and_map() (Lv Ruyi) \n- sctp: check asoc strreset_chunk in sctp_generate_reconf_event (Xin Long) \n- mtd: rawnand: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- ipvs: correctly print the memory size of ip_vs_conn_tab (Pengcheng Yang) \n- ARM: dts: Fix mmc order for omap3-gta04 (H. Nikolaus Schaller) \n- ARM: OMAP2+: Fix refcount leak in omap_gic_of_init (Miaoqian Lin) \n- phy: samsung: exynos5250-sata: fix missing device put in probe error paths (Krzysztof Kozlowski) \n- phy: samsung: Fix missing of_node_put() in exynos_sata_phy_probe (Miaoqian Lin) \n- ARM: dts: imx6qdl-apalis: Fix sgtl5000 detection issue (Fabio Estevam) \n- USB: Fix xhci event ring dequeue pointer ERDP update issue (Weitao Wang) \n- hex2bin: fix access beyond string end (Mikulas Patocka) \n- hex2bin: make the function hex_to_bin constant-time (Mikulas Patocka) \n- serial: 8250: Correct the clock for EndRun PTP/1588 PCIe device (Maciej W. Rozycki) \n- serial: 8250: Also set sticky MCR bits in console restoration (Maciej W. Rozycki) \n- usb: gadget: configfs: clear deactivation flag in configfs_composite_unbind() (Vijayavardhan Vennapusa) \n- usb: gadget: uvc: Fix crash when encoding data for usb request (Dan Vacura) \n- usb: misc: fix improper handling of refcount in uss720_probe() (Hangyu Hua) \n- iio: magnetometer: ak8975: Fix the error handling in ak8975_power_on() (Zheyu Ma) \n- iio: dac: ad5446: Fix read_raw not returning set value (Michael Hennerich) \n- iio: dac: ad5592r: Fix the missing return value. (Zizhuang Deng) \n- xhci: stop polling roothubs after shutdown (Henry Lin) \n- USB: serial: option: add Telit 0x1057, 0x1058, 0x1075 compositions (Daniele Palmas) \n- USB: serial: option: add support for Cinterion MV32-WA/MV32-WB (Slark Xiao) \n- USB: serial: cp210x: add PIDs for Kamstrup USB Meter Reader (Bruno Thomsen) \n- USB: serial: whiteheat: fix heap overflow in WHITEHEAT_GET_DTR_RTS (Kees Cook) \n- USB: quirks: add STRING quirk for VCOM device (Oliver Neukum) \n- USB: quirks: add a Realtek card reader (Oliver Neukum) \n- usb: mtu3: fix USB 3.0 dual-role-switch from device to host (Macpaul Lin) \n- lightnvm: disable the subsystem (Greg Kroah-Hartman) \n- net/sched: cls_u32: fix netns refcount changes in u32_change() (Eric Dumazet) \n- hamradio: remove needs_free_netdev to avoid UAF (Lin Ma) \n- hamradio: defer 6pack kfree after unregister_netdev (Lin Ma) \n- floppy: disable FDRAWCMD by default (Willy Tarreau) \n- Linux 4.14.277 (Greg Kroah-Hartman) \n- ax25: Fix UAF bugs in ax25 timers (Duoming Zhou) \n- ax25: Fix NULL pointer dereferences in ax25 timers (Duoming Zhou) \n- ax25: fix NPD bug in ax25_disconnect (Duoming Zhou) \n- ax25: fix UAF bug in ax25_send_control() (Duoming Zhou) \n- ax25: Fix refcount leaks caused by ax25_cb_del() (Duoming Zhou) \n- ax25: fix UAF bugs of net_device caused by rebinding operation (Duoming Zhou) \n- ax25: fix reference count leaks of ax25_dev (Duoming Zhou) \n- ax25: add refcount in ax25_dev to avoid UAF bugs (Duoming Zhou) \n- block/compat_ioctl: fix range check in BLKGETSIZE (Khazhismel Kumykov) \n- staging: ion: Prevent incorrect reference counting behavour (Lee Jones) \n- ext4: force overhead calculation if the s_overhead_cluster makes no sense (Theodore Tso) \n- ext4: fix overhead calculation to account for the reserved gdt blocks (Theodore Tso) \n- ext4: limit length to bitmap_maxbytes - blocksize in punch_hole (Tadeusz Struk) \n- ext4: fix symlink file size not match to file content (Ye Bin) \n- ARC: entry: fix syscall_trace_exit argument (Sergey Matyukevich) \n- e1000e: Fix possible overflow in LTR decoding (Sasha Neftin) \n- ASoC: soc-dapm: fix two incorrect uses of list iterator (Xiaomeng Tong) \n- openvswitch: fix OOB access in reserve_sfa_size() (Paolo Valerio) \n- powerpc/perf: Fix power9 event alternatives (Athira Rajeev) \n- dma: at_xdmac: fix a missing check on list iterator (Xiaomeng Tong) \n- ata: pata_marvell: Check the bmdma_addr beforing reading (Zheyu Ma) \n- stat: fix inconsistency between struct stat and struct compat_stat (Mikulas Patocka) \n- net: macb: Restart tx only if queue pointer is lagging (Tomas Melin) \n- drm/msm/mdp5: check the return of kzalloc() (Xiaoke Wang) \n- brcmfmac: sdio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- cifs: Check the IOCB_DIRECT flag, not O_DIRECT (David Howells) \n- vxlan: fix error return code in vxlan_fdb_append (Hongbin Wang) \n- ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant (Borislav Petkov) \n- platform/x86: samsung-laptop: Fix an unsigned comparison which can never be negative (Jiapeng Chong) \n- ARM: vexpress/spc: Avoid negative array index when !SMP (Kees Cook) \n- netlink: reset network and mac headers in netlink_dump() (Eric Dumazet) \n- net/packet: fix packet_sock xmit return value checking (Hangbin Liu) \n- dmaengine: imx-sdma: Fix error checking in sdma_event_remap (Miaoqian Lin) \n- tcp: Fix potential use-after-free due to double kfree() (Kuniyuki Iwashima) \n- tcp: fix race condition when creating child sockets from syncookies (Ricardo Dias) \n- ALSA: usb-audio: Clear MIDI port active flag after draining (Takashi Iwai) \n- gfs2: assign rgrp glock before compute_bitstructs (Bob Peterson) \n- can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path (Hangyu Hua) \n- tracing: Dump stacktrace trigger to the corresponding instance (Daniel Bristot de Oliveira) \n- tracing: Have traceon and traceoff trigger honor the instance (Steven Rostedt (Google)) \n- mm: page_alloc: fix building error on -Werror=array-compare (Xiongwei Song) \n- etherdevice: Adjust ether_addr* prototypes to silence -Wstringop-overead (Kees Cook)", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9693", "href": "http://linux.oracle.com/errata/ELSA-2022-9693.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-09T20:40:47", "description": "[4.1.12-124.65.1.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460939] {CVE-2022-2588}", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "ELSA-2022-9694", "href": "http://linux.oracle.com/errata/ELSA-2022-9694.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T00:43:27", "description": "[4.14.35-2047.517.3]\n- KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637] \n- KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637] \n- KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]\n[4.14.35-2047.517.2]\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476942] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476942] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476942] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476942] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476942] \n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465810] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465810] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419972] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414240] \n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510858] {CVE-2022-21385}\n[4.14.35-2047.517.1]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480752] {CVE-2022-2588}\n- Restore 'module, async: async_synchronize_full() on module init iff async is used' (Mridula Shastry) [Orabug: 34469834] \n- net/rds: Replace #ifdef DEBUG with CONFIG_SLUB_DEBUG (Freddy Carrillo) [Orabug: 34405766] \n- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34295843] \n- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34295843] \n- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34295843] \n- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34295843] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34211118] \n- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34211118] \n- Linux 4.14.288 (Greg Kroah-Hartman) \n- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) \n- ida: don't use BUG_ON() for debugging (Linus Torvalds) \n- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) \n- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) \n- xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) \n- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) \n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) \n- fbcon: Disallow setting font bigger than screen size (Helge Deller) \n- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) \n- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) \n- usbnet: fix memory leak in error case (Oliver Neukum) \n- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) \n- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) \n- mm/slub: add missing TID updates on slab deactivation (Jann Horn) \n- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) \n- Linux 4.14.287 (Greg Kroah-Hartman) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) \n- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) \n- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) \n- net: Rename and export copy_skb_header (Ilya Lesokhin) \n- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) \n- sit: use min (kernel test robot) \n- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) \n- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) \n- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) \n- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) \n- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) \n- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) \n- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) \n- usbnet: fix memory allocation in helpers (Oliver Neukum) \n- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) \n- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) \n- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) \n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) \n- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) \n- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) \n- nvdimm: Fix badblocks clear off-by-one error (Chris Ye) \n- Linux 4.14.286 (Greg Kroah-Hartman) \n- swiotlb: skip swiotlb_bounce when orig_addr is zero (Liu Shixin) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- fdt: Update CRC check for rng-seed (Hsin-Yi Wang) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- drm: remove drm_fb_helper_modinit (Christoph Hellwig) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- vt: drop old FONT ioctls (Jiri Slaby) \n- Linux 4.14.285 (Greg Kroah-Hartman) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- tcp: add some entropy in __inet_hash_connect() (Eric Dumazet) \n- xprtrdma: fix incorrect header size calculations (Colin Ian King) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable 'count' signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- misc: atmel-ssc: Fix IRQ check in ssc_probe (Miaoqian Lin) \n- tty: goldfish: Fix free_irq() on remove (Vincent Whitchurch) \n- i40e: Fix call trace in setup_tx_descriptors (Aleksandr Loktionov) \n- pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (Trond Myklebust) \n- random: credit cpu and bootloader seeds by default (Jason A. Donenfeld) \n- net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (Chen Lin) \n- ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (Wang Yufen) \n- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (Xiaohui Zhang) \n- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (chengkaitao) \n- scsi: pmcraid: Fix missing resource cleanup in error case (Chengguang Xu) \n- scsi: ipr: Fix missing/incorrect resource cleanup in error case (Chengguang Xu) \n- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (James Smart) \n- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (Wentao Wang) \n- ASoC: wm8962: Fix suspend while playing music (Adam Ford) \n- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (Sergey Shtylyov) \n- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (Charles Keepax) \n- ASoC: cs42l52: Correct TLV for Bypass Volume (Charles Keepax) \n- ASoC: cs53l30: Correct number of volume levels on SX controls (Charles Keepax) \n- ASoC: cs42l52: Fix TLV scales for mixer controls (Charles Keepax) \n- random: account for arch randomness in bits (Jason A. Donenfeld) \n- random: mark bootloader randomness code as __init (Jason A. Donenfeld) \n- random: avoid checking crng_ready() twice in random_init() (Jason A. Donenfeld) \n- crypto: drbg - make reseeding from get_random_bytes() synchronous (Nicolai Stange) \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) \n- crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (Nicolai Stange) \n- crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (Nicolai Stange) \n- crypto: drbg - prepare for more fine-grained tracking of seeding state (Nicolai Stange) \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) \n- crypto: drbg - add FIPS 140-2 CTRNG for noise source (Stephan Mueller) \n- Revert 'random: use static branch for crng_ready()' (Jason A. Donenfeld) \n- random: check for signals after page of pool writes (Jason A. Donenfeld) \n- random: wire up fops->splice_{read,write}_iter() (Jens Axboe) \n- random: convert to using fops->write_iter() (Jens Axboe) \n- random: move randomize_page() into mm where it belongs (Jason A. Donenfeld) \n- random: move initialization functions out of hot pages (Jason A. Donenfeld) \n- random: use proper jiffies comparison macro (Jason A. Donenfeld) \n- random: use symbolic constants for crng_init states (Jason A. Donenfeld) \n- siphash: use one source of truth for siphash permutations (Jason A. Donenfeld) \n- random: help compiler out with fast_mix() by using simpler arguments (Jason A. Donenfeld) \n- random: do not use input pool from hard IRQs (Saeed Mirzamohammadi) \n- random: order timer entropy functions below interrupt functions (Jason A. Donenfeld) \n- random: do not pretend to handle premature next security model (Jason A. Donenfeld) \n- random: do not use batches when !crng_ready() (Jason A. Donenfeld) \n- random: insist on random_get_entropy() existing in order to simplify (Jason A. Donenfeld) \n- xtensa: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- sparc: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- um: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- x86/tsc: Use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- nios2: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- arm: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- mips: use fallback for random_get_entropy() instead of just c0 random (Jason A. Donenfeld) \n- m68k: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- timekeeping: Add raw clock fallback for random_get_entropy() (Jason A. Donenfeld) \n- powerpc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- alpha: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- parisc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- s390: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- ia64: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- init: call time_init() before rand_initialize() (Jason A. Donenfeld) \n- random: fix sysctl documentation nits (Jason A. Donenfeld) \n- random: document crng_fast_key_erasure() destination possibility (Jason A. Donenfeld) \n- random: make random_get_entropy() return an unsigned long (Jason A. Donenfeld) \n- random: check for signals every PAGE_SIZE chunk of /dev/[u]random (Jason A. Donenfeld) \n- random: check for signal_pending() outside of need_resched() check (Jann Horn) \n- random: do not allow user to keep crng key around on stack (Jason A. Donenfeld) \n- random: do not split fast init input in add_hwgenerator_randomness() (Jan Varho) \n- random: mix build-time latent entropy into pool at init (Jason A. Donenfeld) \n- random: re-add removed comment about get_random_{u32,u64} reseeding (Jason A. Donenfeld) \n- random: treat bootloader trust toggle the same way as cpu trust toggle (Jason A. Donenfeld) \n- random: skip fast_init if hwrng provides large chunk of entropy (Jason A. Donenfeld) \n- random: check for signal and try earlier when generating entropy (Jason A. Donenfeld) \n- random: reseed more often immediately after booting (Jason A. Donenfeld) \n- random: make consistent usage of crng_ready() (Jason A. Donenfeld) \n- random: use SipHash as interrupt entropy accumulator (Jason A. Donenfeld) \n- random: replace custom notifier chain with standard one (Jason A. Donenfeld) \n- random: don't let 644 read-only sysctls be written to (Jason A. Donenfeld) \n- random: give sysctl_random_min_urandom_seed a more sensible value (Jason A. Donenfeld) \n- random: do crng pre-init loading in worker rather than irq (Jason A. Donenfeld) \n- random: unify cycles_t and jiffies usage and types (Jason A. Donenfeld) \n- random: cleanup UUID handling (Jason A. Donenfeld) \n- random: only wake up writers after zap if threshold was passed (Jason A. Donenfeld) \n- random: round-robin registers as ulong, not u32 (Jason A. Donenfeld) \n- random: pull add_hwgenerator_randomness() declaration into random.h (Jason A. Donenfeld) \n- random: check for crng_init == 0 in add_device_randomness() (Jason A. Donenfeld) \n- random: unify early init crng load accounting (Jason A. Donenfeld) \n- random: do not take pool spinlock at boot (Jason A. Donenfeld) \n- random: defer fast pool mixing to worker (Jason A. Donenfeld) \n- random: rewrite header introductory comment (Jason A. Donenfeld) \n- random: group sysctl functions (Jason A. Donenfeld) \n- random: group userspace read/write functions (Jason A. Donenfeld) \n- random: group entropy collection functions (Jason A. Donenfeld) \n- random: group entropy extraction functions (Jason A. Donenfeld) \n- random: remove useless header comment (Jason A. Donenfeld) \n- random: introduce drain_entropy() helper to declutter crng_reseed() (Jason A. Donenfeld) \n- random: deobfuscate irq u32/u64 contributions (Jason A. Donenfeld) \n- random: add proper SPDX header (Jason A. Donenfeld) \n- random: remove unused tracepoints (Jason A. Donenfeld) \n- random: remove ifdef'd out interrupt bench (Jason A. Donenfeld) \n- random: tie batched entropy generation to base_crng generation (Jason A. Donenfeld) \n- random: zero buffer after reading entropy from userspace (Jason A. Donenfeld) \n- random: remove outdated INT_MAX >> 6 check in urandom_read() (Jason A. Donenfeld) \n- random: use hash function for crng_slow_load() (Jason A. Donenfeld) \n- random: absorb fast pool into input pool after fast load (Jason A. Donenfeld) \n- random: do not xor RDRAND when writing into /dev/random (Jason A. Donenfeld) \n- random: ensure early RDSEED goes through mixer on init (Jason A. Donenfeld) \n- random: inline leaves of rand_initialize() (Jason A. Donenfeld) \n- random: use RDSEED instead of RDRAND in entropy extraction (Jason A. Donenfeld) \n- random: fix locking in crng_fast_load() (Dominik Brodowski) \n- random: remove batched entropy locking (Jason A. Donenfeld) \n- random: remove use_input_pool parameter from crng_reseed() (Eric Biggers) \n- random: make credit_entropy_bits() always safe (Jason A. Donenfeld) \n- random: always wake up entropy writers after extraction (Jason A. Donenfeld) \n- random: use linear min-entropy accumulation crediting (Jason A. Donenfeld) \n- random: simplify entropy debiting (Jason A. Donenfeld) \n- random: use computational hash for entropy extraction (Jason A. Donenfeld) \n- random: only call crng_finalize_init() for primary_crng (Dominik Brodowski) \n- random: access primary_pool directly rather than through pointer (Dominik Brodowski) \n- random: continually use hwgenerator randomness (Dominik Brodowski) \n- random: simplify arithmetic function flow in account() (Jason A. Donenfeld) \n- random: access input_pool_data directly rather than through pointer (Jason A. Donenfeld) \n- random: cleanup fractional entropy shift constants (Jason A. Donenfeld) \n- random: prepend remaining pool constants with POOL_ (Jason A. Donenfeld) \n- random: de-duplicate INPUT_POOL constants (Jason A. Donenfeld) \n- random: remove unused OUTPUT_POOL constants (Jason A. Donenfeld) \n- random: rather than entropy_store abstraction, use global (Jason A. Donenfeld) \n- random: try to actively add entropy rather than passively wait for it (Linus Torvalds) \n- random: remove unused extract_entropy() reserved argument (Jason A. Donenfeld) \n- random: remove incomplete last_data logic (Jason A. Donenfeld) \n- random: cleanup integer types (Jason A. Donenfeld) \n- crypto: chacha20 - Fix chacha20_block() keystream alignment (again) (Eric Biggers) \n- random: cleanup poolinfo abstraction (Jason A. Donenfeld) \n- random: fix typo in comments (Schspa Shi) \n- random: don't reset crng_init_cnt on urandom_read() (Jann Horn) \n- random: avoid superfluous call to RDRAND in CRNG extraction (Jason A. Donenfeld) \n- random: early initialization of ChaCha constants (Dominik Brodowski) \n- random: initialize ChaCha20 constants with correct endianness (Eric Biggers) \n- random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs (Jason A. Donenfeld) \n- random: harmonize 'crng init done' messages (Dominik Brodowski) \n- random: mix bootloader randomness into pool (Jason A. Donenfeld) \n- random: do not re-init if crng_reseed completes before primary init (Jason A. Donenfeld) \n- random: do not sign extend bytes for rotation when mixing (Jason A. Donenfeld) \n- random: use BLAKE2s instead of SHA1 in extraction (Jason A. Donenfeld) \n- random: remove unused irq_flags argument from add_interrupt_randomness() (Saeed Mirzamohammadi) \n- random: document add_hwgenerator_randomness() with other input functions (Mark Brown) \n- crypto: blake2s - adjust include guard naming (Eric Biggers) \n(Eric Biggers) \n- MAINTAINERS: co-maintain random.c (Jason A. Donenfeld) \n- random: remove dead code left over from blocking pool (Eric Biggers) \n- random: avoid arch_get_random_seed_long() when collecting IRQ randomness (Ard Biesheuvel) \n- random: add arch_get_random_*long_early() (Mark Rutland) \n- powerpc: Use bool in archrandom.h (Richard Henderson) \n- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (Richard Henderson) \n- linux/random.h: Use false with bool (Richard Henderson) \n- linux/random.h: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- s390: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- powerpc: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- x86: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- random: avoid warnings for !CONFIG_NUMA builds (Mark Rutland) \n- random: split primary/secondary crng init paths (Mark Rutland) \n- random: remove some dead code of poolinfo (Yangtao Li) \n- random: fix typo in add_timer_randomness() (Yangtao Li) \n- random: Add and use pr_fmt() (Yangtao Li) \n- random: convert to ENTROPY_BITS for better code readability (Yangtao Li) \n- random: remove unnecessary unlikely() (Yangtao Li) \n- random: remove kernel.random.read_wakeup_threshold (Andy Lutomirski) \n- random: delete code to pull data into pools (Andy Lutomirski) \n- random: remove the blocking pool (Andy Lutomirski) \n- random: fix crash on multiple early calls to add_bootloader_randomness() (Dominik Brodowski) \n- char/random: silence a lockdep splat with printk() (Sergey Senozhatsky) \n- random: make /dev/random be almost like /dev/urandom (Andy Lutomirski) \n- random: ignore GRND_RANDOM in getentropy(2) (Andy Lutomirski) \n- random: add GRND_INSECURE to return best-effort non-cryptographic bytes (Andy Lutomirski) \n- random: Add a urandom_read_nowait() for random APIs that don't warn (Andy Lutomirski) \n- random: Don't wake crng_init_wait when crng_init == 1 (Andy Lutomirski) \n- lib/crypto: sha1: re-roll loops to reduce code size (Jason A. Donenfeld) \n- lib/crypto: blake2s: move hmac construction into wireguard (Jason A. Donenfeld) \n- crypto: blake2s - generic C library implementation and selftest (Jason A. Donenfeld) \n- crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() (Andy Shevchenko) \n- Revert 'hwrng: core - Freeze khwrng thread during suspend' (Herbert Xu) \n- char/random: Add a newline at the end of the file (Borislav Petkov) \n- random: Use wait_event_freezable() in add_hwgenerator_randomness() (Stephen Boyd) \n- fdt: add support for rng-seed (Hsin-Yi Wang) \n- random: Support freezable kthreads in add_hwgenerator_randomness() (Stephen Boyd) \n- random: fix soft lockup when trying to read from an uninitialized blocking pool (Theodore Ts'o) \n- latent_entropy: avoid build error when plugin cflags are not set (Vasily Gorbik) \n- random: document get_random_int() family (George Spelvin) \n- random: move rand_initialize() earlier (Kees Cook) \n- random: only read from /dev/random after its pool has received 128 bits (Theodore Ts'o) \n- drivers/char/random.c: make primary_crng static (Rasmus Villemoes) \n- drivers/char/random.c: remove unused stuct poolinfo::poolbits (Rasmus Villemoes) \n- drivers/char/random.c: constify poolinfo_table (Rasmus Villemoes) \n- random: make CPU trust a boot parameter (Kees Cook) \n- random: Make crng state queryable (Jason A. Donenfeld) \n- random: remove preempt disabled region (Ingo Molnar) \n- random: add a config option to trust the CPU's hwrng (Theodore Ts'o) \n- random: Return nbytes filled from hw RNG (Tobin C. Harding) \n- random: Fix whitespace pre random-bytes work (Tobin C. Harding) \n- drivers/char/random.c: remove unused dont_count_entropy (Rasmus Villemoes) \n- random: optimize add_interrupt_randomness (Andi Kleen) \n- random: always fill buffer in get_random_bytes_wait (Jason A. Donenfeld) \n- crypto: chacha20 - Fix keystream alignment for chacha20_block() (Eric Biggers) \n- 9p: missing chunk of 'fs/9p: Don't update file type when updating file attributes' (Al Viro)\n[4.14.35-2047.517.0]\n- mpt3sas: Fix panic observed while accessing the hw ctx queue (Gulam Mohamed) [Orabug: 34446738] \n- driver: marvell: mmc: Add new bus modes overrides from DT (Wojciech Bartczak) [Orabug: 34440004] \n- octeontx2: mmc: Adds mechanism to modify all MMC bus modes timings (Wojciech Bartczak) [Orabug: 34440004] \n- rds/rdma: correctly assign the dest qp num in rds ib connection (Rohit Nair) [Orabug: 34429478] \n- Revert 'uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT' (Gulam Mohamed) [Orabug: 34419153] \n- net/rds : Adding support to print SCQ and RCQ completion vectors in rds-info. (Anand Khoje) [Orabug: 34398210] \n- IB/mlx5: Disable BME for unbound devices too (Hakon Bugge) [Orabug: 34395378] \n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) [Orabug: 34387281] \n- net/mlx5: FW tracer, Add debug prints (Saeed Mahameed) [Orabug: 34387281] \n- perf script: Fix crash because of missing evsel->priv (Ravi Bangoria) [Orabug: 34382257] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371946] \n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364338] \n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364338] \n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 33665743]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2022-09-16T00:00:00", "id": "ELSA-2022-9787", "href": "http://linux.oracle.com/errata/ELSA-2022-9787.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-09-16T00:43:27", "description": "[4.14.35-2047.517.3.el7]\n- KVM: x86: use raw clock values consistently (Paolo Bonzini) [Orabug: 34575637]\n- KVM: x86: reorganize pvclock_gtod_data members (Paolo Bonzini) [Orabug: 34575637]\n- KVM: x86: switch KVMCLOCK base to monotonic raw clock (Marcelo Tosatti) [Orabug: 34575637]\n[4.14.35-2047.517.2.el7]\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476942]\n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476942]\n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476942]\n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476942]\n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476942]\n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419972] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414240]\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510858] {CVE-2022-21385}\n[4.14.35-2047.517.1.el7]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480752] {CVE-2022-2588}\n- Restore 'module, async: async_synchronize_full() on module init iff async is used' (Mridula Shastry) [Orabug: 34469834]\n- net/rds: Replace #ifdef DEBUG with CONFIG_SLUB_DEBUG (Freddy Carrillo) [Orabug: 34405766]\n- ext4: Move to shared i_rwsem even without dioread_nolock mount opt (Ritesh Harjani) [Orabug: 34295843]\n- ext4: Start with shared i_rwsem in case of DIO instead of exclusive (Ritesh Harjani) [Orabug: 34295843]\n- ext4: further refactoring bufferio and dio helper (Junxiao Bi) [Orabug: 34295843]\n- ext4: refactor ext4_file_write_iter (Junxiao Bi) [Orabug: 34295843]\n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34211118]\n- xen/manage: revert 'xen/manage: enable C_A_D to force reboot' (Dongli Zhang) [Orabug: 34211118]\n- Linux 4.14.288 (Greg Kroah-Hartman) \n- dmaengine: ti: Add missing put_device in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: ti: Fix refcount leak in ti_dra7_xbar_route_allocate (Miaoqian Lin) \n- dmaengine: at_xdma: handle errors of at_xdmac_alloc_desc() correctly (Michael Walle) \n- ida: don't use BUG_ON() for debugging (Linus Torvalds) \n- i2c: cadence: Unregister the clk notifier in error path (Satish Nagireddy) \n- pinctrl: sunxi: a83t: Fix NAND function name for some pins (Samuel Holland) \n- xfs: remove incorrect ASSERT in xfs_rename (Eric Sandeen) \n- powerpc/powernv: delay rng platform device creation until later in boot (Jason A. Donenfeld) \n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) \n- fbcon: Disallow setting font bigger than screen size (Helge Deller) \n- iommu/vt-d: Fix PCI bus rescan device hot add (Yian Chen) \n- net: rose: fix UAF bug caused by rose_t0timer_expiry (Duoming Zhou) \n- usbnet: fix memory leak in error case (Oliver Neukum) \n- can: gs_usb: gs_usb_open/close(): fix memory leak (Rhett Aultman) \n- can: grcan: grcan_probe(): remove extra of_node_get() (Liang He) \n- mm/slub: add missing TID updates on slab deactivation (Jann Horn) \n- esp: limit skb_page_frag_refill use to a single page (Sabrina Dubroca) \n- Linux 4.14.287 (Greg Kroah-Hartman) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- net: usb: qmi_wwan: add Telit 0x1070 composition (Daniele Palmas) \n- net: usb: qmi_wwan: add Telit 0x1060 composition (Carlo Lobrano) \n- xen/arm: Fix race in RB-tree based P2M accounting (Oleksandr Tyshchenko) {CVE-2022-33744}\n- net: Rename and export copy_skb_header (Ilya Lesokhin) \n- ipv6/sit: fix ipip6_tunnel_get_prl return value (katrinzhou) \n- sit: use min (kernel test robot) \n- hwmon: (ibmaem) don't call platform_device_del() if platform_device_add() fails (Yang Yingliang) \n- NFC: nxp-nci: Don't issue a zero length i2c_master_read() (Michael Walle) \n- nfc: nfcmrvl: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- net: bonding: fix use-after-free after 802.3ad slave unbind (Yevhen Orlov) \n- net: bonding: fix possible NULL deref in rlb code (Eric Dumazet) \n- netfilter: nft_dynset: restore set element counter when failing to update (Pablo Neira Ayuso) \n- caif_virtio: fix race between virtio_device_ready() and ndo_open() (Jason Wang) \n- net: ipv6: unexport __init-annotated seg6_hmac_net_init() (YueHaibing) \n- usbnet: fix memory allocation in helpers (Oliver Neukum) \n- RDMA/qedr: Fix reporting QP timeout attribute (Kamal Heib) \n- net: usb: ax88179_178a: Fix packet receiving (Jose Alonso) \n- net: rose: fix UAF bugs caused by timer handler (Duoming Zhou) \n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- s390/archrandom: simplify back to earlier design and initialize earlier (Jason A. Donenfeld) \n- dm raid: fix KASAN warning in raid5_add_disks (Mikulas Patocka) \n- dm raid: fix accesses beyond end of raid member array (Heinz Mauelshagen) \n- nvdimm: Fix badblocks clear off-by-one error (Chris Ye) \n- Linux 4.14.286 (Greg Kroah-Hartman) \n- swiotlb: skip swiotlb_bounce when orig_addr is zero (Liu Shixin) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- fdt: Update CRC check for rng-seed (Hsin-Yi Wang) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- drm: remove drm_fb_helper_modinit (Christoph Hellwig) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- vt: drop old FONT ioctls (Jiri Slaby) \n- Linux 4.14.285 (Greg Kroah-Hartman) \n- tcp: drop the hash_32() part from the index calculation (Willy Tarreau) \n- tcp: increase source port perturb table to 2^16 (Willy Tarreau) \n- tcp: dynamically allocate the perturb table used by source ports (Willy Tarreau) \n- tcp: add small random increments to the source port (Willy Tarreau) \n- tcp: use different parts of the port_offset for index and offset (Willy Tarreau) \n- tcp: add some entropy in __inet_hash_connect() (Eric Dumazet) \n- xprtrdma: fix incorrect header size calculations (Colin Ian King) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable 'count' signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- misc: atmel-ssc: Fix IRQ check in ssc_probe (Miaoqian Lin) \n- tty: goldfish: Fix free_irq() on remove (Vincent Whitchurch) \n- i40e: Fix call trace in setup_tx_descriptors (Aleksandr Loktionov) \n- pNFS: Don't keep retrying if the server replied NFS4ERR_LAYOUTUNAVAILABLE (Trond Myklebust) \n- random: credit cpu and bootloader seeds by default (Jason A. Donenfeld) \n- net: ethernet: mtk_eth_soc: fix misuse of mem alloc interface netdev[napi]_alloc_frag (Chen Lin) \n- ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg (Wang Yufen) \n- nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred (Xiaohui Zhang) \n- virtio-mmio: fix missing put_device() when vm_cmdline_parent registration failed (chengkaitao) \n- scsi: pmcraid: Fix missing resource cleanup in error case (Chengguang Xu) \n- scsi: ipr: Fix missing/incorrect resource cleanup in error case (Chengguang Xu) \n- scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (James Smart) \n- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (Wentao Wang) \n- ASoC: wm8962: Fix suspend while playing music (Adam Ford) \n- ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() (Sergey Shtylyov) \n- ASoC: cs42l56: Correct typo in minimum level for SX volume controls (Charles Keepax) \n- ASoC: cs42l52: Correct TLV for Bypass Volume (Charles Keepax) \n- ASoC: cs53l30: Correct number of volume levels on SX controls (Charles Keepax) \n- ASoC: cs42l52: Fix TLV scales for mixer controls (Charles Keepax) \n- random: account for arch randomness in bits (Jason A. Donenfeld) \n- random: mark bootloader randomness code as __init (Jason A. Donenfeld) \n- random: avoid checking crng_ready() twice in random_init() (Jason A. Donenfeld) \n- crypto: drbg - make reseeding from get_random_bytes() synchronous (Nicolai Stange) \n- crypto: drbg - always try to free Jitter RNG instance (Stephan Muller) \n- crypto: drbg - move dynamic ->reseed_threshold adjustments to __drbg_seed() (Nicolai Stange) \n- crypto: drbg - track whether DRBG was seeded with !rng_is_initialized() (Nicolai Stange) \n- crypto: drbg - prepare for more fine-grained tracking of seeding state (Nicolai Stange) \n- crypto: drbg - always seeded with SP800-90B compliant noise source (Stephan Muller) \n- crypto: drbg - add FIPS 140-2 CTRNG for noise source (Stephan Mueller) \n- Revert 'random: use static branch for crng_ready()' (Jason A. Donenfeld) \n- random: check for signals after page of pool writes (Jason A. Donenfeld) \n- random: wire up fops->splice_{read,write}_iter() (Jens Axboe) \n- random: convert to using fops->write_iter() (Jens Axboe) \n- random: move randomize_page() into mm where it belongs (Jason A. Donenfeld) \n- random: move initialization functions out of hot pages (Jason A. Donenfeld) \n- random: use proper jiffies comparison macro (Jason A. Donenfeld) \n- random: use symbolic constants for crng_init states (Jason A. Donenfeld) \n- siphash: use one source of truth for siphash permutations (Jason A. Donenfeld) \n- random: help compiler out with fast_mix() by using simpler arguments (Jason A. Donenfeld) \n- random: do not use input pool from hard IRQs (Saeed Mirzamohammadi) \n- random: order timer entropy functions below interrupt functions (Jason A. Donenfeld) \n- random: do not pretend to handle premature next security model (Jason A. Donenfeld) \n- random: do not use batches when !crng_ready() (Jason A. Donenfeld) \n- random: insist on random_get_entropy() existing in order to simplify (Jason A. Donenfeld) \n- xtensa: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- sparc: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- um: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- x86/tsc: Use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- nios2: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- arm: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- mips: use fallback for random_get_entropy() instead of just c0 random (Jason A. Donenfeld) \n- m68k: use fallback for random_get_entropy() instead of zero (Jason A. Donenfeld) \n- timekeeping: Add raw clock fallback for random_get_entropy() (Jason A. Donenfeld) \n- powerpc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- alpha: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- parisc: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- s390: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- ia64: define get_cycles macro for arch-override (Jason A. Donenfeld) \n- init: call time_init() before rand_initialize() (Jason A. Donenfeld) \n- random: fix sysctl documentation nits (Jason A. Donenfeld) \n- random: document crng_fast_key_erasure() destination possibility (Jason A. Donenfeld) \n- random: make random_get_entropy() return an unsigned long (Jason A. Donenfeld) \n- random: check for signals every PAGE_SIZE chunk of /dev/[u]random (Jason A. Donenfeld) \n- random: check for signal_pending() outside of need_resched() check (Jann Horn) \n- random: do not allow user to keep crng key around on stack (Jason A. Donenfeld) \n- random: do not split fast init input in add_hwgenerator_randomness() (Jan Varho) \n- random: mix build-time latent entropy into pool at init (Jason A. Donenfeld) \n- random: re-add removed comment about get_random_{u32,u64} reseeding (Jason A. Donenfeld) \n- random: treat bootloader trust toggle the same way as cpu trust toggle (Jason A. Donenfeld) \n- random: skip fast_init if hwrng provides large chunk of entropy (Jason A. Donenfeld) \n- random: check for signal and try earlier when generating entropy (Jason A. Donenfeld) \n- random: reseed more often immediately after booting (Jason A. Donenfeld) \n- random: make consistent usage of crng_ready() (Jason A. Donenfeld) \n- random: use SipHash as interrupt entropy accumulator (Jason A. Donenfeld) \n- random: replace custom notifier chain with standard one (Jason A. Donenfeld) \n- random: don't let 644 read-only sysctls be written to (Jason A. Donenfeld) \n- random: give sysctl_random_min_urandom_seed a more sensible value (Jason A. Donenfeld) \n- random: do crng pre-init loading in worker rather than irq (Jason A. Donenfeld) \n- random: unify cycles_t and jiffies usage and types (Jason A. Donenfeld) \n- random: cleanup UUID handling (Jason A. Donenfeld) \n- random: only wake up writers after zap if threshold was passed (Jason A. Donenfeld) \n- random: round-robin registers as ulong, not u32 (Jason A. Donenfeld) \n- random: pull add_hwgenerator_randomness() declaration into random.h (Jason A. Donenfeld) \n- random: check for crng_init == 0 in add_device_randomness() (Jason A. Donenfeld) \n- random: unify early init crng load accounting (Jason A. Donenfeld) \n- random: do not take pool spinlock at boot (Jason A. Donenfeld) \n- random: defer fast pool mixing to worker (Jason A. Donenfeld) \n- random: rewrite header introductory comment (Jason A. Donenfeld) \n- random: group sysctl functions (Jason A. Donenfeld) \n- random: group userspace read/write functions (Jason A. Donenfeld) \n- random: group entropy collection functions (Jason A. Donenfeld) \n- random: group entropy extraction functions (Jason A. Donenfeld) \n- random: remove useless header comment (Jason A. Donenfeld) \n- random: introduce drain_entropy() helper to declutter crng_reseed() (Jason A. Donenfeld) \n- random: deobfuscate irq u32/u64 contributions (Jason A. Donenfeld) \n- random: add proper SPDX header (Jason A. Donenfeld) \n- random: remove unused tracepoints (Jason A. Donenfeld) \n- random: remove ifdef'd out interrupt bench (Jason A. Donenfeld) \n- random: tie batched entropy generation to base_crng generation (Jason A. Donenfeld) \n- random: zero buffer after reading entropy from userspace (Jason A. Donenfeld) \n- random: remove outdated INT_MAX >> 6 check in urandom_read() (Jason A. Donenfeld) \n- random: use hash function for crng_slow_load() (Jason A. Donenfeld) \n- random: absorb fast pool into input pool after fast load (Jason A. Donenfeld) \n- random: do not xor RDRAND when writing into /dev/random (Jason A. Donenfeld) \n- random: ensure early RDSEED goes through mixer on init (Jason A. Donenfeld) \n- random: inline leaves of rand_initialize() (Jason A. Donenfeld) \n- random: use RDSEED instead of RDRAND in entropy extraction (Jason A. Donenfeld) \n- random: fix locking in crng_fast_load() (Dominik Brodowski) \n- random: remove batched entropy locking (Jason A. Donenfeld) \n- random: remove use_input_pool parameter from crng_reseed() (Eric Biggers) \n- random: make credit_entropy_bits() always safe (Jason A. Donenfeld) \n- random: always wake up entropy writers after extraction (Jason A. Donenfeld) \n- random: use linear min-entropy accumulation crediting (Jason A. Donenfeld) \n- random: simplify entropy debiting (Jason A. Donenfeld) \n- random: use computational hash for entropy extraction (Jason A. Donenfeld) \n- random: only call crng_finalize_init() for primary_crng (Dominik Brodowski) \n- random: access primary_pool directly rather than through pointer (Dominik Brodowski) \n- random: continually use hwgenerator randomness (Dominik Brodowski) \n- random: simplify arithmetic function flow in account() (Jason A. Donenfeld) \n- random: access input_pool_data directly rather than through pointer (Jason A. Donenfeld) \n- random: cleanup fractional entropy shift constants (Jason A. Donenfeld) \n- random: prepend remaining pool constants with POOL_ (Jason A. Donenfeld) \n- random: de-duplicate INPUT_POOL constants (Jason A. Donenfeld) \n- random: remove unused OUTPUT_POOL constants (Jason A. Donenfeld) \n- random: rather than entropy_store abstraction, use global (Jason A. Donenfeld) \n- random: try to actively add entropy rather than passively wait for it (Linus Torvalds) \n- random: remove unused extract_entropy() reserved argument (Jason A. Donenfeld) \n- random: remove incomplete last_data logic (Jason A. Donenfeld) \n- random: cleanup integer types (Jason A. Donenfeld) \n- crypto: chacha20 - Fix chacha20_block() keystream alignment (again) (Eric Biggers) \n- random: cleanup poolinfo abstraction (Jason A. Donenfeld) \n- random: fix typo in comments (Schspa Shi) \n- random: don't reset crng_init_cnt on urandom_read() (Jann Horn) \n- random: avoid superfluous call to RDRAND in CRNG extraction (Jason A. Donenfeld) \n- random: early initialization of ChaCha constants (Dominik Brodowski) \n- random: initialize ChaCha20 constants with correct endianness (Eric Biggers) \n- random: use IS_ENABLED(CONFIG_NUMA) instead of ifdefs (Jason A. Donenfeld) \n- random: harmonize 'crng init done' messages (Dominik Brodowski) \n- random: mix bootloader randomness into pool (Jason A. Donenfeld) \n- random: do not re-init if crng_reseed completes before primary init (Jason A. Donenfeld) \n- random: do not sign extend bytes for rotation when mixing (Jason A. Donenfeld) \n- random: use BLAKE2s instead of SHA1 in extraction (Jason A. Donenfeld) \n- random: remove unused irq_flags argument from add_interrupt_randomness() (Saeed Mirzamohammadi) \n- random: document add_hwgenerator_randomness() with other input functions (Mark Brown) \n- crypto: blake2s - adjust include guard naming (Eric Biggers) \n- crypto: blake2s - include \n instead of \n (Eric Biggers) \n- MAINTAINERS: co-maintain random.c (Jason A. Donenfeld) \n- random: remove dead code left over from blocking pool (Eric Biggers) \n- random: avoid arch_get_random_seed_long() when collecting IRQ randomness (Ard Biesheuvel) \n- random: add arch_get_random_*long_early() (Mark Rutland) \n- powerpc: Use bool in archrandom.h (Richard Henderson) \n- linux/random.h: Mark CONFIG_ARCH_RANDOM functions __must_check (Richard Henderson) \n- linux/random.h: Use false with bool (Richard Henderson) \n- linux/random.h: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- s390: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- powerpc: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- x86: Remove arch_has_random, arch_has_random_seed (Richard Henderson) \n- random: avoid warnings for !CONFIG_NUMA builds (Mark Rutland) \n- random: split primary/secondary crng init paths (Mark Rutland) \n- random: remove some dead code of poolinfo (Yangtao Li) \n- random: fix typo in add_timer_randomness() (Yangtao Li) \n- random: Add and use pr_fmt() (Yangtao Li) \n- random: convert to ENTROPY_BITS for better code readability (Yangtao Li) \n- random: remove unnecessary unlikely() (Yangtao Li) \n- random: remove kernel.random.read_wakeup_threshold (Andy Lutomirski) \n- random: delete code to pull data into pools (Andy Lutomirski) \n- random: remove the blocking pool (Andy Lutomirski) \n- random: fix crash on multiple early calls to add_bootloader_randomness() (Dominik Brodowski) \n- char/random: silence a lockdep splat with printk() (Sergey Senozhatsky) \n- random: make /dev/random be almost like /dev/urandom (Andy Lutomirski) \n- random: ignore GRND_RANDOM in getentropy(2) (Andy Lutomirski) \n- random: add GRND_INSECURE to return best-effort non-cryptographic bytes (Andy Lutomirski) \n- random: Add a urandom_read_nowait() for random APIs that don't warn (Andy Lutomirski) \n- random: Don't wake crng_init_wait when crng_init == 1 (Andy Lutomirski) \n- lib/crypto: sha1: re-roll loops to reduce code size (Jason A. Donenfeld) \n- lib/crypto: blake2s: move hmac construction into wireguard (Jason A. Donenfeld) \n- crypto: blake2s - generic C library implementation and selftest (Jason A. Donenfeld) \n- crypto: Deduplicate le32_to_cpu_array() and cpu_to_le32_array() (Andy Shevchenko) \n- Revert 'hwrng: core - Freeze khwrng thread during suspend' (Herbert Xu) \n- char/random: Add a newline at the end of the file (Borislav Petkov) \n- random: Use wait_event_freezable() in add_hwgenerator_randomness() (Stephen Boyd) \n- fdt: add support for rng-seed (Hsin-Yi Wang) \n- random: Support freezable kthreads in add_hwgenerator_randomness() (Stephen Boyd) \n- random: fix soft lockup when trying to read from an uninitialized blocking pool (Theodore Ts'o) \n- latent_entropy: avoid build error when plugin cflags are not set (Vasily Gorbik) \n- random: document get_random_int() family (George Spelvin) \n- random: move rand_initialize() earlier (Kees Cook) \n- random: only read from /dev/random after its pool has received 128 bits (Theodore Ts'o) \n- drivers/char/random.c: make primary_crng static (Rasmus Villemoes) \n- drivers/char/random.c: remove unused stuct poolinfo::poolbits (Rasmus Villemoes) \n- drivers/char/random.c: constify poolinfo_table (Rasmus Villemoes) \n- random: make CPU trust a boot parameter (Kees Cook) \n- random: Make crng state queryable (Jason A. Donenfeld) \n- random: remove preempt disabled region (Ingo Molnar) \n- random: add a config option to trust the CPU's hwrng (Theodore Ts'o) \n- random: Return nbytes filled from hw RNG (Tobin C. Harding) \n- random: Fix whitespace pre random-bytes work (Tobin C. Harding) \n- drivers/char/random.c: remove unused dont_count_entropy (Rasmus Villemoes) \n- random: optimize add_interrupt_randomness (Andi Kleen) \n- random: always fill buffer in get_random_bytes_wait (Jason A. Donenfeld) \n- crypto: chacha20 - Fix keystream alignment for chacha20_block() (Eric Biggers) \n- 9p: missing chunk of 'fs/9p: Don't update file type when updating file attributes' (Al Viro)\n[4.14.35-2047.517.0.el7]\n- mpt3sas: Fix panic observed while accessing the hw ctx queue (Gulam Mohamed) [Orabug: 34446738]\n- driver: marvell: mmc: Add new bus modes overrides from DT (Wojciech Bartczak) [Orabug: 34440004]\n- octeontx2: mmc: Adds mechanism to modify all MMC bus modes timings (Wojciech Bartczak) [Orabug: 34440004]\n- rds/rdma: correctly assign the dest qp num in rds ib connection (Rohit Nair) [Orabug: 34429478]\n- Revert 'uek-rpm: Enable config CONFIG_SCSI_MQ_DEFAULT' (Gulam Mohamed) [Orabug: 34419153]\n- net/rds : Adding support to print SCQ and RCQ completion vectors in rds-info. (Anand Khoje) [Orabug: 34398210]\n- IB/mlx5: Disable BME for unbound devices too (Hakon Bugge) [Orabug: 34395378]\n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) [Orabug: 34387281]\n- net/mlx5: FW tracer, Add debug prints (Saeed Mahameed) [Orabug: 34387281]\n- perf script: Fix crash because of missing evsel->priv (Ravi Bangoria) [Orabug: 34382257]\n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371946]\n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364338]\n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364338]\n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 33665743]", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.2, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-16T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2022-09-16T00:00:00", "id": "ELSA-2022-9788", "href": "http://linux.oracle.com/errata/ELSA-2022-9788.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-15T18:31:19", "description": "r[ 5.4.17-2136.310.7]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588}\n- x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: remove incorrect __init/__ro_after_init annotations (Ankur Arora) [Orabug: 34455621]\n[5.4.17-2136.310.6]\n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- Revert 'hwmon: Make chip parameter for with_info API mandatory' (Greg Kroah-Hartman) [Orabug: 34423806] \n- ext4: make variable 'count' signed (Ding Xiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf)\n[5.4.17-2136.310.5]\n- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Paolo Bonzini) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Disable RRSBA behavior (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/exec: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/VMX: Use TEST %REG,%REG instead of CMP /u03/ksharma/errata_processing/work/el7uek6/db_7uek6.ELSA-2022-9710,%REG in vmenter.S (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kbuild/objtool: Add objtool-vmlinux.o pass (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add retbleed=ibpb (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/xen: Rename SYS* entry points (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Update Retpoline validation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- intel_idle: Disable IBRS during long idle (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Add kernel IBRS implementation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report AMD retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add magic AMD return-thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vmlinux: Use INT3 instead of NOP for linker fill bytes (Kees Cook) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/realmode: build with __DISABLE_EXPORTS (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Use return-thunk in asm code (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bpf: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/ftrace: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86,objtool: Create .return_sites (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/mm: elide references to .discard.* from .return_sites (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Undo return-thunk damage (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Use -mfunction-return (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/alternative: Support not-feature (Juergen Gross) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/features: Move RETPOLINE flags to word 11 (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Classify symbols (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Create reloc sections implicitly (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add elf_create_reloc() helper (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rework the elf_rebuild_reloc_section() logic (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Handle per arch retpoline naming (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Correctly handle retpoline thunk calls (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Support retpoline jump detection for vmlinux.o (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add 'alt_group' struct (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Clean up elf_write() condition (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add support for relocations without addends (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename rela to reloc (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: optimize add_dead_ends for split sections (Sami Tolvanen) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Move the IRET hack into the arch decoder (Miroslav Benes) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename elf_read() to elf_open_read() (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Constify 'struct elf *' parameters (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize !vmlinux.o again (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Better handle IRET (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/unwind_hints: define unwind_hint_save, unwind_hint_restore (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add abstraction for destination offsets (Raphael Gault) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix off-by-one in symbol_by_offset() (Julien Thierry) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_rela_by_dest_range() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize read_sections() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename find_containing_func() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_*() and read_symbols() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add a statistics mode (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn_all() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Introduce validate_return() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Improve call destination function detection (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix clang switch table edge case (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add relocation check for alternative sections (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add is_static_jump() helper (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n[5.4.17-2136.310.4]\n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34400675] {CVE-2022-21505}\n- bnxt_en: Use page frag RX buffers for better software GRO performance (Jakub Kicinski) [Orabug: 34083551] \n- bnxt_en: enable interrupt sampling on 5750X for DIM (Andy Gospodarek) [Orabug: 34083551] \n- bnxt_en: Add event handler for PAUSE Storm event (Somnath Kotur) [Orabug: 34083551] \n- bnxt_en: reject indirect blk offload when hw-tc-offload is off (Sriharsha Basavapatna) [Orabug: 34083551] \n- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (Edwin Peer) [Orabug: 34083551] \n- bnxt_en: Fix error recovery regression (Michael Chan) [Orabug: 34083551] \n- bnxt_en: Fix possible unintended driver initiated error recovery (Michael Chan) [Orabug: 34083551] \n- bnxt: count discards due to memory allocation errors (Jakub Kicinski) [Orabug: 34083551] \n- bnxt: count packets discarded because of netpoll (Jakub Kicinski) [Orabug: 34083551] \n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364337] \n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364337] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371884]\n[5.4.17-2136.310.3]\n- RDS/IB: Fix RDS IB SRQ implementation and tune it (Hans Westgaard Ry) [Orabug: 31899472] \n- RDS/IB: Introduce bit_flag routines with memory-barrier for bit flags (Hans Westgaard Ry) [Orabug: 31899472] \n- xfs: don't fail unwritten extent conversion on writeback due to edquot (Darrick J. Wong) [Orabug: 33786167] \n- mm/page_alloc: reuse tail struct pages for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: improve memory savings for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: refactor core of vmemmap_populate_basepages() to helper (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: add a pgmap argument to section activation (Joao Martins) [Orabug: 34314763] \n- memory-failure: fetch compound_head after pgmap_pfn_valid() (Joao Martins) [Orabug: 34314763] \n- device-dax: compound devmap support (Joao Martins) [Orabug: 34314763] \n- device-dax: factor out page mapping initialization (Joao Martins) [Orabug: 34314763] \n- device-dax: ensure dev_dax->pgmap is valid for dynamic devices (Joao Martins) [Orabug: 34314763] \n- device-dax: use struct_size() (Joao Martins) [Orabug: 34314763] \n- device-dax: use ALIGN() for determining pgoff (Joao Martins) [Orabug: 34314763] \n- mm/memremap: add ZONE_DEVICE support for compound pages (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: refactor memmap_init_zone_device() page init (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: split prep_compound_page into head and tail subparts (Joao Martins) [Orabug: 34314763] \n- RDMA/umem: batch page unpin in __ib_umem_release() (Joao Martins) [Orabug: 34314763] \n- mm/gup: add a range variant of unpin_user_pages_dirty_lock() (Joao Martins) [Orabug: 34314763] \n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323859] {CVE-2022-2153}\n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 34330922] \n- x86/boot/compressed/64: Disable 5-level page tables on AMD (Boris Ostrovsky) [Orabug: 34366382]\n[5.4.17-2136.310.2]\n- LTS tag: v5.4.199 (Sherry Yang) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- LTS tag: v5.4.198 (Sherry Yang) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- mmc: block: Fix CQE recovery reset success (Adrian Hunter) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- scripts/gdb: change kernel config dumping method (Kuan-Ying Lee) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- cifs: version operations for smb20 unneeded when legacy support disabled (Steve French) \n- s390/gmap: voluntarily schedule during key setting (Christian Borntraeger) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- x86/cpu: Elide KCSAN for cpu_has() and friends (Peter Zijlstra) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- ceph: allow ceph.dir.rctime xattr to be updatable (Venky Shankar) \n- Revert 'net: af_key: add check for pfkey_broadcast in function pfkey_process' (Michal Kubecek) \n- scsi: myrb: Fix up null pointer access on myrb_cleanup() (Hannes Reinecke) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- watchdog: wdat_wdt: Stop watchdog when rebooting the system (Liu Xinpeng) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- staging: rtl8712: fix uninit-value in usb_read8() and friends (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: don't reset gadget's driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of 'out of frame' object (Kees Cook) \n- iio: st_sensors: Add a local lock for protecting odr (Miquel Raynal) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- ip_gre: test csum_start instead of transport header (Willem de Bruijn) \n- net/mlx5: fs, fail conflicting actions (Mark Bloch) \n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (Miaoqian Lin) \n- bpf, arm64: Clear prog->jited_len along prog->jited (Eric Dumazet) \n- af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- netfilter: nf_tables: memleak flow rule from commit path (Pablo Neira Ayuso) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- netfilter: nat: really support inet nat without l3 address (Florian Westphal) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- NFSv4: Don't hold the layoutget locks across multiple RPC calls (Trond Myklebust) \n- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (Radhey Shyam Pandey) \n- m68knommu: fix undefined reference to _init_sp' (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (Dongliang Mu) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tipc: check attribute length for bearer name (Hoang Le) \n- afs: Fix infinite loop found by xfstest generic/676 (David Howells) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- net: sched: add barrier to fix packet stuck problem for lockless qdisc (Guoju Fang) \n- net/mlx5e: Update netdev features after changing XDP state (Maxim Mikityanskiy) \n- net/mlx5: Don't use already freed action pointer (Leon Romanovsky) \n- nfp: only report pause frame configuration for physical device (Yu Xiao) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (Vincent Ray) \n- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (Jann Horn) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (Shengjiu Wang) \n- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (Miaoqian Lin) \n- driver core: fix deadlock in __device_attach (Zhang Wensheng) \n- driver: base: fix UAF when driver_attach failed (Schspa Shi) \n- bus: ti-sysc: Fix warnings for unbind for serial (Tony Lindgren) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: stm32-usart: Correct CSIZE, bits, and parity (Ilpo Jarvinen) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sifive: Sanitize CSIZE and c_iflag (Ilpo Jarvinen) \n- serial: sh-sci: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: rda-uart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- MIPS: IP27: Remove incorrect cpu_has_fpu' override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- Kconfig: add config option for asm goto w/ outputs (Nick Desaulniers) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: don't overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: don't need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Don't report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- PCI: imx6: Fix PERST# start-up sequence (Francesco Dolcini) \n- ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (Waiman Long) \n- proc: fix dentry/inode overinstantiating under /proc//net (Alexey Dobriyan) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export 'cpm_setbrg' for modules (Randy Dunlap) \n- dax: fix cache flush on PMD-mapped pages (Muchun Song) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- nvdimm: Allow overwrite in the presence of disabled dimms (Dan Williams) \n- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (Cristian Marussi) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- powerpc/fadump: fix PT_LOAD segment for boot memory area (Hari Bathini) \n- arm: mediatek: select arch timer for mt7629 (Chuanhong Guo) \n- crypto: marvell/cesa - ECB does not IV (Corentin Labbe) \n- misc: ocxl: fix possible double free in ocxl_file_register_afu (Hangyu Hua) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (Phil Elwell) \n- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (Phil Elwell) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- can: xilinx_can: mark bit timing constants as const (Marc Kleine-Budde) \n- KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (Sean Christopherson) \n- PCI: rockchip: Fix find_first_zero_bit() limit (Dan Carpenter) \n- PCI: cadence: Fix find_first_zero_bit() limit (Dan Carpenter) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- ARM: dts: suniv: F1C100: fix watchdog compatible (Andre Przywara) \n- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (Shawn Lin) \n- net/smc: postpone sk_refcnt increment in connect() (liuyacan) \n- rxrpc: Fix decision on when to generate an IDLE ACK (David Howells) \n- rxrpc: Don't let ack.previousPacket regress (David Howells) \n- rxrpc: Fix overlapping ACK accounting (David Howells) \n- rxrpc: Don't try to resend the request if we're receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (Duoming Zhou) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (Zheng Yongjun) \n- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (Hangyu Hua) \n- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (Miaoqian Lin) \n- ext4: reject the 'commit' option on ext2 filesystems (Eric Biggers) \n- media: ov7670: remove ov7670_power_off from ov7670_remove (Dongliang Mu) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: vsp1: Fix offset calculation for plane cropping (Michael Rodin) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- media: aspeed: Fix an error handling path in aspeed_video_probe() (Christophe JAILLET) \n- scripts/faddr2line: Fix overlapping text section failures (Josh Poimboeuf) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (Miaoqian Lin) \n- perf/amd/ibs: Use interrupt regs ip for stack unwinding (Ravi Bangoria) \n- Revert 'cpufreq: Fix possible race in cpufreq online error path' (Viresh Kumar) \n- iomap: iomap_write_failed fix (Andreas Gruenbacher) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (Jessica Zhang) \n- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (Jessica Zhang) \n- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (Zev Weiss) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (Daniel Thompson) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- virtio_blk: fix the discard_granularity and discard_alignment queue limits (Christoph Hellwig) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (Vinod Polimera) \n- perf tools: Add missing headers needed by util/data.h (Yang Jihong) \n- ASoC: rk3328: fix disabling mclk on pclk probe failure (Nicolas Frattaroli) \n- x86/speculation: Add missing prototype for unpriv_ebpf_notify() (Josh Poimboeuf) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- scsi: ufs: core: Exclude UECxx from SFR dump list (Kiwoong Kim) \n- of: overlay: do not break notify on NOTIFY_{OK|STOP} (Nuno Sa) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- cpufreq: Fix possible race in cpufreq online error path (Schspa Shi) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (Chengming Zhou) \n- drm/bridge: Fix error handling in analogix_dp_probe (Miaoqian Lin) \n- HID: elan: Fix potential double free in elan_input_configured (Miaoqian Lin) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- drbd: fix duplicate array initializer (Arnd Bergmann) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm: mali-dp: potential dereference of null pointer (Jiasheng Jiang) \n- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (Zhou Qingyang) \n- nl80211: show SSID for P2P_GO interfaces (Johannes Berg) \n- bpf: Fix excessive memory allocation in stack_map_alloc() (Yuntao Wang) \n- drm/vc4: txp: Force alpha to be 0xff if it's disabled (Maxime Ripard) \n- drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (Maxime Ripard) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- drm/bridge: adv7511: clean up CEC adapter when probe fails (Lucas Stach) \n- drm/edid: fix invalid EDID extension block filtering (Jani Nikula) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Linus Torvalds) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (Peng Wu) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/powernv: fix missing of_node_put in uv_init() (Lv Ruyi) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- powerpc/fadump: Fix fadump to work with a different endian capture kernel (Hari Bathini) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- PM / devfreq: rk3399_dmc: Disable edev on remove() (Brian Norris) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- IB/rdmavt: add missing locks in rvt_ruc_loopback (Niels Dossche) \n- selftests/bpf: fix btf_dump/btf_dump due to recent clang change (Yonghong Song) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- hwmon: Make chip parameter for with_info API mandatory (Guenter Roeck) \n- ASoC: max98357a: remove dependency on GPIOLIB (Pierre-Louis Bossart) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- nbd: Fix hung on disconnect request if socket is closed before (Xie Yongji) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- media: cec-adap.c: fix is_configuring state (Hans Verkuil) \n- media: coda: limit frame interval enumeration to supported encoder frame sizes (Philipp Zabel) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi: Fix pr_fmt to avoid compilation issues (Corey Minyard) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (Mario Limonciello) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (Patrice Chotard) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (Charles Keepax) \n- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (Dongliang Mu) \n- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (Alice Wong) \n- mlxsw: spectrum_dcb: Do not warn about priority changes (Petr Machata) \n- ASoC: dapm: Don't fold register value changes into notifications (Mark Brown) \n- net/mlx5: fs, delete the FTE when there are no rules attached to it (Mark Bloch) \n- ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm: msm: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (Alexandru Elisei) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- drm/plane: Move range check for format_count earlier (Steven Price) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- mmc: jz4740: Apply DMA engine limits to maximum segment size (Aidan MacDonald) \n- md/bitmap: don't set sb values if can't pass sanity check (Heming Zhao) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VAReNE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- tools/power turbostat: fix ICX DRAM power numbers (Len Brown) \n- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (Biju Das) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Siawinski) \n- drm/komeda: return early if drm_universal_plane_init() fails. (Liviu Dudau) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- fbcon: Consistently protect deferred_takeover with console_lock() (Daniel Vetter) \n- ipv6: fix locking issues with loops over idev->addr_list (Niels Dossche) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add '0x' prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (Eric W. Biederman) \n- perf/x86/intel: Fix event constraints for ICL (Kan Liang) \n- usb: core: hcd: Add support for deferring roothub registration (Kishon Vijay Abraham I) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (Marios Levogiannis) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- LTS tag: v5.4.197 (Sherry Yang) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- NFS: Memory allocation failures are not server fatal errors (Trond Myklebust) \n- docs: submitting-patches: Fix crossref to 'The canonical patch format' (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- tpm: Fix buffer access in tpm2_get_tpm_pt() (Stefan Mahnke-Hartmann) \n- HID: multitouch: Add support for Google Whiskers Touchpad (Marek Maslanka) \n- raid5: introduce MD_BROKEN (Mariusz Tkaczyk) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- crypto: ecrdsa - Fix incorrect use of vli_cmp (Vitaly Chikunov) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- cfg80211: set custom regdomain after wiphy registration (Miri Korenblit) \n- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (Mika Westerberg) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- pinctrl: sunxi: fix f1c100s uart2 function (IotaHydrae) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- media: vim2m: initialize the media device earlier (Hans Verkuil) \n- media: vim2m: Register video device after setting up internals (Sakari Ailus) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- Input: goodix - fix spurious key release events (Dmitry Mastykin) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner)\n[5.4.17-2136.310.1]\n- intel_idle: Fix max_cstate for processor models without C-state tables (Chen Yu) [Orabug: 34081688] \n- intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add 'preferred_cstates' module argument (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: Adjust the SKX C6 parameters if PC6 is disabled (Chen Yu) [Orabug: 34081688] \n- intel_idle: Clean up kerneldoc comments for multiple functions (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add __initdata annotations to init time variables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Relocate definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Simplify LAPIC timer reliability checks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'states_off' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'use_acpi' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up irtl_2_usec() (Rafael J. Wysocki) [Orabug: 34081688] \n- Documentation: admin-guide: PM: Add intel_idle document (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move 3 functions closer to their callers (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Annotate initialization code and data structures (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move and clean up intel_idle_cpuidle_devices_uninit() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Rearrange intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Fold intel_idle_probe() into intel_idle_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Eliminate __setup_broadcast_timer() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add module parameter to prevent ACPI _CST from being used (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Allow ACPI _CST to be used for selected known processors (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Allow idle states to be disabled by default (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Refactor intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Drop disabled field from struct cpuidle_state (Thomas Tai) [Orabug: 34081688] \n- cpuidle: Consolidate disabled state checks (Rafael J. Wysocki) [Orabug: 34081688] \n- Revert 'intel_idle: Use ACPI _CST for processor models without C-state tables' (Thomas Tai) [Orabug: 34081688]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-08-15T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21505", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-2588", "CVE-2022-29901"], "modified": "2022-08-15T00:00:00", "id": "ELSA-2022-9710", "href": "http://linux.oracle.com/errata/ELSA-2022-9710.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-15T18:31:24", "description": "[5.4.17-2136.310.7]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588}\n- x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: remove incorrect __init/__ro_after_init annotations (Ankur Arora) [Orabug: 34455621]\n[5.4.17-2136.310.6]\n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- Revert 'hwmon: Make chip parameter for with_info API mandatory' (Greg Kroah-Hartman) [Orabug: 34423806] \n- ext4: make variable 'count' signed (Ding Xiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf)\n[5.4.17-2136.310.5]\n- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Paolo Bonzini) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Disable RRSBA behavior (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/exec: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/VMX: Use TEST %REG,%REG instead of CMP /u03/ksharma/errata_processing/work/el7uek6/db_7uek6.ELSA-2022-9709,%REG in vmenter.S (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kbuild/objtool: Add objtool-vmlinux.o pass (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add retbleed=ibpb (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/xen: Rename SYS* entry points (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Update Retpoline validation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- intel_idle: Disable IBRS during long idle (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Add kernel IBRS implementation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report AMD retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add magic AMD return-thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vmlinux: Use INT3 instead of NOP for linker fill bytes (Kees Cook) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/realmode: build with __DISABLE_EXPORTS (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Use return-thunk in asm code (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bpf: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/ftrace: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86,objtool: Create .return_sites (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/mm: elide references to .discard.* from .return_sites (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Undo return-thunk damage (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Use -mfunction-return (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/alternative: Support not-feature (Juergen Gross) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/features: Move RETPOLINE flags to word 11 (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Classify symbols (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Create reloc sections implicitly (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add elf_create_reloc() helper (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rework the elf_rebuild_reloc_section() logic (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Handle per arch retpoline naming (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Correctly handle retpoline thunk calls (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Support retpoline jump detection for vmlinux.o (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add 'alt_group' struct (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Clean up elf_write() condition (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add support for relocations without addends (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename rela to reloc (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: optimize add_dead_ends for split sections (Sami Tolvanen) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Move the IRET hack into the arch decoder (Miroslav Benes) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename elf_read() to elf_open_read() (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Constify 'struct elf *' parameters (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize !vmlinux.o again (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Better handle IRET (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/unwind_hints: define unwind_hint_save, unwind_hint_restore (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add abstraction for destination offsets (Raphael Gault) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix off-by-one in symbol_by_offset() (Julien Thierry) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_rela_by_dest_range() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize read_sections() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename find_containing_func() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_*() and read_symbols() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add a statistics mode (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn_all() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Introduce validate_return() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Improve call destination function detection (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix clang switch table edge case (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add relocation check for alternative sections (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add is_static_jump() helper (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n[5.4.17-2136.310.4]\n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34400675] {CVE-2022-21505}\n- bnxt_en: Use page frag RX buffers for better software GRO performance (Jakub Kicinski) [Orabug: 34083551] \n- bnxt_en: enable interrupt sampling on 5750X for DIM (Andy Gospodarek) [Orabug: 34083551] \n- bnxt_en: Add event handler for PAUSE Storm event (Somnath Kotur) [Orabug: 34083551] \n- bnxt_en: reject indirect blk offload when hw-tc-offload is off (Sriharsha Basavapatna) [Orabug: 34083551] \n- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (Edwin Peer) [Orabug: 34083551] \n- bnxt_en: Fix error recovery regression (Michael Chan) [Orabug: 34083551] \n- bnxt_en: Fix possible unintended driver initiated error recovery (Michael Chan) [Orabug: 34083551] \n- bnxt: count discards due to memory allocation errors (Jakub Kicinski) [Orabug: 34083551] \n- bnxt: count packets discarded because of netpoll (Jakub Kicinski) [Orabug: 34083551] \n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364337] \n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364337] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371884]\n[5.4.17-2136.310.3]\n- RDS/IB: Fix RDS IB SRQ implementation and tune it (Hans Westgaard Ry) [Orabug: 31899472] \n- RDS/IB: Introduce bit_flag routines with memory-barrier for bit flags (Hans Westgaard Ry) [Orabug: 31899472] \n- xfs: don't fail unwritten extent conversion on writeback due to edquot (Darrick J. Wong) [Orabug: 33786167] \n- mm/page_alloc: reuse tail struct pages for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: improve memory savings for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: refactor core of vmemmap_populate_basepages() to helper (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: add a pgmap argument to section activation (Joao Martins) [Orabug: 34314763] \n- memory-failure: fetch compound_head after pgmap_pfn_valid() (Joao Martins) [Orabug: 34314763] \n- device-dax: compound devmap support (Joao Martins) [Orabug: 34314763] \n- device-dax: factor out page mapping initialization (Joao Martins) [Orabug: 34314763] \n- device-dax: ensure dev_dax->pgmap is valid for dynamic devices (Joao Martins) [Orabug: 34314763] \n- device-dax: use struct_size() (Joao Martins) [Orabug: 34314763] \n- device-dax: use ALIGN() for determining pgoff (Joao Martins) [Orabug: 34314763] \n- mm/memremap: add ZONE_DEVICE support for compound pages (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: refactor memmap_init_zone_device() page init (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: split prep_compound_page into head and tail subparts (Joao Martins) [Orabug: 34314763] \n- RDMA/umem: batch page unpin in __ib_umem_release() (Joao Martins) [Orabug: 34314763] \n- mm/gup: add a range variant of unpin_user_pages_dirty_lock() (Joao Martins) [Orabug: 34314763] \n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323859] {CVE-2022-2153}\n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 34330922] \n- x86/boot/compressed/64: Disable 5-level page tables on AMD (Boris Ostrovsky) [Orabug: 34366382]\n[5.4.17-2136.310.2]\n- LTS tag: v5.4.199 (Sherry Yang) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- LTS tag: v5.4.198 (Sherry Yang) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- mmc: block: Fix CQE recovery reset success (Adrian Hunter) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- scripts/gdb: change kernel config dumping method (Kuan-Ying Lee) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- cifs: version operations for smb20 unneeded when legacy support disabled (Steve French) \n- s390/gmap: voluntarily schedule during key setting (Christian Borntraeger) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- x86/cpu: Elide KCSAN for cpu_has() and friends (Peter Zijlstra) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- ceph: allow ceph.dir.rctime xattr to be updatable (Venky Shankar) \n- Revert 'net: af_key: add check for pfkey_broadcast in function pfkey_process' (Michal Kubecek) \n- scsi: myrb: Fix up null pointer access on myrb_cleanup() (Hannes Reinecke) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- watchdog: wdat_wdt: Stop watchdog when rebooting the system (Liu Xinpeng) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- staging: rtl8712: fix uninit-value in usb_read8() and friends (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: don't reset gadget's driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of 'out of frame' object (Kees Cook) \n- iio: st_sensors: Add a local lock for protecting odr (Miquel Raynal) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- ip_gre: test csum_start instead of transport header (Willem de Bruijn) \n- net/mlx5: fs, fail conflicting actions (Mark Bloch) \n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (Miaoqian Lin) \n- bpf, arm64: Clear prog->jited_len along prog->jited (Eric Dumazet) \n- af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- netfilter: nf_tables: memleak flow rule from commit path (Pablo Neira Ayuso) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- netfilter: nat: really support inet nat without l3 address (Florian Westphal) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- NFSv4: Don't hold the layoutget locks across multiple RPC calls (Trond Myklebust) \n- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (Radhey Shyam Pandey) \n- m68knommu: fix undefined reference to _init_sp' (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (Dongliang Mu) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tipc: check attribute length for bearer name (Hoang Le) \n- afs: Fix infinite loop found by xfstest generic/676 (David Howells) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- net: sched: add barrier to fix packet stuck problem for lockless qdisc (Guoju Fang) \n- net/mlx5e: Update netdev features after changing XDP state (Maxim Mikityanskiy) \n- net/mlx5: Don't use already freed action pointer (Leon Romanovsky) \n- nfp: only report pause frame configuration for physical device (Yu Xiao) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (Vincent Ray) \n- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (Jann Horn) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (Shengjiu Wang) \n- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (Miaoqian Lin) \n- driver core: fix deadlock in __device_attach (Zhang Wensheng) \n- driver: base: fix UAF when driver_attach failed (Schspa Shi) \n- bus: ti-sysc: Fix warnings for unbind for serial (Tony Lindgren) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: stm32-usart: Correct CSIZE, bits, and parity (Ilpo Jarvinen) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sifive: Sanitize CSIZE and c_iflag (Ilpo Jarvinen) \n- serial: sh-sci: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: rda-uart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- MIPS: IP27: Remove incorrect cpu_has_fpu' override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- Kconfig: add config option for asm goto w/ outputs (Nick Desaulniers) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: don't overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: don't need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Don't report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- PCI: imx6: Fix PERST# start-up sequence (Francesco Dolcini) \n- ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (Waiman Long) \n- proc: fix dentry/inode overinstantiating under /proc//net (Alexey Dobriyan) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export 'cpm_setbrg' for modules (Randy Dunlap) \n- dax: fix cache flush on PMD-mapped pages (Muchun Song) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- nvdimm: Allow overwrite in the presence of disabled dimms (Dan Williams) \n- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (Cristian Marussi) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- powerpc/fadump: fix PT_LOAD segment for boot memory area (Hari Bathini) \n- arm: mediatek: select arch timer for mt7629 (Chuanhong Guo) \n- crypto: marvell/cesa - ECB does not IV (Corentin Labbe) \n- misc: ocxl: fix possible double free in ocxl_file_register_afu (Hangyu Hua) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (Phil Elwell) \n- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (Phil Elwell) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- can: xilinx_can: mark bit timing constants as const (Marc Kleine-Budde) \n- KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (Sean Christopherson) \n- PCI: rockchip: Fix find_first_zero_bit() limit (Dan Carpenter) \n- PCI: cadence: Fix find_first_zero_bit() limit (Dan Carpenter) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- ARM: dts: suniv: F1C100: fix watchdog compatible (Andre Przywara) \n- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (Shawn Lin) \n- net/smc: postpone sk_refcnt increment in connect() (liuyacan) \n- rxrpc: Fix decision on when to generate an IDLE ACK (David Howells) \n- rxrpc: Don't let ack.previousPacket regress (David Howells) \n- rxrpc: Fix overlapping ACK accounting (David Howells) \n- rxrpc: Don't try to resend the request if we're receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (Duoming Zhou) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (Zheng Yongjun) \n- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (Hangyu Hua) \n- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (Miaoqian Lin) \n- ext4: reject the 'commit' option on ext2 filesystems (Eric Biggers) \n- media: ov7670: remove ov7670_power_off from ov7670_remove (Dongliang Mu) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: vsp1: Fix offset calculation for plane cropping (Michael Rodin) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- media: aspeed: Fix an error handling path in aspeed_video_probe() (Christophe JAILLET) \n- scripts/faddr2line: Fix overlapping text section failures (Josh Poimboeuf) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (Miaoqian Lin) \n- perf/amd/ibs: Use interrupt regs ip for stack unwinding (Ravi Bangoria) \n- Revert 'cpufreq: Fix possible race in cpufreq online error path' (Viresh Kumar) \n- iomap: iomap_write_failed fix (Andreas Gruenbacher) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (Jessica Zhang) \n- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (Jessica Zhang) \n- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (Zev Weiss) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (Daniel Thompson) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- virtio_blk: fix the discard_granularity and discard_alignment queue limits (Christoph Hellwig) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (Vinod Polimera) \n- perf tools: Add missing headers needed by util/data.h (Yang Jihong) \n- ASoC: rk3328: fix disabling mclk on pclk probe failure (Nicolas Frattaroli) \n- x86/speculation: Add missing prototype for unpriv_ebpf_notify() (Josh Poimboeuf) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- scsi: ufs: core: Exclude UECxx from SFR dump list (Kiwoong Kim) \n- of: overlay: do not break notify on NOTIFY_{OK|STOP} (Nuno Sa) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- cpufreq: Fix possible race in cpufreq online error path (Schspa Shi) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (Chengming Zhou) \n- drm/bridge: Fix error handling in analogix_dp_probe (Miaoqian Lin) \n- HID: elan: Fix potential double free in elan_input_configured (Miaoqian Lin) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- drbd: fix duplicate array initializer (Arnd Bergmann) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm: mali-dp: potential dereference of null pointer (Jiasheng Jiang) \n- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (Zhou Qingyang) \n- nl80211: show SSID for P2P_GO interfaces (Johannes Berg) \n- bpf: Fix excessive memory allocation in stack_map_alloc() (Yuntao Wang) \n- drm/vc4: txp: Force alpha to be 0xff if it's disabled (Maxime Ripard) \n- drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (Maxime Ripard) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- drm/bridge: adv7511: clean up CEC adapter when probe fails (Lucas Stach) \n- drm/edid: fix invalid EDID extension block filtering (Jani Nikula) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Linus Torvalds) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (Peng Wu) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/powernv: fix missing of_node_put in uv_init() (Lv Ruyi) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- powerpc/fadump: Fix fadump to work with a different endian capture kernel (Hari Bathini) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- PM / devfreq: rk3399_dmc: Disable edev on remove() (Brian Norris) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- IB/rdmavt: add missing locks in rvt_ruc_loopback (Niels Dossche) \n- selftests/bpf: fix btf_dump/btf_dump due to recent clang change (Yonghong Song) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- hwmon: Make chip parameter for with_info API mandatory (Guenter Roeck) \n- ASoC: max98357a: remove dependency on GPIOLIB (Pierre-Louis Bossart) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- nbd: Fix hung on disconnect request if socket is closed before (Xie Yongji) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- media: cec-adap.c: fix is_configuring state (Hans Verkuil) \n- media: coda: limit frame interval enumeration to supported encoder frame sizes (Philipp Zabel) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi: Fix pr_fmt to avoid compilation issues (Corey Minyard) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (Mario Limonciello) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (Patrice Chotard) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (Charles Keepax) \n- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (Dongliang Mu) \n- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (Alice Wong) \n- mlxsw: spectrum_dcb: Do not warn about priority changes (Petr Machata) \n- ASoC: dapm: Don't fold register value changes into notifications (Mark Brown) \n- net/mlx5: fs, delete the FTE when there are no rules attached to it (Mark Bloch) \n- ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm: msm: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (Alexandru Elisei) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- drm/plane: Move range check for format_count earlier (Steven Price) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- mmc: jz4740: Apply DMA engine limits to maximum segment size (Aidan MacDonald) \n- md/bitmap: don't set sb values if can't pass sanity check (Heming Zhao) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VAReNE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- tools/power turbostat: fix ICX DRAM power numbers (Len Brown) \n- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (Biju Das) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Siawinski) \n- drm/komeda: return early if drm_universal_plane_init() fails. (Liviu Dudau) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- fbcon: Consistently protect deferred_takeover with console_lock() (Daniel Vetter) \n- ipv6: fix locking issues with loops over idev->addr_list (Niels Dossche) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add '0x' prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (Eric W. Biederman) \n- perf/x86/intel: Fix event constraints for ICL (Kan Liang) \n- usb: core: hcd: Add support for deferring roothub registration (Kishon Vijay Abraham I) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (Marios Levogiannis) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- LTS tag: v5.4.197 (Sherry Yang) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- NFS: Memory allocation failures are not server fatal errors (Trond Myklebust) \n- docs: submitting-patches: Fix crossref to 'The canonical patch format' (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- tpm: Fix buffer access in tpm2_get_tpm_pt() (Stefan Mahnke-Hartmann) \n- HID: multitouch: Add support for Google Whiskers Touchpad (Marek Maslanka) \n- raid5: introduce MD_BROKEN (Mariusz Tkaczyk) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- crypto: ecrdsa - Fix incorrect use of vli_cmp (Vitaly Chikunov) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- cfg80211: set custom regdomain after wiphy registration (Miri Korenblit) \n- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (Mika Westerberg) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- pinctrl: sunxi: fix f1c100s uart2 function (IotaHydrae) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- media: vim2m: initialize the media device earlier (Hans Verkuil) \n- media: vim2m: Register video device after setting up internals (Sakari Ailus) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- Input: goodix - fix spurious key release events (Dmitry Mastykin) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner)\n[5.4.17-2136.310.1]\n- intel_idle: Fix max_cstate for processor models without C-state tables (Chen Yu) [Orabug: 34081688] \n- intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add 'preferred_cstates' module argument (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: Adjust the SKX C6 parameters if PC6 is disabled (Chen Yu) [Orabug: 34081688] \n- intel_idle: Clean up kerneldoc comments for multiple functions (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add __initdata annotations to init time variables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Relocate definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Simplify LAPIC timer reliability checks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'states_off' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'use_acpi' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up irtl_2_usec() (Rafael J. Wysocki) [Orabug: 34081688] \n- Documentation: admin-guide: PM: Add intel_idle document (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move 3 functions closer to their callers (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Annotate initialization code and data structures (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move and clean up intel_idle_cpuidle_devices_uninit() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Rearrange intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Fold intel_idle_probe() into intel_idle_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Eliminate __setup_broadcast_timer() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add module parameter to prevent ACPI _CST from being used (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Allow ACPI _CST to be used for selected known processors (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Allow idle states to be disabled by default (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Refactor intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Drop disabled field from struct cpuidle_state (Thomas Tai) [Orabug: 34081688] \n- cpuidle: Consolidate disabled state checks (Rafael J. Wysocki) [Orabug: 34081688] \n- Revert 'intel_idle: Use ACPI _CST for processor models without C-state tables' (Thomas Tai) [Orabug: 34081688]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-08-15T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21505", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-2588", "CVE-2022-29901"], "modified": "2022-08-15T00:00:00", "id": "ELSA-2022-9709", "href": "http://linux.oracle.com/errata/ELSA-2022-9709.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-09-21T22:44:06", "description": "[5.15.0-2.52.3.el8]\n- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585}\n- fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] \n- rds: ib: Add preemption control when using per-cpu variables (Hakon Bugge) [Orabug: 34505120] \n- ocfs2: fix handle refcount leak in two exception handling paths (Chenyuan Mi) [Orabug: 34436530] \n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510687] {CVE-2022-21385}\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476940] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476940] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476940] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476940] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476940] \n- Revert net/rds: Connect TCP backends deterministically (Gerd Rausch) [Orabug: 34476561] \n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- uek-rpm: Set CONFIG_VSOCKETS=m and CONFIG_VSOCKETS_DIAG=m (Victor Erminpour) [Orabug: 34461322] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419970] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414238]\n[5.15.0-2.52.2]\n- PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358322] \n- net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477072] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480751] \n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34484536] {CVE-2022-2588}\n[5.15.0-2.52.1]\n- LTS version: v5.15.52 (Jack Vogel) \n- io_uring: fix not locked access to fixed buf table (Pavel Begunkov) \n- net: mscc: ocelot: allow unregistered IP multicast flooding to CPU (Vladimir Oltean) \n- rtw88: rtw8821c: enable rfe 6 devices (Ping-Ke Shih) \n- rtw88: 8821c: support RFE type4 wifi NIC (Guo-Feng Fan) \n- fs: account for group membership (Christian Brauner) \n- fs: fix acl translation (Christian Brauner) \n- fs: support mapped mounts of mapped filesystems (Christian Brauner) \n- fs: add i_user_ns() helper (Christian Brauner) \n- fs: port higher-level mapping helpers (Christian Brauner) \n- fs: remove unused low-level mapping helpers (Christian Brauner) \n- fs: use low-level mapping helpers (Christian Brauner) \n- docs: update mapping documentation (Christian Brauner) \n- fs: account for filesystem mappings (Christian Brauner) \n- fs: tweak fsuidgid_has_mapping() (Christian Brauner) \n- fs: move mapping helpers (Christian Brauner) \n- fs: add is_idmapped_mnt() helper (Christian Brauner) \n- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) \n- xfs: Fix the free logic of state in xfs_attr_node_hasname (Yang Xu) \n- xfs: use kmem_cache_free() for kmem_cache objects (Rustam Kovhaev) \n- bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (Coly Li) \n- tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Masahiro Yamada) \n- LTS version: v5.15.51 (Jack Vogel) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) \n- dma-direct: use the correct size for dma_set_encrypted() (Dexuan Cui) \n- perf build-id: Fix caching files with a wrong build ID (Adrian Hunter) \n- random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) \n- ARM: dts: bcm2711-rpi-400: Fix GPIO line names (Stefan Wahren) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (Aswath Govindraju) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (Alexander Stein) \n- drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (Kuogee Hsieh) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- powerpc/microwatt: wire up rng during setup_arch() (Jason A. Donenfeld) \n- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) \n- parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (Helge Deller) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (Jialin Zhang) \n- iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (Miaoqian Lin) \n- iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (Jialin Zhang) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (Yannick Brosseau) \n- iio: adc: stm32: Fix ADCs iteration in irq handler (Yannick Brosseau) \n- iio: afe: rescale: Fix boolean logic bug (Linus Walleij) \n- iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (Jean-Baptiste Maneyrol) \n- iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:kxcjk-1013: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:humidity:hts221: rearrange iio trigger get and register (Dmitry Rokosov) \n- f2fs: attach inline_data after setting compression (Jaegeuk Kim) \n- btrfs: fix deadlock with fsync+fiemap+transaction commit (Josef Bacik) \n- btrfs: dont set lock_owner when locking extent buffer for reading (Zygo Blaxell) \n- dt-bindings: usb: ehci: Increase the number of PHYs (Geert Uytterhoeven) \n- dt-bindings: usb: ohci: Increase the number of PHYs (Geert Uytterhoeven) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- USB: gadget: Fix double-free bug in raw_gadget driver (Alan Stern) \n- usb: gadget: Fix non-unique driver names in raw-gadget driver (Alan Stern) \n- xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (Utkarsh Patel) \n- xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (Tanveer Alam) \n- xhci: turn off port power in shutdown (Mathias Nyman) \n- usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (Andy Shevchenko) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- iio: magnetometer: yas530: Fix memchr_inv() misuse (Linus Walleij) \n- iio: mma8452: fix probe fail when device tree compatible is used. (Haibo Chen) \n- s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) \n- gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) \n- nvme: move the Samsung X5 quirk entry to the core quirks (Christoph Hellwig) \n- nvme-pci: add NO APST quirk for Kioxia device (Enzo Matsumiya) \n- sock: redo the psock vs ULP protection check (Jakub Kicinski) \n- Revert net/tls: fix tls_sk_proto_close executed repeatedly (Jakub Kicinski) \n- virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (Aidan MacDonald) \n- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) \n- ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) \n- afs: Fix dynamic root getattr (David Howells) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- xen-blkfront: Handle NULL gendisk (Jason Andryuk) \n- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (Jie2x Zhou) \n- udmabuf: add back sanity check (Gerd Hoffmann) \n- net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) \n- erspan: do not assume transport header is always set (Eric Dumazet) \n- perf arm-spe: Dont set data source if its not a memory operation (Leo Yan) \n- drm/msm/dp: force link training for display resolution change (Kuogee Hsieh) \n- drm/msm/dp: do not initialize phy until plugin interrupt received (Kuogee Hsieh) \n- drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (Kuogee Hsieh) \n- drm/msm/dp: Drop now unused hpd_high member (Bjorn Andersson) \n- drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (Kuogee Hsieh) \n- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) \n- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) \n- ethtool: Fix get module eeprom fallback (Ivan Vecera) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- igb: fix a use-after-free issue in igb_clean_tx_ring (Lorenzo Bianconi) \n- tipc: fix use-after-free Read in tipc_named_reinit (Hoang Le) \n- net: fix data-race in dev_isalive() (Eric Dumazet) \n- net: Write lock dev_base_lock without disabling bottom halves. (Sebastian Andrzej Siewior) \n- KVM: arm64: Prevent kmemleak from accessing pKVM memory (Quentin Perret) \n- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) \n- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (Saurabh Sengar) \n- bpf, x86: Fix tail call count offset calculation on bpf2bpf call (Jakub Sitnicki) \n- drm/sun4i: Fix crash during suspend after component bind failure (Samuel Holland) \n- bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) \n- drm/msm: use for_each_sgtable_sg to iterate over scatterlist (Jonathan Marek) \n- xsk: Fix generic transmit when completion queue reservation fails (Ciara Loftus) \n- scsi: iscsi: Exclude zero from the endpoint ID range (Sergey Gorenko) \n- drm/msm: Switch ordering of runpm put vs devfreq_idle (Rob Clark) \n- scsi: scsi_debug: Fix zone transition to full condition (Damien Le Moal) \n- netfilter: use get_random_u32 instead of prandom (Florian Westphal) \n- drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) \n- drm/msm: Ensure mmap offset is initialized (Rob Clark) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- USB: serial: pl2303: add support for more HXN (G) types (Johan Hovold) \n- drm/i915: Implement w/a 22010492432 for adl-s (Ville Syrjala) \n- tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (Masami Hiramatsu (Google)) \n- dm mirror log: clear log bits up to BITS_PER_LONG boundary (Mikulas Patocka) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- mtd: rawnand: gpmi: Fix setting busy timeout setting (Sascha Hauer) \n- MAINTAINERS: Add new IOMMU development mailing list (Joerg Roedel) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- mmc: mediatek: wait dma stop bit reset to 0 (Mengqi Zhang) \n- mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (Chevron Li) \n- scsi: ibmvfc: Allocate/free queue resource only during probe/remove (Tyrel Datwyler) \n- scsi: ibmvfc: Store vhost pointer during subcrq allocation (Tyrel Datwyler) \n- btrfs: add error messages to all unrecognized mount options (David Sterba) \n- btrfs: prevent remounting to v1 space cache for subpage mount (Qu Wenruo) \n- btrfs: fix hang during unmount when block group reclaim task is running (Filipe Manana) \n- 9p: fix fid refcount leak in v9fs_vfs_get_link (Dominique Martinet) \n- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (Dominique Martinet) \n- 9p: Fix refcounting during full path walks for fid lookups (Tyler Hicks) \n- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Rosemarie ORiorden) \n- ALSA: hda/realtek: Add quirk for Clevo NS50PU (Tim Crawford) \n- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (Tim Crawford) \n- ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (Takashi Iwai) \n- ALSA: hda/realtek - ALC897 headset MIC no sound (Kailang Yang) \n- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (Soham Sen) \n- ALSA: hda/conexant: Fix missing beep setup (Takashi Iwai) \n- ALSA: hda/via: Fix missing beep setup (Takashi Iwai) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- LTS version: v5.15.50 (Jack Vogel) \n- arm64: mm: Dont invalidate FROM_DEVICE buffers at start of DMA transfer (Will Deacon) \n- serial: core: Initialize rs485 RTS polarity already on probe (Lukas Wunner) \n- selftests/bpf: Add selftest for calling global functions from freplace (Toke Hoiland-Jorgensen) \n- bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (Toke Hoiland-Jorgensen) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- zonefs: fix zonefs_iomap_begin() for reads (Damien Le Moal) \n- drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Nicholas Kazlauskas) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- LTS version: v5.15.49 (Jack Vogel) \n- clk: imx8mp: fix usb_root_clk parent (Peng Fan) \n(Masahiro Yamada) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (Andy Chi) \n- KVM: arm64: Dont read a HW interrupt pending state in user context (Marc Zyngier) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable count signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- ext4: fix super block checksum incorrect after mount (Ye Bin) \n- cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (Sami Tolvanen) \n- drm/amd/display: Cap OLED brightness per max frame-average luminance (Roman Li) \n- dm mirror log: round up region bitmap size to BITS_PER_LONG (Mikulas Patocka) \n- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (Shinichiro Kawasaki) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Tony Lindgren) \n- usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: cdnsp: Fixed setting last_trb incorrectly (Jing Leng) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- crypto: memneq - move into lib/ (Jason A. Donenfeld) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- mei: me: add raptor lake point S DID (Alexander Usyskin) \n- mei: hbm: drop capability response on early shutdown (Alexander Usyskin) \n- i2c: designware: Use standard optional ref clock implementation (Serge Semin) \n- sched: Fix balance_push() vs __sched_setscheduler() (Peter Zijlstra) \n- irqchip/realtek-rtl: Fix refcount leak in map_interrupts (Miaoqian Lin) \n- irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- i2c: npcm7xx: Add check for platform_driver_register (Jiasheng Jiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) \n- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (Bart Van Assche) \n- init: Initialize noop_backing_dev_info early (Jan Kara) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: consistently handle PLTs. (Mark Rutland) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (Duoming Zhou) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- mlxsw: spectrum_cnt: Reorder counter pools (Petr Machata) \n- nvme: add device name to warning in uuid_show() (Thomas WeiBschuh) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (Howard Chiu) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- extcon: ptn5150: Add queue work sync before driver release (Li Jun) \n- ksmbd: fix reference count leak in smb_check_perm_dacl() (Xin Xiong) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- soundwire: intel: prevent pm_runtime resume prior to system suspend (Pierre-Louis Bossart) \n- export: fix string handling of namespace in EXPORT_SYMBOL_NS (Greg Kroah-Hartman) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- power: supply: axp288_fuel_gauge: Drop BIOS version check from T3 MRD DMI quirk (Hans de Goede) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- misc/pvpanic: Convert regular spinlock into trylock on panic path (Guilherme G. Piccoli) \n- pvpanic: Fix typos in the comments (Andy Shevchenko) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (Arnaud Pouliquen) \n- rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (Hangyu Hua) \n- rpmsg: virtio: Fix possible double free in rpmsg_probe() (Hangyu Hua) \n- usb: typec: mux: Check dev_set_name() return value (Bjorn Andersson) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- misc: fastrpc: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (Wesley Cheng) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: raspberrypi-poe: Fix endianness in firmware struct (Uwe Kleine-Konig) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- remoteproc: imx_rproc: Ignore create mem entry for resource table (Peng Fan) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (Miaoqian Lin) \n- tty: n_tty: Restore EOF push handling behavior (Daniel Gibson) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP (Christophe Leroy) \n- lkdtm/bugs: Check for the NULL pointer after calling kmalloc (Jiasheng Jiang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- LTS version: v5.15.46 (Jack Vogel) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- pinctrl/rockchip: support setting input-enable param (Caleb Connolly) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- md: fix double free of io_acct_set bioset (Xiao Ni) \n- md: Dont set mddev private to NULL in raid0 pers->free (Xiao Ni) \n- fs/ntfs3: Fix invalid free in log_replay (Namjae Jeon) \n- exportfs: support idmapped mounts (Christian Brauner) \n- fs: add two trivial lookup helpers (Christian Brauner) \n- interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate (Mike Tipton) \n- interconnect: qcom: sc7180: Drop IP0 interconnects (Stephen Boyd) \n- ext4: only allow test_dummy_encryption when supported (Eric Biggers) \n- MIPS: IP30: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- RDMA/hns: Remove the num_cqc_timer variable (Yixing Liu) \n- staging: r8188eu: delete rtw_wx_read/write32() (Dan Carpenter) \n- Revert random: use static branch for crng_ready() (Jason A. Donenfeld) \n- list: test: Add a test for list_is_head() (David Gow) \n- kseltest/cgroup: Make test_stress.sh work if run interactively (Waiman Long) \n- net: ipa: fix page free in ipa_endpoint_replenish_one() (Alex Elder) \n- net: ipa: fix page free in ipa_endpoint_trans_release() (Alex Elder) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- coresight: core: Fix coresight device probe failure issue (Mao Jinlong) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- vdpasim: allow to enable a vq repeatedly (Eugenio Perez) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Steve French) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (Jonathan Bakker) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- clk: tegra: Add missing reset deassertion (Diogo Ivo) \n- arm64: tegra: Add missing DFLL reset on Tegra210 (Diogo Ivo) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: dont overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- bcache: avoid journal no-space deadlock by reserving 1 journal bucket (Coly Li) \n- bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_btree_check() (Coly Li) \n- stm: ltdc: fix two incorrect NULL checks on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- xtensa/simdisk: fix proc_read_simdisk() (Yi Yang) \n- mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (Miaohe Lin) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- mm/page_alloc: always attempt to allocate at least one page during bulk allocation (Mel Gorman) \n- Revert mm/cma.c: remove redundant cma_mutex lock (Dong Aisheng) \n- iommu/dma: Fix iova map result check bug (Yunfei Wang) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- ksmbd: fix outstanding credits related bugs (Hyunchul Lee) \n- ftrace: Clean up hash direct_functions on register failures (Song Liu) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- um: Use asm-generic/dma-mapping.h (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- cfg80211: declare MODULE_FIRMWARE for regulatory.db (Dimitri John Ledkov) \n- thermal: devfreq_cooling: use local ops instead of global ops (Kant Fan) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- csky: patch_text: Fixup last cpu should be master (Guo Ren) \n- mmc: core: Allows to override the timeout value for ioctl() path (Bean Huo) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/i915/dsi: fix VBT send packet port selection for ICL+ (Jani Nikula) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/nouveau/subdev/bus: Ratelimit logging for fault errors (Lyude Paul) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- landlock: Fix same-layer rule unions (Mickael Salaun) \n- landlock: Create find_rule() from unmask_layers() (Mickael Salaun) \n- landlock: Reduce the maximum number of layers to 16 (Mickael Salaun) \n- landlock: Define access_mask_t to enforce a consistent access mask size (Mickael Salaun) \n- selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (Mickael Salaun) \n- landlock: Change landlock_restrict_self(2) check ordering (Mickael Salaun) \n- landlock: Change landlock_add_rule(2) argument check ordering (Mickael Salaun) \n- selftests/landlock: Add tests for O_PATH (Mickael Salaun) \n- selftests/landlock: Fully test file rename with remove access (Mickael Salaun) \n- selftests/landlock: Extend access right tests to directories (Mickael Salaun) \n- selftests/landlock: Add tests for unknown access rights (Mickael Salaun) \n- selftests/landlock: Extend tests for minimal valid attribute size (Mickael Salaun) \n- selftests/landlock: Make tests build with old libc (Mickael Salaun) \n- landlock: Fix landlock_add_rule(2) documentation (Mickael Salaun) \n- samples/landlock: Format with clang-format (Mickael Salaun) \n- samples/landlock: Add clang-format exceptions (Mickael Salaun) \n- selftests/landlock: Format with clang-format (Mickael Salaun) \n- selftests/landlock: Normalize array assignment (Mickael Salaun) \n- selftests/landlock: Add clang-format exceptions (Mickael Salaun) \n- landlock: Format with clang-format (Mickael Salaun) \n- landlock: Add clang-format exceptions (Mickael Salaun) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: uninitialized variable on error in dlm_listen_for_all() (Dan Carpenter) \n- dlm: fix plock invalid read (Alexander Aring) \n- s390/stp: clock_delta should be signed (Sven Schnelle) \n- s390/perf: obtain sie_block from the right address (Nico Boehr) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- drm/amdgpu: add beige goby PCI ID (Alex Deucher) \n- tracing: Initialize integer variable to prevent garbage return value (Gautam Menghani) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (Laurent Vivier) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in __es_tree_search (Baokun Li) \n- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (Theodore Tso) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- bfq: Avoid false marking of bic as stably merged (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- objtool: Fix symbol creation (Peter Zijlstra) \n- objtool: Fix objtool regression on x32 systems (Mikulas Patocka) \n- f2fs: fix to do sanity check for inline inode (Chao Yu) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: dont use casefolded comparison for . and .. (Eric Biggers) \n- f2fs: fix to do sanity check on total_data_blocks (Chao Yu) \n- f2fs: dont need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- NFSv4.1 mark qualified async operations as MOVEABLE tasks (Olga Kornievskaia) \n- NFS: Convert GFP_NOFS to GFP_KERNEL (Trond Myklebust) \n- NFS: Create a new nfs_alloc_fattr_with_label() function (Anna Schumaker) \n- NFS: Always initialise fattr->label in nfs_fattr_alloc() (Trond Myklebust) \n- video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- perf build: Fix btf__load_from_kernel_by_id() feature check (Jiri Olsa) \n- i2c: rcar: fix PM ref counts in probe error paths (Kuninori Morimoto) \n- i2c: npcm: Handle spurious interrupts (Tali Perry) \n- i2c: npcm: Correct register access width (Tyrone Ting) \n- i2c: npcm: Fix timeout calculation (Tali Perry) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (Amelie Delaunay) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFS: Further fixes to the writeback error handling (Trond Myklebust) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Dont report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Dont report ENOSPC write errors twice (Trond Myklebust) \n- NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (Christophe JAILLET) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- iommu/mediatek: Fix NULL pointer dereference when printing dev_name (Miles Chen) \n- MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (Guenter Roeck) \n- iommu/arm-smmu-v3-sva: Fix mm use-after-free (Jean-Philippe Brucker) \n- cpufreq: mediatek: Unregister platform device on exit (Rex-BC Chen) \n- cpufreq: mediatek: Use module_init and add module_exit (Jia-Wei Chang) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (Yong Wu) \n- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Fix 2 HW sharing pgtable issue (Yong Wu) \n- iommu/amd: Enable swiotlb in all cases (Mario Limonciello) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- f2fs: fix to do sanity check on inline_dots inode (Chao Yu) \n- f2fs: support fault injection for dquot_initialize() (Chao Yu) \n- OPP: call of_node_put() on error path in _bandwidth_supported() (Dan Carpenter) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (Wanpeng Li) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- nfsd: destroy percpu stats counters after reply cache shutdown (Julian Schroeder) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/xive: Fix refcount leak in xive_spapr_init (Miaoqian Lin) \n- powerpc/xive: Add some error handling code to xive_spapr_init() (Christophe JAILLET) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/perf: Fix the threshold compare group constraint for power10 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (Yang Yingliang) \n- PCI: microchip: Fix potential race in interrupt handling (Daire McNamara) \n- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (Kuppuswamy Sathyanarayanan) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- hugetlbfs: fix hugetlbfs_statfs() locking (Mina Almasry) \n- ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (Eugen Hristev) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-21T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-34918"], "modified": "2022-09-21T00:00:00", "id": "ELSA-2022-9830", "href": "http://linux.oracle.com/errata/ELSA-2022-9830.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-09-21T22:44:04", "description": "[5.15.0-2.52.3]\n- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Thadeu Lima de Souza Cascardo) [Orabug: 34495548] {CVE-2022-2585}\n- fix race between exit_itimers() and /proc/pid/timers (Oleg Nesterov) [Orabug: 34495548] \n- rds: ib: Add preemption control when using per-cpu variables (Hakon Bugge) [Orabug: 34505120] \n- ocfs2: fix handle refcount leak in two exception handling paths (Chenyuan Mi) [Orabug: 34436530] \n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow CHAIN_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Thadeu Lima de Souza Cascardo) [Orabug: 34495566] {CVE-2022-2586}\n- rds: copy_from_user only once per rds_sendmsg system call (Hans Westgaard Ry) [Orabug: 34510687] {CVE-2022-21385}\n- kernfs: Replace global kernfs_open_file_mutex with hashed mutexes. (Imran Khan) [Orabug: 34476940] \n- kernfs: Introduce interface to access global kernfs_open_file_mutex. (Imran Khan) [Orabug: 34476940] \n- kernfs: make ->attr.open RCU protected. (Imran Khan) [Orabug: 34476940] \n- kernfs: Rename kernfs_put_open_node to kernfs_unlink_open_file. (Imran Khan) [Orabug: 34476940] \n- kernfs: Remove reference counting for kernfs_open_node. (Imran Khan) [Orabug: 34476940] \n- Revert net/rds: Connect TCP backends deterministically (Gerd Rausch) [Orabug: 34476561] \n- rds/ib: handle posted ACK during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- rds/ib: reap tx completions during connection shutdown (Rohit Nair) [Orabug: 34465808] \n- uek-rpm: Set CONFIG_VSOCKETS=m and CONFIG_VSOCKETS_DIAG=m (Victor Erminpour) [Orabug: 34461322] \n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419970] {CVE-2022-21546}\n- rds/rdma: destroy CQs during user initiated rds connection resets (Rohit Nair) [Orabug: 34414238]\n[5.15.0-2.52.2]\n- PCI: pciehp: Add quirk to handle spurious DLLSC on a x4x4 SSD (Thomas Tai) [Orabug: 34358322] \n- net/mlx5: E-Switch, change VFs default admin state to auto in switchdev (Maor Dickman) [Orabug: 34477072] \n- xen/manage: Use orderly_reboot() to reboot (Ross Lagerwall) [Orabug: 34480751] \n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34484536] {CVE-2022-2588}\n[5.15.0-2.52.1]\n- LTS version: v5.15.52 (Jack Vogel) \n- io_uring: fix not locked access to fixed buf table (Pavel Begunkov) \n- net: mscc: ocelot: allow unregistered IP multicast flooding to CPU (Vladimir Oltean) \n- rtw88: rtw8821c: enable rfe 6 devices (Ping-Ke Shih) \n- rtw88: 8821c: support RFE type4 wifi NIC (Guo-Feng Fan) \n- fs: account for group membership (Christian Brauner) \n- fs: fix acl translation (Christian Brauner) \n- fs: support mapped mounts of mapped filesystems (Christian Brauner) \n- fs: add i_user_ns() helper (Christian Brauner) \n- fs: port higher-level mapping helpers (Christian Brauner) \n- fs: remove unused low-level mapping helpers (Christian Brauner) \n- fs: use low-level mapping helpers (Christian Brauner) \n- docs: update mapping documentation (Christian Brauner) \n- fs: account for filesystem mappings (Christian Brauner) \n- fs: tweak fsuidgid_has_mapping() (Christian Brauner) \n- fs: move mapping helpers (Christian Brauner) \n- fs: add is_idmapped_mnt() helper (Christian Brauner) \n- powerpc/ftrace: Remove ftrace init tramp once kernel init is complete (Naveen N. Rao) \n- xfs: Fix the free logic of state in xfs_attr_node_hasname (Yang Xu) \n- xfs: use kmem_cache_free() for kmem_cache objects (Rustam Kovhaev) \n- bcache: memset on stack variables in bch_btree_check() and bch_sectors_dirty_init() (Coly Li) \n- tick/nohz: unexport __init-annotated tick_nohz_full_setup() (Masahiro Yamada) \n- LTS version: v5.15.51 (Jack Vogel) \n- powerpc/pseries: wire up rng during setup_arch() (Jason A. Donenfeld) \n- kbuild: link vmlinux only once for CONFIG_TRIM_UNUSED_KSYMS (2nd attempt) (Masahiro Yamada) \n- dma-direct: use the correct size for dma_set_encrypted() (Dexuan Cui) \n- perf build-id: Fix caching files with a wrong build ID (Adrian Hunter) \n- random: update comment from copy_to_user() -> copy_to_iter() (Jason A. Donenfeld) \n- ARM: dts: bcm2711-rpi-400: Fix GPIO line names (Stefan Wahren) \n- modpost: fix section mismatch check for exported init/exit sections (Masahiro Yamada) \n- ARM: cns3xxx: Fix refcount leak in cns3xxx_init (Miaoqian Lin) \n- memory: samsung: exynos5422-dmc: Fix refcount leak in of_get_dram_timings (Miaoqian Lin) \n- ARM: Fix refcount leak in axxia_boot_secondary (Miaoqian Lin) \n- soc: bcm: brcmstb: pm: pm-arm: Fix refcount leak in brcmstb_pm_probe (Miaoqian Lin) \n- ARM: exynos: Fix refcount leak in exynos_map_pmu (Miaoqian Lin) \n- arm64: dts: ti: k3-am64-main: Remove support for HS400 speed mode (Aswath Govindraju) \n- ARM: dts: imx6qdl: correct PU regulator ramp delay (Lucas Stach) \n- ARM: dts: imx7: Move hsic_phy power domain to HSIC PHY node (Alexander Stein) \n- drm/msm/dp: Always clear mask bits to disable interrupts at dp_ctrl_reset_irq_ctrl() (Kuogee Hsieh) \n- powerpc/powernv: wire up rng during setup_arch (Jason A. Donenfeld) \n- powerpc/rtas: Allow ibm,platform-dump RTAS call with null buffer address (Andrew Donnellan) \n- powerpc: Enable execve syscall exit tracepoint (Naveen N. Rao) \n- powerpc/microwatt: wire up rng during setup_arch() (Jason A. Donenfeld) \n- parisc: Enable ARCH_HAS_STRICT_MODULE_RWX (Helge Deller) \n- parisc/stifb: Fix fb_is_primary_device() only available with CONFIG_FB_STI (Helge Deller) \n- xtensa: Fix refcount leak bug in time.c (Liang He) \n- xtensa: xtfpga: Fix refcount leak bug in setup (Liang He) \n- iio: adc: ti-ads131e08: add missing fwnode_handle_put() in ads131e08_alloc_channels() (Jialin Zhang) \n- iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client (Miaoqian Lin) \n- iio: adc: rzg2l_adc: add missing fwnode_handle_put() in rzg2l_adc_parse_properties() (Jialin Zhang) \n- iio: adc: axp288: Override TS pin bias current for some models (Hans de Goede) \n- iio: adc: stm32: Fix IRQs on STM32F4 by removing custom spurious IRQs message (Yannick Brosseau) \n- iio: adc: stm32: Fix ADCs iteration in irq handler (Yannick Brosseau) \n- iio: afe: rescale: Fix boolean logic bug (Linus Walleij) \n- iio: imu: inv_icm42600: Fix broken icm42600 (chip id 0 value) (Jean-Baptiste Maneyrol) \n- iio: adc: stm32: fix maximum clock rate for stm32mp15x (Olivier Moysan) \n- iio: trigger: sysfs: fix use-after-free on remove (Vincent Whitchurch) \n- iio: gyro: mpu3050: Fix the error handling in mpu3050_power_up() (Zheyu Ma) \n- iio: accel: mma8452: ignore the return value of reset operation (Haibo Chen) \n- iio:accel:mxc4005: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:bma180: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:accel:kxcjk-1013: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:chemical:ccs811: rearrange iio trigger get and register (Dmitry Rokosov) \n- iio:humidity:hts221: rearrange iio trigger get and register (Dmitry Rokosov) \n- f2fs: attach inline_data after setting compression (Jaegeuk Kim) \n- btrfs: fix deadlock with fsync+fiemap+transaction commit (Josef Bacik) \n- btrfs: dont set lock_owner when locking extent buffer for reading (Zygo Blaxell) \n- dt-bindings: usb: ehci: Increase the number of PHYs (Geert Uytterhoeven) \n- dt-bindings: usb: ohci: Increase the number of PHYs (Geert Uytterhoeven) \n- usb: chipidea: udc: check request status before setting device address (Xu Yang) \n- USB: gadget: Fix double-free bug in raw_gadget driver (Alan Stern) \n- usb: gadget: Fix non-unique driver names in raw-gadget driver (Alan Stern) \n- xhci-pci: Allow host runtime PM as default for Intel Meteor Lake xHCI (Utkarsh Patel) \n- xhci-pci: Allow host runtime PM as default for Intel Raptor Lake xHCI (Tanveer Alam) \n- xhci: turn off port power in shutdown (Mathias Nyman) \n- usb: typec: wcove: Drop wrong dependency to INTEL_SOC_PMIC (Andy Shevchenko) \n- iio: adc: vf610: fix conversion mode sysfs node name (Baruch Siach) \n- iio: magnetometer: yas530: Fix memchr_inv() misuse (Linus Walleij) \n- iio: mma8452: fix probe fail when device tree compatible is used. (Haibo Chen) \n- s390/cpumf: Handle events cycles and instructions identical (Thomas Richter) \n- gpio: winbond: Fix error code in winbond_gpio_get() (Dan Carpenter) \n- nvme: move the Samsung X5 quirk entry to the core quirks (Christoph Hellwig) \n- nvme-pci: add NO APST quirk for Kioxia device (Enzo Matsumiya) \n- sock: redo the psock vs ULP protection check (Jakub Kicinski) \n- Revert net/tls: fix tls_sk_proto_close executed repeatedly (Jakub Kicinski) \n- virtio_net: fix xdp_rxq_info bug after suspend/resume (Stephan Gerhold) \n- igb: Make DMA faster when CPU is active on the PCIe link (Kai-Heng Feng) \n- regmap-irq: Fix offset/index mismatch in read_sub_irq_data() (Aidan MacDonald) \n- regmap-irq: Fix a bug in regmap_irq_enable() for type_in_mask chips (Aidan MacDonald) \n- ice: ethtool: advertise 1000M speeds properly (Anatolii Gerasymenko) \n- afs: Fix dynamic root getattr (David Howells) \n- MIPS: Remove repetitive increase irq_err_count (huhai) \n- x86/xen: Remove undefined behavior in setup_features() (Julien Grall) \n- xen-blkfront: Handle NULL gendisk (Jason Andryuk) \n- selftests: netfilter: correct PKTGEN_SCRIPT_PATHS in nft_concat_range.sh (Jie2x Zhou) \n- udmabuf: add back sanity check (Gerd Hoffmann) \n- net/tls: fix tls_sk_proto_close executed repeatedly (Ziyang Xuan) \n- erspan: do not assume transport header is always set (Eric Dumazet) \n- perf arm-spe: Dont set data source if its not a memory operation (Leo Yan) \n- drm/msm/dp: force link training for display resolution change (Kuogee Hsieh) \n- drm/msm/dp: do not initialize phy until plugin interrupt received (Kuogee Hsieh) \n- drm/msm/dp: dp_link_parse_sink_count() return immediately if aux read failed (Kuogee Hsieh) \n- drm/msm/dp: Drop now unused hpd_high member (Bjorn Andersson) \n- drm/msm/dp: check core_initialized before disable interrupts at dp_display_unbind() (Kuogee Hsieh) \n- drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf (Miaoqian Lin) \n- net/sched: sch_netem: Fix arithmetic in netem_dump() for 32-bit platforms (Peilin Ye) \n- ethtool: Fix get module eeprom fallback (Ivan Vecera) \n- bonding: ARP monitor spams NETDEV_NOTIFY_PEERS notifiers (Jay Vosburgh) \n- igb: fix a use-after-free issue in igb_clean_tx_ring (Lorenzo Bianconi) \n- tipc: fix use-after-free Read in tipc_named_reinit (Hoang Le) \n- net: fix data-race in dev_isalive() (Eric Dumazet) \n- net: Write lock dev_base_lock without disabling bottom halves. (Sebastian Andrzej Siewior) \n- KVM: arm64: Prevent kmemleak from accessing pKVM memory (Quentin Perret) \n- phy: aquantia: Fix AN when higher speeds than 1G are not advertised (Claudiu Manoil) \n- scsi: storvsc: Correct reporting of Hyper-V I/O size limits (Saurabh Sengar) \n- bpf, x86: Fix tail call count offset calculation on bpf2bpf call (Jakub Sitnicki) \n- drm/sun4i: Fix crash during suspend after component bind failure (Samuel Holland) \n- bpf: Fix request_sock leak in sk lookup helpers (Jon Maxwell) \n- drm/msm: use for_each_sgtable_sg to iterate over scatterlist (Jonathan Marek) \n- xsk: Fix generic transmit when completion queue reservation fails (Ciara Loftus) \n- scsi: iscsi: Exclude zero from the endpoint ID range (Sergey Gorenko) \n- drm/msm: Switch ordering of runpm put vs devfreq_idle (Rob Clark) \n- scsi: scsi_debug: Fix zone transition to full condition (Damien Le Moal) \n- netfilter: use get_random_u32 instead of prandom (Florian Westphal) \n- drm/msm: Fix double pm_runtime_disable() call (Maximilian Luz) \n- drm/msm: Ensure mmap offset is initialized (Rob Clark) \n- USB: serial: option: add Quectel RM500K module support (Macpaul Lin) \n- USB: serial: option: add Quectel EM05-G modem (Yonglin Tan) \n- USB: serial: option: add Telit LE910Cx 0x1250 composition (Carlo Lobrano) \n- USB: serial: pl2303: add support for more HXN (G) types (Johan Hovold) \n- drm/i915: Implement w/a 22010492432 for adl-s (Ville Syrjala) \n- tracing/kprobes: Check whether get_kretprobe() returns NULL in kretprobe_dispatcher() (Masami Hiramatsu (Google)) \n- dm mirror log: clear log bits up to BITS_PER_LONG boundary (Mikulas Patocka) \n- dm era: commit metadata in postsuspend after worker stops (Nikos Tsironis) \n- ata: libata: add qc->flags in ata_qc_complete_template tracepoint (Edward Wu) \n- mtd: rawnand: gpmi: Fix setting busy timeout setting (Sascha Hauer) \n- MAINTAINERS: Add new IOMMU development mailing list (Joerg Roedel) \n- xen/gntdev: Avoid blocking in unmap_grant_pages() (Demi Marie Obenour) \n- mmc: mediatek: wait dma stop bit reset to 0 (Mengqi Zhang) \n- mmc: sdhci-pci-o2micro: Fix card detect by dealing with debouncing (Chevron Li) \n- scsi: ibmvfc: Allocate/free queue resource only during probe/remove (Tyrel Datwyler) \n- scsi: ibmvfc: Store vhost pointer during subcrq allocation (Tyrel Datwyler) \n- btrfs: add error messages to all unrecognized mount options (David Sterba) \n- btrfs: prevent remounting to v1 space cache for subpage mount (Qu Wenruo) \n- btrfs: fix hang during unmount when block group reclaim task is running (Filipe Manana) \n- 9p: fix fid refcount leak in v9fs_vfs_get_link (Dominique Martinet) \n- 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl (Dominique Martinet) \n- 9p: Fix refcounting during full path walks for fid lookups (Tyler Hicks) \n- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Rosemarie ORiorden) \n- ALSA: hda/realtek: Add quirk for Clevo NS50PU (Tim Crawford) \n- ALSA: hda/realtek: Add quirk for Clevo PD70PNT (Tim Crawford) \n- ALSA: hda/realtek: Apply fixup for Lenovo Yoga Duet 7 properly (Takashi Iwai) \n- ALSA: hda/realtek - ALC897 headset MIC no sound (Kailang Yang) \n- ALSA: hda/realtek: Add mute LED quirk for HP Omen laptop (Soham Sen) \n- ALSA: hda/conexant: Fix missing beep setup (Takashi Iwai) \n- ALSA: hda/via: Fix missing beep setup (Takashi Iwai) \n- random: quiet urandom warning ratelimit suppression message (Jason A. Donenfeld) \n- random: schedule mix_interrupt_randomness() less often (Jason A. Donenfeld) \n- LTS version: v5.15.50 (Jack Vogel) \n- arm64: mm: Dont invalidate FROM_DEVICE buffers at start of DMA transfer (Will Deacon) \n- serial: core: Initialize rs485 RTS polarity already on probe (Lukas Wunner) \n- selftests/bpf: Add selftest for calling global functions from freplace (Toke Hoiland-Jorgensen) \n- bpf: Fix calling global functions from BPF_PROG_TYPE_EXT programs (Toke Hoiland-Jorgensen) \n- usb: gadget: u_ether: fix regression in setting fixed MAC address (Marian Postevca) \n- zonefs: fix zonefs_iomap_begin() for reads (Damien Le Moal) \n- drm/amd/display: Dont reinitialize DMCUB on s0ix resume (Nicholas Kazlauskas) \n- s390/mm: use non-quiescing sske for KVM switch to keyed guest (Christian Borntraeger) \n- LTS version: v5.15.49 (Jack Vogel) \n- clk: imx8mp: fix usb_root_clk parent (Peng Fan) \n(Masahiro Yamada) \n- virtio-pci: Remove wrong address verification in vp_del_vqs() (Murilo Opsfelder Araujo) \n- ALSA: hda/realtek: fix right sounds and mute/micmute LEDs for HP machine (Andy Chi) \n- KVM: arm64: Dont read a HW interrupt pending state in user context (Marc Zyngier) \n- ext4: add reserved GDT blocks check (Zhang Yi) \n- ext4: make variable count signed (Ding Xiang) \n- ext4: fix bug_on ext4_mb_use_inode_pa (Baokun Li) \n- ext4: fix super block checksum incorrect after mount (Ye Bin) \n- cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle (Sami Tolvanen) \n- drm/amd/display: Cap OLED brightness per max frame-average luminance (Roman Li) \n- dm mirror log: round up region bitmap size to BITS_PER_LONG (Mikulas Patocka) \n- bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() (Shinichiro Kawasaki) \n- serial: 8250: Store to lsr_save_flags after lsr read (Ilpo Jarvinen) \n- tty: n_gsm: Debug output allocation must use GFP_ATOMIC (Tony Lindgren) \n- usb: gadget: f_fs: change ep->ep safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: f_fs: change ep->status safe in ffs_epfile_io() (Linyu Yuan) \n- usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe (Miaoqian Lin) \n- usb: cdnsp: Fixed setting last_trb incorrectly (Jing Leng) \n- usb: dwc2: Fix memory leak in dwc2_hcd_init (Miaoqian Lin) \n- USB: serial: io_ti: add Agilent E5805A support (Robert Eckelmann) \n- USB: serial: option: add support for Cinterion MV31 with new baseline (Slark Xiao) \n- crypto: memneq - move into lib/ (Jason A. Donenfeld) \n- comedi: vmk80xx: fix expression for tx buffer size (Ian Abbott) \n- mei: me: add raptor lake point S DID (Alexander Usyskin) \n- mei: hbm: drop capability response on early shutdown (Alexander Usyskin) \n- i2c: designware: Use standard optional ref clock implementation (Serge Semin) \n- sched: Fix balance_push() vs __sched_setscheduler() (Peter Zijlstra) \n- irqchip/realtek-rtl: Fix refcount leak in map_interrupts (Miaoqian Lin) \n- irqchip/gic-v3: Fix refcount leak in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic-v3: Fix error handling in gic_populate_ppi_partitions (Miaoqian Lin) \n- irqchip/gic/realview: Fix refcount leak in realview_gic_of_init (Miaoqian Lin) \n- i2c: npcm7xx: Add check for platform_driver_register (Jiasheng Jiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf) \n- block: Fix handling of offline queues in blk_mq_alloc_request_hctx() (Bart Van Assche) \n- init: Initialize noop_backing_dev_info early (Jan Kara) \n- certs/blacklist_hashes.c: fix const confusion in certs blacklist (Masahiro Yamada) \n- arm64: ftrace: consistently handle PLTs. (Mark Rutland) \n- arm64: ftrace: fix branch range checks (Mark Rutland) \n- net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg (Duoming Zhou) \n- net: bgmac: Fix an erroneous kfree() in bgmac_remove() (Christophe JAILLET) \n- mlxsw: spectrum_cnt: Reorder counter pools (Petr Machata) \n- nvme: add device name to warning in uuid_show() (Thomas WeiBschuh) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: ftrtc010: Use platform_get_irq() to get the interrupt (Lad Prabhakar) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- ARM: dts: aspeed: ast2600-evb: Enable RX delay for MAC0/MAC1 (Howard Chiu) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- extcon: ptn5150: Add queue work sync before driver release (Li Jun) \n- ksmbd: fix reference count leak in smb_check_perm_dacl() (Xin Xiong) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- soundwire: intel: prevent pm_runtime resume prior to system suspend (Pierre-Louis Bossart) \n- export: fix string handling of namespace in EXPORT_SYMBOL_NS (Greg Kroah-Hartman) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- power: supply: axp288_fuel_gauge: Drop BIOS version check from T3 MRD DMI quirk (Hans de Goede) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- misc/pvpanic: Convert regular spinlock into trylock on panic path (Guilherme G. Piccoli) \n- pvpanic: Fix typos in the comments (Andy Shevchenko) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: proximity: vl53l0x: Fix return value check of wait_for_completion_timeout (Miaoqian Lin) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- rpmsg: virtio: Fix the unregistration of the device rpmsg_ctrl (Arnaud Pouliquen) \n- rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() (Hangyu Hua) \n- rpmsg: virtio: Fix possible double free in rpmsg_probe() (Hangyu Hua) \n- usb: typec: mux: Check dev_set_name() return value (Bjorn Andersson) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- misc: fastrpc: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback (Wesley Cheng) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: raspberrypi-poe: Fix endianness in firmware struct (Uwe Kleine-Konig) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- remoteproc: imx_rproc: Ignore create mem entry for resource table (Peng Fan) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- serial: 8250_aspeed_vuart: Fix potential NULL dereference in aspeed_vuart_probe (Miaoqian Lin) \n- tty: n_tty: Restore EOF push handling behavior (Daniel Gibson) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- lkdtm/bugs: Dont expect thread termination without CONFIG_UBSAN_TRAP (Christophe Leroy) \n- lkdtm/bugs: Check for the NULL pointer after calling kmalloc (Jiasheng Jiang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- LTS version: v5.15.46 (Jack Vogel) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- pinctrl/rockchip: support setting input-enable param (Caleb Connolly) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- md: fix double free of io_acct_set bioset (Xiao Ni) \n- md: Dont set mddev private to NULL in raid0 pers->free (Xiao Ni) \n- fs/ntfs3: Fix invalid free in log_replay (Namjae Jeon) \n- exportfs: support idmapped mounts (Christian Brauner) \n- fs: add two trivial lookup helpers (Christian Brauner) \n- interconnect: qcom: icc-rpmh: Add BCMs to commit list in pre_aggregate (Mike Tipton) \n- interconnect: qcom: sc7180: Drop IP0 interconnects (Stephen Boyd) \n- ext4: only allow test_dummy_encryption when supported (Eric Biggers) \n- MIPS: IP30: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- MIPS: IP27: Remove incorrect cpu_has_fpu override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- RDMA/hns: Remove the num_cqc_timer variable (Yixing Liu) \n- staging: r8188eu: delete rtw_wx_read/write32() (Dan Carpenter) \n- Revert random: use static branch for crng_ready() (Jason A. Donenfeld) \n- list: test: Add a test for list_is_head() (David Gow) \n- kseltest/cgroup: Make test_stress.sh work if run interactively (Waiman Long) \n- net: ipa: fix page free in ipa_endpoint_replenish_one() (Alex Elder) \n- net: ipa: fix page free in ipa_endpoint_trans_release() (Alex Elder) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- coresight: core: Fix coresight device probe failure issue (Mao Jinlong) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- vdpasim: allow to enable a vq repeatedly (Eugenio Perez) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- SMB3: EBADF/EIO errors in rename/open caused by race condition in smb2_compound_op (Steve French) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- ARM: dts: s5pv210: Remove spi-cs-high on panel in Aries (Jonathan Bakker) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- clk: tegra: Add missing reset deassertion (Diogo Ivo) \n- arm64: tegra: Add missing DFLL reset on Tegra210 (Diogo Ivo) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: dont overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- bcache: avoid journal no-space deadlock by reserving 1 journal bucket (Coly Li) \n- bcache: remove incremental dirty sector counting for bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_sectors_dirty_init() (Coly Li) \n- bcache: improve multithreaded bch_btree_check() (Coly Li) \n- stm: ltdc: fix two incorrect NULL checks on list iterator (Xiaomeng Tong) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for DSP Voice Wake Up control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- xtensa/simdisk: fix proc_read_simdisk() (Yi Yang) \n- mm/memremap: fix missing call to untrack_pfn() in pagemap_range() (Miaohe Lin) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- mm/page_alloc: always attempt to allocate at least one page during bulk allocation (Mel Gorman) \n- Revert mm/cma.c: remove redundant cma_mutex lock (Dong Aisheng) \n- iommu/dma: Fix iova map result check bug (Yunfei Wang) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- ksmbd: fix outstanding credits related bugs (Hyunchul Lee) \n- ftrace: Clean up hash direct_functions on register failures (Song Liu) \n- kexec_file: drop weak attribute from arch_kexec_apply_relocations[_add] (Naveen N. Rao) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- um: Use asm-generic/dma-mapping.h (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- cfg80211: declare MODULE_FIRMWARE for regulatory.db (Dimitri John Ledkov) \n- thermal: devfreq_cooling: use local ops instead of global ops (Kant Fan) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- csky: patch_text: Fixup last cpu should be master (Guo Ren) \n- mmc: core: Allows to override the timeout value for ioctl() path (Bean Huo) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- ima: remove the IMA_TEMPLATE Kconfig option (GUO Zihua) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/i915/dsi: fix VBT send packet port selection for ICL+ (Jani Nikula) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/kms/nv50-: atom: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/nouveau/subdev/bus: Ratelimit logging for fault errors (Lyude Paul) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- landlock: Fix same-layer rule unions (Mickael Salaun) \n- landlock: Create find_rule() from unmask_layers() (Mickael Salaun) \n- landlock: Reduce the maximum number of layers to 16 (Mickael Salaun) \n- landlock: Define access_mask_t to enforce a consistent access mask size (Mickael Salaun) \n- selftests/landlock: Test landlock_create_ruleset(2) argument check ordering (Mickael Salaun) \n- landlock: Change landlock_restrict_self(2) check ordering (Mickael Salaun) \n- landlock: Change landlock_add_rule(2) argument check ordering (Mickael Salaun) \n- selftests/landlock: Add tests for O_PATH (Mickael Salaun) \n- selftests/landlock: Fully test file rename with remove access (Mickael Salaun) \n- selftests/landlock: Extend access right tests to directories (Mickael Salaun) \n- selftests/landlock: Add tests for unknown access rights (Mickael Salaun) \n- selftests/landlock: Extend tests for minimal valid attribute size (Mickael Salaun) \n- selftests/landlock: Make tests build with old libc (Mickael Salaun) \n- landlock: Fix landlock_add_rule(2) documentation (Mickael Salaun) \n- samples/landlock: Format with clang-format (Mickael Salaun) \n- samples/landlock: Add clang-format exceptions (Mickael Salaun) \n- selftests/landlock: Format with clang-format (Mickael Salaun) \n- selftests/landlock: Normalize array assignment (Mickael Salaun) \n- selftests/landlock: Add clang-format exceptions (Mickael Salaun) \n- landlock: Format with clang-format (Mickael Salaun) \n- landlock: Add clang-format exceptions (Mickael Salaun) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: uninitialized variable on error in dlm_listen_for_all() (Dan Carpenter) \n- dlm: fix plock invalid read (Alexander Aring) \n- s390/stp: clock_delta should be signed (Sven Schnelle) \n- s390/perf: obtain sie_block from the right address (Nico Boehr) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- staging: r8188eu: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- drm/amdgpu: add beige goby PCI ID (Alex Deucher) \n- tracing: Initialize integer variable to prevent garbage return value (Gautam Menghani) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- tty: goldfish: Introduce gf_ioread32()/gf_iowrite32() (Laurent Vivier) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in __es_tree_search (Baokun Li) \n- ext4: filter out EXT4_FC_REPLAY from on-disk superblock field s_state (Theodore Tso) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix race condition between ext4_write and ext4_convert_inline_data (Baokun Li) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- ext4: mark group as trimmed only if it was fully scanned (Dmitry Monakhov) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- bfq: Avoid false marking of bic as stably merged (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate wrote according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- objtool: Fix symbol creation (Peter Zijlstra) \n- objtool: Fix objtool regression on x32 systems (Mikulas Patocka) \n- f2fs: fix to do sanity check for inline inode (Chao Yu) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: dont use casefolded comparison for . and .. (Eric Biggers) \n- f2fs: fix to do sanity check on total_data_blocks (Chao Yu) \n- f2fs: dont need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- NFSv4.1 mark qualified async operations as MOVEABLE tasks (Olga Kornievskaia) \n- NFS: Convert GFP_NOFS to GFP_KERNEL (Trond Myklebust) \n- NFS: Create a new nfs_alloc_fattr_with_label() function (Anna Schumaker) \n- NFS: Always initialise fattr->label in nfs_fattr_alloc() (Trond Myklebust) \n- video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup (Javier Martinez Canillas) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- perf build: Fix btf__load_from_kernel_by_id() feature check (Jiri Olsa) \n- i2c: rcar: fix PM ref counts in probe error paths (Kuninori Morimoto) \n- i2c: npcm: Handle spurious interrupts (Tali Perry) \n- i2c: npcm: Correct register access width (Tyrone Ting) \n- i2c: npcm: Fix timeout calculation (Tali Perry) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: fix chan initialization in stm32_mdma_irq_handler() (Amelie Delaunay) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFS: Further fixes to the writeback error handling (Trond Myklebust) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Dont report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Dont report ENOSPC write errors twice (Trond Myklebust) \n- NFS: fsync() should report filesystem errors over EINTR/ERESTARTSYS (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- dmaengine: idxd: Fix the error handling path in idxd_cdev_register() (Christophe JAILLET) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- iommu/mediatek: Fix NULL pointer dereference when printing dev_name (Miles Chen) \n- MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (Guenter Roeck) \n- iommu/arm-smmu-v3-sva: Fix mm use-after-free (Jean-Philippe Brucker) \n- cpufreq: mediatek: Unregister platform device on exit (Rex-BC Chen) \n- cpufreq: mediatek: Use module_init and add module_exit (Jia-Wei Chang) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add mutex for m4u_group and m4u_dom in data (Yong Wu) \n- iommu/mediatek: Remove clk_disable in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- iommu/mediatek: Fix 2 HW sharing pgtable issue (Yong Wu) \n- iommu/amd: Enable swiotlb in all cases (Mario Limonciello) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- f2fs: fix to do sanity check on inline_dots inode (Chao Yu) \n- f2fs: support fault injection for dquot_initialize() (Chao Yu) \n- OPP: call of_node_put() on error path in _bandwidth_supported() (Dan Carpenter) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- KVM: LAPIC: Drop pending LAPIC timer injection when canceling the timer (Wanpeng Li) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- nfsd: destroy percpu stats counters after reply cache shutdown (Julian Schroeder) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- powerpc/xive: Fix refcount leak in xive_spapr_init (Miaoqian Lin) \n- powerpc/xive: Add some error handling code to xive_spapr_init() (Christophe JAILLET) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/perf: Fix the threshold compare group constraint for power10 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- hwrng: omap3-rom - fix using wrong clk_disable() in omap_rom_rng_runtime_resume() (Yang Yingliang) \n- PCI: microchip: Fix potential race in interrupt handling (Daire McNamara) \n- PCI/AER: Clear MULTI_ERR_COR/UNCOR_RCV bits (Kuppuswamy Sathyanarayanan) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- hugetlbfs: fix hugetlbfs_statfs() locking (Mina Almasry) \n- ARM: dts: at91: sama7g5: remove interrupt-parent from gic node (Eugen Hristev) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-21T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21385", "CVE-2022-21546", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-34918"], "modified": "2022-09-21T00:00:00", "id": "ELSA-2022-9827", "href": "http://linux.oracle.com/errata/ELSA-2022-9827.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-03T16:36:33", "description": "[3.10.0-1160.80.1.0.1.OL7]\n- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}\n[3.10.0-1160.80.1.OL7]\n- Update Oracle Linux certificates (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9\n- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)\n[3.10.0-1160.80.1]\n- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (Dick Kennedy) [1969988]\n- scsi: lpfc: Fix illegal memory access on Abort IOCBs (Dick Kennedy) [1969988]\n- NFS: Fix extra call to dput() in nfs_prime_dcache (Benjamin Coddington) [2117856]\n[3.10.0-1160.79.1]\n- x86/speculation: Add LFENCE to RSB fill sequence (Rafael Aquini) [2115073] {CVE-2022-26373}\n- x86/speculation: Protect against userspace-userspace spectreRSB (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/speculation: cope with spectre_v2=retpoline cmdline on retbleed-affected Intel CPUs (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/speculation: Disable RRSBA behavior (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kexec: Disable RET on kexec (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpu/amd: Enumerate BTC_NO (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/common: Stamp out the stepping madness (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpu/amd: Add Spectral Chicken (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Do IBPB fallback check only once (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Add retbleed=ibpb (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Report Intel retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Enable STIBP for JMP2RET (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Add AMD retbleed= boot parameter (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Report AMD retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Add magic AMD return-thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Use return-thunk in asm code (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/sev: Avoid using __x86_return_thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: Fix SETcc emulation for return thunks (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86,objtool: Create .return_sites (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Undo return-thunk damage (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/retpoline: Use -mfunction-return (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Move RETPOLINE flags to word 11 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- objtool: Add ELF writing capability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Prepare asm files for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Prepare inline-asm for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: Fix fastop function ELF metadata (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: Move kvm_fastop_exception to .fixup section (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/vdso: Fix vDSO build if a retpoline is emitted (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Carve out CQM features retrieval (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Re-tabulate the X86_FEATURE definitions (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeature: Move processor tracing out of scattered features (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/alternatives: Cleanup DPRINTK macro (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n[3.10.0-1160.78.1]\n- net_sched: cls_route: remove from list when handle is 0 (Davide Caratti) [2121809] {CVE-2022-2588}\n[3.10.0-1160.77.1]\n- net/mlx5: Add Fast teardown support (Jay Shin) [2077711]\n- net/mlx5: Free IRQs in shutdown path (Jay Shin) [2077711]\n- net/mlx5: Change teardown with force mode failure message to warning (Jay Shin) [2077711]\n- net/mlx5: Cancel health poll before sending panic teardown command (Jay Shin) [2077711]\n- net/mlx5: Add fast unload support in shutdown flow (Jay Shin) [2077711]\n- net/mlx5: Expose command polling interface (Jay Shin) [2077711]\n- posix-timers: Remove remaining uses of tasklist_lock (Oleg Nesterov) [2115147]\n- posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (Oleg Nesterov) [2115147]\n- posix-cpu-timers: remove tasklist_lock in posix_cpu_clock_get() (Oleg Nesterov) [2115147]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-11-03T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-11-03T00:00:00", "id": "ELSA-2022-7337", "href": "http://linux.oracle.com/errata/ELSA-2022-7337.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-26T15:28:41", "description": "[4.18.0-372.32.1.0.1_6.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\n- debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499}\n[4.18.0-372.32.1_6]\n- net: atlantic: remove aq_nic_deinit() when resume (Inigo Huguet) [2131936 2130839]\n- net: atlantic: remove deep parameter on suspend/resume functions (Inigo Huguet) [2131936 2130839]\n- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2129923 2123508]\n- drm/nouveau: recognise GA103 (Karol Herbst) [2127122 1923125]\n- net: fix a memleak when uncloning an skb dst and its metadata (Hangbin Liu) [2131255 2068355]\n- net: do not keep the dst cache when uncloning an skb dst and its metadata (Hangbin Liu) [2131255 2068355]\n- intel_idle: Fix false positive RCU splats due to incorrect hardirqs state (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/spec_ctrl: Enable RHEL only ibrs_always & retpoline,ibrs_user spectre_v2 options (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- efi/x86: use naked RET on mixed mode call wrapper (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Remove apostrophe typo (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Mark retbleed_strings static (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Disable RRSBA behavior (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kexec: Disable RET on kexec (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- redhat/configs: Add new mitigation configs for RetBleed CVEs (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retbleed: Add fine grained Kconfig knobs (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/amd: Enumerate BTC_NO (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/common: Stamp out the stepping madness (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Prevent RSB underflow before vmenter (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Fill RSB on vmexit for IBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Fix IBRS handling after vmexit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Convert launched argument to flags (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Remove x86_spec_ctrl_mask (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/amd: Add Spectral Chicken (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Do IBPB fallback check only once (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Add retbleed=ibpb (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Update Retpoline validation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- intel_idle: Disable IBRS during long idle (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Report Intel retbleed vulnerability (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Add kernel IBRS implementation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Enable STIBP for JMP2RET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Add AMD retbleed= boot parameter (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Report AMD retbleed vulnerability (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Add magic AMD return-thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Use return-thunk in asm code (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/sev: Avoid using __x86_return_thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kvm: Fix SETcc emulation for return thunks (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bpf: Use alternative RET encoding (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use alternative RET encoding (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86,objtool: Create .return_sites (Josh Poimboeuf) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Undo return-thunk damage (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retpoline: Use -mfunction-return (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retpoline: Swizzle retpoline thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retpoline: Cleanup some #ifdefery (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpufeatures: Move RETPOLINE flags to word 11 (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kvm/vmx: Make noinstr clean (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- arch/x86/boot/compressed: Add -D__DISABLE_EXPORTS to kbuild flags (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: (Ab)use __DISABLE_EXPORTS to disable RETHUNK in real mode (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Remove skip_r11rcx (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation/srbds: Do not try to turn mitigation off when not supported (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/module: Fix the paravirt vs alternative order (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Add straight-line-speculation mitigation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Prepare inline-asm for straight-line-speculation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Prepare asm files for straight-line-speculation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Move RETPOLINE*_CFLAGS to arch Makefile (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- Makefile: remove stale cc-option checks (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tools headers: Remove broken definition of __LITTLE_ENDIAN (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf bench mem memcpy' (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Add insn_decode_kernel() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tools/insn: Restore the relative include paths for cross building (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Use insn_decode() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/insn: Add an insn_decode() API (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/insn: Rename insn_decode() to insn_decode_from_regs() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Add new features for paravirt patching (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Support not-feature (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Merge include files (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Fix error handling for STD/CLD warnings (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Teach text_poke_bp() to emulate RET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Have ftrace trampolines turn read-only at the end of system boot up (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Add support for intra-function calls (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Rework allocating stack_ops on decode (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Better handle IRET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Support multiple stack_op per instruction (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Make BP scratch register warning more robust (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kexec: Make relocate_kernel_64.S objtool clean (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Introduce validate_return() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- Makefile: disallow data races on gcc-10 as well (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Improve call destination function detection (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Implement a better poke_int3_handler() completion scheme (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- lib/: fix Kconfig indentation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Use INT3_INSN_SIZE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kprobes: Fix ordering while text-patching (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kprobes: Convert to text-patching.h (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Shrink text_poke_loc (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Remove text_poke_loc::len (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use text_gen_insn() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Add text_opcode_size() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use text_poke() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use vmalloc special flag (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Explicitly include vmalloc.h for set_vm_flush_reset_perms() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Add and use text_gen_insn() helper (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives, jump_label: Provide better text_poke() batching interface (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/asm: Annotate relocate_kernel_{32,64}.c (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: kprobes: Prohibit probing on instruction which has emulate prefix (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Correct misc typos (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation/mds: Apply more accurate check on hypervisor platform (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Convert insn type to enum (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Track original function across branches (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Make enable parameter bool where applicable (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Fix function fallthrough detection (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Detect over-sized patching bugs in paravirt_patch_call() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/amd: Exclude 32bit only assembler from 64bit build (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/asm: Mark all top level asm statements as .text (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/bugs: Use __initconst for 'const' init data (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Add Direction Flag validation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Rewrite add_ignores() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/nospec, objtool: Introduce ANNOTATE_IGNORE_ALTERNATIVE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- kbuild: Disable extra debugging info in .s output (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/CPU/AMD: Set the CPB bit unconditionally on F17h (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Print containing function (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Do not call function graph from dynamic trampolines (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- ftrace: Create new ftrace_internal.h header (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- kprobes/x86: Fix instruction patching corruption when copying more than one RIP-relative instruction (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tracing/Makefile: Fix handling redefinition of CC_FLAGS_FTRACE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Remove unused paravirt bits (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Remove clobbers parameter from paravirt patch functions (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Make paravirt_patch_call() and paravirt_patch_jmp() static (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- ftrace: Remove unused pointer ftrace_swapper_pid (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/spec_ctrl: Temporarily remove RHEL specific IBRS code (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- intel_idle: enable interrupts before C1 on Xeons (Steve Best) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (Vitaly Kuznetsov) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- atlantic: Fix issue in the pm resume flow. (Igor Russkikh) [2127845 2002395]\n- atlantic: Fix driver resume flow. (Igor Russkikh) [2127845 2002395]\n- net: atlantic: always deep reset on pm op, fixing up my null deref regression (Foggy Liu) [2124966 2039680]\n- net: atlantic: invert deep par in pm functions, preventing null derefs (Foggy Liu) [2124966 2039680]\n[4.18.0-372.31.1_6]\n- ice: Allow operation with reduced device MSI-X (Petr Oros) [2126482 2102844]\n- redhat: kernel depends on new linux-firmware (John Meneghini) [2120613 2044843]\n- scsi: qedi: Use QEDI_MODE_NORMAL for error handling (John Meneghini) [2119847 2101760]\n- qede: Reduce verbosity of ptp tx timestamp (John Meneghini) [2125477 2080655]\n- qede: confirm skb is allocated before using (John Meneghini) [2120611 2040267]\n- qed: fix ethtool register dump (John Meneghini) [2120611 2040267]\n- scsi: qedf: Stop using the SCSI pointer (John Meneghini) [2120613 2044843]\n- scsi: qedf: Change context reset messages to ratelimited (John Meneghini) [2120613 2044843]\n- scsi: qedf: Fix refcount issue when LOGO is received during TMF (John Meneghini) [2120613 2044843]\n- scsi: qedf: Add stag_work to all the vports (John Meneghini) [2120613 2044843]\n- scsi: qedf: Fix potential dereference of NULL pointer (John Meneghini) [2120613 2044843]\n- scsi: qedi: Remove redundant flush_workqueue() calls (John Meneghini) [2120612 2044837]\n- scsi: qedi: Fix SYSFS_FLAG_FW_SEL_BOOT formatting (John Meneghini) [2120612 2044837]\n- qed: remove unnecessary memset in qed_init_fw_funcs (John Meneghini) [2120611 2040267]\n- qed: return status of qed_iov_get_link (John Meneghini) [2120611 2040267]\n- net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (John Meneghini) [2120611 2040267]\n- qed: validate and restrict untrusted VFs vlan promisc mode (John Meneghini) [2120611 2040267]\n- qed: display VF trust config (John Meneghini) [2120611 2040267]\n- qed: prevent a fw assert during device shutdown (John Meneghini) [2120611 2040267]\n- qed: use msleep() in qed_mcp_cmd() and add qed_mcp_cmd_nosleep() for udelay. (John Meneghini) [2120611 2040267]\n- qed: Use dma_set_mask_and_coherent() and simplify code (John Meneghini) [2120611 2040267]\n- qed*: esl priv flag support through ethtool (John Meneghini) [2120611 2040267]\n- qed*: enhance tx timeout debug info (John Meneghini) [2120611 2040267]\n- qede: validate non LSO skb length (John Meneghini) [2120611 2040267]\n- qed: Enhance rammod debug prints to provide pretty details (John Meneghini) [2120611 2040267]\n- net: qed: fix the array may be out of bound (John Meneghini) [2120611 2040267]\n- qed: Use the bitmap API to simplify some functions (John Meneghini) [2120611 2040267]\n- RDMA/qed: Use helper function to set GUIDs (John Meneghini) [2120611 2040267]\n- net: qed_dev: fix check of true !rc expression (John Meneghini) [2120611 2040267]\n- net: qed_ptp: fix check of true !rc expression (John Meneghini) [2120611 2040267]\n- RDMA/qedr: Remove unsupported qedr_resize_cq callback (John Meneghini) [2120611 2040267]\n- qed: Change the TCP common variable - 'iscsi_ooo' (John Meneghini) [2120611 2040267]\n- qed: Optimize the ll2 ooo flow (John Meneghini) [2120611 2040267]\n- net: qed_debug: fix check of false (grc_param < 0) expression (John Meneghini) [2120611 2040267]\n- qed: Fix missing error code in qed_slowpath_start() (John Meneghini) [2120611 2040267]\n- qed: Fix compilation for CONFIG_QED_SRIOV undefined scenario (John Meneghini) [2120611 2040267]\n- qed: Initialize debug string array (John Meneghini) [2120611 2040267]\n- qed: Fix spelling mistake 'ctx_bsaed' -> 'ctx_based' (John Meneghini) [2120611 2040267]\n- qed: fix ll2 establishment during load of RDMA driver (John Meneghini) [2120611 2040267]\n- qed: Update the TCP active termination 2 MSL timer ('TIME_WAIT') (John Meneghini) [2120611 2040267]\n- qed: Update TCP silly-window-syndrome timeout for iwarp, scsi (John Meneghini) [2120611 2040267]\n- qed: Update debug related changes (John Meneghini) [2120611 2040267]\n- qed: Add '_GTT' suffix to the IRO RAM macros (John Meneghini) [2120611 2040267]\n- qed: Update FW init functions to support FW 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Use enum as per FW 8.59.1.0 in qed_iro_hsi.h (John Meneghini) [2120611 2040267]\n- qed: Update qed_hsi.h for fw 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Update qed_mfw_hsi.h for FW ver 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Update common_hsi for FW ver 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Split huge qed_hsi.h header file (John Meneghini) [2120611 2040267]\n- qed: Remove e4_ and _e4 from FW HSI (John Meneghini) [2120611 2040267]\n- qed: Fix kernel-doc warnings (John Meneghini) [2120611 2040267]\n- qed: Don't ignore devlink allocation failures (John Meneghini) [2120611 2040267]\n- qed: Improve the stack space of filter_config() (John Meneghini) [2120611 2040267]\n- RDMA/qedr: Move variables reset to qedr_set_common_qp_params() (John Meneghini) [2120611 2040267]\n- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (John Meneghini) [2119122 2051524]\n[4.18.0-372.30.1_6]\n- af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Xin Long) [2107611 2075181] {CVE-2022-1353}\n- SUNRPC: avoid race between mod_timer() and del_timer_sync() (Benjamin Coddington) [2126184 2104507]\n- powerpc/fadump: print start of preserved area (Diego Domingos) [2107488 2075092]\n- powerpc/fadump: align destination address to pagesize (Diego Domingos) [2107488 2075092]\n- powerpc/fadump: fix PT_LOAD segment for boot memory area (Diego Domingos) [2107488 2075092]\n- drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (Michel Danzer) [2091065 2066918]\n- drm/amd: Use amdgpu_device_should_use_aspm on navi umd pstate switching (Michel Danzer) [2091065 2066918]\n- drm/amd: Refactor amdgpu_aspm to be evaluated per device (Michel Danzer) [2091065 2066918]\n- drm/amd: Check if ASPM is enabled from PCIe subsystem (Michel Danzer) [2091065 2066918]\n[4.18.0-372.29.1_6]\n- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Ewan D. Milne) [2107627 2049198] {CVE-2022-0494}\n- cpufreq: Specify default governor on command line (Prarit Bhargava) [2109996 2083766]\n- cpufreq: Fix locking issues with governors (Prarit Bhargava) [2109996 2083766]\n- cpufreq: Register governors at core_initcall (Prarit Bhargava) [2109996 2083766]\n- net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2121817 2116328] {CVE-2022-2588}\n[4.18.0-372.28.1_6]\n- powerpc/smp: Update cpu_core_map on all PowerPc systems (Diego Domingos) [2112820 2064104]\n- iavf: Fix reset error handling (Petr Oros) [2120225 2119759]\n- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2120225 2119759]\n- iavf: Fix adminq error handling (Petr Oros) [2120225 2119759]\n- iavf: Fix missing state logs (Petr Oros) [2120225 2119759]\n- scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (Tomas Henzl) [2111140 2106413]\n- s390/qeth: cache link_info for ethtool (Michal Schmidt) [2120197 2117098]\n- nvme: fix RCU hole that allowed for endless looping in multipath round robin (Gopal Tiwari) [2106017 2078806]\n- nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (Gopal Tiwari) [2106017 2078806]\n- nvme: fix use after free when disconnecting a reconnecting ctrl (Gopal Tiwari) [2106017 2078806]\n- nvme: only call synchronize_srcu when clearing current path (Gopal Tiwari) [2106017 2078806]\n- nvme-multipath: revalidate paths during rescan (Gopal Tiwari) [2106017 2078806]\n- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (Dick Kennedy) [2112103 2034425]\n[4.18.0-372.27.1_6]\n- [s390] s390/pci: add s390_iommu_aperture kernel parameter (Claudio Imbrenda) [2081324 2039181]\n- ipv6: take care of disable_policy when restoring routes (Andrea Claudi) [2109971 2103894]\n- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Eelco Chaudron) [2106703 2101537]\n- scsi: ch: Make it possible to open a ch device multiple times again (Ewan D. Milne) [2115965 2108649]\n- scsi: smartpqi: Fix DMA direction for RAID requests (Don Brace) [2112354 2101548]\n- iommu/vt-d: Calculate mask for non-aligned flushes (Jerry Snitselaar) [2111692 2072179]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-26T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-10-26T00:00:00", "id": "ELSA-2022-7110", "href": "http://linux.oracle.com/errata/ELSA-2022-7110.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-09-06T17:18:13", "description": "[4.1.12-124.66.3]\n- fuse: fix pipe buffer lifetime for direct_io (Miklos Szeredi) [Orabug: 33981149] {CVE-2022-1011}\n- vt: drop old FONT ioctls (Jiri Slaby) [Orabug: 34408794] {CVE-2021-33656}\n- video: of_display_timing.h: include errno.h (Hsin-Yi Wang) [Orabug: 34408910] {CVE-2021-33655}\n- fbcon: Disallow setting font bigger than screen size (Helge Deller) [Orabug: 34408910] {CVE-2021-33655}\n- scsi: target: Fix WRITE_SAME No Data Buffer crash (Mike Christie) [Orabug: 34419974] {CVE-2022-21546}\n- scsi/eh: fix hang adding ehandler wakeups after decrementing host_busy (Gulam Mohamed) [Orabug: 33349684] [Orabug: 34492498]\n[4.1.12-124.66.2]\n- mm: enforce min addr even if capable() in expand_downwards() (Jann Horn) [Orabug: 29501997] {CVE-2019-9213}\n- ACPICA: Reference Counts: increase max to 0x4000 for large servers (Erik Schmauss) \n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- ipv4: Cache net in ip_build_and_send_pkt and ip_queue_xmit (Eric W. Biederman) [Orabug: 33917058] {CVE-2020-36516}\n- ipv4: igmp: guard against silly MTU values (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- inet: constify ip_dont_fragment() arguments (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- ip: constify ip_build_and_send_pkt() socket argument (Eric Dumazet) [Orabug: 33917058] {CVE-2020-36516}\n- vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (Eric Biggers) [Orabug: 34433461] {CVE-2020-36557}\n- vt: vt_ioctl: fix race in VT_RESIZEX (Eric Dumazet) [Orabug: 34433476] {CVE-2020-36558}\n- VT_RESIZEX: get rid of field-by-field copyin (Al Viro) [Orabug: 34433476] \n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34460939] [Orabug: 34484730] {CVE-2022-2588}\n[4.1.12-124.66.1]\n- net: fix uninit-value in __hw_addr_add_ex() (Eric Dumazet) [Orabug: 34395887] \n- mac80211: silence an uninitialized variable warning (Dan Carpenter) [Orabug: 34396283]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-9213", "CVE-2020-36516", "CVE-2020-36557", "CVE-2020-36558", "CVE-2021-33655", "CVE-2021-33656", "CVE-2022-1011", "CVE-2022-21546", "CVE-2022-2588"], "modified": "2022-09-06T00:00:00", "id": "ELSA-2022-9761", "href": "http://linux.oracle.com/errata/ELSA-2022-9761.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}], "ubuntu": [{"lastseen": "2023-01-26T15:09:13", "description": "## Releases\n\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n\nZhenpeng Lin discovered that the network packet scheduler implementation in \nthe Linux kernel did not properly remove all references to a route filter \nbefore freeing it in some situations. A local attacker could use this to \ncause a denial of service (system crash) or execute arbitrary code.\n", "cvss3": {}, "published": "2022-08-30T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerability", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2022-08-30T00:00:00", "id": "USN-5588-1", "href": "https://ubuntu.com/security/notices/USN-5588-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T15:09:50", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-lts-xenial \\- Linux hardware enablement kernel from Xenial for Trusty\n\nZhenpeng Lin discovered that the network packet scheduler implementation in \nthe Linux kernel did not properly remove all references to a route filter \nbefore freeing it in some situations. A local attacker could use this to \ncause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2588)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nprevent one nft object from referencing an nft set in another nft table, \nleading to a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2586)\n", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2586", "CVE-2022-2588"], "modified": "2022-08-09T00:00:00", "id": "USN-5557-1", "href": "https://ubuntu.com/security/notices/USN-5557-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T15:09:41", "description": "## Releases\n\n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-oem-5.14 \\- Linux kernel for OEM systems\n * linux-oem-5.17 \\- Linux kernel for OEM systems\n\nZhenpeng Lin discovered that the network packet scheduler implementation in \nthe Linux kernel did not properly remove all references to a route filter \nbefore freeing it in some situations. A local attacker could use this to \ncause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2588)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nprevent one nft object from referencing an nft set in another nft table, \nleading to a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2586)\n\nIt was discovered that the implementation of POSIX timers in the Linux \nkernel did not properly clean up timers in some situations. A local \nattacker could use this to cause a denial of service (system crash) or \nexecute arbitrary code. (CVE-2022-2585)\n", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (OEM) vulnerabilities", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588"], "modified": "2022-08-10T00:00:00", "id": "USN-5567-1", "href": "https://ubuntu.com/security/notices/USN-5567-1", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T15:09:42", "description": "## Releases\n\n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-hwe-5.15 \\- Linux hardware enablement (HWE) kernel\n * linux-lowlatency \\- Linux low latency kernel\n * linux-lowlatency-hwe-5.15 \\- Linux low latency kernel\n\nZhenpeng Lin discovered that the network packet scheduler implementation in \nthe Linux kernel did not properly remove all references to a route filter \nbefore freeing it in some situations. A local attacker could use this to \ncause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2588)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nprevent one nft object from referencing an nft set in another nft table, \nleading to a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2586)\n\nIt was discovered that the implementation of POSIX timers in the Linux \nkernel did not properly clean up timers in some situations. A local \nattacker could use this to cause a denial of service (system crash) or \nexecute arbitrary code. (CVE-2022-2585)\n\nJohannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 \nprocessors, the branch predictor could by mis-trained for return \ninstructions in certain circumstances. A local attacker could possibly use \nthis to expose sensitive information. (CVE-2022-29900)\n\nJohannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 \nprocessors, the Linux kernel's protections against speculative branch \ntarget injection attacks were insufficient in some circumstances. A local \nattacker could possibly use this to expose sensitive information. \n(CVE-2022-29901)\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-08-10T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-08-10T00:00:00", "id": "USN-5565-1", "href": "https://ubuntu.com/security/notices/USN-5565-1", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-09-07T02:12:15", "description": "Aaron Adams discovered that the netfilter subsystem in the Linux kernel did not properly handle the removal of stateful expressions in some situations, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1966)\n\nZiming Zhang discovered that the netfilter subsystem in the Linux kernel \ndid not properly validate sets with multiple ranged fields. A local \nattacker could use this to cause a denial of service or execute arbitrary \ncode.(CVE-2022-1972)\n\nIt was discovered that the implementation of POSIX timers in the Linux \nkernel did not properly clean up timers in some situations. A local \nattacker could use this to cause a denial of service (system crash) or \nexecute arbitrary code.(CVE-2022-2585)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nprevent one nft object from referencing an nft set in another nft table, \nleading to a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or execute arbitrary code.(CVE-2022-2586)\n\nZhenpeng Lin discovered that the network packet scheduler implementation in \nthe Linux kernel did not properly remove all references to a route filter \nbefore freeing it in some situations. A local attacker could use this to \ncause a denial of service (system crash) or execute arbitrary code.(CVE-2022-2588)\n\nIt was discovered that the Linux kernel did not properly restrict access to \nthe kernel debugger when booted in secure boot environments. A privileged \nattacker could use this to bypass UEFI Secure Boot restrictions.(CVE-2022-21499)\n\nKyle Zeng discovered that the Network Queuing and Scheduling subsystem of \nthe Linux kernel did not properly perform reference counting in some \nsituations, leading to a use-after-free vulnerability. A local attacker \ncould use this to cause a denial of service (system crash) or execute \narbitrary code.(CVE-2022-29581)\n\nArthur Mongodin discovered that the netfilter subsystem in the Linux kernel \ndid not properly perform data validation. A local attacker could use this \nto escalate privileges in certain situations.(CVE-2022-34918)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-24T00:00:00", "type": "ubuntu", "title": "Kernel Live Patch Security Notice", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1966", "CVE-2022-1972", "CVE-2022-21499", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-29581", "CVE-2022-34918"], "modified": "2022-08-24T00:00:00", "id": "LSN-0089-1", "href": "https://ubuntu.com/security/notices/LSN-0089-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T15:09:44", "description": "## Releases\n\n * Ubuntu 22.04 LTS\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.15 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.15 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.15 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gke \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gke-5.15 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-ibm \\- Linux kernel for IBM cloud systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi systems\n\nZhenpeng Lin discovered that the network packet scheduler implementation in \nthe Linux kernel did not properly remove all references to a route filter \nbefore freeing it in some situations. A local attacker could use this to \ncause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2588)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nprevent one nft object from referencing an nft set in another nft table, \nleading to a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2586)\n\nIt was discovered that the implementation of POSIX timers in the Linux \nkernel did not properly clean up timers in some situations. A local \nattacker could use this to cause a denial of service (system crash) or \nexecute arbitrary code. (CVE-2022-2585)\n\nMinh Yuan discovered that the floppy disk driver in the Linux kernel \ncontained a race condition, leading to a use-after-free vulnerability. A \nlocal attacker could possibly use this to cause a denial of service (system \ncrash) or execute arbitrary code. (CVE-2022-1652)\n\nIt was discovered that the Atheros ath9k wireless device driver in the \nLinux kernel did not properly handle some error conditions, leading to a \nuse-after-free vulnerability. A local attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2022-1679)\n\nFelix Fu discovered that the Sun RPC implementation in the Linux kernel did \nnot properly handle socket states, leading to a use-after-free \nvulnerability. A remote attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2022-28893)\n\nJohannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 \nprocessors, the branch predictor could by mis-trained for return \ninstructions in certain circumstances. A local attacker could possibly use \nthis to expose sensitive information. (CVE-2022-29900)\n\nJohannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 \nprocessors, the Linux kernel's protections against speculative branch \ntarget injection attacks were insufficient in some circumstances. A local \nattacker could possibly use this to expose sensitive information. \n(CVE-2022-29901)\n\nArthur Mongodin discovered that the netfilter subsystem in the Linux kernel \ndid not properly perform data validation. A local attacker could use this \nto escalate privileges in certain situations. (CVE-2022-34918)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1652", "CVE-2022-1679", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-28893", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-34918"], "modified": "2022-08-10T00:00:00", "id": "USN-5566-1", "href": "https://ubuntu.com/security/notices/USN-5566-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T15:09:20", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n\n## Packages\n\n * linux-azure-fde \\- Linux kernel for Microsoft Azure CVM cloud systems\n\nArthur Mongodin discovered that the netfilter subsystem in the Linux kernel \ndid not properly perform data validation. A local attacker could use this \nto escalate privileges in certain situations. (CVE-2022-34918)\n\nZhenpeng Lin discovered that the network packet scheduler implementation in \nthe Linux kernel did not properly remove all references to a route filter \nbefore freeing it in some situations. A local attacker could use this to \ncause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2588)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nprevent one nft object from referencing an nft set in another nft table, \nleading to a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2586)\n\nIt was discovered that the block layer subsystem in the Linux kernel did \nnot properly initialize memory in some situations. A privileged local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2022-0494)\n\nHu Jiahui discovered that multiple race conditions existed in the Advanced \nLinux Sound Architecture (ALSA) framework, leading to use-after-free \nvulnerabilities. A local attacker could use these to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2022-1048)\n\nMinh Yuan discovered that the floppy disk driver in the Linux kernel \ncontained a race condition, leading to a use-after-free vulnerability. A \nlocal attacker could possibly use this to cause a denial of service (system \ncrash) or execute arbitrary code. (CVE-2022-1652)\n\nIt was discovered that the Atheros ath9k wireless device driver in the \nLinux kernel did not properly handle some error conditions, leading to a \nuse-after-free vulnerability. A local attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2022-1679)\n\nIt was discovered that the Marvell NFC device driver implementation in the \nLinux kernel did not properly perform memory cleanup operations in some \nsituations, leading to a use-after-free vulnerability. A local attacker \ncould possibly use this to cause a denial of service (system crash) or \nexecute arbitrary code. (CVE-2022-1734)\n\nDuoming Zhou discovered a race condition in the NFC subsystem in the Linux \nkernel, leading to a use-after-free vulnerability. A privileged local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2022-1974)\n\nDuoming Zhou discovered that the NFC subsystem in the Linux kernel did not \nproperly prevent context switches from occurring during certain atomic \ncontext operations. A privileged local attacker could use this to cause a \ndenial of service (system crash). (CVE-2022-1975)\n\nFelix Fu discovered that the Sun RPC implementation in the Linux kernel did \nnot properly handle socket states, leading to a use-after-free \nvulnerability. A remote attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2022-28893)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T00:00:00", "type": "ubuntu", "title": "Linux kernel (Azure CVM) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1048", "CVE-2022-1652", "CVE-2022-1679", "CVE-2022-1734", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-28893", "CVE-2022-34918"], "modified": "2022-08-25T00:00:00", "id": "USN-5582-1", "href": "https://ubuntu.com/security/notices/USN-5582-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T15:09:46", "description": "## Releases\n\n * Ubuntu 20.04 LTS\n * Ubuntu 18.04 LTS\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-aws-5.4 \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-azure-5.4 \\- Linux kernel for Microsoft Azure cloud systems\n * linux-bluefield \\- Linux kernel for NVIDIA BlueField platforms\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gcp-5.4 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-gke \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gke-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-gkeop-5.4 \\- Linux kernel for Google Container Engine (GKE) systems\n * linux-hwe-5.4 \\- Linux hardware enablement (HWE) kernel\n * linux-ibm \\- Linux kernel for IBM cloud systems\n * linux-ibm-5.4 \\- Linux kernel for IBM cloud systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-oracle-5.4 \\- Linux kernel for Oracle Cloud systems\n * linux-raspi \\- Linux kernel for Raspberry Pi systems\n * linux-raspi-5.4 \\- Linux kernel for Raspberry Pi systems\n\nZhenpeng Lin discovered that the network packet scheduler implementation in \nthe Linux kernel did not properly remove all references to a route filter \nbefore freeing it in some situations. A local attacker could use this to \ncause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2588)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nprevent one nft object from referencing an nft set in another nft table, \nleading to a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2586)\n\nIt was discovered that the block layer subsystem in the Linux kernel did \nnot properly initialize memory in some situations. A privileged local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2022-0494)\n\nHu Jiahui discovered that multiple race conditions existed in the Advanced \nLinux Sound Architecture (ALSA) framework, leading to use-after-free \nvulnerabilities. A local attacker could use these to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2022-1048)\n\nMinh Yuan discovered that the floppy disk driver in the Linux kernel \ncontained a race condition, leading to a use-after-free vulnerability. A \nlocal attacker could possibly use this to cause a denial of service (system \ncrash) or execute arbitrary code. (CVE-2022-1652)\n\nIt was discovered that the Atheros ath9k wireless device driver in the \nLinux kernel did not properly handle some error conditions, leading to a \nuse-after-free vulnerability. A local attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2022-1679)\n\nIt was discovered that the Marvell NFC device driver implementation in the \nLinux kernel did not properly perform memory cleanup operations in some \nsituations, leading to a use-after-free vulnerability. A local attacker \ncould possibly use this to cause a denial of service (system crash) or \nexecute arbitrary code. (CVE-2022-1734)\n\nDuoming Zhou discovered a race condition in the NFC subsystem in the Linux \nkernel, leading to a use-after-free vulnerability. A privileged local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2022-1974)\n\nDuoming Zhou discovered that the NFC subsystem in the Linux kernel did not \nproperly prevent context switches from occurring during certain atomic \ncontext operations. A privileged local attacker could use this to cause a \ndenial of service (system crash). (CVE-2022-1975)\n\nFelix Fu discovered that the Sun RPC implementation in the Linux kernel did \nnot properly handle socket states, leading to a use-after-free \nvulnerability. A remote attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2022-28893)\n\nArthur Mongodin discovered that the netfilter subsystem in the Linux kernel \ndid not properly perform data validation. A local attacker could use this \nto escalate privileges in certain situations. (CVE-2022-34918)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1048", "CVE-2022-1652", "CVE-2022-1679", "CVE-2022-1734", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-28893", "CVE-2022-34918"], "modified": "2022-08-10T00:00:00", "id": "USN-5562-1", "href": "https://ubuntu.com/security/notices/USN-5562-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T15:09:47", "description": "## Releases\n\n * Ubuntu 16.04 ESM\n * Ubuntu 14.04 ESM\n\n## Packages\n\n * linux-aws-hwe \\- Linux kernel for Amazon Web Services (AWS-HWE) systems\n * linux-azure \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-gcp \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-hwe \\- Linux hardware enablement (HWE) kernel\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n\nZhenpeng Lin discovered that the network packet scheduler implementation in \nthe Linux kernel did not properly remove all references to a route filter \nbefore freeing it in some situations. A local attacker could use this to \ncause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2588)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nprevent one nft object from referencing an nft set in another nft table, \nleading to a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2586)\n\nIt was discovered that the block layer subsystem in the Linux kernel did \nnot properly initialize memory in some situations. A privileged local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2022-0494)\n\nHu Jiahui discovered that multiple race conditions existed in the Advanced \nLinux Sound Architecture (ALSA) framework, leading to use-after-free \nvulnerabilities. A local attacker could use these to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2022-1048)\n\nIt was discovered that the implementation of the 6pack and mkiss protocols \nin the Linux kernel did not handle detach events properly in some \nsituations, leading to a use-after-free vulnerability. A local attacker \ncould possibly use this to cause a denial of service (system crash). \n(CVE-2022-1195)\n\nMinh Yuan discovered that the floppy disk driver in the Linux kernel \ncontained a race condition, leading to a use-after-free vulnerability. A \nlocal attacker could possibly use this to cause a denial of service (system \ncrash) or execute arbitrary code. (CVE-2022-1652)\n\nIt was discovered that the Atheros ath9k wireless device driver in the \nLinux kernel did not properly handle some error conditions, leading to a \nuse-after-free vulnerability. A local attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2022-1679)\n\nNorbert Slusarek discovered that a race condition existed in the perf \nsubsystem in the Linux kernel, resulting in a use-after-free vulnerability. \nA privileged local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2022-1729)\n\nIt was discovered that the Marvell NFC device driver implementation in the \nLinux kernel did not properly perform memory cleanup operations in some \nsituations, leading to a use-after-free vulnerability. A local attacker \ncould possibly use this to cause a denial of service (system crash) or \nexecute arbitrary code. (CVE-2022-1734)\n\nDuoming Zhou discovered a race condition in the NFC subsystem in the Linux \nkernel, leading to a use-after-free vulnerability. A privileged local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2022-1974)\n\nDuoming Zhou discovered that the NFC subsystem in the Linux kernel did not \nproperly prevent context switches from occurring during certain atomic \ncontext operations. A privileged local attacker could use this to cause a \ndenial of service (system crash). (CVE-2022-1975)\n\nMinh Yuan discovered that the floppy driver in the Linux kernel contained a \nrace condition in some situations, leading to a use-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2022-33981)\n\nArthur Mongodin discovered that the netfilter subsystem in the Linux kernel \ndid not properly perform data validation. A local attacker could use this \nto escalate privileges in certain situations. (CVE-2022-34918)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1048", "CVE-2022-1195", "CVE-2022-1652", "CVE-2022-1679", "CVE-2022-1729", "CVE-2022-1734", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2022-08-10T00:00:00", "id": "USN-5560-2", "href": "https://ubuntu.com/security/notices/USN-5560-2", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-09T06:24:04", "description": "## Releases\n\n * Ubuntu 18.04 LTS\n\n## Packages\n\n * linux \\- Linux kernel\n * linux-aws \\- Linux kernel for Amazon Web Services (AWS) systems\n * linux-azure-4.15 \\- Linux kernel for Microsoft Azure Cloud systems\n * linux-dell300x \\- Linux kernel for Dell 300x platforms\n * linux-gcp-4.15 \\- Linux kernel for Google Cloud Platform (GCP) systems\n * linux-kvm \\- Linux kernel for cloud environments\n * linux-oracle \\- Linux kernel for Oracle Cloud systems\n * linux-raspi2 \\- Linux kernel for Raspberry Pi systems\n * linux-snapdragon \\- Linux kernel for Qualcomm Snapdragon processors\n\nZhenpeng Lin discovered that the network packet scheduler implementation in \nthe Linux kernel did not properly remove all references to a route filter \nbefore freeing it in some situations. A local attacker could use this to \ncause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2588)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nprevent one nft object from referencing an nft set in another nft table, \nleading to a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2586)\n\nIt was discovered that the block layer subsystem in the Linux kernel did \nnot properly initialize memory in some situations. A privileged local \nattacker could use this to expose sensitive information (kernel memory). \n(CVE-2022-0494)\n\nHu Jiahui discovered that multiple race conditions existed in the Advanced \nLinux Sound Architecture (ALSA) framework, leading to use-after-free \nvulnerabilities. A local attacker could use these to cause a denial of \nservice (system crash) or possibly execute arbitrary code. (CVE-2022-1048)\n\nIt was discovered that the implementation of the 6pack and mkiss protocols \nin the Linux kernel did not handle detach events properly in some \nsituations, leading to a use-after-free vulnerability. A local attacker \ncould possibly use this to cause a denial of service (system crash). \n(CVE-2022-1195)\n\nMinh Yuan discovered that the floppy disk driver in the Linux kernel \ncontained a race condition, leading to a use-after-free vulnerability. A \nlocal attacker could possibly use this to cause a denial of service (system \ncrash) or execute arbitrary code. (CVE-2022-1652)\n\nIt was discovered that the Atheros ath9k wireless device driver in the \nLinux kernel did not properly handle some error conditions, leading to a \nuse-after-free vulnerability. A local attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2022-1679)\n\nNorbert Slusarek discovered that a race condition existed in the perf \nsubsystem in the Linux kernel, resulting in a use-after-free vulnerability. \nA privileged local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2022-1729)\n\nIt was discovered that the Marvell NFC device driver implementation in the \nLinux kernel did not properly perform memory cleanup operations in some \nsituations, leading to a use-after-free vulnerability. A local attacker \ncould possibly use this to cause a denial of service (system crash) or \nexecute arbitrary code. (CVE-2022-1734)\n\nDuoming Zhou discovered a race condition in the NFC subsystem in the Linux \nkernel, leading to a use-after-free vulnerability. A privileged local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2022-1974)\n\nDuoming Zhou discovered that the NFC subsystem in the Linux kernel did not \nproperly prevent context switches from occurring during certain atomic \ncontext operations. A privileged local attacker could use this to cause a \ndenial of service (system crash). (CVE-2022-1975)\n\nMinh Yuan discovered that the floppy driver in the Linux kernel contained a \nrace condition in some situations, leading to a use-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2022-33981)\n\nArthur Mongodin discovered that the netfilter subsystem in the Linux kernel \ndid not properly perform data validation. A local attacker could use this \nto escalate privileges in certain situations. (CVE-2022-34918)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T00:00:00", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1048", "CVE-2022-1195", "CVE-2022-1652", "CVE-2022-1679", "CVE-2022-1729", "CVE-2022-1734", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2022-08-10T00:00:00", "id": "USN-5560-1", "href": "https://ubuntu.com/security/notices/USN-5560-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-01-26T15:09:44", "description": "## Releases\n\n * Ubuntu 22.04 LTS\n\n## Packages\n\n * linux-intel-iotg \\- Linux kernel for Intel IoT platforms\n\nZhenpeng Lin discovered that the network packet scheduler implementation in \nthe Linux kernel did not properly remove all references to a route filter \nbefore freeing it in some situations. A local attacker could use this to \ncause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2588)\n\nIt was discovered that the netfilter subsystem of the Linux kernel did not \nprevent one nft object from referencing an nft set in another nft table, \nleading to a use-after-free vulnerability. A local attacker could use this \nto cause a denial of service (system crash) or execute arbitrary code. \n(CVE-2022-2586)\n\nIt was discovered that the implementation of POSIX timers in the Linux \nkernel did not properly clean up timers in some situations. A local \nattacker could use this to cause a denial of service (system crash) or \nexecute arbitrary code. (CVE-2022-2585)\n\nIt was discovered that the eBPF implementation in the Linux kernel did not \nproperly prevent writes to kernel objects in BPF_BTF_LOAD commands. A \nprivileged local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2022-0500)\n\nMinh Yuan discovered that the floppy disk driver in the Linux kernel \ncontained a race condition, leading to a use-after-free vulnerability. A \nlocal attacker could possibly use this to cause a denial of service (system \ncrash) or execute arbitrary code. (CVE-2022-1652)\n\nIt was discovered that the Atheros ath9k wireless device driver in the \nLinux kernel did not properly handle some error conditions, leading to a \nuse-after-free vulnerability. A local attacker could use this to cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n(CVE-2022-1679)\n\nIt was discovered that the Marvell NFC device driver implementation in the \nLinux kernel did not properly perform memory cleanup operations in some \nsituations, leading to a use-after-free vulnerability. A local attacker \ncould possibly use this to cause a denial of service (system crash) or \nexecute arbitrary code. (CVE-2022-1734)\n\nYongkang Jia discovered that the KVM hypervisor implementation in the Linux \nkernel did not properly handle guest TLB mapping invalidation requests in \nsome situations. An attacker in a guest VM could use this to cause a denial \nof service (system crash) in the host OS. (CVE-2022-1789)\n\nDuoming Zhou discovered a race condition in the NFC subsystem in the Linux \nkernel, leading to a use-after-free vulnerability. A privileged local \nattacker could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2022-1974)\n\nDuoming Zhou discovered that the NFC subsystem in the Linux kernel did not \nproperly prevent context switches from occurring during certain atomic \ncontext operations. A privileged local attacker could use this to cause a \ndenial of service (system crash). (CVE-2022-1975)\n\nFelix Fu discovered that the Sun RPC implementation in the Linux kernel did \nnot properly handle socket states, leading to a use-after-free \nvulnerability. A remote attacker could possibly use this to cause a denial \nof service (system crash) or execute arbitrary code. (CVE-2022-28893)\n\nJohannes Wikner and Kaveh Razavi discovered that for some AMD x86-64 \nprocessors, the branch predictor could by mis-trained for return \ninstructions in certain circumstances. A local attacker could possibly use \nthis to expose sensitive information. (CVE-2022-29900)\n\nJohannes Wikner and Kaveh Razavi discovered that for some Intel x86-64 \nprocessors, the Linux kernel's protections against speculative branch \ntarget injection attacks were insufficient in some circumstances. A local \nattacker could possibly use this to expose sensitive information. \n(CVE-2022-29901)\n\nMinh Yuan discovered that the floppy driver in the Linux kernel contained a \nrace condition in some situations, leading to a use-after-free \nvulnerability. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. (CVE-2022-33981)\n\nArthur Mongodin discovered that the netfilter subsystem in the Linux kernel \ndid not properly perform data validation. A local attacker could use this \nto escalate privileges in certain situations. (CVE-2022-34918)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-10T00:00:00", "type": "ubuntu", "title": "Linux kernel (Intel IoTG) vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0500", "CVE-2022-1652", "CVE-2022-1679", "CVE-2022-1734", "CVE-2022-1789", "CVE-2022-1974", "CVE-2022-1975", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-28893", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-33981", "CVE-2022-34918"], "modified": "2022-08-10T00:00:00", "id": "USN-5564-1", "href": "https://ubuntu.com/security/notices/USN-5564-1", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-01-26T00:00:43", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9690 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9690)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9690.NASL", "href": "https://www.tenable.com/plugins/nessus/163968", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9690.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163968);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9690)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9690 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9690.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-1.43.4.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9690');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.15.0-1.43.4.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.15.0'},\n {'reference':'kernel-uek-container-debug-5.15.0-1.43.4.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T17:06:35", "description": "The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2022:7137 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kpatch-patch (ALSA-2022:7137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:alma:linux:kernel", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::baseos"], "id": "ALMA_LINUX_ALSA-2022-7137.NASL", "href": "https://www.tenable.com/plugins/nessus/166510", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7137.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166510);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"ALSA\", value:\"2022:7137\");\n\n script_name(english:\"AlmaLinux 8 : kpatch-patch (ALSA-2022:7137)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the\nALSA-2022:7137 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7137.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::baseos\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-2588');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7137');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-4.18.0-372.9.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T00:00:29", "description": "The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2022-9699 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9699)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-container"], "id": "ORACLELINUX_ELSA-2022-9699.NASL", "href": "https://www.tenable.com/plugins/nessus/163969", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9699.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163969);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9699)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2022-9699 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9699.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.516.1.1.el7'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9699');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-4.14.35-2047.516.1.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T00:40:46", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6875 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "RHEL 8 : kpatch-patch (RHSA-2022:6875)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_64_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_65_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_67_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_70_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_74_1"], "id": "REDHAT-RHSA-2022-6875.NASL", "href": "https://www.tenable.com/plugins/nessus/166018", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6875. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166018);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:6875\");\n\n script_name(english:\"RHEL 8 : kpatch-patch (RHSA-2022:6875)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:6875 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6875\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_64_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_65_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_67_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_70_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-147_74_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.1')) audit(AUDIT_OS_NOT, 'Red Hat 8.1', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.1/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.1/x86_64/appstream/os',\n 'content/e4s/rhel8/8.1/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.1/x86_64/baseos/os',\n 'content/e4s/rhel8/8.1/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.1/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.1/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.1/x86_64/sap/debug',\n 'content/e4s/rhel8/8.1/x86_64/sap/os',\n 'content/e4s/rhel8/8.1/x86_64/sap/source/SRPMS'\n ],\n 'kernels': {\n '4.18.0-147.64.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_64_1-1-4.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.65.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_65_1-1-3.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.67.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_67_1-1-2.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.70.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_70_1-1-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-147.74.1.el8_1.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-147_74_1-1-1.el8_1', 'sp':'1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-4_18_0-147_64_1 / kpatch-patch-4_18_0-147_65_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T03:18:55", "description": "The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9689 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9689)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-core", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-core", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules", "p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-modules", "p-cpe:/a:oracle:linux:kernel-uek-modules-extra"], "id": "ORACLELINUX_ELSA-2022-9689.NASL", "href": "https://www.tenable.com/plugins/nessus/163965", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9689.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163965);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2022-9689)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9689 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9689.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-modules-extra\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(8|9)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8 / 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.15.0-1.43.4.1.el8uek', '5.15.0-1.43.4.1.el9uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9689');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.15';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-1.43.4.1.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'bpftool-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-core-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-core-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-core-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-core-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-devel-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-debug-modules-extra-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-modules-extra-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-devel-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.15.0'},\n {'reference':'kernel-uek-doc-5.15.0-1.43.4.1.el9uek', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.1.el9uek', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'},\n {'reference':'kernel-uek-modules-extra-5.15.0-1.43.4.1.el9uek', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-modules-extra-5.15.0'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel-uek / kernel-uek-core / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T00:45:36", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7885 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-09T00:00:00", "type": "nessus", "title": "RHEL 8 : kpatch-patch (RHSA-2022:7885)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:8.2", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_80_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_81_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_87_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_90_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_91_1"], "id": "REDHAT-RHSA-2022-7885.NASL", "href": "https://www.tenable.com/plugins/nessus/167205", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7885. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167205);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:7885\");\n\n script_name(english:\"RHEL 8 : kpatch-patch (RHSA-2022:7885)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:7885 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7885\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_80_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_81_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_87_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_90_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-193_91_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS'\n ],\n 'kernels': {\n '4.18.0-193.80.1.el8_2.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-193_80_1-1-2.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-193.81.1.el8_2.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-193_81_1-1-2.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-193.87.1.el8_2.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-193_87_1-1-1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-193.90.1.el8_2.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-193_90_1-1-1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-193.91.1.el8_2.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-193_91_1-1-1.el8_2', 'sp':'2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-4_18_0-193_80_1 / kpatch-patch-4_18_0-193_81_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T00:42:33", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7171 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2022:7171)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.6", "cpe:/o:redhat:rhel_e4s:7.6", "cpe:/o:redhat:rhel_tus:7.6", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2022-7171.NASL", "href": "https://www.tenable.com/plugins/nessus/166470", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7171. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166470);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:7171\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2022:7171)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:7171 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7171\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-bootwrapper\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-2588');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7171');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-957.99.1.el7', 'sp':'6', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/tus/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/os',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-3.10.0-957.99.1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-whitelists / kernel-debug / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T03:25:43", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:6978 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-18T00:00:00", "type": "nessus", "title": "RHEL 8 : kpatch-patch (RHSA-2022:6978)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_25_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_45_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_49_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_57_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_62_1"], "id": "REDHAT-RHSA-2022-6978.NASL", "href": "https://www.tenable.com/plugins/nessus/166180", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:6978. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166180);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:6978\");\n\n script_name(english:\"RHEL 8 : kpatch-patch (RHSA-2022:6978)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:6978 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:6978\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_25_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_45_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_49_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_57_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-305_62_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'kernels': {\n '4.18.0-305.25.1.el8_4.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-305_25_1-1-9.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-305.45.1.el8_4.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-305_45_1-1-3.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-305.49.1.el8_4.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-305_49_1-1-2.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-305.57.1.el8_4.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-305_57_1-1-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-305.62.1.el8_4.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-305_62_1-1-1.el8_4', 'sp':'4', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-4_18_0-305_25_1 / kpatch-patch-4_18_0-305_45_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T08:43:05", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9691 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9691)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek-container", "p-cpe:/a:oracle:linux:kernel-uek-container-debug"], "id": "ORACLELINUX_ELSA-2022-9691.NASL", "href": "https://www.tenable.com/plugins/nessus/163966", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9691.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163966);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9691)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9691 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9691.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek-container and / or kernel-uek-container-debug packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-container-debug\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.309.5.1.el7', '5.4.17-2136.309.5.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9691');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-container-5.4.17-2136.309.5.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.309.5.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'},\n {'reference':'kernel-uek-container-5.4.17-2136.309.5.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-5.4.17'},\n {'reference':'kernel-uek-container-debug-5.4.17-2136.309.5.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-debug-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek-container / kernel-uek-container-debug');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T08:43:06", "description": "The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9694)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-firmware"], "id": "ORACLELINUX_ELSA-2022-9694.NASL", "href": "https://www.tenable.com/plugins/nessus/163970", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9694.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163970);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2022-9694)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 6 / 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9694 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9694.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 6 / 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.65.1.1.el6uek', '4.1.12-124.65.1.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9694');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.65.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.65.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.65.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.65.1.1.el6uek', 'cpu':'x86_64', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.65.1.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.65.1.1.el6uek', 'release':'6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'},\n {'reference':'kernel-uek-4.1.12-124.65.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-debug-4.1.12-124.65.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.1.12'},\n {'reference':'kernel-uek-debug-devel-4.1.12-124.65.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.1.12'},\n {'reference':'kernel-uek-devel-4.1.12-124.65.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.1.12'},\n {'reference':'kernel-uek-doc-4.1.12-124.65.1.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.65.1.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T05:06:33", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7344 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-11-03T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2022:7344)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_62_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_66_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_71_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_76_1"], "id": "REDHAT-RHSA-2022-7344.NASL", "href": "https://www.tenable.com/plugins/nessus/166879", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7344. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166879);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:7344\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2022:7344)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:7344 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7344\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_62_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_66_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_71_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_76_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-1160.62.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1160_62_1-1-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1160.66.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1160_66_1-1-2.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1160.71.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1160_71_1-1-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-1160.76.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-1160_76_1-1-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-3_10_0-1160_62_1 / kpatch-patch-3_10_0-1160_66_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T04:58:39", "description": "The remote OracleVM system is missing necessary patches to address security updates:\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "OracleVM 3.4 : kernel-uek (OVMSA-2022-0022)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware", "cpe:/o:oracle:vm_server:3.4"], "id": "ORACLEVM_OVMSA-2022-0022.NASL", "href": "https://www.tenable.com/plugins/nessus/164039", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were\n# extracted from OracleVM Security Advisory OVMSA-2022-0022.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164039);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"OracleVM 3.4 : kernel-uek (OVMSA-2022-0022)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote OracleVM host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote OracleVM system is missing necessary patches to address security updates:\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/cve/CVE-2022-2588.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/OVMSA-2022-0022.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-uek / kernel-uek-firmware packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.1.12-124.65.1.1.el6uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for OVMSA-2022-0022');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.1';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.1.12-124.65.1.1.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.1.12'},\n {'reference':'kernel-uek-firmware-4.1.12-124.65.1.1.el6uek', 'cpu':'x86_64', 'release':'3.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-firmware-4.1.12'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'OVS' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-firmware');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T08:43:21", "description": "The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9692 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9692)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9692.NASL", "href": "https://www.tenable.com/plugins/nessus/163967", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9692.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163967);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2022-9692)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 / 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9692 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9692.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7 / 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.4.17-2136.309.5.1.el7uek', '5.4.17-2136.309.5.1.el8uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9692');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.4';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.309.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.309.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.309.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.309.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.309.5.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-5.4.17-2136.309.5.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-5.4.17'},\n {'reference':'kernel-uek-tools-libs-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-5.4.17'},\n {'reference':'perf-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-5.4.17-2136.309.5.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-uek-5.4.17-2136.309.5.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-5.4.17-2136.309.5.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.309.5.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-5.4.17-2136.309.5.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.309.5.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-debug-devel-5.4.17-2136.309.5.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.309.5.1.el8uek', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-devel-5.4.17-2136.309.5.1.el8uek', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-5.4.17'},\n {'reference':'kernel-uek-doc-5.4.17-2136.309.5.1.el8uek', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-5.4.17'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T10:36:11", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7146 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-25T00:00:00", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2022:7146)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:7.4", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python-perf"], "id": "REDHAT-RHSA-2022-7146.NASL", "href": "https://www.tenable.com/plugins/nessus/166477", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7146. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166477);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:7146\");\n\n script_name(english:\"RHEL 7 : kernel (RHSA-2022:7146)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:7146 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7146\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.4')) audit(AUDIT_OS_NOT, 'Red Hat 7.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-2588');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7146');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.4/x86_64/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.4/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.4/x86_64/os',\n 'content/aus/rhel/server/7/7.4/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-whitelists-3.10.0-693.106.1.el7', 'sp':'4', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-3.10.0-693.106.1.el7', 'sp':'4', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel / kernel-abi-whitelists / kernel-debug / kernel-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-04T03:02:12", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:7137 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-26T00:00:00", "type": "nessus", "title": "RHEL 8 : kpatch-patch (RHSA-2022:7137)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_13_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_16_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_19_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_26_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_9_1"], "id": "REDHAT-RHSA-2022-7137.NASL", "href": "https://www.tenable.com/plugins/nessus/166542", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7137. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166542);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:7137\");\n\n script_name(english:\"RHEL 8 : kpatch-patch (RHSA-2022:7137)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:7137 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7137\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_13_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_16_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_19_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_26_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-4_18_0-372_9_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'kernels': {\n '4.18.0-372.13.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_13_1-1-2.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.16.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_16_1-1-2.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.19.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_19_1-1-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.26.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_26_1-1-1.el8_6', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.9.1.el8.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_9_1-1-3.el8', 'sp':'6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'kernels': {\n '4.18.0-372.13.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_13_1-1-2.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.16.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_16_1-1-2.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.19.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_19_1-1-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.26.1.el8_6.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_26_1-1-1.el8_6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '4.18.0-372.9.1.el8.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-4_18_0-372_9_1-1-3.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-4_18_0-372_13_1 / kpatch-patch-4_18_0-372_16_1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T16:39:49", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-9693 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-09T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9693)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588"], "modified": "2023-01-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek-headers", "p-cpe:/a:oracle:linux:kernel-uek-tools", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs", "p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python-perf"], "id": "ORACLELINUX_ELSA-2022-9693.NASL", "href": "https://www.tenable.com/plugins/nessus/163971", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-9693.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163971);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/13\");\n\n script_cve_id(\"CVE-2022-2588\");\n\n script_name(english:\"Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9693)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-9693 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-9693.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:C/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.14.35-2047.516.1.1.el7uek'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-9693');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'kernel-uek-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-4.14.35-2047.516.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-4.14.35-2047.516.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-debug-devel-4.14.35-2047.516.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-debug-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-devel-4.14.35-2047.516.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-devel-4.14.35'},\n {'reference':'kernel-uek-doc-4.14.35-2047.516.1.1.el7uek', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-doc-4.14.35'},\n {'reference':'kernel-uek-headers-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-headers-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-4.14.35-2047.516.1.1.el7uek', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-4.14.35'},\n {'reference':'kernel-uek-tools-libs-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-4.14.35'},\n {'reference':'kernel-uek-tools-libs-devel-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-tools-libs-devel-4.14.35'},\n {'reference':'perf-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-perf-4.14.35-2047.516.1.1.el7uek', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-uek / kernel-uek-debug / kernel-uek-debug-devel / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T16:41:24", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5557-1 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5557-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2586", "CVE-2022-2588"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1112-kvm", "p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1147-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-aws", "p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm"], "id": "UBUNTU_USN-5557-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164005", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5557-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164005);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-2586\", \"CVE-2022-2588\");\n script_xref(name:\"USN\", value:\"5557-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : Linux kernel vulnerabilities (USN-5557-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5557-1 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5557-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1112-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-4.4.0-1147-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-aws\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-kvm\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(16\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(4.4.0-\\d{4}-(aws|kvm))$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"4.4.0-\\d{4}-aws\" : \"4.4.0-1147\",\n \"4.4.0-\\d{4}-kvm\" : \"4.4.0-1112\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5557-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2586', 'CVE-2022-2588');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5557-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-08T10:51:46", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4030-1 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 29 for SLE 12 SP4) (SUSE-SU-2022:4030-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2588", "CVE-2022-42703"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_130-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_98-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_105-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_126-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_120-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-4030-1.NASL", "href": "https://www.tenable.com/plugins/nessus/167753", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4030-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167753);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2022-2588\", \"CVE-2022-42703\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4030-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 29 for SLE 12 SP4) (SUSE-SU-2022:4030-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:4030-1 advisory.\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204170\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-November/012950.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d95eeed\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42703\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-42703\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/10/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150000_150_98-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_120-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_126-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_130-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_105-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.130-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_130-default-4-2.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-150000.150.98-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150000_150_98-default-4-150000.2.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15']}\n ]\n },\n '4.12.14-150100.197.120-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150100_197_120-default-4-150100.2.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-95.105-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_105-default-4-2.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n },\n '5.3.18-150200.24.126-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150200_24_126-default-5-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150000_150_98-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T03:28:26", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7173 advisory.\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-26T00:00:00", "type": "nessus", "title": "RHEL 7 : kpatch-patch (RHSA-2022:7173)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3715", "CVE-2022-2588"], "modified": "2023-01-23T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:7.6", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_84_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_92_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_94_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_95_1", "p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_97_1"], "id": "REDHAT-RHSA-2022-7173.NASL", "href": "https://www.tenable.com/plugins/nessus/166539", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7173. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166539);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/23\");\n\n script_cve_id(\"CVE-2021-3715\", \"CVE-2022-2588\");\n script_xref(name:\"RHSA\", value:\"2022:7173\");\n\n script_name(english:\"RHEL 7 : kpatch-patch (RHSA-2022:7173)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7173 advisory.\n\n - kernel: use-after-free in route4_change() in net/sched/cls_route.c (CVE-2021-3715)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3715\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7173\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1993988\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114849\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3715\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_84_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_92_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_94_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_95_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-957_97_1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '7.6')) audit(AUDIT_OS_NOT, 'Red Hat 7.6', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nvar kernel_live_checks = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel/server/7/7.6/x86_64/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/aus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/aus/rhel/server/7/7.6/x86_64/os',\n 'content/aus/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap-hana/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/debug',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/os',\n 'content/e4s/rhel/server/7/7.6/x86_64/sap/source/SRPMS',\n 'content/e4s/rhel/server/7/7.6/x86_64/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/debug',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/os',\n 'content/tus/rhel/server/7/7.6/x86_64/optional/source/SRPMS',\n 'content/tus/rhel/server/7/7.6/x86_64/source/SRPMS'\n ],\n 'kernels': {\n '3.10.0-957.84.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_84_1-1-6.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.92.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_92_1-1-3.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.94.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_94_1-1-2.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.95.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_95_1-1-1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n ]\n },\n '3.10.0-957.97.1.el7.x86_64': {\n 'pkgs': [\n {'reference':'kpatch-patch-3_10_0-957_97_1-1-1.el7', 'sp':'6', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n }\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:kernel_live_checks);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(kernel_array['repo_relative_urls'])) repo_relative_urls = kernel_array['repo_relative_urls'];\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var pkg ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Update Services for SAP Solutions repository.\\n' +\n 'Access to this repository requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kpatch-patch-3_10_0-957_84_1 / kpatch-patch-3_10_0-957_92_1 / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-07T08:52:28", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4112-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-19T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP2) (SUSE-SU-2022:4112-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2588", "CVE-2022-42703"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_98-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_93-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_103-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-197_102-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_96-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_83-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_106-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_110-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-197_105-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_88-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_113-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_93-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-197_108-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-24_107-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_116-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_112-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_111-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_96-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_121-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_99-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_115-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_114-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_124-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-4112-1.NASL", "href": "https://www.tenable.com/plugins/nessus/167940", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4112-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167940);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-33655\", \"CVE-2022-2588\", \"CVE-2022-42703\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4112-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 21 for SLE 15 SP2) (SUSE-SU-2022:4112-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:4112-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204170\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204381\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-November/013002.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?427cee28\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42703\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33655\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_111-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_114-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_105-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-197_108-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_112-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-150200_24_115-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_107-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_93-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_96-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-5_3_18-24_99-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_103-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_106-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_110-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_113-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_116-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_121-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_124-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_98-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_83-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_88-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_93-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_96-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_99-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.103-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_103-default-16-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-122.106-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_106-default-14-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-122.110-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_110-default-12-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-122.113-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_113-default-11-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-122.116-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_116-default-9-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-122.121-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_121-default-7-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-122.124-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_124-default-6-2.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-122.98-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_98-default-16-2.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-150100.197.111-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150100_197_111-default-9-150100.2.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-150100.197.114-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150100_197_114-default-6-150100.2.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-197.102-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-197_102-default-15-150100.2.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-197.105-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-197_105-default-11-150100.2.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-197.108-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-197_108-default-10-150100.2.2', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-95.83-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_83-default-15-2.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n },\n '4.12.14-95.88-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_88-default-11-2.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n },\n '4.12.14-95.93-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_93-default-10-2.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n },\n '4.12.14-95.96-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_96-default-9-2.2', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n },\n '4.12.14-95.99-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_99-default-6-2.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n },\n '5.3.18-150200.24.112-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150200_24_112-default-10-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-150200.24.115-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-150200_24_115-default-8-150200.2.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.102-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_102-default-15-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.107-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_107-default-14-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.93-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_93-default-18-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.96-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_96-default-17-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n },\n '5.3.18-24.99-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-5_3_18-24_99-default-16-150200.2.2', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.2']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150100_197_111-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-02-07T19:05:45", "description": "The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:4024-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. (CVE-2021-33655)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-17T00:00:00", "type": "nessus", "title": "SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 28 for SLE 12 SP4) (SUSE-SU-2022:4024-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-33655", "CVE-2022-2588", "CVE-2022-42703"], "modified": "2023-02-03T00:00:00", "cpe": ["cpe:2.3:o:novell:suse_linux:12:*:*:*:*:*:*:*", "cpe:2.3:o:novell:suse_linux:15:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-122_127-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kgraft-patch-4_12_14-95_102-default:*:*:*:*:*:*:*", "p-cpe:2.3:a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_117-default:*:*:*:*:*:*:*"], "id": "SUSE_SU-2022-4024-1.NASL", "href": "https://www.tenable.com/plugins/nessus/167759", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:4024-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167759);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/03\");\n\n script_cve_id(\"CVE-2021-33655\", \"CVE-2022-2588\", \"CVE-2022-42703\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:4024-1\");\n\n script_name(english:\"SUSE SLES12 / SLES15 Security Update : kernel (Live Patch 28 for SLE 12 SP4) (SUSE-SU-2022:4024-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2022:4024-1 advisory.\n\n - When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of\n bounds. (CVE-2021-33655)\n\n - kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation\n (CVE-2022-2588)\n\n - mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.\n (CVE-2022-42703)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1202087\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1203613\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1204170\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-November/012957.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0b4db598\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-33655\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-2588\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2022-42703\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel-livepatch-4_12_14-150100_197_117-default, kgraft-patch-4_12_14-122_127-default and / or\nkgraft-patch-4_12_14-95_102-default packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-33655\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/07/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kernel-livepatch-4_12_14-150100_197_117-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-122_127-default\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:kgraft-patch-4_12_14-95_102-default\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES15', 'SUSE (' + os_ver + ')');\n\nvar uname_r = get_kb_item(\"Host/uname-r\");\nif (empty_or_null(uname_r)) audit(AUDIT_UNKNOWN_APP_VER, \"kernel\");\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar kernel_live_checks = [\n {\n 'kernels': {\n '4.12.14-122.127-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-122_127-default-4-2.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.5']}\n ]\n },\n '4.12.14-150100.197.117-default': {\n 'pkgs': [\n {'reference':'kernel-livepatch-4_12_14-150100_197_117-default-4-150100.2.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-live-patching-release-15.1']}\n ]\n },\n '4.12.14-95.102-default': {\n 'pkgs': [\n {'reference':'kgraft-patch-4_12_14-95_102-default-4-2.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-live-patching-release-12.4']}\n ]\n }\n }\n }\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nvar kernel_affected = FALSE;\nforeach var kernel_array ( kernel_live_checks ) {\n var kpatch_details = kernel_array['kernels'][uname_r];\n if (empty_or_null(kpatch_details)) continue;\n kernel_affected = TRUE;\n foreach var package_array ( kpatch_details['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\n# No kpatch details found for the running kernel version\nif (!kernel_affected) audit(AUDIT_INST_VER_NOT_VULN, 'kernel', uname_r);\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-livepatch-4_12_14-150100_197_117-default / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-25T12:43:25", "description": "The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5567-1 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-08-10T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5567-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588"], "modified": "2023-01-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "cpe:/o:canonical:ubuntu_linux:22.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1048-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-5.17.0-1015-oem", "p-cpe:/a:canonical:ubuntu_linux:linux-image-oem"], "id": "UBUNTU_USN-5567-1.NASL", "href": "https://www.tenable.com/plugins/nessus/164037", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5567-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164037);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\"CVE-2022-2585\", \"CVE-2022-2586\", \"CVE-2022-2588\");\n script_xref(name:\"USN\", value:\"5567-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5567-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as\nreferenced in the USN-5567-1 advisory.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5567-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-2588\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/08/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:22.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.14.0-1048-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-5.17.0-1015-oem\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:linux-image-oem\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\ninclude('ksplice.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nvar release = chomp(release);\nif (! preg(pattern:\"^(20\\.04|22\\.04)$\", string:release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04 / 22.04', 'Ubuntu ' + release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar machine_kernel_release = get_kb_item_or_exit('Host/uname-r');\nif (machine_kernel_release)\n{\n if (! preg(pattern:\"^(5.14.0-\\d{4}-oem|5.17.0-\\d{4}-oem)$\", string:machine_kernel_release)) audit(AUDIT_INST_VER_NOT_VULN, 'kernel ' + machine_kernel_release);\n var extra = '';\n var kernel_mappings = {\n \"5.14.0-\\d{4}-oem\" : \"5.14.0-1048\",\n \"5.17.0-\\d{4}-oem\" : \"5.17.0-1015\"\n };\n var trimmed_kernel_release = ereg_replace(string:machine_kernel_release, pattern:\"(-\\D+)$\", replace:'');\n foreach var kernel_regex (keys(kernel_mappings)) {\n if (preg(pattern:kernel_regex, string:machine_kernel_release)) {\n if (deb_ver_cmp(ver1:trimmed_kernel_release, ver2:kernel_mappings[kernel_regex]) < 0)\n {\n extra = extra + 'Running Kernel level of ' + trimmed_kernel_release + ' does not meet the minimum fixed level of ' + kernel_mappings[kernel_regex] + ' for this advisory.\\n\\n';\n }\n else\n {\n audit(AUDIT_PATCH_INSTALLED, 'Kernel package for USN-5567-1');\n }\n }\n }\n}\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n var cve_list = make_list('CVE-2022-2585', 'CVE-2022-2586', 'CVE-2022-2588');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for USN-5567-1');\n }\n else\n {\n extra = extra + ksplice_reporting_text();\n }\n}\nif (extra) {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-01-26T00:33:25", "description": "The version of kernel installed on the remote host is prior to 5.4.209-116.367. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-035 advisory.\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586, CVE-2022-2588)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-09-15T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-035)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 3.3, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1462", "CVE-2022-2586", "CVE-2022-2588"], "modified": "2023-01-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:bpftool", "p-cpe:/a:amazon:linux:bpftool-debuginfo", "p-cpe:/a:amazon:linux:kernel", "p-cpe:/a:amazon:linux:kernel-debuginfo", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64", "p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:amazon:linux:kernel-devel", "p-cpe:/a:amazon:linux:kernel-headers", "p-cpe:/a:amazon:linux:kernel-tools", "p-cpe:/a:amazon:linux:kernel-tools-debuginfo", "p-cpe:/a:amazon:linux:kernel-tools-devel", "p-cpe:/a:amazon:linux:perf", "p-cpe:/a:amazon:linux:perf-debuginfo", "p-cpe:/a:amazon:linux:python-perf", "p-cpe:/a:amazon:linux:python-perf-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASKERNEL-5_4-2022-035.NASL", "href": "https://www.tenable.com/plugins/nessus/165104", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASKERNEL-5.4-2022-035.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165104);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/12\");\n\n script_cve_id(\"CVE-2022-1462\", \"CVE-2022-2586\", \"CVE-2022-2588\");\n\n script_name(english:\"Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-035)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of kernel installed on the remote host is prior to 5.4.209-116.367. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-035 advisory.\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462)\n\n - An out-of-bounds read flaw was found in the Linux kernel's TeleTYpe subsystem. The issue occurs in how a\n user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage\n of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read\n unauthorized random data from memory. (CVE-2022-1462) (CVE-2022-2586, CVE-2022-2588)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASKERNEL-5.4-2022-035.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-1462.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2586.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-2588.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update kernel' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-1462\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:bpftool-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-aarch64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:kernel-tools-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\ninclude(\"hotfixes.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nif (get_one_kb_item(\"Host/kpatch/kernel-cves\"))\n{\n set_hotfix_type(\"kpatch\");\n var cve_list = make_list(\"CVE-2022-1462\", \"CVE-2022-2586\", \"CVE-2022-2588\");\n if (hotfix_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"kpatch hotfix for ALASKERNEL-5.4-2022-035\");\n }\n else\n {\n __rpm_report = hotfix_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.4.209-116.367.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check'
(RHSA-2022:7171) Important: kernel security and bug fix update
