The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)
* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)
* smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)
* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)
* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)
* uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)
* race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)
* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)
* concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)
* kernel info leak issue in pfkey_register (CVE-2022-1353)
* use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)
* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)
* fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)
* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)
* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)
* slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)
* incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)
* incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)
* incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)
* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)
* AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)
* AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)
* Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)
* double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)
* use after free in SUNRPC subsystem (CVE-2022-28893)
* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)
* Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)
* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)
* nf_tables disallow binding to already bound chain (CVE-2022-39190)
* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
{"redhat": [{"lastseen": "2023-02-28T16:26:44", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n* smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n* uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n* race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n* concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)\n\n* kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n* use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n* fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)\n\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n* integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n* incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n* AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n* use after free in SUNRPC subsystem (CVE-2022-28893)\n\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n* Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n* nf_tables disallow binding to already bound chain (CVE-2022-39190)\n\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-15T06:19:55", "type": "redhat", "title": "(RHSA-2022:8267) Moderate: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1158", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190", "CVE-2023-1095"], "modified": "2023-02-28T16:17:58", "id": "RHSA-2022:8267", "href": "https://access.redhat.com/errata/RHSA-2022:8267", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-22T12:13:16", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n* Race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n* Memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n* smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)\n\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n* Uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n* Race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n* buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n* net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n* Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* Memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n* Double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n* Use after free in SUNRPC subsystem (CVE-2022-28893)\n\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T06:19:55", "type": "redhat", "title": "(RHSA-2022:7444) Moderate: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1158", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-2153", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2023-02-22T10:36:35", "id": "RHSA-2022:7444", "href": "https://access.redhat.com/errata/RHSA-2022:7444", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-21T18:13:14", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n* race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n* use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n* memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n* smb2_ioctl_query_info NULL Pointer Dereference (CVE-2022-0168)\n\n* NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n* swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n* uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n* race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n* use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n* use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n* NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n* buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n* nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n* openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n* net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n* possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n* Spectre-BHB (CVE-2022-23960)\n\n* Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n* double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n* use after free in SUNRPC subsystem (CVE-2022-28893)\n\n* use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n* DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n* nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T06:26:19", "type": "redhat", "title": "(RHSA-2022:7683) Moderate: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1158", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-2153", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2023-02-21T16:53:41", "id": "RHSA-2022:7683", "href": "https://access.redhat.com/errata/RHSA-2022:7683", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-12-13T20:08:34", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)\n\n* kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)\n\n* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)\n\n* hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n* hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the latest RHEL-9.0.z5 Batch (BZ#2137580)\n\n* [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12 [kernel-rt] (BZ#2139864)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-13T15:30:57", "type": "redhat", "title": "(RHSA-2022:8974) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1158", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-2959", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-43945"], "modified": "2022-12-13T15:34:07", "id": "RHSA-2022:8974", "href": "https://access.redhat.com/errata/RHSA-2022:8974", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-12-13T20:08:34", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)\n\n* kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n* kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)\n\n* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)\n\n* hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n* hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* sched/pelt: Fix attach_entity_load_avg() corner case (BZ#2105360)\n\n* RHEL9[fleetwood][P9]:kdump fails to capture vmcore when crash is triggered while running forkoff. (BZ#2109144)\n\n* ISST-LTE:[P10 Everest] [5.14.0-70.9.1.el9_0.ppc64le] HPT:RHEL9.0:ecolp95: lpar crashed at __list_del_entry_valid+0x90/0x100 and LPM failed (BZ#2112823)\n\n* [rhel9] livepatch panic: RIP: 0010:0xffffffffc0e070c4 seq_read_iter+0x124/0x4b0 (BZ#2122625)\n\n* System crashes due to list_add double add at iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2123315)\n\n* [Dell EMC 9.0 BUG] Any process performing I/O doesn't fail on degraded LVM RAID and IO process hangs (BZ#2126215)\n\n* [HPEMC RHEL 9.0 REGRESSION] net, e810, ice: not enough device MSI-X vectors (BZ#2126491)\n\n* RHEL9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127874)\n\n* Enable check-kabi (BZ#2132372)\n\n* Add symbols to stablelist (BZ#2132373)\n\n* Update RHEL9.1 kabi tooling (BZ#2132380)\n\n* kABI: Prepare the MM subsystem for kABI lockdown (BZ#2133464)\n\n* [Dell Storage 9.1 BUG] NVME command hang during storage array node reboot (BZ#2133553)\n\n* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134589)\n\n* crypto/testmgr.c should not list dh, ecdh-nist-p256, ecdh-nist-p384 as .fips_allowed = 1 (BZ#2136523)\n\n* FIPS self-tests for RSA pkcs7 signature verification (BZ#2136552)\n\n* [ovs-tc] Bad length in dpctl/dump-flows (BZ#2137354)\n\n* [RHEL9] s_pf0vf2: hw csum failure for mlx5 (BZ#2137355)\n\n* kernel memory leak while freeing nested actions (BZ#2137356)\n\n* ovs: backports from upstream (BZ#2137358)\n\n* kernel should conform to FIPS-140-3 requirements (both parts) (BZ#2139095)\n\n* [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139214)\n\n* Fix panic in nbd/004 test (BZ#2139535)\n\n* Nested KVM is not working on RHEL 8.6 with hardware error 0x7 (BZ#2140141)\n\n* [RHEL9] Practically limit \"Dummy wait\" workaround to old Intel systems (BZ#2142169)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-13T15:30:56", "type": "redhat", "title": "(RHSA-2022:8973) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1158", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-2959", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-43945"], "modified": "2022-12-13T15:32:59", "id": "RHSA-2022:8973", "href": "https://access.redhat.com/errata/RHSA-2022:8973", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-03T00:05:38", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* lpfc panics in lpfc_els_free_iocb() during port recovery (BZ#1969988)\n\n* mlx5 reports error messages during shutdown then panic with mce (BZ#2077711)\n\n* Kernel panic due to hard lockup caused by deadlock between tasklist_lock and k_itimer->it_lock (BZ#2115147)\n\n* fix excess double put in nfs_prime_dcache (BZ#2117856)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-11-02T16:03:50", "type": "redhat", "title": "(RHSA-2022:7337) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-11-02T16:07:18", "id": "RHSA-2022:7337", "href": "https://access.redhat.com/errata/RHSA-2022:7337", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-03T00:05:38", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n* Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Update to the latest RHEL7.9.z18 source tree (BZ#2117337)", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-11-02T16:04:02", "type": "redhat", "title": "(RHSA-2022:7338) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-11-02T16:07:17", "id": "RHSA-2022:7338", "href": "https://access.redhat.com/errata/RHSA-2022:7338", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-25T08:07:16", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* kernel: information leak in scsi_ioctl() (CVE-2022-0494)\n\n* Kernel: A kernel-info-leak issue in pfkey_register (CVE-2022-1353)\n\n* hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* [rhel8-rt] BUG: using __this_cpu_add() in preemptible [00000000] - caller is __mod_memcg_lruvec_state+0x69/0x1c0 (BZ#2122600)\n\n* The latest RHEL 8.6.z4 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2125396)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-25T07:38:43", "type": "redhat", "title": "(RHSA-2022:7134) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-10-25T07:42:45", "id": "RHSA-2022:7134", "href": "https://access.redhat.com/errata/RHSA-2022:7134", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-10-27T08:51:59", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* Information leak in scsi_ioctl() (CVE-2022-0494)\n\n* A kernel-info-leak issue in pfkey_register (CVE-2022-1353)\n\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900)\n\n* Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n* RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Add s390_iommu_aperture kernel parameter (BZ#2081324)\n\n* Blackscreen and hangup after resume from hibernate or S3 with DFGX WX3200 (BZ#2091065)\n\n* Update NVME subsystem with bug fixes and minor changes (BZ#2106017)\n\n* Fix parsing of nw_proto for IPv6 fragments (BZ#2106703)\n\n* \"vmcore failed, _exitcode:139\" error observed while capturing vmcore during fadump after memory remove. incomplete vmcore is captured. (BZ#2107488)\n\n* 'disable_policy' is ignored for addresses configured on a down interface (BZ#2109971)\n\n* Backport request for new cpufreq.default_governor kernel command line parameter (BZ#2109996)\n\n* Panics in mpt3sas mpt3sas_halt_firmware() if mpt3sas_fwfault_debug=1 enabled when poweroff issued to server (BZ#2111140)\n\n* IOMMU/DMA update for 8.7 (BZ#2111692)\n\n* Update Broadcom Emulex lpfc driver for RHEL8.7 with bug fixes (14.0.0.13) (BZ#2112103)\n\n* Incorrect Socket(s) & \"Core(s) per socket\" reported by lscpu command. (BZ#2112820)\n\n* Panic in ch_release() due to NULL ch->device pointer, backport upstream fix (BZ#2115965)\n\n* pyverbs-tests fail over qede IW HCAs on \"test_query_rc_qp\" (tests.test_qp.QPTest) (BZ#2119122)\n\n* qedi shutdown handler hangs upon reboot (BZ#2119847)\n\n* cache link_info for ethtool (BZ#2120197)\n\n* Important iavf bug fixes (BZ#2120225)\n\n* Hibernate crash with Aquantia 2.5/5 Gb LAN card (BZ#2124966)\n\n* While using PTimekeeper the qede driver produces excessive log messages (BZ#2125477)\n\n* general protection fault handling rpc_xprt.timer (BZ#2126184)\n\n* Not enough device MSI-X vectors (BZ#2126482)\n\n* Atlantic driver panic on wakeup after hybernate (BZ#2127845)\n\n* Memory leak in vxlan_xmit_one (BZ#2131255)\n\n* Missing hybernate/resume fixes (BZ#2131936)\n\nEnhancement(s):\n\n* Update smartpqi driver to latest upstream Second Set of Patches (BZ#2112354)\n\n* qed/qede/qedr - driver updates to latest upstream (BZ#2120611)\n\n* Update qedi driver to latest upstream (BZ#2120612)\n\n* Update qedf driver to latest upstream (BZ#2120613)\n\n* Include the support for new NVIDIA Mobile GFX GA103 on ADL Gen Laptops (BZ#2127122)\n\n* Need to enable hpilo to support new HPE RL300 Gen11 for ARM (aarch64) (BZ#2129923)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-25T07:23:52", "type": "redhat", "title": "(RHSA-2022:7110) Important: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-10-25T07:27:06", "id": "RHSA-2022:7110", "href": "https://access.redhat.com/errata/RHSA-2022:7110", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-09-13T08:02:04", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The latest RHEL 8.6.z3 kernel changes need to be merged into the RT source tree to keep source parity between the two kernels. (BZ#2111112)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T07:36:33", "type": "redhat", "title": "(RHSA-2022:6437) Moderate: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166"], "modified": "2022-09-13T07:40:31", "id": "RHSA-2022:6437", "href": "https://access.redhat.com/errata/RHSA-2022:6437", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-09T11:59:34", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* The kernel-rt crashes where one task is indefinitely looping in __start_cfs_bandwidth() with the cfs_b->lock spinlock being held (BZ#2079976)\n\n* update to the latest RHEL7.9.z16 source tree (BZ#2100182)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-09T09:27:49", "type": "redhat", "title": "(RHSA-2022:5939) Moderate: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166"], "modified": "2022-08-09T10:12:07", "id": "RHSA-2022:5939", "href": "https://access.redhat.com/errata/RHSA-2022:5939", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-09-14T15:55:29", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Bad page state in process qemu-kvm pfn:68a74600 (BZ#2081013)\n\n* slub corruption during LPM of hnv interface (BZ#2081250)\n\n* Affinity broken due to vector space exhaustion (BZ#2084646)\n\n* 'rmmod pmt_telemetry' panics on ADL-P IOTG (BZ#2091079)\n\n* Unable to boot RHEL-8.6 on Brazos max. config (Install is success) (BZ#2092241)\n\n* kernel crash after reboot of T14/G2 AMD laptop (mt7921e module) (BZ#2095654)\n\n* mt7921: free resources on pci_probe error path (BZ#2101684)\n\n* NLM should be more defensive if underlying FS changes fl_owner (BZ#2102099)\n\n* RHEL8/async-pf Guest call trace when reboot after postcopy migration with high stress workload (BZ#2105340)\n\n* execve exit tracepoint not called (BZ#2106662)\n\n* QProcess dead lock on kernel-4.18.0-358 (BZ#2107643)\n\n* KVM fix guest FPU uABI size to kvm_xsave (BZ#2107652)\n\n* KVM selftests fail to compile (BZ#2107655)\n\n* Some monitor have no display with AMD W6400 when boot into OS. (BZ#2109826)\n\n* Percpu counter usage is gradually getting increasing during podman container recreation. (BZ#2110039)\n\n* multipath failed to recover after EEH hit on flavafish adapter on Denali(qla2xxx/flavafish/RHEL8.6/Denali) (BZ#2110768)\n\n* soft lockups under heavy I/O load to ahci connected SSDs (BZ#2110772)\n\n* trouble re-assigning MACs to VFs, ice stricter than other drivers (BZ#2111936)\n\n* Intel MPI 2019.0 - mpirun stuck on latest kernel (BZ#2112030)\n\n* Multicast packets are not received by all VFs on the same port even though they have the same VLAN (BZ#2117026)\n\n* Hyper-V 2019 Dynamic Memory Problem hv_balloon (BZ#2117050)\n\n* kernel BUG at kernel/sched/deadline.c:1561! (BZ#2117410)\n\n* ALSA (sound) driver - update Intel SOF kcontrol code (BZ#2117732)\n\n* bridge over bond over ice ports has no connection (BZ#2118580)\n\n* Fix max VLANs available for VF (BZ#2118581)\n\n* offline selftest failed (BZ#2118582)\n\n* INTEL NVMUpdate utility ver 3.20 is failing to update firmware on E810-XXVDA4T (WPC) (BZ#2118583)\n\n* VM configured with failover interface will coredump after been migrating from source host to target host(only iavf driver) (BZ#2118705)\n\n* Fix max VLANs available for untrusted VF (BZ#2118707)\n\n* Softlockup on infinite loop in task_get_css() for a CSS_DYING cpuset (BZ#2120776)\n\nEnhancement(s):\n\n* KVM Sapphire Rapids (SPR) AMX Instructions (BZ#2088287)\n\n* KVM Sapphire Rapids (SPR) AMX Instructions part2 (BZ#2088288)\n\n* ice: Driver Update (BZ#2102359)\n\n* iavf: Driver Update (BZ#2102360)\n\n* iommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (BZ#2112983)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-13T07:37:13", "type": "redhat", "title": "(RHSA-2022:6460) Moderate: kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166"], "modified": "2022-09-13T08:18:38", "id": "RHSA-2022:6460", "href": "https://access.redhat.com/errata/RHSA-2022:6460", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-01T15:40:26", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* Update RT source tree to the latest RHEL-8.2.z21 Batch (BZ#2100575)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-01T14:04:44", "type": "redhat", "title": "(RHSA-2022:7280) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2588"], "modified": "2022-11-01T14:05:54", "id": "RHSA-2022:7280", "href": "https://access.redhat.com/errata/RHSA-2022:7280", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-11T16:08:32", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-10-11T12:19:05", "type": "redhat", "title": "(RHSA-2022:6872) Important: kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2588"], "modified": "2022-10-11T12:19:56", "id": "RHSA-2022:6872", "href": "https://access.redhat.com/errata/RHSA-2022:6872", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-11-01T15:40:26", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: a use-after-free in cls_route filter implementation may lead to privilege escalation (CVE-2022-2588)\n\n* hw: cpu: Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* hw: cpu: Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* hw: cpu: Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* RHEL8.6[64TB/240c Denali]:\" vmcore failed, _exitcode:139\" error observed while capturing vmcore during fadump after memory remove. incomplete vmcore is captured. (BZ#2107491)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-11-01T14:04:32", "type": "redhat", "title": "(RHSA-2022:7279) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-2588"], "modified": "2022-11-01T14:05:55", "id": "RHSA-2022:7279", "href": "https://access.redhat.com/errata/RHSA-2022:7279", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-09T11:59:34", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Incomplete cleanup of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n* Incomplete cleanup of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n* Incomplete cleanup in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* SolarFlare sfc spurious TX completion (BZ#1793280)\n\n* Page allocation failure on cryptsetup open (BZ#2072970)\n\n* The kernel-rt crashes where one task is indefinitely looping in __start_cfs_bandwidth() with the cfs_b->lock spinlock being held (BZ#2077346)\n\n* While using PTimekeeper the qede driver produces excessive log messages (BZ#2080646)\n\n* The kernel crashes due to a GPF happens in mutex_spin_on_owner(). The known RDMA/cma bug that was introduced with a patch from upstream commit 722c7b2bfead is the possible cause. (BZ#2085425)\n\n* Running LTP testcase creat09 fails showing related to 'cve-2018-13405' (BZ#2089360)\n\n* Crash when releasing inode which was on unmouted superblock (BZ#2096884)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-09T09:27:25", "type": "redhat", "title": "(RHSA-2022:5937) Moderate: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-13405", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166"], "modified": "2022-08-09T10:12:03", "id": "RHSA-2022:5937", "href": "https://access.redhat.com/errata/RHSA-2022:5937", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-12-13T10:48:16", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)\n\n* kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* s390x: bpftrace Could not read symbols from /sys/kernel/debug/tracing/available_filter_functions: No such device (BZ#2134808)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-13T09:25:14", "type": "redhat", "title": "(RHSA-2022:8940) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1158", "CVE-2022-2639"], "modified": "2022-12-13T09:25:47", "id": "RHSA-2022:8940", "href": "https://access.redhat.com/errata/RHSA-2022:8940", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-13T20:08:34", "description": "The kpatch management tool provides a kernel patching infrastructure which allows you to patch a running kernel without rebooting or restarting any processes.\n\nSecurity Fix(es):\n\n* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)\n\n* kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-13T15:35:22", "type": "redhat", "title": "(RHSA-2022:8989) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1158", "CVE-2022-2639"], "modified": "2022-12-13T15:37:45", "id": "RHSA-2022:8989", "href": "https://access.redhat.com/errata/RHSA-2022:8989", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-14T00:09:07", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)\n\n* kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* x86/intel: processors require energy_perf_bias setting (BZ#2102103)\n\n* System crashes due to list_add double add at iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2112264)\n\n* Fix SCHED_WARN_ON deadlock (BZ#2125422)\n\n* Starting VMs on a KVM-host with EL8.6-kernel sometimes produces timejumps into the future for other already running guest-VMs [rhel.8] (BZ#2125671)\n\n* RHEL8.4 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127850)\n\n* vfio zero page mappings fail after 2M instances (BZ#2128516)\n\n* The kernel needs to offer a way to reseed the Crypto DRBG and atomically extract random numbers from it (BZ#2129728)\n\n* ice: Driver Update up to 5.19 (BZ#2130993)\n\n* virtio-net: support XDP when not more queues (BZ#2131740)\n\n* VMs hang after migration (BZ#2131756)\n\n* Update NVME subsystem with bug fixes and minor changes (BZ#2132555)\n\n* [HPE BUG] Premature swapping with swappiness=0 while there\u2019s still plenty of pagecache to be reclaimed. (BZ#2133831)\n\n* nf_conntrack causing nfs to stall (BZ#2134089)\n\n* Fix issue that enables STABLE_WRITES by default and causes performance regressions (BZ#2135814)\n\n* [ice] Intel E810 PTP clock glitching (BZ#2136037)\n\n* ice: arp replies not making it to switch (BZ#2136043)\n\n* [ice]configure link-down-on-close on and change interface mtu to 9000,the interface can't up (BZ#2136217)\n\n* ice: dump additional CSRs for Tx hang debugging (BZ#2136514)\n\n* crypto/testmgr.c should not list dh, ecdh as .fips_allowed = 1 (BZ#2136525)\n\n* FIPS module identification via name and version (BZ#2136540)\n\n* FIPS self-tests for RSA pkcs7 signature verification (BZ#2137316)\n\n* After upgrading to ocp4.11.1, our dpdk application using vlan strip offload is not working (BZ#2138158)\n\n* WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138954)\n\n* [DELL EMC 8.6-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139217)\n\n* Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139581)\n\n* Laser bias information can't be shown by ethtool on rhel8.6 (BZ#2139638)\n\n* Nested KVM is not working on RHEL 8.6 with hardware error 0x7 (BZ#2140144)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-06T09:24:55", "type": "redhat", "title": "(RHSA-2022:8809) Important: kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1158", "CVE-2022-2639"], "modified": "2022-12-06T09:28:06", "id": "RHSA-2022:8809", "href": "https://access.redhat.com/errata/RHSA-2022:8809", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-06T15:10:45", "description": "This is a kernel live patch module which is automatically loaded by the RPM post-install script to modify the code of a running kernel.\n\nSecurity Fix(es):\n\n* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)\n\n* kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-06T14:41:35", "type": "redhat", "title": "(RHSA-2022:8831) Important: kpatch-patch security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1158", "CVE-2022-2639"], "modified": "2022-12-06T14:42:42", "id": "RHSA-2022:8831", "href": "https://access.redhat.com/errata/RHSA-2022:8831", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-13T10:48:16", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)\n\n* kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* kernel-rt: update RT source tree to the latest RHEL-8.2.z22 Batch (BZ#2138929)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-13T09:25:16", "type": "redhat", "title": "(RHSA-2022:8941) Important: kernel-rt security and bug fix update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2022-1158", "CVE-2022-2639"], "modified": "2022-12-13T09:25:48", "id": "RHSA-2022:8941", "href": "https://access.redhat.com/errata/RHSA-2022:8941", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-12-14T23:19:21", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.6.3 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which fix several bugs. See the following\nRelease Notes documentation, which will be updated shortly for this\nrelease, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.6/html/release_notes/\n\nBugs addressed:\n\n* clusters belong to global clusterset is not selected by placement when rescheduling (BZ# 2129679)\n\n* RHACM 2.6.3 images (BZ# 2139085)\n\nSecurity fixes:\n\n* CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function \n Security\n\n* CVE-2022-41912 crewjam/saml: Authentication bypass when processing SAML responses containing multiple Assertion elements", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-14T19:39:55", "type": "redhat", "title": "(RHSA-2022:9040) Important: Red Hat Advanced Cluster Management 2.6.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-3709", "CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0561", "CVE-2022-0562", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-0865", "CVE-2022-0891", "CVE-2022-0908", "CVE-2022-0909", "CVE-2022-0924", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1304", "CVE-2022-1355", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-22624", "CVE-2022-22628", "CVE-2022-22629", "CVE-2022-22662", "CVE-2022-22844", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-25255", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-26700", "CVE-2022-26709", "CVE-2022-26710", "CVE-2022-26716", "CVE-2022-26717", "CVE-2022-26719", "CVE-2022-27404", "CVE-2022-27405", "CVE-2022-27406", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-30293", "CVE-2022-3517", "CVE-2022-36946", "CVE-2022-37434", "CVE-2022-41912", "CVE-2022-42898"], "modified": "2022-12-14T19:40:16", "id": "RHSA-2022:9040", "href": "https://access.redhat.com/errata/RHSA-2022:9040", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2022-11-22T10:47:42", "description": "[5.14.0-162.6.1_1.OL9]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5\n- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]\n- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]\n[5.14.0-162.6.1_1]\n- kabi: add symbol yield to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol xa_find_after to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol xa_find to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol xa_destroy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol x86_spec_ctrl_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol x86_cpu_to_apicid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol wait_for_completion_interruptible to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol wait_for_completion to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vsprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vsnprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vprintk to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vmemmap_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vmalloc_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vmalloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vm_zone_stat to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vm_event_states to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol vfree to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_undefined to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_teardown_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_setup_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_possible_blades to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_get_hubless_system to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_obj_count to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_install_heap to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_get_pci_topology to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_get_master_nasid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_get_heapsize to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_get_geoinfo to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_enum_ports to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol uv_bios_enum_objs to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol up_write to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol up_read to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol up to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_reboot_notifier to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_nmi_handler to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_netdevice_notifier to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_chrdev_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol unregister_blkdev to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol tsc_khz to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol try_wait_for_completion to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol touch_softlockup_watchdog to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol time64_to_tm to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol this_cpu_off to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol tasklet_unlock_wait to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol tasklet_kill to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol tasklet_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol system_wq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol system_freezing_cnt to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sys_tz to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol synchronize_rcu to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strstr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strsep to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strrchr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strnlen to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strncpy_from_user to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strncpy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strncmp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strncasecmp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strlen to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strlcpy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strlcat to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strcpy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strcmp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol strchr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sscanf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sort to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol snprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sn_region_size to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sn_partition_id to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol smp_call_function_single_async to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol smp_call_function_single to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol smp_call_function_many to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol sme_me_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol simple_strtoull to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol simple_strtoul to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol simple_strtol to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol simple_read_from_buffer to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol set_freezable to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol set_current_groups to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol security_sb_eat_lsm_opts to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol security_free_mnt_opts to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol scsi_command_size_tbl to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol scnprintf to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol schedule_timeout to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol schedule to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol rtnl_is_locked to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol revert_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol request_threaded_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol remove_wait_queue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol register_reboot_notifier to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol register_netdevice_notifier to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol register_chrdev_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol refcount_warn_saturate to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol recalc_sigpending to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol rcu_read_unlock_strict to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol rb_next to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol rb_first to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol radix_tree_delete to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol queue_work_on to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol queue_delayed_work_on to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol put_unused_fd to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ptrs_per_p4d to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol printk to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol prepare_to_wait_exclusive to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol prepare_to_wait_event to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol prepare_to_wait to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol prepare_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol posix_acl_valid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol posix_acl_to_xattr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol posix_acl_from_xattr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol posix_acl_alloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol physical_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol phys_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol pgdir_shift to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol percpu_ref_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol percpu_ref_exit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol panic_notifier_list to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol panic to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol page_offset_base to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol override_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol numa_node to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol nr_cpu_ids to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol node_states to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mutex_unlock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mutex_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mutex_lock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mutex_is_locked to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol msleep to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memset to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_free_slab to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_free to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_destroy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_create_node to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_create to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_alloc_slab to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mempool_alloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memparse to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memory_read_from_buffer to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memmove to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memcpy to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol memcmp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mem_section to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol mds_idle_clear to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol lookup_bdev to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ktime_get_ts64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ktime_get_real_ts64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ktime_get_coarse_real_ts64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ktime_get to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kthread_should_stop to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kstrtoull to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kstrtoll to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kmalloc_order_trace to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kfree to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kernel_sigaction to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kernel_fpu_end to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol kernel_fpu_begin_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol jiffies_64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol jiffies to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol is_vmalloc_addr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol is_uv_system to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol iounmap to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol ioremap to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol iomem_resource to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol init_wait_entry to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol init_timer_key to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol in_group_p to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol in_aton to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol in6_pton to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol in4_pton to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol hrtimer_start_range_ns to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol hrtimer_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol hrtimer_forward to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol hrtimer_cancel to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol groups_alloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol get_zeroed_page to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol get_unused_fd_flags to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol free_percpu to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol free_pages to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol free_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol fortify_panic to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol flush_workqueue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol finish_wait to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol elfcorehdr_addr to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol efi to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol dump_stack to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol downgrade_write to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_write_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_write to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_read_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_read to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down_interruptible to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol down to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol dmi_get_system_info to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol devmap_managed_key to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol dev_base_lock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol destroy_workqueue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol delayed_work_timer_fn to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol del_timer_sync to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol default_wake_function to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol csum_partial to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpumask_next to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpufreq_quick_get to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_sibling_map to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_number to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_khz to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_info to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cpu_bit_bitmap to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol congestion_wait to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol complete_and_exit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol complete to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol commit_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol clear_user to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol capable to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cancel_delayed_work_sync to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cancel_delayed_work to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol call_usermodehelper to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol call_rcu to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol cachemode2protval to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol boot_cpu_data to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol blk_stack_limits to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol bitmap_release_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol bitmap_find_free_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol avenrun to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol autoremove_wake_function to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol atomic_notifier_chain_unregister to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol atomic_notifier_chain_register to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol async_synchronize_full_domain to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol async_synchronize_full to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol alloc_workqueue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol alloc_chrdev_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol add_wait_queue_exclusive to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol add_wait_queue to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol add_timer to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol abort_creds to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _totalram_pages to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_write_unlock_irqrestore to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_write_unlock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_write_lock_irqsave to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_write_lock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_unlock_irqrestore to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_unlock_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_unlock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_unlock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_trylock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_trylock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_lock_irqsave to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_lock_irq to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_lock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_spin_lock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_read_unlock_irqrestore to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_read_unlock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_read_lock_irqsave to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _raw_read_lock_bh to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _find_next_bit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _find_first_zero_bit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _find_first_bit to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _ctype to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _copy_to_user to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol _copy_from_user to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __xa_insert to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rsi to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rdx to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rdi to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rcx to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rbx to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rbp to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_rax to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r8 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r15 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r14 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r13 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r12 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __x86_indirect_thunk_r10 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __warn_printk to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __wake_up to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __vmalloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __uv_hub_info_list to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __uv_cpu_info to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __unregister_chrdev to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __udelay to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __tasklet_schedule to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __sw_hweight64 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __sw_hweight32 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __stack_chk_fail to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __request_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __release_region to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __register_nmi_handler to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __register_blkdev to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __refrigerator to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __rcu_read_unlock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __rcu_read_lock to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __put_user_8 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __put_user_4 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __put_user_2 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __put_cred to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __preempt_count to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __per_cpu_offset to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __num_online_cpus to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __node_distance to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __ndelay to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __mutex_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __msecs_to_jiffies to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __list_del_entry_valid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __list_add_valid to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __kmalloc to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __init_waitqueue_head to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __init_swait_queue_head to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __init_rwsem to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __hw_addr_init to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __get_user_2 to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __get_free_pages to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __fentry__ to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __cpu_possible_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __cpu_online_mask to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __const_udelay to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __cond_resched to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __check_object_size to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __bitmap_weight to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __bitmap_intersects to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __bitmap_equal to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __bitmap_and to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __alloc_percpu to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __SCT__preempt_schedule to stablelist (cestmir Kalina) [2120286]\n- kabi: add symbol __SCT__might_resched to stablelist (cestmir Kalina) [2120286]\n- kabi: re-enable build-time kabi-checks (cestmir Kalina) [2120321]\n- sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2129287]\n- sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2129287]\n[5.14.0-162.5.1_1]\n- redhat: change default dist suffix for RHEL 9.1 (Patrick Talbert)\n- netfilter: nf_tables: clean up hook list when offload flags check fails (Florian Westphal) [2121393]\n- netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (Florian Westphal) [2121393]\n- netfilter: nf_conntrack_irc: Fix forged IP logic (Florian Westphal) [2121393]\n- netfilter: nf_conntrack_irc: Tighten matching on DCC message (Florian Westphal) [2121393]\n- netfilter: br_netfilter: Drop dst references before setting. (Florian Westphal) [2121393]\n- netfilter: flowtable: fix stuck flows on cleanup due to pending work (Florian Westphal) [2121393]\n- netfilter: flowtable: add function to invoke garbage collection immediately (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow binding to already bound chain (Florian Westphal) [2121393]\n- netfilter: nft_tunnel: restrict it to netdev family (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow updates of implicit chain (Florian Westphal) [2121393]\n- netfilter: nft_tproxy: restrict to prerouting hook (Florian Westphal) [2121393]\n- netfilter: ebtables: reject blobs that dont provide all entry points (Florian Westphal) [2121393]\n- netfilter: nf_tables: check NFT_SET_CONCAT flag if field_count is specified (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow NFT_SET_ELEM_CATCHALL and NFT_SET_ELEM_INTERVAL_END (Florian Westphal) [2121393]\n- netfilter: nf_tables: NFTA_SET_ELEM_KEY_END requires concat and interval flags (Florian Westphal) [2121393]\n- netfilter: nf_tables: validate NFTA_SET_ELEM_OBJREF based on NFT_SET_OBJECT flag (Florian Westphal) [2121393]\n- netfilter: nf_tables: possible module reference underflow in error path (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow NFTA_SET_ELEM_KEY_END with NFT_SET_ELEM_INTERVAL_END flag (Florian Westphal) [2121393]\n- netfilter: nf_tables: use READ_ONCE and WRITE_ONCE for shared generation id access (Florian Westphal) [2121393]\n- netfilter: nf_tables: fix null deref due to zeroed list head (Florian Westphal) [2121393]\n- netfilter: nf_tables: disallow jump to implicit chain from set element (Florian Westphal) [2121393]\n- netfilter: nfnetlink: re-enable conntrack expectation events (Florian Westphal) [2121393]\n[5.14.0-162.4.1]\n- iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2096128]\n- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2126153]\n[5.14.0-162.3.1]\n- scsi: restore setting of scmd->scsi_done() in EH and reset ioctl paths (Ewan D. Milne) [2120469]\n- x86/boot: Dont propagate uninitialized boot_params->cc_blob_address (Terry Bowman) [2124644]\n- ice: Allow operation with reduced device MSI-X (Petr Oros) [2107719]\n[5.14.0-162.2.1]\n- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [2109871]\n- drm/hyperv : Removing the restruction of VRAM allocation with PCI bar size (Vitaly Kuznetsov) [2030922]\n- drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2122068]\n[5.14.0-162.1.1]\n- drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2120670]\n- i40e: Fix kernel crash during module removal (Ivan Vecera) [2070375]\n- Revert net: macsec: update SCI upon MAC address change. (Sabrina Dubroca) [2118139]\n- redhat: enable zstream release numbering for rhel 9.1 (Patrick Talbert)\n- redhat: add missing CVE reference to latest changelog entries (Patrick Talbert)\n[5.14.0-162]\n- Revert ixgbevf: Mailbox improvements (Ken Cox) [2120548]\n- Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120548]\n- posix-cpu-timers: Cleanup CPU timers before freeing them during exec (Wander Lairson Costa) [2116968] {CVE-2022-2585}\n- fix race between exit_itimers() and /proc/pid/timers (Wander Lairson Costa) [2116968] {CVE-2022-2585}\n[5.14.0-161]\n- x86/ftrace: Use alternative RET encoding (Joe Lawrence) [2121368]\n- x86/ibt,ftrace: Make function-graph play nice (Joe Lawrence) [2121368]\n- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Joe Lawrence) [2121368]\n- x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Joe Lawrence) [2121368]\n- redhat: remove GL_DISTGIT_USER, RHDISTGIT and unify dist-git cloning (Frantisek Hrbata)\n- random: allow reseeding DRBG with getrandom (Daiki Ueno) [2114854]\n[5.14.0-160]\n- iavf: Fix VLAN_V2 addition/rejection (Ivan Vecera) [2119701]\n- gve: Recording rx queue before sending to napi (Jordan Kimbrough) [2022916]\n- gve: fix the wrong AdminQ buffer queue index check (Jordan Kimbrough) [2022916]\n- gve: Fix GFP flags when allocing pages (Jordan Kimbrough) [2022916]\n- gve: Add tx|rx-coalesce-usec for DQO (Jordan Kimbrough) [2022916]\n- gve: Add consumed counts to ethtool stats (Jordan Kimbrough) [2022916]\n- gve: Implement suspend/resume/shutdown (Jordan Kimbrough) [2022916]\n- gve: Add optional metadata descriptor type GVE_TXD_MTD (Jordan Kimbrough) [2022916]\n- gve: remove memory barrier around seqno (Jordan Kimbrough) [2022916]\n- gve: Update gve_free_queue_page_list signature (Jordan Kimbrough) [2022916]\n- gve: Move the irq db indexes out of the ntfy block struct (Jordan Kimbrough) [2022916]\n- gve: Correct order of processing device options (Jordan Kimbrough) [2022916]\n- gve: fix for null pointer dereference. (Jordan Kimbrough) [2022916]\n- gve: fix unmatched u64_stats_update_end() (Jordan Kimbrough) [2022916]\n- gve: Fix off by one in gve_tx_timeout() (Jordan Kimbrough) [2022916]\n- gve: Add a jumbo-frame device option. (Jordan Kimbrough) [2022916]\n- gve: Implement packet continuation for RX. (Jordan Kimbrough) [2022916]\n- gve: Add RX context. (Jordan Kimbrough) [2022916]\n- gve: Track RX buffer allocation failures (Jordan Kimbrough) [2022916]\n- gve: Allow pageflips on larger pages (Jordan Kimbrough) [2022916]\n- gve: Add netif_set_xps_queue call (Jordan Kimbrough) [2022916]\n- gve: Recover from queue stall due to missed IRQ (Jordan Kimbrough) [2022916]\n- gve: Do lazy cleanup in TX path (Jordan Kimbrough) [2022916]\n- gve: Add rx buffer pagecnt bias (Jordan Kimbrough) [2022916]\n- gve: Switch to use napi_complete_done (Jordan Kimbrough) [2022916]\n- gve: report 64bit tx_bytes counter from gve_handle_report_stats() (Jordan Kimbrough) [2022916]\n- gve: fix gve_get_stats() (Jordan Kimbrough) [2022916]\n- gve: Properly handle errors in gve_assign_qpl (Jordan Kimbrough) [2022916]\n- gve: Avoid freeing NULL pointer (Jordan Kimbrough) [2022916]\n- gve: Correct available tx qpl check (Jordan Kimbrough) [2022916]\n- gve: Use kvcalloc() instead of kvzalloc() (Jordan Kimbrough) [2022916]\n- gve: DQO: avoid unused variable warnings (Jordan Kimbrough) [2022916]\n- gve: fix the wrong AdminQ buffer overflow check (Jordan Kimbrough) [2022916]\n- ath9k: htc: clean up statistics macros (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679}\n- ath9k: hif_usb: simplify if-if to if-else (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679}\n- ath9k: fix use-after-free in ath9k_hif_usb_rx_cb (Jose Ignacio Tornos Martinez) [2084600] {CVE-2022-1679}\n- net: qcom/emac: Fix improper merge resolution in device_get_mac_address (Patrick Talbert) [2108539]\n- x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115086] {CVE-2022-26373}\n- x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115086] {CVE-2022-26373}\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115086]\n- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115086]\n- lkdtm: Disable return thunks in rodata.c (Waiman Long) [2115086]\n- x86/amd: Use IBPB for firmware calls (Waiman Long) [2115086]\n- x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115086]\n- x86/alternative: Report missing return thunk details (Waiman Long) [2115086]\n- nvme-fc: restart admin queue if the caller needs to restart queue (Ewan D. Milne) [2104461]\n- scsi: csiostor: Uninitialized data in csio_ln_vnp_read_cbfn() (Rahul Lakkireddy) [2109526]\n- scsi: csiostor: Use scsi_cmd_to_rq() instead of scsi_cmnd.request (Rahul Lakkireddy) [2109526]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-22T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-11-22T00:00:00", "id": "ELSA-2022-8267", "href": "http://linux.oracle.com/errata/ELSA-2022-8267.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-15T15:26:06", "description": "[4.18.0-425.3.1.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3\n- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]\n[4.18.0-425.3.1]\n- iwlwifi: limit fw version for AC9560 to avoid fw crash (Inigo Huguet) [2129297]\n- sfc: fix null pointer dereference in efx_hard_start_xmit (Inigo Huguet) [2119638]\n- sfc: fix TX channel offset when using legacy interrupts (Inigo Huguet) [2119638]\n- netfilter: conntrack: reduce timeout when receiving out-of-window fin or rst (Florian Westphal) [2047366]\n- netfilter: conntrack: remove unneeded indent level (Florian Westphal) [2047366]\n- netfilter: conntrack: ignore overly delayed tcp packets (Florian Westphal) [2047366]\n- netfilter: conntrack: prepare tcp_in_window for ternary return value (Florian Westphal) [2047366]\n- netfilter: conntrack: remove pr_debug callsites from tcp tracker (Florian Westphal) [2047366]\n- netfilter: conntrack: work around exceeded receive window (Florian Westphal) [2047366]\n- netfilter: conntrack: improve RST handling when tuple is re-used (Florian Westphal) [2047366]\n- netfilter: conntrack: avoid misleading invalid in log message (Florian Westphal) [2047366]\n- netfilter: remove BUG_ON() after skb_header_pointer() (Florian Westphal) [2047366]\n- iavf: Detach device during reset task (Petr Oros) [2069206]\n[4.18.0-425.2.1]\n- EDAC/ghes: Set the DIMM label unconditionally (Aristeu Rozanski) [2109712]\n- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2123508]\n[4.18.0-425.1.1]\n- i40e: Fix kernel crash during module removal (Ivan Vecera) [2091489]\n- redhat: enable zstream release numbering for rhel 8.7 (Jarod Wilson)\n- ice: Allow operation with reduced device MSI-X (Petr Oros) [2102844]\n[4.18.0-425]\n- EDAC/amd64: Add new register offset support and related changes (Aristeu Rozanski) [2048792]\n- EDAC/amd64: Set memory type per DIMM (Aristeu Rozanski) [2048792]\n- Revert ixgbevf: Mailbox improvements (Ken Cox) [2120545]\n- Revert ixgbevf: Add support for new mailbox communication between PF and VF (Ken Cox) [2120545]\n- drm/amdgpu: Only disable prefer_shadow on hawaii (Lyude Paul) [2118755]\n[4.18.0-424]\n- redhat: configs: add CONFIG_SERIAL_MULTI_INSTANTIATE=m for x86_64 (Jaroslav Kysela) [2005073]\n- ACPI: scan: Add CLSA0101 Laptop Support (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Add CLSA0101 Laptop (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Sort ACPI IDs by HID (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Get rid of redundant else (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Use while (i--) pattern to clean up (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Improve dev_err_probe() messaging (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Drop duplicate check (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Improve autodetection (Jaroslav Kysela) [2005073]\n- ACPI / scan: Create platform device for CS35L41 (Jaroslav Kysela) [2005073]\n- ACPI: scan: Create platform device for BCM4752 and LNV4752 ACPI nodes (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Add SPI support (Jaroslav Kysela) [2005073]\n- platform/x86: serial-multi-instantiate: Reorganize I2C functions (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Rename it for a generic serial driver name (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use the new i2c_acpi_client_count() helper (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use device_get_match_data() to get driver data (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Simplify with dev_err_probe() (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Drop redundant ACPI_PTR() (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Replace zero-length array with flexible-array member (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Fail the probe if no IRQ provided (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Derive the device name from parent (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Use struct_size() helper (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Allow to have same slaves (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Introduce IOAPIC IRQ support (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Distinguish IRQ resource type (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Count I2cSerialBus() resources (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Get rid of obsolete conditional (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Defer probe when no adapter found (Jaroslav Kysela) [2005073]\n- platform/x86: i2c-multi-instantiate: Accept errors of i2c_acpi_new_device() (Jaroslav Kysela) [2005073]\n- serdev: Fix detection of UART devices on Apple machines. (Jaroslav Kysela) [2005073]\n- serdev: Add ACPI devices by ResourceSource field (Jaroslav Kysela) [2005073]\n- spi: Return deferred probe error when controller isnt yet available (Jaroslav Kysela) [2005073]\n- spi/acpi: avoid spurious matches during slave enumeration (Jaroslav Kysela) [2005073]\n- spi: Add API to count spi acpi resources (Jaroslav Kysela) [2005073]\n- spi: Support selection of the index of the ACPI Spi Resource before alloc (Jaroslav Kysela) [2005073]\n- ACPI: Test for ACPI_SUCCESS rather than !ACPI_FAILURE (Jaroslav Kysela) [2005073]\n- spi/acpi: fix incorrect ACPI parent check (Jaroslav Kysela) [2005073]\n- spi: Create helper API to lookup ACPI info for spi device (Jaroslav Kysela) [2005073]\n- spi/acpi: enumerate all SPI slaves in the namespace (Jaroslav Kysela) [2005073]\n- spi: kill useless initializer in spi_register_controller() (Jaroslav Kysela) [2005073]\n- spi: fix ctrl->num_chipselect constraint (Jaroslav Kysela) [2005073]\n- spi: Dont call spi_get_gpio_descs() before device name is set (Jaroslav Kysela) [2005073]\n- spi: Avoid undefined behaviour when counting unused native CSs (Jaroslav Kysela) [2005073]\n- spi: Allow to have all native CSs in use along with GPIOs (Jaroslav Kysela) [2005073]\n- spi: Add missing error handling for CS GPIOs (Jaroslav Kysela) [2005073]\n- spi: export tracepoint symbols to modules (Jaroslav Kysela) [2005073]\n- spi: Fix zero length xfer bug (Jaroslav Kysela) [2005073]\n- spi: Add generic support for unused native cs with cs-gpios (Jaroslav Kysela) [2005073]\n- spi: Reduce kthread priority (Jaroslav Kysela) [2005073]\n- spi: core: Use DEVICE_ATTR_RW() for SPI slave control sysfs attribute (Jaroslav Kysela) [2005073]\n- i2c: acpi: Add an i2c_acpi_client_count() helper function (Jaroslav Kysela) [2005073]\n- s390/qeth: cache link_info for ethtool (Michal Schmidt) [2117098]\n- nfp: amend removal of MODULE_VERSION (Stefan Assmann) [1955769]\n- x86/speculation: Add LFENCE to RSB fill sequence (Waiman Long) [2115080] {CVE-2022-26373}\n- x86/speculation: Add RSB VM Exit protections (Waiman Long) [2115080] {CVE-2022-26373}\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]\n- tools headers cpufeatures: Sync with the kernel sources (Waiman Long) [2115080]\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Waiman Long) [2115080]\n- x86/bugs: Do not enable IBPB at firmware entry when IBPB is not available (Waiman Long) [2115080]\n- x86/amd: Use IBPB for firmware calls (Waiman Long) [2115080]\n- x86/bugs: Warn when ibrs mitigation is selected on Enhanced IBRS parts (Waiman Long) [2115080]\n- iavf: Fix reset error handling (Petr Oros) [2119759]\n- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2119759]\n- iavf: Fix adminq error handling (Petr Oros) [2119759]\n- iavf: Fix missing state logs (Petr Oros) [2119759]\n- ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero (Ken Cox) [1978613]\n[4.18.0-423]\n- netfilter: ipset: fix suspicious RCU usage in find_set_and_id (Florian Westphal) [2118526]\n- net/mlx5e: Update netdev features after changing XDP state (Amir Tzin) [2049440]\n- net/mlx5e: CT: Use own workqueue instead of mlx5e priv (Amir Tzin) [2049440]\n- net/mlx5e: CT: Add ct driver counters (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix cleanup of CT before cleanup of TC ct rules (Amir Tzin) [2049440]\n- net/mlx5e: Align mlx5e_cleanup_uplink_rep_tx() with upstream code. (Amir Tzin) [2049440]\n- net/mlx5e: Correct the calculation of max channels for rep (Amir Tzin) [2049440]\n- Documentation: devlink: mlx5.rst: Fix htmldoc build warning (Amir Tzin) [2049440]\n- net/mlx5: fs, fail conflicting actions (Amir Tzin) [2049440]\n- net/mlx5: Rearm the FW tracer after each tracer event (Amir Tzin) [2049440]\n- net/mlx5: correct ECE offset in query qp output (Amir Tzin) [2049440]\n- net/mlx5e: Disable softirq in mlx5e_activate_rq to avoid race condition (Amir Tzin) [2049440]\n- net/mlx5e: TC NIC mode, fix tc chains miss table (Amir Tzin) [2049440]\n- net/mlx5: Dont use already freed action pointer (Amir Tzin) [2049440]\n- net/mlx5: fix typo in comment (Amir Tzin) [2049440]\n- IB/mlx5: Fix undefined behavior due to shift overflowing the constant (Amir Tzin) [2049440]\n- net/mlx5e: Force ethertype usage in mlx5_ct_fs_smfs_fill_mask() (Amir Tzin) [2049440]\n- net/mlx5: Drain fw_reset when removing device (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix setting flow_source for smfs ct tuples (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix support for GRE tuples (Amir Tzin) [2049440]\n- net/mlx5e: Remove HW-GRO from reported features (Amir Tzin) [2049440]\n- net/mlx5e: Properly block HW GRO when XDP is enabled (Amir Tzin) [2049440]\n- net/mlx5e: Properly block LRO when XDP is enabled (Amir Tzin) [2049440]\n- net/mlx5e: Block rx-gro-hw feature in switchdev mode (Amir Tzin) [2049440]\n- net/mlx5e: Wrap mlx5e_trap_napi_poll into rcu_read_lock (Amir Tzin) [2049440]\n- net/mlx5: Initialize flow steering during driver probe (Amir Tzin) [2049440]\n- net/mlx5: Fix matching on inner TTC (Amir Tzin) [2049440]\n- net/mlx5: Avoid double clear or set of sync reset requested (Amir Tzin) [2049440]\n- net/mlx5: Fix deadlock in sync reset flow (Amir Tzin) [2049440]\n- net/mlx5e: Fix trust state reset in reload (Amir Tzin) [2049440]\n- net/mlx5e: Avoid checking offload capability in post_parse action (Amir Tzin) [2049440]\n- net/mlx5e: CT: Fix queued up restore put() executing after relevant ft release (Amir Tzin) [2049440]\n- net/mlx5e: TC, Fix ct_clear overwriting ct action metadata (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Dont skip fib events on current dst (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Fix fib_info pointer assignment (Amir Tzin) [2049440]\n- net/mlx5e: Lag, Fix use-after-free in fib event handler (Amir Tzin) [2049440]\n- net/mlx5e: Fix the calling of update_buffer_lossy() API (Amir Tzin) [2049440]\n- net/mlx5e: Dont match double-vlan packets if cvlan is not set (Amir Tzin) [2049440]\n- net/mlx5: Fix slab-out-of-bounds while reading resource dump menu (Amir Tzin) [2049440]\n- RDMA/mlx5: Add a missing update of cache->last_add (Amir Tzin) [2049440]\n- RDMA/mlx5: Dont remove cache MRs when a delay is needed (Amir Tzin) [2049440]\n- net/mlx5e: HTB, remove unused function declaration (Amir Tzin) [2049440]\n- net/mlx5e: Statify function mlx5_cmd_trigger_completions (Amir Tzin) [2049440]\n- net/mlx5: Remove unused fill page array API function (Amir Tzin) [2049440]\n- net/mlx5: Remove unused exported contiguous coherent buffer allocation API (Amir Tzin) [2049440]\n- net/mlx5: CT: Remove extra rhashtable remove on tuple entries (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove hw_ste from mlx5dr_ste to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove 4 members from mlx5dr_ste_htbl to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove num_of_entries byte_size from struct mlx5_dr_icm_chunk (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove icm_addr from mlx5dr_icm_chunk to reduce memory (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove mr_addr rkey from struct mlx5dr_icm_chunk (Amir Tzin) [2049440]\n- net/mlx5: DR, Adjust structure member to reduce memory hole (Amir Tzin) [2049440]\n- net/mlx5e: Drop cqe_bcnt32 from mlx5e_skb_from_cqe_mpwrq_linear (Amir Tzin) [2049440]\n- net/mlx5e: Drop the len output parameter from mlx5e_xdp_handle (Amir Tzin) [2049440]\n- net/mlx5e: RX, Test the XDP program existence out of the handler (Amir Tzin) [2049440]\n- net/mlx5e: Build SKB in place over the first fragment in non-linear legacy RQ (Amir Tzin) [2049440]\n- net/mlx5e: Add headroom only to the first fragment in legacy RQ (Amir Tzin) [2049440]\n- net/mlx5e: Validate MTU when building non-linear legacy RQ fragments info (Amir Tzin) [2049440]\n- net/mlx5e: MPLSoUDP encap, support action vlan pop_eth explicitly (Amir Tzin) [2049440]\n- net/mlx5e: MPLSoUDP decap, use vlan push_eth instead of pedit (Amir Tzin) [2049440]\n- RDMA/mlx5: Fix memory leak in error flow for subscribe event routine (Amir Tzin) [2049440]\n- net/mlx5e: Fix use-after-free in mlx5e_stats_grp_sw_update_stats (Amir Tzin) [2049440]\n- net/mlx5e: Remove overzealous validations in netlink EEPROM query (Amir Tzin) [2049440]\n- net/mlx5: Parse module mapping using mlx5_ifc (Amir Tzin) [2049440]\n- net/mlx5: Query the maximum MCIA register read size from firmware (Amir Tzin) [2049440]\n- net/mlx5: CT: Create smfs dr matchers dynamically (Amir Tzin) [2049440]\n- net/mlx5: CT: Add software steering ct flow steering provider (Amir Tzin) [2049440]\n- net/mlx5: Add smfs lib to export direct steering API to CT (Amir Tzin) [2049440]\n- net/mlx5: DR, Add helper to get backing dr table from a mlx5 flow table (Amir Tzin) [2049440]\n- net/mlx5: CT: Introduce a platform for multiple flow steering providers (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the doorbell pgdir (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for UAR (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the EQs (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the EQ table (Amir Tzin) [2049440]\n- net/mlx5: Node-aware allocation for the IRQ table (Amir Tzin) [2049440]\n- net/mlx5: Delete useless module.h include (Amir Tzin) [2049440]\n- net/mlx5: DR, Add support for ConnectX-7 steering (Amir Tzin) [2049440]\n- net/mlx5: DR, Refactor ste_ctx handling for STE v0/1 (Amir Tzin) [2049440]\n- net/mlx5: DR, Rename action modify fields to reflect naming in HW spec (Amir Tzin) [2049440]\n- net/mlx5: DR, Fix handling of different actions on the same STE in STEv1 (Amir Tzin) [2049440]\n- net/mlx5: DR, Remove unneeded comments (Amir Tzin) [2049440]\n- net/mlx5: DR, Add support for matching on Internet Header Length (IHL) (Amir Tzin) [2049440]\n- net/mlx5: DR, Align mlx5dv_dr API vport action with FW behavior (Amir Tzin) [2049440]\n- net/mlx5: Add debugfs counters for page commands failures (Amir Tzin) [2049440]\n- net/mlx5: Add pages debugfs (Amir Tzin) [2049440]\n- net/mlx5: Move debugfs entries to separate struct (Amir Tzin) [2049440]\n- net/mlx5: Change release_all_pages cap bit location (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant error on reclaim pages (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant error on give pages (Amir Tzin) [2049440]\n- net/mlx5: Remove redundant notify fail on give pages (Amir Tzin) [2049440]\n- net/mlx5: Add command failures data to debugfs (Amir Tzin) [2049440]\n- net/mlx5e: TC, Fix use after free in mlx5e_clone_flow_attr_for_post_act() (Amir Tzin) [2049440]\n- net/mlx5: Support GRE conntrack offload (Amir Tzin) [2049440]\n- mlx5: add support for page_pool_get_stats (Amir Tzin) [2049440]\n- net/mlx5: Add migration commands definitions (Amir Tzin) [2049440]\n- net/mlx5: Introduce migration bits and structures (Amir Tzin) [2049440]\n- net/mlx5: Expose APIs to get/put the mlx5 core device (Amir Tzin) [2049440]\n- net/mlx5: Disable SRIOV before PF removal (Amir Tzin) [2049440]\n- net/mlx5: Reuse exported virtfn index function call (Amir Tzin) [2049440]\n- net/mlx5: Add clarification on sync reset failure (Amir Tzin) [2049440]\n- net/mlx5: Add reset_state field to MFRL register (Amir Tzin) [2049440]\n- RDMA/mlx5: Use new command interface API (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Refactor error handling and reporting of async commands (Amir Tzin) [2049440]\n- net/mlx5: Use mlx5_cmd_do() in core create_{cq,dct} (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Add new api for command execution (Amir Tzin) [2049440]\n- net/mlx5: cmdif, cmd_check refactoring (Amir Tzin) [2049440]\n- net/mlx5: cmdif, Return value improvements (Amir Tzin) [2049440]\n- net/mlx5: Lag, offload active-backup drops to hardware (Amir Tzin) [2049440]\n- net/mlx5: Lag, record inactive state of bond device (Amir Tzin) [2049440]\n- net/mlx5: Lag, dont use magic numbers for ports (Amir Tzin) [2049440]\n- net/mlx5: Lag, use local variable already defined to access E-Switch (Amir Tzin) [2049440]\n- net/mlx5: E-switch, add drop rule support to ingress ACL (Amir Tzin) [2049440]\n- net/mlx5: E-switch, remove special uplink ingress ACL handling (Amir Tzin) [2049440 2049580]\n- net/mlx5: E-Switch, reserve and use same uplink metadata across ports (Amir Tzin) [2049440 2049580]\n- net/mlx5: Add ability to insert to specific flow group (Amir Tzin) [2049440]\n- mlx5: remove unused static inlines (Amir Tzin) [2049440]\n- RDMA/mlx5: Reorder calls to pcie_relaxed_ordering_enabled() (Amir Tzin) [2049440]\n- RDMA/mlx5: Store ndescs instead of the translation table size (Amir Tzin) [2049440]\n- RDMA/mlx5: Merge similar flows of allocating MR from the cache (Amir Tzin) [2049440]\n- RDMA/mlx5: Fix the flow of a miss in the allocation of a cache ODP MR (Amir Tzin) [2049440]\n- RDMA/mlx5: Remove redundant work in struct mlx5_cache_ent (Amir Tzin) [2049440]\n- net/mlx5e: TC, Allow sample action with CT (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Make post_act parse CT and sample actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Clean redundant counter flag from tc action parsers (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Use multi table support for CT and sample actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Create new flow attr for multi table actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Add post act offload/unoffload API (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Pass actions param to actions_match_supported() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Move flow hashtable to be per rep (Amir Tzin) [2049440]\n- net/mlx5e: E-Switch, Add support for tx_port_ts in switchdev mode (Amir Tzin) [2049440]\n- net/mlx5e: E-Switch, Add PTP counters for uplink representor (Amir Tzin) [2049440]\n- net/mlx5e: RX, Restrict bulk size for small Striding RQs (Amir Tzin) [2049440]\n- net/mlx5e: Default to Striding RQ when not conflicting with CQE compression (Amir Tzin) [2049440]\n- net/mlx5e: Generalize packet merge error message (Amir Tzin) [2049440]\n- net/mlx5e: Add support for using xdp->data_meta (Amir Tzin) [2049440]\n- net/mlx5e: Fix spelling mistake supoported -> supported (Amir Tzin) [2049440]\n- net/mlx5e: Optimize the common case condition in mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Optimize modulo in mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Optimize mlx5e_select_queue (Amir Tzin) [2049440]\n- net/mlx5e: Use READ_ONCE/WRITE_ONCE for DCBX trust state (Amir Tzin) [2049440]\n- net/mlx5e: Move repeating code that gets TC prio into a function (Amir Tzin) [2049440]\n- net/mlx5e: Use select queue parameters to sync with control flow (Amir Tzin) [2049440]\n- net/mlx5e: Move mlx5e_select_queue to en/selq.c (Amir Tzin) [2049440]\n- net/mlx5e: Introduce select queue parameters (Amir Tzin) [2049440]\n- net/mlx5e: Sync txq2sq updates with mlx5e_xmit for HTB queues (Amir Tzin) [2049440]\n- net/mlx5e: Use a barrier after updating txq2sq (Amir Tzin) [2049440]\n- net/mlx5e: Disable TX queues before registering the netdev (Amir Tzin) [2049440]\n- net/mlx5e: Cleanup of start/stop all queues (Amir Tzin) [2049440]\n- net/mlx5e: Use FW limitation for max MPW WQEBBs (Amir Tzin) [2049440]\n- net/mlx5e: Read max WQEBBs on the SQ from firmware (Amir Tzin) [2049440]\n- net/mlx5e: Remove unused tstamp SQ field (Amir Tzin) [2049440]\n- RDMA/mlx5: Delete useless module.h include (Amir Tzin) [2049440]\n- RDMA/mlx5: Delete get_num_static_uars function (Amir Tzin) [2049440]\n- net/mlx5: VLAN push on RX, pop on TX (Amir Tzin) [2049440 2049616]\n- net/mlx5: Introduce software defined steering capabilities (Amir Tzin) [2049440 2049616]\n- net/mlx5: Remove unused TIR modify bitmask enums (Amir Tzin) [2049440]\n- net/mlx5e: CT, Remove redundant flow args from tc ct calls (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Store mapped tunnel id on flow attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Test CT and SAMPLE on flow attr (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: Refactor eswitch attr flags to just attr flags (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: CT, Dont set flow flag CT for ct clear flow (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Hold sample_attr on stack instead of pointer (Amir Tzin) [2049440 2049580 2049659]\n- net/mlx5e: TC, Reject rules with multiple CT actions (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Refactor mlx5e_tc_add_flow_mod_hdr() to get flow attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Pass attr to tc_act can_offload() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Split pedit offloads verify from alloc_tc_pedit_action() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: TC, Move pedit_headers_action to parse_attr (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Move counter creation call to alloc_flow_attr_counter() (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Pass attr arg for attaching/detaching encaps (Amir Tzin) [2049440 2049659]\n- net/mlx5e: Move code chunk setting encap dests into its own function (Amir Tzin) [2049440 2049659]\n- net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2116328] {CVE-2022-2588}\n- netfilter: nf_tables: do not allow RULE_ID to refer to another chain (Florian Westphal) [2116356] {CVE-2022-2586}\n- netfilter: nf_tables: do not allow SET_ID to refer to another table (Florian Westphal) [2116356] {CVE-2022-2586}\n- netfilter: nf_queue: do not allow packet truncation below transport header offset (Florian Westphal) [2116159] {CVE-2022-36946}\n- net: let flow have same hash in two directions (Ivan Vecera) [2111094]\n- ipv4: Fix data-races around sysctl_fib_multipath_hash_fields. (Ivan Vecera) [2111094]\n- net: Add notifications when multipath hash field change (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash with IPv6 GRE (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash with IPv4 GRE (Ivan Vecera) [2111094]\n- selftests: forwarding: Add test for custom multipath hash (Ivan Vecera) [2111094]\n- ipv6: Add custom multipath hash policy (Ivan Vecera) [2111094]\n- ipv6: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]\n- ipv6: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]\n- ipv6: Use a more suitable label name (Ivan Vecera) [2111094]\n- ipv4: Add custom multipath hash policy (Ivan Vecera) [2111094]\n- ipv4: Add a sysctl to control multipath hash fields (Ivan Vecera) [2111094]\n- ipv4: Calculate multipath hash inside switch statement (Ivan Vecera) [2111094]\n- ipv6: Use math to point per net sysctls into the appropriate struct net (Ivan Vecera) [2111094]\n- selftest/net/forwarding: declare NETIFS p9 p10 (Ivan Vecera) [2111094]\n- ipv6: Fix sysctl max for fib_multipath_hash_policy (Ivan Vecera) [2111094]\n- selftests: forwarding: Test multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]\n- ipv6: Support multipath hashing on inner IP pkts (Ivan Vecera) [2111094]\n- ipv4: Multipath hashing on inner L3 needs to consider inner IPv6 pkts (Ivan Vecera) [2111094]\n- ipv4: Support multipath hashing on inner IP pkts for GRE tunnel (Ivan Vecera) [2111094]\n- ipv4: Initialize flowi4_multipath_hash in data path (Ivan Vecera) [2111094]\n- net: ipv4: Fix NULL pointer dereference in route lookup (Ivan Vecera) [2111094]\n- route: Add multipath_hash in flowi_common to make user-define hash (Ivan Vecera) [2111094]\n[4.18.0-422]\n- drm/nouveau/kms/nv140-: Disable interlacing (Lyude Paul) [2097647]\n- rpm: convert gcc and libelf to Recommends (Jarod Wilson) [2114900]\n- redhat: add ca7 to redhat/git/files (Jarod Wilson)", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-15T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-11-15T00:00:00", "id": "ELSA-2022-7683", "href": "http://linux.oracle.com/errata/ELSA-2022-7683.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-11-03T16:36:33", "description": "[3.10.0-1160.80.1.0.1.OL7]\n- debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}\n[3.10.0-1160.80.1.OL7]\n- Update Oracle Linux certificates (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-2.0.9\n- Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)\n[3.10.0-1160.80.1]\n- scsi: lpfc: Fix FCP I/O flush functionality for TMF routines (Dick Kennedy) [1969988]\n- scsi: lpfc: Fix illegal memory access on Abort IOCBs (Dick Kennedy) [1969988]\n- NFS: Fix extra call to dput() in nfs_prime_dcache (Benjamin Coddington) [2117856]\n[3.10.0-1160.79.1]\n- x86/speculation: Add LFENCE to RSB fill sequence (Rafael Aquini) [2115073] {CVE-2022-26373}\n- x86/speculation: Protect against userspace-userspace spectreRSB (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/speculation: cope with spectre_v2=retpoline cmdline on retbleed-affected Intel CPUs (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/speculation: Disable RRSBA behavior (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kexec: Disable RET on kexec (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpu/amd: Enumerate BTC_NO (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/common: Stamp out the stepping madness (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpu/amd: Add Spectral Chicken (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Do IBPB fallback check only once (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Add retbleed=ibpb (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Report Intel retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Enable STIBP for JMP2RET (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Add AMD retbleed= boot parameter (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/bugs: Report AMD retbleed vulnerability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Add magic AMD return-thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Use return-thunk in asm code (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/sev: Avoid using __x86_return_thunk (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: Fix SETcc emulation for return thunks (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86,objtool: Create .return_sites (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Undo return-thunk damage (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/retpoline: Use -mfunction-return (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Move RETPOLINE flags to word 11 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- objtool: Add ELF writing capability (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Prepare asm files for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86: Prepare inline-asm for straight-line-speculation (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: Fix fastop function ELF metadata (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/kvm: Move kvm_fastop_exception to .fixup section (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/vdso: Fix vDSO build if a retpoline is emitted (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Combine word 11 and 12 into a new scattered features word (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Carve out CQM features retrieval (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeatures: Re-tabulate the X86_FEATURE definitions (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpufeature: Move processor tracing out of scattered features (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n- x86/alternatives: Cleanup DPRINTK macro (Rafael Aquini) [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901}\n[3.10.0-1160.78.1]\n- net_sched: cls_route: remove from list when handle is 0 (Davide Caratti) [2121809] {CVE-2022-2588}\n[3.10.0-1160.77.1]\n- net/mlx5: Add Fast teardown support (Jay Shin) [2077711]\n- net/mlx5: Free IRQs in shutdown path (Jay Shin) [2077711]\n- net/mlx5: Change teardown with force mode failure message to warning (Jay Shin) [2077711]\n- net/mlx5: Cancel health poll before sending panic teardown command (Jay Shin) [2077711]\n- net/mlx5: Add fast unload support in shutdown flow (Jay Shin) [2077711]\n- net/mlx5: Expose command polling interface (Jay Shin) [2077711]\n- posix-timers: Remove remaining uses of tasklist_lock (Oleg Nesterov) [2115147]\n- posix-timers: Use sighand lock instead of tasklist_lock on timer deletion (Oleg Nesterov) [2115147]\n- posix-cpu-timers: remove tasklist_lock in posix_cpu_clock_get() (Oleg Nesterov) [2115147]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-11-03T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-26373", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-11-03T00:00:00", "id": "ELSA-2022-7337", "href": "http://linux.oracle.com/errata/ELSA-2022-7337.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-10-26T15:28:41", "description": "[4.18.0-372.32.1.0.1_6.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\n- debug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499}\n[4.18.0-372.32.1_6]\n- net: atlantic: remove aq_nic_deinit() when resume (Inigo Huguet) [2131936 2130839]\n- net: atlantic: remove deep parameter on suspend/resume functions (Inigo Huguet) [2131936 2130839]\n- configs: enable CONFIG_HP_ILO for aarch64 (Mark Salter) [2129923 2123508]\n- drm/nouveau: recognise GA103 (Karol Herbst) [2127122 1923125]\n- net: fix a memleak when uncloning an skb dst and its metadata (Hangbin Liu) [2131255 2068355]\n- net: do not keep the dst cache when uncloning an skb dst and its metadata (Hangbin Liu) [2131255 2068355]\n- intel_idle: Fix false positive RCU splats due to incorrect hardirqs state (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/spec_ctrl: Enable RHEL only ibrs_always & retpoline,ibrs_user spectre_v2 options (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- efi/x86: use naked RET on mixed mode call wrapper (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Remove apostrophe typo (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Use DECLARE_PER_CPU for x86_spec_ctrl_current (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Mark retbleed_strings static (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/asm/32: Fix ANNOTATE_UNRET_SAFE use on 32-bit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Disable RRSBA behavior (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kexec: Disable RET on kexec (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- redhat/configs: Add new mitigation configs for RetBleed CVEs (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retbleed: Add fine grained Kconfig knobs (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/amd: Enumerate BTC_NO (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/common: Stamp out the stepping madness (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Prevent RSB underflow before vmenter (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Fill RSB on vmexit for IBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Fix IBRS handling after vmexit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Convert launched argument to flags (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Remove x86_spec_ctrl_mask (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/amd: Add Spectral Chicken (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Do IBPB fallback check only once (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Add retbleed=ibpb (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Update Retpoline validation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- intel_idle: Disable IBRS during long idle (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Report Intel retbleed vulnerability (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Add kernel IBRS implementation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Enable STIBP for JMP2RET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Add AMD retbleed= boot parameter (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bugs: Report AMD retbleed vulnerability (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Add magic AMD return-thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Use return-thunk in asm code (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/sev: Avoid using __x86_return_thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kvm: Fix SETcc emulation for return thunks (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/bpf: Use alternative RET encoding (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use alternative RET encoding (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86,objtool: Create .return_sites (Josh Poimboeuf) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Undo return-thunk damage (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retpoline: Use -mfunction-return (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retpoline: Swizzle retpoline thunk (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/retpoline: Cleanup some #ifdefery (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpufeatures: Move RETPOLINE flags to word 11 (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kvm/vmx: Make noinstr clean (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- arch/x86/boot/compressed: Add -D__DISABLE_EXPORTS to kbuild flags (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: (Ab)use __DISABLE_EXPORTS to disable RETHUNK in real mode (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Remove skip_r11rcx (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- cpuidle,intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation/srbds: Do not try to turn mitigation off when not supported (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/text-patching: Make text_gen_insn() play nice with ANNOTATE_NOENDBR (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/module: Fix the paravirt vs alternative order (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Add straight-line-speculation mitigation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Prepare inline-asm for straight-line-speculation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Prepare asm files for straight-line-speculation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Use -mindirect-branch-cs-prefix for RETPOLINE builds (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Move RETPOLINE*_CFLAGS to arch Makefile (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/entry: Add a fence for kernel entry SWAPGS in paranoid_entry() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- Makefile: remove stale cc-option checks (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tools headers: Remove broken definition of __LITTLE_ENDIAN (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tools arch: Update arch/x86/lib/mem{cpy,set}_64.S copies used in 'perf bench mem memcpy' (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Add insn_decode_kernel() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tools/insn: Restore the relative include paths for cross building (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Use insn_decode() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/insn: Add an insn_decode() API (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/insn: Rename insn_decode() to insn_decode_from_regs() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Add new features for paravirt patching (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Support not-feature (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Merge include files (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Fix error handling for STD/CLD warnings (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Teach text_poke_bp() to emulate RET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Have ftrace trampolines turn read-only at the end of system boot up (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation: Change FILL_RETURN_BUFFER to work with objtool (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Add support for intra-function calls (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Rework allocating stack_ops on decode (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Better handle IRET (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Support multiple stack_op per instruction (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Make BP scratch register warning more robust (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kexec: Make relocate_kernel_64.S objtool clean (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Introduce validate_return() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- Makefile: disallow data races on gcc-10 as well (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Improve call destination function detection (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Implement a better poke_int3_handler() completion scheme (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- lib/: fix Kconfig indentation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Use INT3_INSN_SIZE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kprobes: Fix ordering while text-patching (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/kprobes: Convert to text-patching.h (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Shrink text_poke_loc (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Remove text_poke_loc::len (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use text_gen_insn() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternative: Add text_opcode_size() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use text_poke() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Use vmalloc special flag (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Explicitly include vmalloc.h for set_vm_flush_reset_perms() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Add and use text_gen_insn() helper (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives, jump_label: Provide better text_poke() batching interface (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/asm: Annotate relocate_kernel_{32,64}.c (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: kprobes: Prohibit probing on instruction which has emulate prefix (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86: Correct misc typos (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/speculation/mds: Apply more accurate check on hypervisor platform (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Convert insn type to enum (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Track original function across branches (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Rename elf_open() to prevent conflict with libelf from elftoolchain (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Make enable parameter bool where applicable (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/CPU/AMD: Don't force the CPB cap when running under a hypervisor (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Fix function fallthrough detection (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Detect over-sized patching bugs in paravirt_patch_call() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/amd: Exclude 32bit only assembler from 64bit build (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/asm: Mark all top level asm statements as .text (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/cpu/bugs: Use __initconst for 'const' init data (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Add Direction Flag validation (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- objtool: Rewrite add_ignores() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/nospec, objtool: Introduce ANNOTATE_IGNORE_ALTERNATIVE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Fix warning and considate ftrace_jmp_replace() and ftrace_call_replace() (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- kbuild: Disable extra debugging info in .s output (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/CPU/AMD: Set the CPB bit unconditionally on F17h (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/alternatives: Print containing function (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/ftrace: Do not call function graph from dynamic trampolines (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- ftrace: Create new ftrace_internal.h header (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- kprobes/x86: Fix instruction patching corruption when copying more than one RIP-relative instruction (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- tracing/Makefile: Fix handling redefinition of CC_FLAGS_FTRACE (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Remove unused paravirt bits (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Remove clobbers parameter from paravirt patch functions (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/paravirt: Make paravirt_patch_call() and paravirt_patch_jmp() static (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/l1tf: Fix build error seen if CONFIG_KVM_INTEL is disabled (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- ftrace: Remove unused pointer ftrace_swapper_pid (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- x86/spec_ctrl: Temporarily remove RHEL specific IBRS code (Waiman Long) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- intel_idle: enable interrupts before C1 on Xeons (Steve Best) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- KVM: nVMX: Query current VMCS when determining if MSR bitmaps are in use (Vitaly Kuznetsov) [2103167 2090229] {CVE-2022-23816 CVE-2022-29900 CVE-2022-29901 CVE-2022-23825}\n- atlantic: Fix issue in the pm resume flow. (Igor Russkikh) [2127845 2002395]\n- atlantic: Fix driver resume flow. (Igor Russkikh) [2127845 2002395]\n- net: atlantic: always deep reset on pm op, fixing up my null deref regression (Foggy Liu) [2124966 2039680]\n- net: atlantic: invert deep par in pm functions, preventing null derefs (Foggy Liu) [2124966 2039680]\n[4.18.0-372.31.1_6]\n- ice: Allow operation with reduced device MSI-X (Petr Oros) [2126482 2102844]\n- redhat: kernel depends on new linux-firmware (John Meneghini) [2120613 2044843]\n- scsi: qedi: Use QEDI_MODE_NORMAL for error handling (John Meneghini) [2119847 2101760]\n- qede: Reduce verbosity of ptp tx timestamp (John Meneghini) [2125477 2080655]\n- qede: confirm skb is allocated before using (John Meneghini) [2120611 2040267]\n- qed: fix ethtool register dump (John Meneghini) [2120611 2040267]\n- scsi: qedf: Stop using the SCSI pointer (John Meneghini) [2120613 2044843]\n- scsi: qedf: Change context reset messages to ratelimited (John Meneghini) [2120613 2044843]\n- scsi: qedf: Fix refcount issue when LOGO is received during TMF (John Meneghini) [2120613 2044843]\n- scsi: qedf: Add stag_work to all the vports (John Meneghini) [2120613 2044843]\n- scsi: qedf: Fix potential dereference of NULL pointer (John Meneghini) [2120613 2044843]\n- scsi: qedi: Remove redundant flush_workqueue() calls (John Meneghini) [2120612 2044837]\n- scsi: qedi: Fix SYSFS_FLAG_FW_SEL_BOOT formatting (John Meneghini) [2120612 2044837]\n- qed: remove unnecessary memset in qed_init_fw_funcs (John Meneghini) [2120611 2040267]\n- qed: return status of qed_iov_get_link (John Meneghini) [2120611 2040267]\n- net: qlogic: check the return value of dma_alloc_coherent() in qed_vf_hw_prepare() (John Meneghini) [2120611 2040267]\n- qed: validate and restrict untrusted VFs vlan promisc mode (John Meneghini) [2120611 2040267]\n- qed: display VF trust config (John Meneghini) [2120611 2040267]\n- qed: prevent a fw assert during device shutdown (John Meneghini) [2120611 2040267]\n- qed: use msleep() in qed_mcp_cmd() and add qed_mcp_cmd_nosleep() for udelay. (John Meneghini) [2120611 2040267]\n- qed: Use dma_set_mask_and_coherent() and simplify code (John Meneghini) [2120611 2040267]\n- qed*: esl priv flag support through ethtool (John Meneghini) [2120611 2040267]\n- qed*: enhance tx timeout debug info (John Meneghini) [2120611 2040267]\n- qede: validate non LSO skb length (John Meneghini) [2120611 2040267]\n- qed: Enhance rammod debug prints to provide pretty details (John Meneghini) [2120611 2040267]\n- net: qed: fix the array may be out of bound (John Meneghini) [2120611 2040267]\n- qed: Use the bitmap API to simplify some functions (John Meneghini) [2120611 2040267]\n- RDMA/qed: Use helper function to set GUIDs (John Meneghini) [2120611 2040267]\n- net: qed_dev: fix check of true !rc expression (John Meneghini) [2120611 2040267]\n- net: qed_ptp: fix check of true !rc expression (John Meneghini) [2120611 2040267]\n- RDMA/qedr: Remove unsupported qedr_resize_cq callback (John Meneghini) [2120611 2040267]\n- qed: Change the TCP common variable - 'iscsi_ooo' (John Meneghini) [2120611 2040267]\n- qed: Optimize the ll2 ooo flow (John Meneghini) [2120611 2040267]\n- net: qed_debug: fix check of false (grc_param < 0) expression (John Meneghini) [2120611 2040267]\n- qed: Fix missing error code in qed_slowpath_start() (John Meneghini) [2120611 2040267]\n- qed: Fix compilation for CONFIG_QED_SRIOV undefined scenario (John Meneghini) [2120611 2040267]\n- qed: Initialize debug string array (John Meneghini) [2120611 2040267]\n- qed: Fix spelling mistake 'ctx_bsaed' -> 'ctx_based' (John Meneghini) [2120611 2040267]\n- qed: fix ll2 establishment during load of RDMA driver (John Meneghini) [2120611 2040267]\n- qed: Update the TCP active termination 2 MSL timer ('TIME_WAIT') (John Meneghini) [2120611 2040267]\n- qed: Update TCP silly-window-syndrome timeout for iwarp, scsi (John Meneghini) [2120611 2040267]\n- qed: Update debug related changes (John Meneghini) [2120611 2040267]\n- qed: Add '_GTT' suffix to the IRO RAM macros (John Meneghini) [2120611 2040267]\n- qed: Update FW init functions to support FW 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Use enum as per FW 8.59.1.0 in qed_iro_hsi.h (John Meneghini) [2120611 2040267]\n- qed: Update qed_hsi.h for fw 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Update qed_mfw_hsi.h for FW ver 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Update common_hsi for FW ver 8.59.1.0 (John Meneghini) [2120611 2040267]\n- qed: Split huge qed_hsi.h header file (John Meneghini) [2120611 2040267]\n- qed: Remove e4_ and _e4 from FW HSI (John Meneghini) [2120611 2040267]\n- qed: Fix kernel-doc warnings (John Meneghini) [2120611 2040267]\n- qed: Don't ignore devlink allocation failures (John Meneghini) [2120611 2040267]\n- qed: Improve the stack space of filter_config() (John Meneghini) [2120611 2040267]\n- RDMA/qedr: Move variables reset to qedr_set_common_qp_params() (John Meneghini) [2120611 2040267]\n- RDMA/qedr: Fix reporting max_{send/recv}_wr attrs (John Meneghini) [2119122 2051524]\n[4.18.0-372.30.1_6]\n- af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register (Xin Long) [2107611 2075181] {CVE-2022-1353}\n- SUNRPC: avoid race between mod_timer() and del_timer_sync() (Benjamin Coddington) [2126184 2104507]\n- powerpc/fadump: print start of preserved area (Diego Domingos) [2107488 2075092]\n- powerpc/fadump: align destination address to pagesize (Diego Domingos) [2107488 2075092]\n- powerpc/fadump: fix PT_LOAD segment for boot memory area (Diego Domingos) [2107488 2075092]\n- drm/amdgpu: vi: disable ASPM on Intel Alder Lake based systems (Michel Danzer) [2091065 2066918]\n- drm/amd: Use amdgpu_device_should_use_aspm on navi umd pstate switching (Michel Danzer) [2091065 2066918]\n- drm/amd: Refactor amdgpu_aspm to be evaluated per device (Michel Danzer) [2091065 2066918]\n- drm/amd: Check if ASPM is enabled from PCIe subsystem (Michel Danzer) [2091065 2066918]\n[4.18.0-372.29.1_6]\n- block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern (Ewan D. Milne) [2107627 2049198] {CVE-2022-0494}\n- cpufreq: Specify default governor on command line (Prarit Bhargava) [2109996 2083766]\n- cpufreq: Fix locking issues with governors (Prarit Bhargava) [2109996 2083766]\n- cpufreq: Register governors at core_initcall (Prarit Bhargava) [2109996 2083766]\n- net_sched: cls_route: remove from list when handle is 0 (Felix Maurer) [2121817 2116328] {CVE-2022-2588}\n[4.18.0-372.28.1_6]\n- powerpc/smp: Update cpu_core_map on all PowerPc systems (Diego Domingos) [2112820 2064104]\n- iavf: Fix reset error handling (Petr Oros) [2120225 2119759]\n- iavf: Fix NULL pointer dereference in iavf_get_link_ksettings (Petr Oros) [2120225 2119759]\n- iavf: Fix adminq error handling (Petr Oros) [2120225 2119759]\n- iavf: Fix missing state logs (Petr Oros) [2120225 2119759]\n- scsi: mpt3sas: Stop fw fault watchdog work item during system shutdown (Tomas Henzl) [2111140 2106413]\n- s390/qeth: cache link_info for ethtool (Michal Schmidt) [2120197 2117098]\n- nvme: fix RCU hole that allowed for endless looping in multipath round robin (Gopal Tiwari) [2106017 2078806]\n- nvme: also mark passthrough-only namespaces ready in nvme_update_ns_info (Gopal Tiwari) [2106017 2078806]\n- nvme: fix use after free when disconnecting a reconnecting ctrl (Gopal Tiwari) [2106017 2078806]\n- nvme: only call synchronize_srcu when clearing current path (Gopal Tiwari) [2106017 2078806]\n- nvme-multipath: revalidate paths during rescan (Gopal Tiwari) [2106017 2078806]\n- scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() (Dick Kennedy) [2112103 2034425]\n[4.18.0-372.27.1_6]\n- [s390] s390/pci: add s390_iommu_aperture kernel parameter (Claudio Imbrenda) [2081324 2039181]\n- ipv6: take care of disable_policy when restoring routes (Andrea Claudi) [2109971 2103894]\n- net: openvswitch: fix parsing of nw_proto for IPv6 fragments (Eelco Chaudron) [2106703 2101537]\n- scsi: ch: Make it possible to open a ch device multiple times again (Ewan D. Milne) [2115965 2108649]\n- scsi: smartpqi: Fix DMA direction for RAID requests (Don Brace) [2112354 2101548]\n- iommu/vt-d: Calculate mask for non-aligned flushes (Jerry Snitselaar) [2111692 2072179]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.1, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.2}, "published": "2022-10-26T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-0494", "CVE-2022-1353", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-2588", "CVE-2022-29900", "CVE-2022-29901"], "modified": "2022-10-26T00:00:00", "id": "ELSA-2022-7110", "href": "http://linux.oracle.com/errata/ELSA-2022-7110.html", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:C/I:N/A:N"}}, {"lastseen": "2022-08-11T16:24:02", "description": "[3.10.0-1160.76.1.0.1.OL7]\n[debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499}\n[3.10.0-1160.76.1.OL7]\n[Update Oracle Linux certificates (Ilya Okomin)\n[Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n[Update x509.genkey [Orabug: 24817676]\n[Conflict with shim-ia32 and shim-x64 <= 15-2.0.9\n[Update oracle(kernel-sig-key) value to match new certificate (Ilya Okomin)\n[3.10.0-1160.76.1]\n[sfc: complete the next packet when we receive a timestamp (Inigo Huguet) [1793280]\n[3.10.0-1160.75.1]\n[xfs: fix up non-directory creation in SGID directories (Andrey Albershteyn) [2089360]\n[x86/speculation/mmio: Print SMT warning (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n[KVM: x86/speculation: Disable Fill buffer clear within guests (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n[x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n[x86/speculation/srbds: Update SRBDS mitigation selection (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n[x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n[cpu/speculation: Add prototype for cpu_show_srbds() (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n[x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n[x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n[x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n[x86/speculation: Add a common function for MD_CLEAR mitigation update (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n[x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n[Documentation: Add documentation for Processor MMIO Stale Data (Rafael Aquini) [2090249] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n[[s390] s390/zcrypt: use kvmalloc instead of kmalloc for 256k alloc (Mete Durlu) [2072970]\n[3.10.0-1160.74.1]\n[tracing: Fix bad use of igrab in trace_uprobe.c (Oleg Nesterov) [2096884]\n[3.10.0-1160.73.1]\n[qede: Reduce verbosity of ptp tx timestamp (Manish Chopra) [2080646]\n[RDMA/cma: Fix unbalanced cm_id reference count during address resolve (Kamal Heib) [2085425]\n[3.10.0-1160.72.1]\n[sched,perf: Fix periodic timers (Valentin Schneider) [2077346]\n[sched: debug: Remove the cfs bandwidth timer_active printout (Valentin Schneider) [2077346]\n[sched: Cleanup bandwidth timers (Valentin Schneider) [2077346]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-11T00:00:00", "type": "oraclelinux", "title": "kernel security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166"], "modified": "2022-08-11T00:00:00", "id": "ELSA-2022-5937", "href": "http://linux.oracle.com/errata/ELSA-2022-5937.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-09-14T20:13:58", "description": "[4.18.0-372.26.1.0.1_6.OL8]\n- Update Oracle Linux certificates (Kevin Lyons)\n- Disable signing for aarch64 (Ilya Okomin)\n- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]\n- Update x509.genkey [Orabug: 24817676]\n- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5\ndebug: lockdown kgdb [Orabug: 34270802] {CVE-2022-21499}\n[4.18.0-372.26.1_6]\n- drm/amd/display: Ignore First MST Sideband Message Return Error (Mika Penttila) [2109826 2089853]\n- ASoC: SOF: topology: read back control data from DSP (Jaroslav Kysela) [2117732 2065575]\n- ASoC: SOF: Drop ctrl_type parameter for snd_sof_ipc_set_get_comp_data() (Jaroslav Kysela) [2117732 2065575]\n- ASoC: SOF: control: Do not handle control notification with component type (Jaroslav Kysela) [2117732 2065575]\n- ASoC: SOF: sof-audio: Drop the cmd member from struct snd_sof_control (Jaroslav Kysela) [2117732 2065575]\n- ASoC: SOF: Drop ctrl_cmd parameter for snd_sof_ipc_set_get_comp_data() (Jaroslav Kysela) [2117732 2065575]\n- ASoC: SOF: topology: Set control_data->cmd alongside scontrol->cmd (Jaroslav Kysela) [2117732 2065575]\n- ASoC: SOF: Drop ipc_cmd parameter for snd_sof_ipc_set_get_comp_data() (Jaroslav Kysela) [2117732 2065575]\n- ASoC: SOF: ipc: Rename send parameter in snd_sof_ipc_set_get_comp_data() (Jaroslav Kysela) [2117732 2065575]\n- cgroup: Use css_tryget() instead of css_tryget_online() in task_get_css() (Vratislav Bendel) [2120776 2111491]\n- platform/x86/intel: Fix 'rmmod pmt_telemetry' panic (Prarit Bhargava) [2091079 2080426]\n- KVM: x86/mmu: make apf token non-zero to fix bug (Vitaly Kuznetsov) [2105340 2096201]\n- dommu/vt-d: Make DMAR_UNITS_SUPPORTED a config setting (Jerry Snitselaar) [2112983 2095498]\n[4.18.0-372.25.1_6]\n- redhat: add missing ybz numbers to changelog (Augusto Caringi)\n- block: limit request dispatch loop duration (Ming Lei) [2110772 2005082]\n- NLM: Defend against file_lock changes after vfs_test_lock() (Benjamin Coddington) [2102099 2094884]\n- x86/speculation/mmio: Print SMT warning (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- KVM: x86/speculation: Disable Fill buffer clear within guests (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- x86/speculation/srbds: Update SRBDS mitigation selection (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- x86/speculation: Add a common function for MD_CLEAR mitigation update (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- Documentation: Add documentation for Processor MMIO Stale Data (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- x86/tsx: Disable TSX development mode at boot (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- x86/tsx: Clear CPUID bits when TSX always force aborts (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- cpu/speculation: Add prototype for cpu_show_srbds() (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- x86/cpu: Move arch_smt_update() to a neutral place (Waiman Long) [2110388 2090252] {CVE-2022-21123 CVE-2022-21125 CVE-2022-21166}\n- ice: Ignore error message when setting same promiscuous mode (Petr Oros) [2118580 2100683]\n- ice: Fix clearing of promisc mode with bridge over bond (Petr Oros) [2118580 2100683]\n- ice: Ignore EEXIST when setting promisc mode (Petr Oros) [2118580 2100683]\n- ice: Fix double VLAN error when entering promisc mode (Petr Oros) [2118580 2100683]\n- ice: Fix promiscuous mode not turning off (Petr Oros) [2117026 2088787]\n- ice: Introduce enabling promiscuous mode on multiple VF's (Petr Oros) [2117026 2088787]\n- ice: do not setup vlan for loopback VSI (Petr Oros) [2118582 2103845]\n- ice: check (DD | EOF) bits on Rx descriptor rather than (EOP | RS) (Petr Oros) [2118582 2103845]\n- ice: Fix max VLANs available for VF (Petr Oros) [2118581 2112298]\n- ice: change devlink code to read NVM in blocks (Petr Oros) [2118583 2093904]\n- ice: Fix memory corruption in VF driver (Petr Oros) [2102359 2037937]\n- ice: Fix queue config fail handling (Petr Oros) [2102359 2037937]\n- ice: Sync VLAN filtering features for DVM (Petr Oros) [2102359 2037937]\n- ice: Fix PTP TX timestamp offset calculation (Petr Oros) [2102359 2037937]\n- ice: Fix interrupt moderation settings getting cleared (Petr Oros) [2102359 2037937]\n- ice: fix possible under reporting of ethtool Tx and Rx statistics (Petr Oros) [2102359 2037937]\n- ice: allow creating VFs for !CONFIG_NET_SWITCHDEV (Petr Oros) [2102359 2037937]\n- ice: add trace events for tx timestamps (Petr Oros) [2102359 2037937]\n- ice: fix return value check in ice_gnss.c (Petr Oros) [2102359 2037937]\n- ice: remove PF pointer from ice_check_vf_init (Petr Oros) [2102359 2037937]\n- ice: introduce ice_virtchnl.c and ice_virtchnl.h (Petr Oros) [2102359 2037937]\n- ice: cleanup long lines in ice_sriov.c (Petr Oros) [2102359 2037937]\n- ice: introduce ICE_VF_RESET_LOCK flag (Petr Oros) [2102359 2037937]\n- ice: introduce ICE_VF_RESET_NOTIFY flag (Petr Oros) [2102359 2037937]\n- ice: convert ice_reset_vf to take flags (Petr Oros) [2102359 2037937]\n- ice: convert ice_reset_vf to standard error codes (Petr Oros) [2102359 2037937]\n- ice: make ice_reset_all_vfs void (Petr Oros) [2102359 2037937]\n- ice: drop is_vflr parameter from ice_reset_all_vfs (Petr Oros) [2102359 2037937]\n- ice: move reset functionality into ice_vf_lib.c (Petr Oros) [2102359 2037937]\n- ice: fix a long line warning in ice_reset_vf (Petr Oros) [2102359 2037937]\n- ice: introduce VF operations structure for reset flows (Petr Oros) [2102359 2037937]\n- ice: fix incorrect dev_dbg print mistaking 'i' for vf->vf_id (Petr Oros) [2102359 2037937]\n- ice: introduce ice_vf_lib.c, ice_vf_lib.h, and ice_vf_lib_private.h (Petr Oros) [2102359 2037937]\n- ice: use ice_is_vf_trusted helper function (Petr Oros) [2102359 2037937]\n- ice: log an error message when eswitch fails to configure (Petr Oros) [2102359 2037937]\n- ice: cleanup error logging for ice_ena_vfs (Petr Oros) [2102359 2037937]\n- ice: move ice_set_vf_port_vlan near other .ndo ops (Petr Oros) [2102359 2037937]\n- ice: refactor spoofchk control code in ice_sriov.c (Petr Oros) [2102359 2037937]\n- ice: rename ICE_MAX_VF_COUNT to avoid confusion (Petr Oros) [2102359 2037937]\n- ice: remove unused definitions from ice_sriov.h (Petr Oros) [2102359 2037937]\n- ice: convert vf->vc_ops to a const pointer (Petr Oros) [2102359 2037937]\n- ice: remove circular header dependencies on ice.h (Petr Oros) [2102359 2037937]\n- ice: rename ice_virtchnl_pf.c to ice_sriov.c (Petr Oros) [2102359 2037937]\n- ice: rename ice_sriov.c to ice_vf_mbx.c (Petr Oros) [2102359 2037937]\n- ice: Fix FV offset searching (Petr Oros) [2102359 2037937]\n- ice: Add support for outer dest MAC for ADQ tunnels (Petr Oros) [2102359 2037937]\n- ice: avoid XDP checks in ice_clean_tx_irq() (Petr Oros) [2102359 2037937]\n- ice: change 'can't set link' message to dbg level (Petr Oros) [2102359 2037937]\n- ice: Add slow path offload stats on port representor in switchdev (Petr Oros) [2102359 2037937]\n- ice: Add support for inner etype in switchdev (Petr Oros) [2102359 2037937]\n- ice: convert VF storage to hash table with krefs and RCU (Petr Oros) [2102359 2037937]\n- ice: introduce VF accessor functions (Petr Oros) [2102359 2037937]\n- ice: factor VF variables to separate structure (Petr Oros) [2102359 2037937]\n- ice: convert ice_for_each_vf to include VF entry iterator (Petr Oros) [2102359 2037937]\n- ice: use ice_for_each_vf for iteration during removal (Petr Oros) [2102359 2037937]\n- ice: remove checks in ice_vc_send_msg_to_vf (Petr Oros) [2102359 2037937]\n- ice: move VFLR acknowledge during ice_free_vfs (Petr Oros) [2102359 2037937]\n- ice: move clear_malvf call in ice_free_vfs (Petr Oros) [2102359 2037937]\n- ice: pass num_vfs to ice_set_per_vf_res() (Petr Oros) [2102359 2037937]\n- ice: store VF pointer instead of VF ID (Petr Oros) [2102359 2037937]\n- ice: refactor unwind cleanup in eswitch mode (Petr Oros) [2102359 2037937]\n- ice: add TTY for GNSS module for E810T device (Petr Oros) [2102359 2037937]\n- ice: Simplify tracking status of RDMA support (Petr Oros) [2102359 2037937]\n- ice: Add ability for PF admin to enable VF VLAN pruning (Petr Oros) [2102359 2037937]\n- ice: Add support for 802.1ad port VLANs VF (Petr Oros) [2102359 2037937]\n- ice: Advertise 802.1ad VLAN filtering and offloads for PF netdev (Petr Oros) [2102359 2037937]\n- ice: Support configuring the device to Double VLAN Mode (Petr Oros) [2102359 2037937]\n- ice: Add support for VIRTCHNL_VF_OFFLOAD_VLAN_V2 (Petr Oros) [2102359 2037937]\n- ice: Add hot path support for 802.1Q and 802.1ad VLAN offloads (Petr Oros) [2102359 2037937]\n- ice: Add outer_vlan_ops and VSI specific VLAN ops implementations (Petr Oros) [2102359 2037937]\n- ice: Adjust naming for inner VLAN operations (Petr Oros) [2102359 2037937]\n- ice: Use the proto argument for VLAN ops (Petr Oros) [2102359 2037937]\n- ice: Refactor vf->port_vlan_info to use ice_vlan (Petr Oros) [2102359 2037937]\n- ice: Introduce ice_vlan struct (Petr Oros) [2102359 2037937]\n- ice: Add new VSI VLAN ops (Petr Oros) [2102359 2037937]\n- ice: Add helper function for adding VLAN 0 (Petr Oros) [2102359 2037937]\n- ice: Refactor spoofcheck configuration functions (Petr Oros) [2102359 2037937]\n- Revert 'ice: Allow to pass VLAN tagged packets to VF when port VLAN is configured' (Petr Oros) [2102359 2037937]\n- Revert 'ice: Do not enable VLAN pruning when spoofchk is enabled' (Petr Oros) [2102359 2037937]\n- ice: Remove likely for napi_complete_done (Petr Oros) [2102359 2037937]\n- ice: add support for DSCP QoS for IDC (Petr Oros) [2102359 2037937]\n- ice: respect metadata on XSK Rx to skb (Petr Oros) [2102359 2037937]\n- ice: don't reserve excessive XDP_PACKET_HEADROOM on XSK Rx to skb (Petr Oros) [2102359 2037937]\n- ice: respect metadata in legacy-rx/ice_construct_skb() (Petr Oros) [2102359 2037937]\n- ice: Fix broken IFF_ALLMULTI handling (Petr Oros) [2102359 2037937]\n- iavf: Fix VLAN_V2 addition/rejection (Petr Oros) [2118707 2115618]\n- iavf: Fix deadlock in initialization (Petr Oros) [2118705 2054656]\n- scsi: qla2xxx: Fix erroneous mailbox timeout after PCI error injection (Nilesh Javali) [2110768 2044160]\n- sched/deadline: Fix BUG_ON condition for deboosted tasks (Phil Auld) [2117410 2111860]\n[4.18.0-372.24.1_6]\n- powerpc/64: Move paca allocation later in boot (Desnes A. Nunes do Rosario) [2092241 2016335]\n- powerpc/prom: fix early DEBUG messages (Desnes A. Nunes do Rosario) [2092241 2016335]\n- powerpc: Set crashkernel offset to mid of RMA region (Desnes A. Nunes do Rosario) [2092241 2016335]\n- hv_balloon: rate-limit 'Unhandled message' warning (Vitaly Kuznetsov) [2117050 2087270]\n- powerpc: Enable execve syscall exit tracepoint (Steve Best) [2106662 2095521]\n- ice: Fix VSIs unable to share unicast MAC (Petr Oros) [2111936 2080033]\n[4.18.0-372.23.1_6]\n- drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist (Phil Auld) [2112030 2089715]\n- iavf: Fix issue with MAC address of VF shown as zero (Petr Oros) [2102360 2037938]\n- iavf: Remove non-inclusive language (Petr Oros) [2102360 2037938]\n- iavf: Fix incorrect use of assigning iavf_status to int (Petr Oros) [2102360 2037938]\n- iavf: stop leaking iavf_status as 'errno' values (Petr Oros) [2102360 2037938]\n- iavf: Add usage of new virtchnl format to set default MAC (Petr Oros) [2102360 2037938]\n- iavf: refactor processing of VLAN V2 capability message (Petr Oros) [2102360 2037938]\n- iavf: Add support for 50G/100G in AIM algorithm (Petr Oros) [2102360 2037938]\n- iavf: remove redundant ret variable (Petr Oros) [2102360 2037938]\n- iavf: Remove useless DMA-32 fallback configuration (Petr Oros) [2102360 2037938]\n- pidfd: fix a poll race when setting exit_state (Oleg Nesterov) [2107643 2044587]\n- fork: fix pidfd_poll()'s return type (Oleg Nesterov) [2107643 2044587]\n- pidfd: add polling support (Oleg Nesterov) [2107643 2044587]\n- kabi: introduce the kabi_aux_*() helpers (Oleg Nesterov) [2107643 2044587]\n[4.18.0-372.22.1_6]\n- mm/memcg: Free percpu stats memory of dying memcg's (Waiman Long) [2110039 2004037]\n[4.18.0-372.21.1_6]\n- KVM: x86/mmu: Don't advance iterator after restart due to yielding (Nico Pache) [2081013 2058907]\n- RHEL-only: KVM: selftests: Fix AArch64 compilation (Paul Lai) [2107655 2071997]\n- x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave) (Paul Lai) [2107652 2092066]\n- KVM: x86: Use ERR_PTR_USR() to return -EFAULT as a __user pointer (Paul Lai) [2088288 2074679]\n- KVM: x86: add system attribute to retrieve full set of supported xsave states (Paul Lai) [2088288 2074679]\n- KVM: x86: Add a helper to retrieve userspace address from kvm_device_attr (Paul Lai) [2088288 2074679]\n- tools: arch: x86: pull in pvclock headers (Paul Lai) [2088288 2074679]\n- KVM: x86: Expose TSC offset controls to userspace (Paul Lai) [2088288 2074679]\n- KVM: x86: Refactor tsc synchronization code (Paul Lai) [2088288 2074679]\n- selftests: kvm: move vm_xsave_req_perm call to amx_test (Paul Lai) [2088288 2074679]\n- RHEL-only: KVM: selftests: Remove unused modes (Andrew Jones) [2107655 2071997]\n- tools headers UAPI: Sync linux/kvm.h with the kernel sources (Paul Lai) [2088287 1918929]\n- kvm: selftests: sync uapi/linux/kvm.h with Linux header (Paul Lai) [2088287 1918929]\n- kvm: selftests: conditionally build vm_xsave_req_perm() (Paul Lai) [2088287 1918929]\n- x86/kvm/fpu: Remove kvm_vcpu_arch.guest_supported_xcr0 (Paul Lai) [2088287 1918929]\n- x86/kvm/fpu: Limit guest user_xfeatures to supported bits of XCR0 (Paul Lai) [2088287 1918929]\n- KVM: x86/cpuid: Exclude unpermitted xfeatures sizes at KVM_GET_SUPPORTED_CPUID (Paul Lai) [2088287 1918929]\n- KVM: x86: Move CPUID.(EAX=0x12,ECX=1) mangling to __kvm_update_cpuid_runtime() (Paul Lai) [2088287 1918929]\n- KVM: x86/cpuid: Clear XFD for component i if the base feature is missing (Paul Lai) [2088287 1918929]\n- KVM: x86: Do runtime CPUID update before updating vcpu->arch.cpuid_entries (Paul Lai) [2088287 1918929]\n- x86/fpu: Fix inline prefix warnings (Paul Lai) [2088287 1918929]\n- selftest: kvm: Add amx selftest (Paul Lai) [2088287 1918929]\n- selftest: kvm: Move struct kvm_x86_state to header (Paul Lai) [2088287 1918929]\n- selftest: kvm: Reorder vcpu_load_state steps for AMX (Paul Lai) [2088287 1918929]\n- kvm: x86: Disable interception for IA32_XFD on demand (Paul Lai) [2088287 1918929]\n- x86/fpu: Provide fpu_sync_guest_vmexit_xfd_state() (Paul Lai) [2088287 1918929]\n- kvm: selftests: Add support for KVM_CAP_XSAVE2 (Paul Lai) [2088287 1918929]\n- kvm: x86: Add support for getting/setting expanded xstate buffer (Paul Lai) [2088287 1918929]\n- x86/fpu: Add uabi_size to guest_fpu (Paul Lai) [2088287 1918929]\n- kvm: x86: Add CPUID support for Intel AMX (Paul Lai) [2088287 1918929]\n- kvm: x86: Add XCR0 support for Intel AMX (Paul Lai) [2088287 1918929]\n- kvm: x86: Disable RDMSR interception of IA32_XFD_ERR (Paul Lai) [2088287 1918929]\n- kvm: x86: Emulate IA32_XFD_ERR for guest (Paul Lai) [2088287 1918929]\n- kvm: x86: Intercept #NM for saving IA32_XFD_ERR (Paul Lai) [2088287 1918929]\n- x86/fpu: Prepare xfd_err in struct fpu_guest (Paul Lai) [2088287 1918929]\n- kvm: x86: Add emulation for IA32_XFD (Paul Lai) [2088287 1918929]\n- x86/fpu: Provide fpu_update_guest_xfd() for IA32_XFD emulation (Paul Lai) [2088287 1918929]\n- kvm: x86: Enable dynamic xfeatures at KVM_SET_CPUID2 (Paul Lai) [2088287 1918929]\n- x86/fpu: Provide fpu_enable_guest_xfd_features() for KVM (Paul Lai) [2088287 1918929]\n- x86/fpu: Add guest support to xfd_enable_feature() (Paul Lai) [2088287 1918929]\n- x86/fpu: Make XFD initialization in __fpstate_reset() a function argument (Paul Lai) [2088287 1918929]\n- kvm: x86: Exclude unpermitted xfeatures at KVM_GET_SUPPORTED_CPUID (Paul Lai) [2088287 1918929]\n- kvm: x86: Fix xstate_required_size() to follow XSTATE alignment rule (Paul Lai) [2088287 1918929]\n- x86/fpu: Prepare guest FPU for dynamically enabled FPU features (Paul Lai) [2088287 1918929]\n- x86/fpu: Extend fpu_xstate_prctl() with guest permissions (Paul Lai) [2088287 1918929]\n- kvm: selftests: move ucall declarations into ucall_common.h (Paul Lai) [2088287 1918929]\n- kvm: selftests: move base kvm_util.h declarations to kvm_util_base.h (Paul Lai) [2088287 1918929]\n- cpuid: kvm_find_kvm_cpuid_features() should be declared 'static' (Paul Lai) [2088287 1918929]\n- KVM: x86: Make sure KVM_CPUID_FEATURES really are KVM_CPUID_FEATURES (Paul Lai) [2088287 1918929]\n- KVM: x86: Add helper to consolidate core logic of SET_CPUID{2} flows (Paul Lai) [2088287 1918929]\n- tools arch x86: Sync the msr-index.h copy with the kernel sources (Andrew Jones) [2107655 2071997]\n[4.18.0-372.20.1_6]\n- powerpc/pseries: Fix use after free in remove_phb_dynamic() (Steve Best) [2081250 2073707]\n- mt76: mt7921: Fix the error handling path of mt7921_pci_probe() (Inigo Huguet) [2101684 2096758]\n- mt76: mt7921e: fix possible probe failure after reboot (Inigo Huguet) [2095654 2078877]\n- x86/apic/vector: Fix ordering in vector assignment (Frank Ramsay) [2084646 2076607]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-09-14T00:00:00", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166"], "modified": "2022-09-14T00:00:00", "id": "ELSA-2022-6460", "href": "http://linux.oracle.com/errata/ELSA-2022-6460.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-25T00:02:09", "description": "[4.14.35-2047.514.5.el7]\n- x86/speculation/mmio: Fix late microcode loading (Patrick Colp) [Orabug:\n 34275786]\n[4.14.35-2047.514.4.el7]\n- Add debugfs for controlling MMIO state data (Kanth Ghatraju) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation: Fix redundant MDS mitigation message (Waiman Long) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-15T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166"], "modified": "2022-06-15T00:00:00", "id": "ELSA-2022-9482", "href": "http://linux.oracle.com/errata/ELSA-2022-9482.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-25T00:01:57", "description": "[2:2.1-73.13.0.3]\n- update 06-55-04 to 0x2006d05\n- update 06-55-07 to 0x5003302\n- update 06-6a-04 to 0xb000280\n- update 06-6a-06 to 0xd000375\n[2:2.1-73.13.0.2]\n- roll back 06-6a-06 to 0xd0002a0 due to PCIe issues on reset [Orabug: 34076312]\n[2:2.1-73.13.0.1]\n- for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727]\n- set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618736]\n- ensure late loading fixes are present on 4.1.12-* and 4.14.35-*\n- enable early and late load for 5.4.17-*\n- enable early loading for 06-4f-01 caveat\n- remove no longer appropriate caveats for 06-2d-07 and 06-55-04", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-15T00:00:00", "type": "oraclelinux", "title": "microcode_ctl security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166"], "modified": "2022-06-15T00:00:00", "id": "ELSA-2022-9485", "href": "http://linux.oracle.com/errata/ELSA-2022-9485.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-01T22:15:23", "description": "[3:1.17-33.31.0.3]\n- update 06-55-04 to 0x2006d05\n- update 06-55-07 to 0x5003302\n- update 06-6a-04 to 0xb000280\n- update 06-6a-06 to 0xd000375\n[3:1.17-33.31.0.2]\n- update Intel microcode bundle to 20210608\n[3:1.17-33.31.0.1]\n- recognize the 'force-intel' file path available on EL7+ [orabug 31655792]\n- disable live load during %post due to UEK4 rendezvous timeouts [orabug 31655792]\n- merge Oracle changes for early load via dracut\n- remove no longer appropriate caveats for 06-2d-07 and 06-55-04\n- remove other caveat support to be compatible with early load logic\n- enable late load on install for UEK4 kernels marked safe (except BDW-79)\n- set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618737]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-01T00:00:00", "type": "oraclelinux", "title": "microcode_ctl security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166"], "modified": "2022-08-01T00:00:00", "id": "ELSA-2022-9670", "href": "http://linux.oracle.com/errata/ELSA-2022-9670.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-25T00:01:58", "description": "[4:20220207-1.0.4]\n- ensure UEK also rebuilds initramfs [Orabug: 34280058]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-23T00:00:00", "type": "oraclelinux", "title": "microcode_ctl security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166"], "modified": "2022-06-23T00:00:00", "id": "ELSA-2022-9508", "href": "http://linux.oracle.com/errata/ELSA-2022-9508.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-25T00:02:08", "description": "[2:2.1-73.13.0.5]\n- ensure UEK also rebuilds initramfs [Orabug: 34280052]\n[2:2.1-73.13.0.3]\n- update 06-55-04 to 0x2006d05\n- update 06-55-07 to 0x5003302\n- update 06-6a-04 to 0xb000280\n- update 06-6a-06 to 0xd000375\n[2:2.1-73.13.0.2]\n- roll back 06-6a-06 to 0xd0002a0 due to PCIe issues on reset [Orabug: 34076312]\n[2:2.1-73.13.0.1]\n- for Intel, do not trigger load if on-disk microcode is not an update [Orabug: 30634727]\n- set early_microcode='no' in virtualized guests to avoid early load bugs [Orabug: 30618736]\n- ensure late loading fixes are present on 4.1.12-* and 4.14.35-*\n- enable early and late load for 5.4.17-*\n- enable early loading for 06-4f-01 caveat\n- remove no longer appropriate caveats for 06-2d-07 and 06-55-04", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-23T00:00:00", "type": "oraclelinux", "title": "microcode_ctl security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166"], "modified": "2022-06-23T00:00:00", "id": "ELSA-2022-9507", "href": "http://linux.oracle.com/errata/ELSA-2022-9507.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-25T00:02:11", "description": "[5.4.17-2136.308.9]\n- x86/speculation/mmio: Fix late microcode loading (Patrick Colp) [Orabug:\n 34276099]\n[5.4.17-2136.308.8]\n- Add debugfs for controlling MMIO state data (Kanth Ghatraju) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166"], "modified": "2022-06-14T00:00:00", "id": "ELSA-2022-9486", "href": "http://linux.oracle.com/errata/ELSA-2022-9486.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-25T00:02:06", "description": "[4.14.35-2047.514.5]\n- x86/speculation/mmio: Fix late microcode loading (Patrick Colp) [Orabug: 34275786]\n[4.14.35-2047.514.4]\n- Add debugfs for controlling MMIO state data (Kanth Ghatraju) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}\n- x86/speculation: Fix redundant MDS mitigation message (Waiman Long) [Orabug: 34202260] {CVE-2022-21123} {CVE-2022-21125} {CVE-2022-21127} {CVE-2022-21166}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166"], "modified": "2022-06-14T00:00:00", "id": "ELSA-2022-9483", "href": "http://linux.oracle.com/errata/ELSA-2022-9483.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-06-25T00:02:05", "description": "[5.4.17-2136.308.9]\n- x86/speculation/mmio: Fix late microcode loading (Patrick Colp) [Orabug: 34276099]\n[5.4.17-2136.308.8]\n- Add debugfs for controlling MMIO state data (Kanth Ghatraju) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- KVM: x86/speculation: Disable Fill buffer clear within guests (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Reuse SRBDS mitigation for SBDS (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/srbds: Update SRBDS mitigation selection (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Add sysfs reporting for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Enable CPU Fill buffer clearing on idle (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/bugs: Group MDS, TAA & Processor MMIO Stale Data mitigations (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation: Add a common function for MD_CLEAR mitigation update (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- x86/speculation/mmio: Enumerate Processor MMIO Stale Data bug (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}\n- Documentation: Add documentation for Processor MMIO Stale Data (Pawan Gupta) [Orabug: 34202259] {CVE-2022-21123} {CVE-2022-21127} {CVE-2022-21125} {CVE-2022-21166}", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166"], "modified": "2022-06-14T00:00:00", "id": "ELSA-2022-9481", "href": "http://linux.oracle.com/errata/ELSA-2022-9481.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-12T18:39:54", "description": "[4:20220207-1.0.3]\n- update 06-55-04 to 0x2006d05\n- update 06-55-07 to 0x5003302\n- update 06-6a-04 to 0xb000280\n- update 06-6a-06 to 0xd000375\n[4:20220207-1.0.2]\n- roll back 06-6a-06 to 0xd0002a0 due to PCIe issues on reset [Orabug: 34076995]\n[4:20220207-1.0.1]\n- add support for UEK6 and UEK7 kernels\n- enable early update for 06-4f-01\n- remove no longer appropriate caveats for 06-2d-07 and 06-55-04\n- enable early and late load on RHCK\n[4:20220207-1]\n- Update Intel CPU microcode to microcode-20220207 release:\n - Fixes in releasenote.md file.\n[4:20220204-1]\n- Update Intel CPU microcode to microcode-20220204 release, addresses\n CVE-2021-0127, CVE-2021-0145, and CVE-2021-33120 (#1971906, #2049543,\n - Removal of 06-86-04/0x01 (SNR B0) microcode at revision 0xb00000f;\n - Removal of 06-86-05/0x01 (SNR B1) microcode (in intel-ucode/06-86-04)\n at revision 0xb00000f;\n - Removal of 06-86-04/0x01 (SNR B0) microcode (in intel-ucode/06-86-05)\n at revision 0xb00000f;\n - Removal of 06-86-05/0x01 (SNR B1) microcode at revision 0xb00000f;\n - Update of 06-4e-03/0xc0 (SKL-U/U 2+3e/Y D0/K1) microcode (in\n intel-06-4e-03/intel-ucode/06-4e-03) from revision 0xea up to 0xec;\n - Update of 06-4f-01/0xef (BDX-E/EP/EX/ML B0/M0/R0) microcode (in\n intel-06-4f-01/intel-ucode/06-4f-01) from revision 0xb00003e up\n to 0xb000040;\n - Update of 06-55-04/0xb7 (SKX-D/SP/W/X H0/M0/M1/U0) microcode (in\n intel-06-55-04/intel-ucode/06-55-04) from revision 0x2006b06 up\n to 0x2006c0a;\n - Update of 06-5e-03/0x36 (SKL-H/S/Xeon E3 N0/R0/S0) microcode (in\n intel-06-5e-03/intel-ucode/06-5e-03) from revision 0xea up to 0xec;\n - Update of 06-8c-01/0x80 (TGL-UP3/UP4 B1) microcode (in\n intel-06-8c-01/intel-ucode/06-8c-01) from revision 0x88 up to 0x9a;\n - Update of 06-8e-09/0x10 (AML-Y 2+2 H0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xea up\n to 0xec;\n - Update of 06-8e-09/0xc0 (KBL-U/U 2+3e/Y H0/J1) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-09) from revision 0xea up\n to 0xec;\n - Update of 06-8e-0a/0xc0 (CFL-U 4+3e D0, KBL-R Y0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0a) from revision 0xea up\n to 0xec;\n - Update of 06-8e-0b/0xd0 (WHL-U W0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0b) from revision 0xea up\n to 0xec;\n - Update of 06-8e-0c/0x94 (AML-Y 4+2 V0, CML-U 4+2 V0, WHL-U V0)\n microcode (in intel-06-8e-9e-0x-dell/intel-ucode/06-8e-0c) from\n revision 0xea up to 0xec;\n - Update of 06-9e-09/0x2a (KBL-G/H/S/X/Xeon E3 B0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-09) from revision 0xea up\n to 0xec;\n - Update of 06-9e-0a/0x22 (CFL-H/S/Xeon E U0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0a) from revision 0xea up\n to 0xec;\n - Update of 06-9e-0b/0x02 (CFL-E/H/S B0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0b) from revision 0xea up\n to 0xec;\n - Update of 06-9e-0c/0x22 (CFL-H/S/Xeon E P0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0c) from revision 0xea up\n to 0xec;\n - Update of 06-9e-0d/0x22 (CFL-H/S/Xeon E R0) microcode (in\n intel-06-8e-9e-0x-dell/intel-ucode/06-9e-0d) from revision 0xea up\n to 0xec;\n - Update of 06-3f-02/0x6f (HSX-E/EN/EP/EP 4S C0/C1/M1/R2) microcode\n from revision 0x46 up to 0x49;\n - Update of 06-3f-04/0x80 (HSX-EX E0) microcode from revision 0x19 up\n to 0x1a;\n - Update of 06-55-03/0x97 (SKX-SP B1) microcode from revision 0x100015b\n up to 0x100015c;\n - Update of 06-55-06/0xbf (CLX-SP B0) microcode from revision 0x4003102\n up to 0x400320a;\n - Update of 06-55-07/0xbf (CLX-SP/W/X B1/L1) microcode from revision\n 0x5003102 up to 0x500320a;\n - Update of 06-55-0b/0xbf (CPX-SP A1) microcode from revision 0x7002302\n up to 0x7002402;\n - Update of 06-56-03/0x10 (BDX-DE V2/V3) microcode from revision\n 0x700001b up to 0x700001c;\n - Update of 06-56-04/0x10 (BDX-DE Y0) microcode from revision 0xf000019\n up to 0xf00001a;\n - Update of 06-56-05/0x10 (BDX-NS A0/A1, HWL A1) microcode from revision\n 0xe000012 up to 0xe000014;\n - Update of 06-5c-09/0x03 (APL D0) microcode from revision 0x44 up\n to 0x46;\n - Update of 06-5c-0a/0x03 (APL B1/F1) microcode from revision 0x20 up\n to 0x24;\n - Update of 06-5f-01/0x01 (DNV B0) microcode from revision 0x34 up\n to 0x36;\n - Update of 06-6a-06/0x87 (ICX-SP D0) microcode from revision 0xd0002a0\n up to 0xd000331;\n - Update of 06-7a-01/0x01 (GLK B0) microcode from revision 0x36 up\n to 0x38;\n - Update of 06-7a-08/0x01 (GLK-R R0) microcode from revision 0x1a up\n to 0x1c;\n - Update of 06-7e-05/0x80 (ICL-U/Y D1) microcode from revision 0xa6\n up to 0xa8;\n - Update of 06-8a-01/0x10 (LKF B2/B3) microcode from revision 0x2a up\n to 0x2d;\n - Update of 06-8c-02/0xc2 (TGL-R C0) microcode from revision 0x16 up\n to 0x22;\n - Update of 06-8d-01/0xc2 (TGL-H R0) microcode from revision 0x2c up\n to 0x3c;\n - Update of 06-96-01/0x01 (EHL B1) microcode from revision 0x11 up\n to 0x15;\n - Update of 06-9c-00/0x01 (JSL A0/A1) microcode from revision 0x1d up\n to 0x2400001f;\n - Update of 06-a5-02/0x20 (CML-H R1) microcode from revision 0xea up\n to 0xec;\n - Update of 06-a5-03/0x22 (CML-S 6+2 G1) microcode from revision 0xea\n up to 0xec;\n - Update of 06-a5-05/0x22 (CML-S 10+2 Q0) microcode from revision 0xec\n up to 0xee;\n - Update of 06-a6-00/0x80 (CML-U 6+2 A0) microcode from revision 0xe8\n up to 0xea;\n - Update of 06-a6-01/0x80 (CML-U 6+2 v2 K1) microcode from revision\n 0xea up to 0xec;\n - Update of 06-a7-01/0x02 (RKL-S B0) microcode from revision 0x40 up\n to 0x50.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-06-14T00:00:00", "type": "oraclelinux", "title": "microcode_ctl security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21127", "CVE-2022-21166"], "modified": "2022-06-14T00:00:00", "id": "ELSA-2022-9484", "href": "http://linux.oracle.com/errata/ELSA-2022-9484.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-15T18:31:19", "description": "r[ 5.4.17-2136.310.7]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588}\n- x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: remove incorrect __init/__ro_after_init annotations (Ankur Arora) [Orabug: 34455621]\n[5.4.17-2136.310.6]\n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- Revert 'hwmon: Make chip parameter for with_info API mandatory' (Greg Kroah-Hartman) [Orabug: 34423806] \n- ext4: make variable 'count' signed (Ding Xiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf)\n[5.4.17-2136.310.5]\n- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Paolo Bonzini) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Disable RRSBA behavior (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/exec: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/VMX: Use TEST %REG,%REG instead of CMP /u03/ksharma/errata_processing/work/el7uek6/db_7uek6.ELSA-2022-9710,%REG in vmenter.S (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kbuild/objtool: Add objtool-vmlinux.o pass (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add retbleed=ibpb (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/xen: Rename SYS* entry points (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Update Retpoline validation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- intel_idle: Disable IBRS during long idle (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Add kernel IBRS implementation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report AMD retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add magic AMD return-thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vmlinux: Use INT3 instead of NOP for linker fill bytes (Kees Cook) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/realmode: build with __DISABLE_EXPORTS (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Use return-thunk in asm code (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bpf: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/ftrace: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86,objtool: Create .return_sites (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/mm: elide references to .discard.* from .return_sites (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Undo return-thunk damage (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Use -mfunction-return (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/alternative: Support not-feature (Juergen Gross) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/features: Move RETPOLINE flags to word 11 (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Classify symbols (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Create reloc sections implicitly (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add elf_create_reloc() helper (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rework the elf_rebuild_reloc_section() logic (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Handle per arch retpoline naming (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Correctly handle retpoline thunk calls (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Support retpoline jump detection for vmlinux.o (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add 'alt_group' struct (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Clean up elf_write() condition (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add support for relocations without addends (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename rela to reloc (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: optimize add_dead_ends for split sections (Sami Tolvanen) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Move the IRET hack into the arch decoder (Miroslav Benes) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename elf_read() to elf_open_read() (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Constify 'struct elf *' parameters (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize !vmlinux.o again (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Better handle IRET (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/unwind_hints: define unwind_hint_save, unwind_hint_restore (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add abstraction for destination offsets (Raphael Gault) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix off-by-one in symbol_by_offset() (Julien Thierry) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_rela_by_dest_range() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize read_sections() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename find_containing_func() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_*() and read_symbols() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add a statistics mode (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn_all() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Introduce validate_return() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Improve call destination function detection (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix clang switch table edge case (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add relocation check for alternative sections (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add is_static_jump() helper (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n[5.4.17-2136.310.4]\n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34400675] {CVE-2022-21505}\n- bnxt_en: Use page frag RX buffers for better software GRO performance (Jakub Kicinski) [Orabug: 34083551] \n- bnxt_en: enable interrupt sampling on 5750X for DIM (Andy Gospodarek) [Orabug: 34083551] \n- bnxt_en: Add event handler for PAUSE Storm event (Somnath Kotur) [Orabug: 34083551] \n- bnxt_en: reject indirect blk offload when hw-tc-offload is off (Sriharsha Basavapatna) [Orabug: 34083551] \n- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (Edwin Peer) [Orabug: 34083551] \n- bnxt_en: Fix error recovery regression (Michael Chan) [Orabug: 34083551] \n- bnxt_en: Fix possible unintended driver initiated error recovery (Michael Chan) [Orabug: 34083551] \n- bnxt: count discards due to memory allocation errors (Jakub Kicinski) [Orabug: 34083551] \n- bnxt: count packets discarded because of netpoll (Jakub Kicinski) [Orabug: 34083551] \n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364337] \n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364337] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371884]\n[5.4.17-2136.310.3]\n- RDS/IB: Fix RDS IB SRQ implementation and tune it (Hans Westgaard Ry) [Orabug: 31899472] \n- RDS/IB: Introduce bit_flag routines with memory-barrier for bit flags (Hans Westgaard Ry) [Orabug: 31899472] \n- xfs: don't fail unwritten extent conversion on writeback due to edquot (Darrick J. Wong) [Orabug: 33786167] \n- mm/page_alloc: reuse tail struct pages for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: improve memory savings for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: refactor core of vmemmap_populate_basepages() to helper (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: add a pgmap argument to section activation (Joao Martins) [Orabug: 34314763] \n- memory-failure: fetch compound_head after pgmap_pfn_valid() (Joao Martins) [Orabug: 34314763] \n- device-dax: compound devmap support (Joao Martins) [Orabug: 34314763] \n- device-dax: factor out page mapping initialization (Joao Martins) [Orabug: 34314763] \n- device-dax: ensure dev_dax->pgmap is valid for dynamic devices (Joao Martins) [Orabug: 34314763] \n- device-dax: use struct_size() (Joao Martins) [Orabug: 34314763] \n- device-dax: use ALIGN() for determining pgoff (Joao Martins) [Orabug: 34314763] \n- mm/memremap: add ZONE_DEVICE support for compound pages (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: refactor memmap_init_zone_device() page init (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: split prep_compound_page into head and tail subparts (Joao Martins) [Orabug: 34314763] \n- RDMA/umem: batch page unpin in __ib_umem_release() (Joao Martins) [Orabug: 34314763] \n- mm/gup: add a range variant of unpin_user_pages_dirty_lock() (Joao Martins) [Orabug: 34314763] \n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323859] {CVE-2022-2153}\n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 34330922] \n- x86/boot/compressed/64: Disable 5-level page tables on AMD (Boris Ostrovsky) [Orabug: 34366382]\n[5.4.17-2136.310.2]\n- LTS tag: v5.4.199 (Sherry Yang) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- LTS tag: v5.4.198 (Sherry Yang) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- mmc: block: Fix CQE recovery reset success (Adrian Hunter) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- scripts/gdb: change kernel config dumping method (Kuan-Ying Lee) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- cifs: version operations for smb20 unneeded when legacy support disabled (Steve French) \n- s390/gmap: voluntarily schedule during key setting (Christian Borntraeger) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- x86/cpu: Elide KCSAN for cpu_has() and friends (Peter Zijlstra) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- ceph: allow ceph.dir.rctime xattr to be updatable (Venky Shankar) \n- Revert 'net: af_key: add check for pfkey_broadcast in function pfkey_process' (Michal Kubecek) \n- scsi: myrb: Fix up null pointer access on myrb_cleanup() (Hannes Reinecke) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- watchdog: wdat_wdt: Stop watchdog when rebooting the system (Liu Xinpeng) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- staging: rtl8712: fix uninit-value in usb_read8() and friends (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: don't reset gadget's driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of 'out of frame' object (Kees Cook) \n- iio: st_sensors: Add a local lock for protecting odr (Miquel Raynal) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- ip_gre: test csum_start instead of transport header (Willem de Bruijn) \n- net/mlx5: fs, fail conflicting actions (Mark Bloch) \n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (Miaoqian Lin) \n- bpf, arm64: Clear prog->jited_len along prog->jited (Eric Dumazet) \n- af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- netfilter: nf_tables: memleak flow rule from commit path (Pablo Neira Ayuso) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- netfilter: nat: really support inet nat without l3 address (Florian Westphal) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- NFSv4: Don't hold the layoutget locks across multiple RPC calls (Trond Myklebust) \n- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (Radhey Shyam Pandey) \n- m68knommu: fix undefined reference to _init_sp' (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (Dongliang Mu) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tipc: check attribute length for bearer name (Hoang Le) \n- afs: Fix infinite loop found by xfstest generic/676 (David Howells) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- net: sched: add barrier to fix packet stuck problem for lockless qdisc (Guoju Fang) \n- net/mlx5e: Update netdev features after changing XDP state (Maxim Mikityanskiy) \n- net/mlx5: Don't use already freed action pointer (Leon Romanovsky) \n- nfp: only report pause frame configuration for physical device (Yu Xiao) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (Vincent Ray) \n- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (Jann Horn) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (Shengjiu Wang) \n- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (Miaoqian Lin) \n- driver core: fix deadlock in __device_attach (Zhang Wensheng) \n- driver: base: fix UAF when driver_attach failed (Schspa Shi) \n- bus: ti-sysc: Fix warnings for unbind for serial (Tony Lindgren) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: stm32-usart: Correct CSIZE, bits, and parity (Ilpo Jarvinen) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sifive: Sanitize CSIZE and c_iflag (Ilpo Jarvinen) \n- serial: sh-sci: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: rda-uart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- MIPS: IP27: Remove incorrect cpu_has_fpu' override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- Kconfig: add config option for asm goto w/ outputs (Nick Desaulniers) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: don't overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: don't need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Don't report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- PCI: imx6: Fix PERST# start-up sequence (Francesco Dolcini) \n- ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (Waiman Long) \n- proc: fix dentry/inode overinstantiating under /proc//net (Alexey Dobriyan) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export 'cpm_setbrg' for modules (Randy Dunlap) \n- dax: fix cache flush on PMD-mapped pages (Muchun Song) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- nvdimm: Allow overwrite in the presence of disabled dimms (Dan Williams) \n- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (Cristian Marussi) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- powerpc/fadump: fix PT_LOAD segment for boot memory area (Hari Bathini) \n- arm: mediatek: select arch timer for mt7629 (Chuanhong Guo) \n- crypto: marvell/cesa - ECB does not IV (Corentin Labbe) \n- misc: ocxl: fix possible double free in ocxl_file_register_afu (Hangyu Hua) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (Phil Elwell) \n- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (Phil Elwell) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- can: xilinx_can: mark bit timing constants as const (Marc Kleine-Budde) \n- KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (Sean Christopherson) \n- PCI: rockchip: Fix find_first_zero_bit() limit (Dan Carpenter) \n- PCI: cadence: Fix find_first_zero_bit() limit (Dan Carpenter) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- ARM: dts: suniv: F1C100: fix watchdog compatible (Andre Przywara) \n- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (Shawn Lin) \n- net/smc: postpone sk_refcnt increment in connect() (liuyacan) \n- rxrpc: Fix decision on when to generate an IDLE ACK (David Howells) \n- rxrpc: Don't let ack.previousPacket regress (David Howells) \n- rxrpc: Fix overlapping ACK accounting (David Howells) \n- rxrpc: Don't try to resend the request if we're receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (Duoming Zhou) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (Zheng Yongjun) \n- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (Hangyu Hua) \n- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (Miaoqian Lin) \n- ext4: reject the 'commit' option on ext2 filesystems (Eric Biggers) \n- media: ov7670: remove ov7670_power_off from ov7670_remove (Dongliang Mu) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: vsp1: Fix offset calculation for plane cropping (Michael Rodin) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- media: aspeed: Fix an error handling path in aspeed_video_probe() (Christophe JAILLET) \n- scripts/faddr2line: Fix overlapping text section failures (Josh Poimboeuf) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (Miaoqian Lin) \n- perf/amd/ibs: Use interrupt regs ip for stack unwinding (Ravi Bangoria) \n- Revert 'cpufreq: Fix possible race in cpufreq online error path' (Viresh Kumar) \n- iomap: iomap_write_failed fix (Andreas Gruenbacher) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (Jessica Zhang) \n- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (Jessica Zhang) \n- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (Zev Weiss) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (Daniel Thompson) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- virtio_blk: fix the discard_granularity and discard_alignment queue limits (Christoph Hellwig) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (Vinod Polimera) \n- perf tools: Add missing headers needed by util/data.h (Yang Jihong) \n- ASoC: rk3328: fix disabling mclk on pclk probe failure (Nicolas Frattaroli) \n- x86/speculation: Add missing prototype for unpriv_ebpf_notify() (Josh Poimboeuf) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- scsi: ufs: core: Exclude UECxx from SFR dump list (Kiwoong Kim) \n- of: overlay: do not break notify on NOTIFY_{OK|STOP} (Nuno Sa) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- cpufreq: Fix possible race in cpufreq online error path (Schspa Shi) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (Chengming Zhou) \n- drm/bridge: Fix error handling in analogix_dp_probe (Miaoqian Lin) \n- HID: elan: Fix potential double free in elan_input_configured (Miaoqian Lin) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- drbd: fix duplicate array initializer (Arnd Bergmann) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm: mali-dp: potential dereference of null pointer (Jiasheng Jiang) \n- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (Zhou Qingyang) \n- nl80211: show SSID for P2P_GO interfaces (Johannes Berg) \n- bpf: Fix excessive memory allocation in stack_map_alloc() (Yuntao Wang) \n- drm/vc4: txp: Force alpha to be 0xff if it's disabled (Maxime Ripard) \n- drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (Maxime Ripard) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- drm/bridge: adv7511: clean up CEC adapter when probe fails (Lucas Stach) \n- drm/edid: fix invalid EDID extension block filtering (Jani Nikula) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Linus Torvalds) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (Peng Wu) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/powernv: fix missing of_node_put in uv_init() (Lv Ruyi) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- powerpc/fadump: Fix fadump to work with a different endian capture kernel (Hari Bathini) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- PM / devfreq: rk3399_dmc: Disable edev on remove() (Brian Norris) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- IB/rdmavt: add missing locks in rvt_ruc_loopback (Niels Dossche) \n- selftests/bpf: fix btf_dump/btf_dump due to recent clang change (Yonghong Song) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- hwmon: Make chip parameter for with_info API mandatory (Guenter Roeck) \n- ASoC: max98357a: remove dependency on GPIOLIB (Pierre-Louis Bossart) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- nbd: Fix hung on disconnect request if socket is closed before (Xie Yongji) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- media: cec-adap.c: fix is_configuring state (Hans Verkuil) \n- media: coda: limit frame interval enumeration to supported encoder frame sizes (Philipp Zabel) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi: Fix pr_fmt to avoid compilation issues (Corey Minyard) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (Mario Limonciello) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (Patrice Chotard) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (Charles Keepax) \n- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (Dongliang Mu) \n- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (Alice Wong) \n- mlxsw: spectrum_dcb: Do not warn about priority changes (Petr Machata) \n- ASoC: dapm: Don't fold register value changes into notifications (Mark Brown) \n- net/mlx5: fs, delete the FTE when there are no rules attached to it (Mark Bloch) \n- ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm: msm: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (Alexandru Elisei) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- drm/plane: Move range check for format_count earlier (Steven Price) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- mmc: jz4740: Apply DMA engine limits to maximum segment size (Aidan MacDonald) \n- md/bitmap: don't set sb values if can't pass sanity check (Heming Zhao) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VAReNE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- tools/power turbostat: fix ICX DRAM power numbers (Len Brown) \n- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (Biju Das) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Siawinski) \n- drm/komeda: return early if drm_universal_plane_init() fails. (Liviu Dudau) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- fbcon: Consistently protect deferred_takeover with console_lock() (Daniel Vetter) \n- ipv6: fix locking issues with loops over idev->addr_list (Niels Dossche) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add '0x' prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (Eric W. Biederman) \n- perf/x86/intel: Fix event constraints for ICL (Kan Liang) \n- usb: core: hcd: Add support for deferring roothub registration (Kishon Vijay Abraham I) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (Marios Levogiannis) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- LTS tag: v5.4.197 (Sherry Yang) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- NFS: Memory allocation failures are not server fatal errors (Trond Myklebust) \n- docs: submitting-patches: Fix crossref to 'The canonical patch format' (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- tpm: Fix buffer access in tpm2_get_tpm_pt() (Stefan Mahnke-Hartmann) \n- HID: multitouch: Add support for Google Whiskers Touchpad (Marek Maslanka) \n- raid5: introduce MD_BROKEN (Mariusz Tkaczyk) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- crypto: ecrdsa - Fix incorrect use of vli_cmp (Vitaly Chikunov) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- cfg80211: set custom regdomain after wiphy registration (Miri Korenblit) \n- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (Mika Westerberg) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- pinctrl: sunxi: fix f1c100s uart2 function (IotaHydrae) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- media: vim2m: initialize the media device earlier (Hans Verkuil) \n- media: vim2m: Register video device after setting up internals (Sakari Ailus) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- Input: goodix - fix spurious key release events (Dmitry Mastykin) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner)\n[5.4.17-2136.310.1]\n- intel_idle: Fix max_cstate for processor models without C-state tables (Chen Yu) [Orabug: 34081688] \n- intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add 'preferred_cstates' module argument (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: Adjust the SKX C6 parameters if PC6 is disabled (Chen Yu) [Orabug: 34081688] \n- intel_idle: Clean up kerneldoc comments for multiple functions (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add __initdata annotations to init time variables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Relocate definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Simplify LAPIC timer reliability checks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'states_off' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'use_acpi' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up irtl_2_usec() (Rafael J. Wysocki) [Orabug: 34081688] \n- Documentation: admin-guide: PM: Add intel_idle document (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move 3 functions closer to their callers (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Annotate initialization code and data structures (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move and clean up intel_idle_cpuidle_devices_uninit() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Rearrange intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Fold intel_idle_probe() into intel_idle_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Eliminate __setup_broadcast_timer() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add module parameter to prevent ACPI _CST from being used (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Allow ACPI _CST to be used for selected known processors (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Allow idle states to be disabled by default (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Refactor intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Drop disabled field from struct cpuidle_state (Thomas Tai) [Orabug: 34081688] \n- cpuidle: Consolidate disabled state checks (Rafael J. Wysocki) [Orabug: 34081688] \n- Revert 'intel_idle: Use ACPI _CST for processor models without C-state tables' (Thomas Tai) [Orabug: 34081688]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-08-15T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21505", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-2588", "CVE-2022-29901"], "modified": "2022-08-15T00:00:00", "id": "ELSA-2022-9710", "href": "http://linux.oracle.com/errata/ELSA-2022-9710.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-08-15T18:31:24", "description": "[5.4.17-2136.310.7]\n- net_sched: cls_route: remove from list when handle is 0 (Thadeu Lima de Souza Cascardo) [Orabug: 34480880] {CVE-2022-2588}\n- x86/spec_ctrl: limit IBRS_FW to retpoline only (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: display dynamic retbleed state (Ankur Arora) [Orabug: 34450896] \n- x86/bugs: remove incorrect __init/__ro_after_init annotations (Ankur Arora) [Orabug: 34455621]\n[5.4.17-2136.310.6]\n- SUNRPC: Fix READ_PLUS crasher (Chuck Lever) \n- Revert 'hwmon: Make chip parameter for with_info API mandatory' (Greg Kroah-Hartman) [Orabug: 34423806] \n- ext4: make variable 'count' signed (Ding Xiang) \n- faddr2line: Fix overlapping text section failures, the sequel (Josh Poimboeuf)\n[5.4.17-2136.310.5]\n- arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: emulate: do not adjust size of fastop and setcc subroutines (Paolo Bonzini) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: fix FASTOP_SIZE when return thunks are enabled (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Remove UNTRAIN_RET from native_irq_return_ldt (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Disable RRSBA behavior (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/exec: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add Cannon lake to RETBleed affected CPU list (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/VMX: Use TEST %REG,%REG instead of CMP /u03/ksharma/errata_processing/work/el7uek6/db_7uek6.ELSA-2022-9709,%REG in vmenter.S (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- KVM/nVMX: Use __vmx_vcpu_run in nested_vmx_check_vmentry_hw (Uros Bizjak) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kbuild/objtool: Add objtool-vmlinux.o pass (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add retbleed=ibpb (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/xen: Rename SYS* entry points (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Update Retpoline validation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- intel_idle: Disable IBRS during long idle (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/entry: Add kernel IBRS implementation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bugs: Report AMD retbleed vulnerability (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add magic AMD return-thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vmlinux: Use INT3 instead of NOP for linker fill bytes (Kees Cook) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/realmode: build with __DISABLE_EXPORTS (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Use return-thunk in asm code (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/bpf: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/ftrace: Alternative RET encoding (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86,objtool: Create .return_sites (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/mm: elide references to .discard.* from .return_sites (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Undo return-thunk damage (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Use -mfunction-return (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/alternative: Support not-feature (Juergen Gross) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/features: Move RETPOLINE flags to word 11 (Peter Zijlstra (Intel)) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Classify symbols (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Create reloc sections implicitly (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add elf_create_reloc() helper (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rework the elf_rebuild_reloc_section() logic (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Handle per arch retpoline naming (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Correctly handle retpoline thunk calls (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Support retpoline jump detection for vmlinux.o (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add 'alt_group' struct (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Clean up elf_write() condition (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add support for relocations without addends (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename rela to reloc (Matt Helsley) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: optimize add_dead_ends for split sections (Sami Tolvanen) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Move the IRET hack into the arch decoder (Miroslav Benes) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename elf_read() to elf_open_read() (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Constify 'struct elf *' parameters (Ingo Molnar) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize !vmlinux.o again (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Better handle IRET (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- x86/unwind_hints: define unwind_hint_save, unwind_hint_restore (Ankur Arora) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add abstraction for destination offsets (Raphael Gault) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix off-by-one in symbol_by_offset() (Julien Thierry) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_rela_by_dest_range() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize read_sections() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename find_containing_func() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_*() and read_symbols() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_name() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_section_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add a statistics mode (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Optimize find_symbol_by_index() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn_all() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Rename func_for_each_insn() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Introduce validate_return() (Peter Zijlstra) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Improve call destination function detection (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Fix clang switch table edge case (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add relocation check for alternative sections (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n- objtool: Add is_static_jump() helper (Josh Poimboeuf) [Orabug: 34335632] {CVE-2022-29901} {CVE-2022-23816}\n[5.4.17-2136.310.4]\n- lockdown: Fix kexec lockdown bypass with ima policy (Eric Snowberg) [Orabug: 34400675] {CVE-2022-21505}\n- bnxt_en: Use page frag RX buffers for better software GRO performance (Jakub Kicinski) [Orabug: 34083551] \n- bnxt_en: enable interrupt sampling on 5750X for DIM (Andy Gospodarek) [Orabug: 34083551] \n- bnxt_en: Add event handler for PAUSE Storm event (Somnath Kotur) [Orabug: 34083551] \n- bnxt_en: reject indirect blk offload when hw-tc-offload is off (Sriharsha Basavapatna) [Orabug: 34083551] \n- bnxt_en: make bnxt_free_skbs() safe to call after bnxt_free_mem() (Edwin Peer) [Orabug: 34083551] \n- bnxt_en: Fix error recovery regression (Michael Chan) [Orabug: 34083551] \n- bnxt_en: Fix possible unintended driver initiated error recovery (Michael Chan) [Orabug: 34083551] \n- bnxt: count discards due to memory allocation errors (Jakub Kicinski) [Orabug: 34083551] \n- bnxt: count packets discarded because of netpoll (Jakub Kicinski) [Orabug: 34083551] \n- ocfs2: kill EBUSY from dlmfs_evict_inode (Junxiao Bi) [Orabug: 34364337] \n- ocfs2: dlmfs: don't clear USER_LOCK_ATTACHED when destroying lock (Junxiao Bi) [Orabug: 34364337] \n- net/rds: Fix a NULL dereference in rds_tcp_accept_one() (Harshit Mogalapalli) [Orabug: 34371884]\n[5.4.17-2136.310.3]\n- RDS/IB: Fix RDS IB SRQ implementation and tune it (Hans Westgaard Ry) [Orabug: 31899472] \n- RDS/IB: Introduce bit_flag routines with memory-barrier for bit flags (Hans Westgaard Ry) [Orabug: 31899472] \n- xfs: don't fail unwritten extent conversion on writeback due to edquot (Darrick J. Wong) [Orabug: 33786167] \n- mm/page_alloc: reuse tail struct pages for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: improve memory savings for compound devmaps (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: refactor core of vmemmap_populate_basepages() to helper (Joao Martins) [Orabug: 34314763] \n- mm/sparse-vmemmap: add a pgmap argument to section activation (Joao Martins) [Orabug: 34314763] \n- memory-failure: fetch compound_head after pgmap_pfn_valid() (Joao Martins) [Orabug: 34314763] \n- device-dax: compound devmap support (Joao Martins) [Orabug: 34314763] \n- device-dax: factor out page mapping initialization (Joao Martins) [Orabug: 34314763] \n- device-dax: ensure dev_dax->pgmap is valid for dynamic devices (Joao Martins) [Orabug: 34314763] \n- device-dax: use struct_size() (Joao Martins) [Orabug: 34314763] \n- device-dax: use ALIGN() for determining pgoff (Joao Martins) [Orabug: 34314763] \n- mm/memremap: add ZONE_DEVICE support for compound pages (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: refactor memmap_init_zone_device() page init (Joao Martins) [Orabug: 34314763] \n- mm/page_alloc: split prep_compound_page into head and tail subparts (Joao Martins) [Orabug: 34314763] \n- RDMA/umem: batch page unpin in __ib_umem_release() (Joao Martins) [Orabug: 34314763] \n- mm/gup: add a range variant of unpin_user_pages_dirty_lock() (Joao Martins) [Orabug: 34314763] \n- KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (Vitaly Kuznetsov) [Orabug: 34323859] {CVE-2022-2153}\n- KVM: Add infrastructure and macro to mark VM as bugged (Sean Christopherson) [Orabug: 34323859] {CVE-2022-2153}\n- rds: ib: Qualify RNR Retry Timer check with firmware version (Freddy Carrillo) [Orabug: 34330922] \n- x86/boot/compressed/64: Disable 5-level page tables on AMD (Boris Ostrovsky) [Orabug: 34366382]\n[5.4.17-2136.310.2]\n- LTS tag: v5.4.199 (Sherry Yang) \n- x86/speculation/mmio: Print SMT warning (Josh Poimboeuf) \n- x86/cpu: Add another Alder Lake CPU to the Intel family (Gayatri Kammela) \n- cpu/speculation: Add prototype for cpu_show_srbds() (Guenter Roeck) \n- LTS tag: v5.4.198 (Sherry Yang) \n- tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd (Eric Dumazet) \n- mtd: cfi_cmdset_0002: Use chip_ready() for write on S29GL064N (Tokunori Ikegami) \n- md/raid0: Ignore RAID0 layout if the second zone has only one device (Pascal Hambourg) \n- powerpc/32: Fix overread/overwrite of thread_struct via ptrace (Michael Ellerman) \n- Input: bcm5974 - set missing URB_NO_TRANSFER_DMA_MAP urb flag (Mathias Nyman) \n- ixgbe: fix unexpected VLAN Rx in promisc mode on VF (Olivier Matz) \n- ixgbe: fix bcast packets Rx on VF after promisc removal (Olivier Matz) \n- nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling (Martin Faltesek) \n- nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION (Martin Faltesek) \n- mmc: block: Fix CQE recovery reset success (Adrian Hunter) \n- ata: libata-transport: fix {dma|pio|xfer}_mode sysfs files (Sergey Shtylyov) \n- cifs: return errors during session setup during reconnects (Shyam Prasad N) \n- ALSA: hda/conexant - Fix loopback issue with CX20632 (huangwenhui) \n- scripts/gdb: change kernel config dumping method (Kuan-Ying Lee) \n- vringh: Fix loop descriptors check in the indirect cases (Xie Yongji) \n- nodemask: Fix return values to be unsigned (Kees Cook) \n- cifs: version operations for smb20 unneeded when legacy support disabled (Steve French) \n- s390/gmap: voluntarily schedule during key setting (Christian Borntraeger) \n- nbd: fix io hung while disconnecting device (Yu Kuai) \n- nbd: fix race between nbd_alloc_config() and module removal (Yu Kuai) \n- nbd: call genl_unregister_family() first in nbd_cleanup() (Yu Kuai) \n- x86/cpu: Elide KCSAN for cpu_has() and friends (Peter Zijlstra) \n- modpost: fix undefined behavior of is_arm_mapping_symbol() (Masahiro Yamada) \n- drm/radeon: fix a possible null pointer dereference (Gong Yuanjun) \n- ceph: allow ceph.dir.rctime xattr to be updatable (Venky Shankar) \n- Revert 'net: af_key: add check for pfkey_broadcast in function pfkey_process' (Michal Kubecek) \n- scsi: myrb: Fix up null pointer access on myrb_cleanup() (Hannes Reinecke) \n- md: protect md_unregister_thread from reentrancy (Guoqing Jiang) \n- watchdog: wdat_wdt: Stop watchdog when rebooting the system (Liu Xinpeng) \n- kernfs: Separate kernfs_pr_cont_buf and rename_lock. (Hao Luo) \n- serial: msm_serial: disable interrupts in __msm_console_write() (John Ogness) \n- staging: rtl8712: fix uninit-value in r871xu_drv_init() (Wang Cheng) \n- staging: rtl8712: fix uninit-value in usb_read8() and friends (Wang Cheng) \n- clocksource/drivers/sp804: Avoid error on multiple instances (Andre Przywara) \n- extcon: Modify extcon device to be created after driver data is set (bumwoo lee) \n- misc: rtsx: set NULL intfdata when probe fails (Shuah Khan) \n- usb: dwc2: gadget: don't reset gadget's driver->bus (Marek Szyprowski) \n- USB: hcd-pci: Fully suspend across freeze/thaw cycle (Evan Green) \n- drivers: usb: host: Fix deadlock in oxu_bus_suspend() (Duoming Zhou) \n- drivers: tty: serial: Fix deadlock in sa1100_set_termios() (Duoming Zhou) \n- USB: host: isp116x: check return value after calling platform_get_resource() (Zhen Ni) \n- drivers: staging: rtl8192e: Fix deadlock in rtllib_beacons_stop() (Duoming Zhou) \n- drivers: staging: rtl8192u: Fix deadlock in ieee80211_beacons_stop() (Duoming Zhou) \n- tty: Fix a possible resource leak in icom_probe (Huang Guobin) \n- tty: synclink_gt: Fix null-pointer-dereference in slgt_clean() (Zheyu Ma) \n- lkdtm/usercopy: Expand size of 'out of frame' object (Kees Cook) \n- iio: st_sensors: Add a local lock for protecting odr (Miquel Raynal) \n- iio: dummy: iio_simple_dummy: check the return value of kstrdup() (Xiaoke Wang) \n- drm: imx: fix compiler warning with gcc-12 (Linus Torvalds) \n- net: altera: Fix refcount leak in altera_tse_mdio_create (Miaoqian Lin) \n- ip_gre: test csum_start instead of transport header (Willem de Bruijn) \n- net/mlx5: fs, fail conflicting actions (Mark Bloch) \n- net/mlx5: Rearm the FW tracer after each tracer event (Feras Daoud) \n- net: ipv6: unexport __init-annotated seg6_hmac_init() (Masahiro Yamada) \n- net: xfrm: unexport __init-annotated xfrm4_protocol_init() (Masahiro Yamada) \n- net: mdio: unexport __init-annotated mdio_bus_init() (Masahiro Yamada) \n- SUNRPC: Fix the calculation of xdr->end in xdr_get_next_encode_buffer() (Chuck Lever) \n- net/mlx4_en: Fix wrong return value on ioctl EEPROM query failure (Gal Pressman) \n- net: dsa: lantiq_gswip: Fix refcount leak in gswip_gphy_fw_list (Miaoqian Lin) \n- bpf, arm64: Clear prog->jited_len along prog->jited (Eric Dumazet) \n- af_unix: Fix a data-race in unix_dgram_peer_wake_me(). (Kuniyuki Iwashima) \n- xen: unexport __init-annotated xen_xlate_map_ballooned_pages() (Masahiro Yamada) \n- netfilter: nf_tables: memleak flow rule from commit path (Pablo Neira Ayuso) \n- ata: pata_octeon_cf: Fix refcount leak in octeon_cf_probe (Miaoqian Lin) \n- netfilter: nat: really support inet nat without l3 address (Florian Westphal) \n- xprtrdma: treat all calls not a bcall when bc_serv is NULL (Kinglong Mee) \n- video: fbdev: pxa3xx-gcu: release the resources correctly in pxa3xx_gcu_probe/remove() (Yang Yingliang) \n- NFSv4: Don't hold the layoutget locks across multiple RPC calls (Trond Myklebust) \n- dmaengine: zynqmp_dma: In struct zynqmp_dma_chan fix desc_size data type (Radhey Shyam Pandey) \n- m68knommu: fix undefined reference to _init_sp' (Greg Ungerer) \n- m68knommu: set ZERO_PAGE() to the allocated zeroed page (Greg Ungerer) \n- i2c: cadence: Increase timeout per message if necessary (Lucas Tanure) \n- f2fs: remove WARN_ON in f2fs_is_valid_blkaddr (Dongliang Mu) \n- tracing: Avoid adding tracer option before update_tracer_options (Mark-PK Tsai) \n- tracing: Fix sleeping function called from invalid context on RT kernel (Jun Miao) \n- mips: cpc: Fix refcount leak in mips_cpc_default_phys_base (Gong Yuanjun) \n- perf c2c: Fix sorting in percent_rmt_hitm_cmp() (Leo Yan) \n- tipc: check attribute length for bearer name (Hoang Le) \n- afs: Fix infinite loop found by xfstest generic/676 (David Howells) \n- tcp: tcp_rtx_synack() can be called from process context (Eric Dumazet) \n- net: sched: add barrier to fix packet stuck problem for lockless qdisc (Guoju Fang) \n- net/mlx5e: Update netdev features after changing XDP state (Maxim Mikityanskiy) \n- net/mlx5: Don't use already freed action pointer (Leon Romanovsky) \n- nfp: only report pause frame configuration for physical device (Yu Xiao) \n- ubi: ubi_create_volume: Fix use-after-free when volume creation failed (Zhihao Cheng) \n- jffs2: fix memory leak in jffs2_do_fill_super (Baokun Li) \n- modpost: fix removing numeric suffixes (Alexander Lobakin) \n- net: dsa: mv88e6xxx: Fix refcount leak in mv88e6xxx_mdios_register (Miaoqian Lin) \n- net: ethernet: mtk_eth_soc: out of bounds read in mtk_hwlro_get_fdir_entry() (Dan Carpenter) \n- net: sched: fixed barrier to prevent skbuff sticking in qdisc backlog (Vincent Ray) \n- s390/crypto: fix scatterwalk_unmap() callers in AES-GCM (Jann Horn) \n- clocksource/drivers/oxnas-rps: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- ASoC: fsl_sai: Fix FSL_SAI_xDR/xFR definition (Shengjiu Wang) \n- watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe (Miaoqian Lin) \n- driver core: fix deadlock in __device_attach (Zhang Wensheng) \n- driver: base: fix UAF when driver_attach failed (Schspa Shi) \n- bus: ti-sysc: Fix warnings for unbind for serial (Tony Lindgren) \n- firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle (Miaoqian Lin) \n- serial: stm32-usart: Correct CSIZE, bits, and parity (Ilpo Jarvinen) \n- serial: st-asc: Sanitize CSIZE and correct PARENB for CS7 (Ilpo Jarvinen) \n- serial: sifive: Sanitize CSIZE and c_iflag (Ilpo Jarvinen) \n- serial: sh-sci: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: txx9: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: rda-uart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: digicolor-usart: Don't allow CS5-6 (Ilpo Jarvinen) \n- serial: 8250_fintek: Check SER_RS485_RTS_* only with RS485 (Ilpo Jarvinen) \n- serial: meson: acquire port->lock in startup() (John Ogness) \n- rtc: mt6397: check return value after calling platform_get_resource() (Yang Yingliang) \n- clocksource/drivers/riscv: Events are stopped during CPU suspend (Samuel Holland) \n- soc: rockchip: Fix refcount leak in rockchip_grf_init (Miaoqian Lin) \n- coresight: cpu-debug: Replace mutex with mutex_trylock on panic notifier (Guilherme G. Piccoli) \n- serial: sifive: Report actual baud base rather than fixed 115200 (Maciej W. Rozycki) \n- phy: qcom-qmp: fix pipe-clock imbalance on power-on failure (Johan Hovold) \n- rpmsg: qcom_smd: Fix returning 0 if irq_of_parse_and_map() fails (Krzysztof Kozlowski) \n- iio: adc: sc27xx: Fine tune the scale calibration values (Cixi Geng) \n- iio: adc: sc27xx: fix read big scale voltage not right (Cixi Geng) \n- iio: adc: stmpe-adc: Fix wait_for_completion_timeout return value check (Miaoqian Lin) \n- firmware: stratix10-svc: fix a missing check on list iterator (Xiaomeng Tong) \n- usb: dwc3: pci: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- rpmsg: qcom_smd: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- pwm: lp3943: Fix duty calculation in case period was clamped (Uwe Kleine-Konig) \n- staging: fieldbus: Fix the error handling path in anybuss_host_common_probe() (Christophe JAILLET) \n- usb: musb: Fix missing of_node_put() in omap2430_probe (Miaoqian Lin) \n- USB: storage: karma: fix rio_karma_init return (Lin Ma) \n- usb: usbip: add missing device lock on tweak configuration cmd (Niels Dossche) \n- usb: usbip: fix a refcount leak in stub_probe() (Hangyu Hua) \n- tty: serial: fsl_lpuart: fix potential bug when using both of_alias_get_id and ida_simple_get (Sherry Sun) \n- tty: serial: owl: Fix missing clk_disable_unprepare() in owl_uart_probe (Miaoqian Lin) \n- tty: goldfish: Use tty_port_destroy() to destroy port (Wang Weiyang) \n- iio: adc: ad7124: Remove shift from scan_type (Alexandru Tachici) \n- staging: greybus: codecs: fix type confusion of list iterator variable (Jakob Koschel) \n- pcmcia: db1xxx_ss: restrict to MIPS_DB1XXX boards (Randy Dunlap) \n- md: bcache: check the return value of kzalloc() in detached_dev_do_request() (Jia-Ju Bai) \n- block: fix bio_clone_blkg_association() to associate with proper blkcg_gq (Jan Kara) \n- bfq: Make sure bfqg for which we are queueing requests is online (Jan Kara) \n- bfq: Get rid of __bio_blkcg() usage (Jan Kara) \n- bfq: Remove pointless bfq_init_rq() calls (Jan Kara) \n- bfq: Drop pointless unlock-lock pair (Jan Kara) \n- bfq: Avoid merging queues with different parents (Jan Kara) \n- MIPS: IP27: Remove incorrect cpu_has_fpu' override (Maciej W. Rozycki) \n- RDMA/rxe: Generate a completion for unsupported/invalid opcode (Xiao Yang) \n- Kconfig: add config option for asm goto w/ outputs (Nick Desaulniers) \n- phy: qcom-qmp: fix reset-controller leak on probe errors (Johan Hovold) \n- blk-iolatency: Fix inflight count imbalances and IO hangs on offline (Tejun Heo) \n- dt-bindings: gpio: altera: correct interrupt-cells (Dinh Nguyen) \n- docs/conf.py: Cope with removal of language=None in Sphinx 5.0.0 (Akira Yokosawa) \n- ARM: pxa: maybe fix gpio lookup tables (Arnd Bergmann) \n- phy: qcom-qmp: fix struct clk leak on probe errors (Johan Hovold) \n- arm64: dts: qcom: ipq8074: fix the sleep clock frequency (Kathiravan T) \n- gma500: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- tilcdc: tilcdc_external: fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- serial: pch: don't overwrite xmit->buf[0] by x_char (Jiri Slaby) \n- carl9170: tx: fix an incorrect use of list iterator (Xiaomeng Tong) \n- ASoC: rt5514: Fix event generation for 'DSP Voice Wake Up' control (Mark Brown) \n- rtl818x: Prevent using not initialized queues (Alexander Wetzel) \n- hugetlb: fix huge_pmd_unshare address update (Mike Kravetz) \n- nodemask.h: fix compilation error with GCC12 (Christophe de Dinechin) \n- iommu/msm: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- um: Fix out-of-bounds read in LDT setup (Vincent Whitchurch) \n- um: chan_user: Fix winch_tramp() return value (Johannes Berg) \n- mac80211: upgrade passive scan to active scan on DFS channels after beacon rx (Felix Fietkau) \n- irqchip: irq-xtensa-mx: fix initial IRQ affinity (Max Filippov) \n- irqchip/armada-370-xp: Do not touch Performance Counter Overflow on A375, A38x, A39x (Pali Rohar) \n- RDMA/hfi1: Fix potential integer multiplication overflow errors (Dennis Dalessandro) \n- Kconfig: Add option for asm goto w/ tied outputs to workaround clang-13 bug (Sean Christopherson) \n- media: coda: Add more H264 levels for CODA960 (Nicolas Dufresne) \n- media: coda: Fix reported H264 profile (Nicolas Dufresne) \n- mtd: cfi_cmdset_0002: Move and rename chip_check/chip_ready/chip_good_for_write (Tokunori Ikegami) \n- md: fix an incorrect NULL check in md_reload_sb (Xiaomeng Tong) \n- md: fix an incorrect NULL check in does_sb_need_changing (Xiaomeng Tong) \n- drm/bridge: analogix_dp: Grab runtime PM reference for DP-AUX (Brian Norris) \n- drm/nouveau/clk: Fix an incorrect NULL check on list iterator (Xiaomeng Tong) \n- drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem (Lucas Stach) \n- drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. (Dave Airlie) \n- scsi: ufs: qcom: Add a readl() to make sure ref_clk gets enabled (Manivannan Sadhasivam) \n- scsi: dc395x: Fix a missing check on list iterator (Xiaomeng Tong) \n- ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock (Junxiao Bi via Ocfs2-devel) \n- dlm: fix missing lkb refcount handling (Alexander Aring) \n- dlm: fix plock invalid read (Alexander Aring) \n- mm, compaction: fast_find_migrateblock() should return pfn in the target zone (Rei Yamamoto) \n- PCI: qcom: Fix unbalanced PHY init on probe errors (Johan Hovold) \n- PCI: qcom: Fix runtime PM imbalance on probe errors (Johan Hovold) \n- PCI/PM: Fix bridge_d3_blacklist[] Elo i2 overwrite of Gigabyte X299 (Bjorn Helgaas) \n- tracing: Fix potential double free in create_var_ref() (Keita Suzuki) \n- ACPI: property: Release subnode properties with data nodes (Sakari Ailus) \n- ext4: avoid cycles in directory h-tree (Jan Kara) \n- ext4: verify dir block before splitting it (Jan Kara) \n- ext4: fix bug_on in ext4_writepages (Ye Bin) \n- ext4: fix warning in ext4_handle_inode_extension (Ye Bin) \n- ext4: fix use-after-free in ext4_rename_dir_prepare (Ye Bin) \n- netfilter: nf_tables: disallow non-stateful expression in sets earlier (Pablo Neira Ayuso) \n- bfq: Track whether bfq_group is still online (Jan Kara) \n- bfq: Update cgroup information before merging bio (Jan Kara) \n- bfq: Split shared queues on move between cgroups (Jan Kara) \n- efi: Do not import certificates from UEFI Secure Boot for T2 Macs (Aditya Garg) \n- fs-writeback: writeback_sb_inodes:Recalculate 'wrote' according skipped pages (Zhihao Cheng) \n- iwlwifi: mvm: fix assert 1F04 upon reconfig (Emmanuel Grumbach) \n- wifi: mac80211: fix use-after-free in chanctx code (Johannes Berg) \n- f2fs: fix fallocate to use file_modified to update permissions consistently (Chao Yu) \n- f2fs: don't need inode lock for system hidden quota (Jaegeuk Kim) \n- f2fs: fix deadloop in foreground GC (Chao Yu) \n- f2fs: fix to clear dirty inode in f2fs_evict_inode() (Chao Yu) \n- f2fs: fix to do sanity check on block address in f2fs_do_zero_range() (Chao Yu) \n- f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() (Chao Yu) \n- perf jevents: Fix event syntax error caused by ExtSel (Zhengjun Xing) \n- perf c2c: Use stdio interface if slang is not supported (Leo Yan) \n- iommu/amd: Increase timeout waiting for GA log enablement (Joerg Roedel) \n- dmaengine: stm32-mdma: remove GISR1 register (Amelie Delaunay) \n- video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup (Miaoqian Lin) \n- NFSv4/pNFS: Do not fail I/O when we fail to allocate the pNFS layout (Trond Myklebust) \n- NFS: Don't report errors from nfs_pageio_complete() more than once (Trond Myklebust) \n- NFS: Do not report flush errors in nfs_write_end() (Trond Myklebust) \n- NFS: Do not report EINTR/ERESTARTSYS as mapping errors (Trond Myklebust) \n- i2c: at91: Initialize dma_buf in at91_twi_xfer() (Nathan Chancellor) \n- i2c: at91: use dma safe buffers (Michael Walle) \n- iommu/mediatek: Add list_del in mtk_iommu_remove (Yong Wu) \n- f2fs: fix dereference of stale list iterator after loop body (Jakob Koschel) \n- Input: stmfts - do not leave device disabled in stmfts_input_open (Dmitry Torokhov) \n- RDMA/hfi1: Prevent use of lock before it is initialized (Douglas Miller) \n- mailbox: forward the hrtimer if not queued and under a lock (Bjorn Ardo) \n- mfd: davinci_voicecodec: Fix possible null-ptr-deref davinci_vc_probe() (Yang Yingliang) \n- powerpc/fsl_rio: Fix refcount leak in fsl_rio_setup (Miaoqian Lin) \n- macintosh: via-pmu and via-cuda need RTC_LIB (Randy Dunlap) \n- powerpc/perf: Fix the threshold compare group constraint for power9 (Kajol Jain) \n- powerpc/64: Only WARN if __pa()/__va() called with bad addresses (Michael Ellerman) \n- Input: sparcspkr - fix refcount leak in bbc_beep_probe (Miaoqian Lin) \n- crypto: cryptd - Protect per-CPU resource by disabling BH. (Sebastian Andrzej Siewior) \n- tty: fix deadlock caused by calling printk() under tty_port->lock (Qi Zheng) \n- PCI: imx6: Fix PERST# start-up sequence (Francesco Dolcini) \n- ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() (Waiman Long) \n- proc: fix dentry/inode overinstantiating under /proc//net (Alexey Dobriyan) \n- powerpc/4xx/cpm: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/idle: Fix return value of __setup() handler (Randy Dunlap) \n- powerpc/8xx: export 'cpm_setbrg' for modules (Randy Dunlap) \n- dax: fix cache flush on PMD-mapped pages (Muchun Song) \n- drivers/base/node.c: fix compaction sysfs file leak (Miaohe Lin) \n- pinctrl: mvebu: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- nvdimm: Allow overwrite in the presence of disabled dimms (Dan Williams) \n- firmware: arm_scmi: Fix list protocols enumeration in the base protocol (Cristian Marussi) \n- scsi: fcoe: Fix Wstringop-overflow warnings in fcoe_wwn_from_mac() (Gustavo A. R. Silva) \n- mfd: ipaq-micro: Fix error check return value of platform_get_irq() (Lv Ruyi) \n- powerpc/fadump: fix PT_LOAD segment for boot memory area (Hari Bathini) \n- arm: mediatek: select arch timer for mt7629 (Chuanhong Guo) \n- crypto: marvell/cesa - ECB does not IV (Corentin Labbe) \n- misc: ocxl: fix possible double free in ocxl_file_register_afu (Hangyu Hua) \n- ARM: dts: bcm2835-rpi-b: Fix GPIO line names (Stefan Wahren) \n- ARM: dts: bcm2837-rpi-3-b-plus: Fix GPIO line name of power LED (Phil Elwell) \n- ARM: dts: bcm2837-rpi-cm3-io3: Fix GPIO line names for SMPS I2C (Phil Elwell) \n- ARM: dts: bcm2835-rpi-zero-w: Fix GPIO line name for Wifi/BT (Phil Elwell) \n- can: xilinx_can: mark bit timing constants as const (Marc Kleine-Budde) \n- KVM: nVMX: Leave most VM-Exit info fields unmodified on failed VM-Entry (Sean Christopherson) \n- PCI: rockchip: Fix find_first_zero_bit() limit (Dan Carpenter) \n- PCI: cadence: Fix find_first_zero_bit() limit (Dan Carpenter) \n- soc: qcom: smsm: Fix missing of_node_put() in smsm_parse_ipc (Miaoqian Lin) \n- soc: qcom: smp2p: Fix missing of_node_put() in smp2p_parse_ipc (Miaoqian Lin) \n- ARM: dts: suniv: F1C100: fix watchdog compatible (Andre Przywara) \n- arm64: dts: rockchip: Move drive-impedance-ohm to emmc phy on rk3399 (Shawn Lin) \n- net/smc: postpone sk_refcnt increment in connect() (liuyacan) \n- rxrpc: Fix decision on when to generate an IDLE ACK (David Howells) \n- rxrpc: Don't let ack.previousPacket regress (David Howells) \n- rxrpc: Fix overlapping ACK accounting (David Howells) \n- rxrpc: Don't try to resend the request if we're receiving the reply (David Howells) \n- rxrpc: Fix listen() setting the bar too high for the prealloc rings (David Howells) \n- NFC: hci: fix sleep in atomic context bugs in nfc_hci_hcp_message_tx (Duoming Zhou) \n- ASoC: wm2000: fix missing clk_disable_unprepare() on error in wm2000_anc_transition() (Yang Yingliang) \n- thermal/drivers/broadcom: Fix potential NULL dereference in sr_thermal_probe (Zheng Yongjun) \n- drm: msm: fix possible memory leak in mdp5_crtc_cursor_set() (Hangyu Hua) \n- drm/msm/a6xx: Fix refcount leak in a6xx_gpu_init (Miaoqian Lin) \n- ext4: reject the 'commit' option on ext2 filesystems (Eric Biggers) \n- media: ov7670: remove ov7670_power_off from ov7670_remove (Dongliang Mu) \n- sctp: read sk->sk_bound_dev_if once in sctp_rcv() (Eric Dumazet) \n- m68k: math-emu: Fix dependencies of math emulation support (Geert Uytterhoeven) \n- Bluetooth: fix dangling sco_conn and use-after-free in sco_sock_timeout (Ying Hsu) \n- media: vsp1: Fix offset calculation for plane cropping (Michael Rodin) \n- media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init (Pavel Skripkin) \n- media: exynos4-is: Change clk_disable to clk_disable_unprepare (Miaoqian Lin) \n- media: st-delta: Fix PM disable depth imbalance in delta_probe (Miaoqian Lin) \n- media: aspeed: Fix an error handling path in aspeed_video_probe() (Christophe JAILLET) \n- scripts/faddr2line: Fix overlapping text section failures (Josh Poimboeuf) \n- regulator: pfuze100: Fix refcount leak in pfuze_parse_regulators_dt (Miaoqian Lin) \n- ASoC: mxs-saif: Fix refcount leak in mxs_saif_probe (Miaoqian Lin) \n- ASoC: fsl: Fix refcount leak in imx_sgtl5000_probe (Miaoqian Lin) \n- perf/amd/ibs: Use interrupt regs ip for stack unwinding (Ravi Bangoria) \n- Revert 'cpufreq: Fix possible race in cpufreq online error path' (Viresh Kumar) \n- iomap: iomap_write_failed fix (Andreas Gruenbacher) \n- media: uvcvideo: Fix missing check to determine if element is found in list (Xiaomeng Tong) \n- drm/msm: return an error pointer in msm_gem_prime_get_sg_table() (Dan Carpenter) \n- drm/msm/mdp5: Return error code in mdp5_mixer_release when deadlock is detected (Jessica Zhang) \n- drm/msm/mdp5: Return error code in mdp5_pipe_release when deadlock is detected (Jessica Zhang) \n- regulator: core: Fix enable_count imbalance with EXCLUSIVE_GET (Zev Weiss) \n- x86/mm: Cleanup the control_va_addr_alignment() __setup handler (Randy Dunlap) \n- irqchip/aspeed-i2c-ic: Fix irq_of_parse_and_map() return value (Krzysztof Kozlowski) \n- irqchip/exiu: Fix acknowledgment of edge triggered interrupts (Daniel Thompson) \n- x86: Fix return value of __setup handlers (Randy Dunlap) \n- virtio_blk: fix the discard_granularity and discard_alignment queue limits (Christoph Hellwig) \n- drm/rockchip: vop: fix possible null-ptr-deref in vop_bind() (Yang Yingliang) \n- drm/msm/hdmi: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- drm/msm/hdmi: check return value after calling platform_get_resource_byname() (Yang Yingliang) \n- drm/msm/dsi: fix error checks and return values for DSI xmit functions (Dmitry Baryshkov) \n- drm/msm/disp/dpu1: set vbif hw config to NULL to avoid use after memory free during pm runtime resume (Vinod Polimera) \n- perf tools: Add missing headers needed by util/data.h (Yang Jihong) \n- ASoC: rk3328: fix disabling mclk on pclk probe failure (Nicolas Frattaroli) \n- x86/speculation: Add missing prototype for unpriv_ebpf_notify() (Josh Poimboeuf) \n- x86/pm: Fix false positive kmemleak report in msr_build_context() (Matthieu Baerts) \n- scsi: ufs: core: Exclude UECxx from SFR dump list (Kiwoong Kim) \n- of: overlay: do not break notify on NOTIFY_{OK|STOP} (Nuno Sa) \n- fsnotify: fix wrong lockdep annotations (Amir Goldstein) \n- inotify: show inotify mask flags in proc fdinfo (Amir Goldstein) \n- ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix (Dan Carpenter) \n- cpufreq: Fix possible race in cpufreq online error path (Schspa Shi) \n- spi: img-spfi: Fix pm_runtime_get_sync() error checking (Zheng Yongjun) \n- sched/fair: Fix cfs_rq_clock_pelt() for throttled cfs_rq (Chengming Zhou) \n- drm/bridge: Fix error handling in analogix_dp_probe (Miaoqian Lin) \n- HID: elan: Fix potential double free in elan_input_configured (Miaoqian Lin) \n- HID: hid-led: fix maximum brightness for Dream Cheeky (Jonathan Teh) \n- drbd: fix duplicate array initializer (Arnd Bergmann) \n- efi: Add missing prototype for efi_capsule_setup_info (Jan Kiszka) \n- NFC: NULL out the dev->rfkill to prevent UAF (Lin Ma) \n- spi: spi-ti-qspi: Fix return value handling of wait_for_completion_timeout (Miaoqian Lin) \n- drm: mali-dp: potential dereference of null pointer (Jiasheng Jiang) \n- drm/komeda: Fix an undefined behavior bug in komeda_plane_add() (Zhou Qingyang) \n- nl80211: show SSID for P2P_GO interfaces (Johannes Berg) \n- bpf: Fix excessive memory allocation in stack_map_alloc() (Yuntao Wang) \n- drm/vc4: txp: Force alpha to be 0xff if it's disabled (Maxime Ripard) \n- drm/vc4: txp: Don't set TXP_VSTART_AT_EOF (Maxime Ripard) \n- drm/mediatek: Fix mtk_cec_mask() (Miles Chen) \n- x86/delay: Fix the wrong asm constraint in delay_loop() (Ammar Faizi) \n- ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe (Miaoqian Lin) \n- ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe (Miaoqian Lin) \n- drm/bridge: adv7511: clean up CEC adapter when probe fails (Lucas Stach) \n- drm/edid: fix invalid EDID extension block filtering (Jani Nikula) \n- ath9k: fix ar9003_get_eepmisc (Wenli Looi) \n- drm: fix EDID struct for old ARM OABI format (Linus Torvalds) \n- RDMA/hfi1: Prevent panic when SDMA is disabled (Douglas Miller) \n- powerpc/iommu: Add missing of_node_put in iommu_init_early_dart (Peng Wu) \n- macintosh/via-pmu: Fix build failure when CONFIG_INPUT is disabled (Finn Thain) \n- powerpc/powernv: fix missing of_node_put in uv_init() (Lv Ruyi) \n- powerpc/xics: fix refcount leak in icp_opal_init() (Lv Ruyi) \n- tracing: incorrect isolate_mote_t cast in mm_vmscan_lru_isolate (Vasily Averin) \n- PCI: Avoid pci_dev_lock() AB/BA deadlock with sriov_numvfs_store() (Yicong Yang) \n- ARM: hisi: Add missing of_node_put after of_find_compatible_node (Peng Wu) \n- ARM: dts: exynos: add atmel,24c128 fallback to Samsung EEPROM (Krzysztof Kozlowski) \n- ARM: versatile: Add missing of_node_put in dcscb_init (Peng Wu) \n- fat: add ratelimit to fat*_ent_bread() (OGAWA Hirofumi) \n- powerpc/fadump: Fix fadump to work with a different endian capture kernel (Hari Bathini) \n- ARM: OMAP1: clock: Fix UART rate reporting algorithm (Janusz Krzysztofik) \n- fs: jfs: fix possible NULL pointer dereference in dbFree() (Zixuan Fu) \n- PM / devfreq: rk3399_dmc: Disable edev on remove() (Brian Norris) \n- ARM: dts: ox820: align interrupt controller node name with dtschema (Krzysztof Kozlowski) \n- IB/rdmavt: add missing locks in rvt_ruc_loopback (Niels Dossche) \n- selftests/bpf: fix btf_dump/btf_dump due to recent clang change (Yonghong Song) \n- eth: tg3: silence the GCC 12 array-bounds warning (Jakub Kicinski) \n- rxrpc: Return an error to sendmsg if call failed (David Howells) \n- hwmon: Make chip parameter for with_info API mandatory (Guenter Roeck) \n- ASoC: max98357a: remove dependency on GPIOLIB (Pierre-Louis Bossart) \n- media: exynos4-is: Fix compile warning (Kwanghoon Son) \n- net: phy: micrel: Allow probing without .driver_data (Fabio Estevam) \n- nbd: Fix hung on disconnect request if socket is closed before (Xie Yongji) \n- ASoC: rt5645: Fix errorenous cleanup order (Lin Ma) \n- nvme-pci: fix a NULL pointer dereference in nvme_alloc_admin_tags (Smith, Kyle Miller (Nimble Kernel)) \n- openrisc: start CPU timer early in boot (Jason A. Donenfeld) \n- media: cec-adap.c: fix is_configuring state (Hans Verkuil) \n- media: coda: limit frame interval enumeration to supported encoder frame sizes (Philipp Zabel) \n- rtlwifi: Use pr_warn instead of WARN_ONCE (Dongliang Mu) \n- ipmi: Fix pr_fmt to avoid compilation issues (Corey Minyard) \n- ipmi:ssif: Check for NULL msg when handling events and messages (Corey Minyard) \n- ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default (Mario Limonciello) \n- dma-debug: change allocation mode from GFP_NOWAIT to GFP_ATIOMIC (Mikulas Patocka) \n- spi: stm32-qspi: Fix wait_cmd timeout in APM mode (Patrice Chotard) \n- s390/preempt: disable __preempt_count_add() optimization for PROFILE_ALL_BRANCHES (Heiko Carstens) \n- ASoC: tscs454: Add endianness flag in snd_soc_component_driver (Charles Keepax) \n- HID: bigben: fix slab-out-of-bounds Write in bigben_probe (Dongliang Mu) \n- drm/amdgpu/ucode: Remove firmware load type check in amdgpu_ucode_free_bo (Alice Wong) \n- mlxsw: spectrum_dcb: Do not warn about priority changes (Petr Machata) \n- ASoC: dapm: Don't fold register value changes into notifications (Mark Brown) \n- net/mlx5: fs, delete the FTE when there are no rules attached to it (Mark Bloch) \n- ipv6: Don't send rs packets to the interface of ARPHRD_TUNNEL (jianghaoran) \n- drm: msm: fix error check return value of irq_of_parse_and_map() (Lv Ruyi) \n- arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall (Alexandru Elisei) \n- drm/amd/pm: fix the compile warning (Evan Quan) \n- drm/plane: Move range check for format_count earlier (Steven Price) \n- scsi: megaraid: Fix error check return value of register_chrdev() (Lv Ruyi) \n- mmc: jz4740: Apply DMA engine limits to maximum segment size (Aidan MacDonald) \n- md/bitmap: don't set sb values if can't pass sanity check (Heming Zhao) \n- media: cx25821: Fix the warning when removing the module (Zheyu Ma) \n- media: pci: cx23885: Fix the error handling in cx23885_initdev() (Zheyu Ma) \n- media: venus: hfi: avoid null dereference in deinit (Luca Weiss) \n- ath9k: fix QCA9561 PA bias level (Thibaut VAReNE) \n- drm/amd/pm: fix double free in si_parse_power_table() (Keita Suzuki) \n- tools/power turbostat: fix ICX DRAM power numbers (Len Brown) \n- spi: spi-rspi: Remove setting {src,dst}_{addr,addr_width} based on DMA direction (Biju Das) \n- ALSA: jack: Access input_dev under mutex (Amadeusz Siawinski) \n- drm/komeda: return early if drm_universal_plane_init() fails. (Liviu Dudau) \n- ACPICA: Avoid cache flush inside virtual machines (Kirill A. Shutemov) \n- fbcon: Consistently protect deferred_takeover with console_lock() (Daniel Vetter) \n- ipv6: fix locking issues with loops over idev->addr_list (Niels Dossche) \n- ipw2x00: Fix potential NULL dereference in libipw_xmit() (Haowen Bai) \n- b43: Fix assigning negative value to unsigned variable (Haowen Bai) \n- b43legacy: Fix assigning negative value to unsigned variable (Haowen Bai) \n- mwifiex: add mutex lock for call in mwifiex_dfs_chan_sw_work_queue (Niels Dossche) \n- drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes (Liu Zixian) \n- btrfs: repair super block num_devices automatically (Qu Wenruo) \n- btrfs: add '0x' prefix for unsupported optional features (Qu Wenruo) \n- ptrace: Reimplement PTRACE_KILL by always sending SIGKILL (Eric W. Biederman) \n- ptrace/xtensa: Replace PT_SINGLESTEP with TIF_SINGLESTEP (Eric W. Biederman) \n- ptrace/um: Replace PT_DTRACE with TIF_SINGLESTEP (Eric W. Biederman) \n- perf/x86/intel: Fix event constraints for ICL (Kan Liang) \n- usb: core: hcd: Add support for deferring roothub registration (Kishon Vijay Abraham I) \n- USB: new quirk for Dell Gen 2 devices (Monish Kumar R) \n- USB: serial: option: add Quectel BG95 modem (Carl Yin) \n- ALSA: hda/realtek - Fix microphone noise on ASUS TUF B550M-PLUS (Marios Levogiannis) \n- binfmt_flat: do not stop relocating GOT entries prematurely on riscv (Niklas Cassel) \n- LTS tag: v5.4.197 (Sherry Yang) \n- bpf: Enlarge offset check value to INT_MAX in bpf_skb_{load,store}_bytes (Liu Jian) \n- NFSD: Fix possible sleep during nfsd4_release_lockowner() (Chuck Lever) \n- NFS: Memory allocation failures are not server fatal errors (Trond Myklebust) \n- docs: submitting-patches: Fix crossref to 'The canonical patch format' (Akira Yokosawa) \n- tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() (Xiu Jianfeng) \n- tpm: Fix buffer access in tpm2_get_tpm_pt() (Stefan Mahnke-Hartmann) \n- HID: multitouch: Add support for Google Whiskers Touchpad (Marek Maslanka) \n- raid5: introduce MD_BROKEN (Mariusz Tkaczyk) \n- dm verity: set DM_TARGET_IMMUTABLE feature flag (Sarthak Kukreti) \n- dm stats: add cond_resched when looping over entries (Mikulas Patocka) \n- dm crypt: make printing of the key constant-time (Mikulas Patocka) \n- dm integrity: fix error code in dm_integrity_ctr() (Dan Carpenter) \n- zsmalloc: fix races between asynchronous zspage free and page migration (Sultan Alsawaf) \n- crypto: ecrdsa - Fix incorrect use of vli_cmp (Vitaly Chikunov) \n- netfilter: conntrack: re-fetch conntrack after insertion (Florian Westphal) \n- exec: Force single empty string when argv is empty (Kees Cook) \n- drm/i915: Fix -Wstringop-overflow warning in call to intel_read_wm_latency() (Gustavo A. R. Silva) \n- cfg80211: set custom regdomain after wiphy registration (Miri Korenblit) \n- i2c: ismt: Provide a DMA buffer for Interrupt Cause Logging (Mika Westerberg) \n- net: ftgmac100: Disable hardware checksum on AST2600 (Joel Stanley) \n- net: af_key: check encryption module availability consistency (Thomas Bartschies) \n- pinctrl: sunxi: fix f1c100s uart2 function (IotaHydrae) \n- ACPI: sysfs: Fix BERT error region memory mapping (Lorenzo Pieralisi) \n- ACPI: sysfs: Make sparse happy about address space in use (Andy Shevchenko) \n- media: vim2m: initialize the media device earlier (Hans Verkuil) \n- media: vim2m: Register video device after setting up internals (Sakari Ailus) \n- secure_seq: use the 64 bits of the siphash for port offset calculation (Willy Tarreau) \n- tcp: change source port randomizarion at connect() time (Eric Dumazet) \n- Input: goodix - fix spurious key release events (Dmitry Mastykin) \n- staging: rtl8723bs: prevent ->Ssid overflow in rtw_wx_set_scan() (Denis Efremov (Oracle)) \n- x86/pci/xen: Disable PCI/MSI[-X] masking for XEN_HVM guests (Thomas Gleixner)\n[5.4.17-2136.310.1]\n- intel_idle: Fix max_cstate for processor models without C-state tables (Chen Yu) [Orabug: 34081688] \n- intel_idle: add core C6 optimization for SPR (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add 'preferred_cstates' module argument (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: add SPR support (Artem Bityutskiy) [Orabug: 34081688] \n- intel_idle: Adjust the SKX C6 parameters if PC6 is disabled (Chen Yu) [Orabug: 34081688] \n- intel_idle: Clean up kerneldoc comments for multiple functions (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add __initdata annotations to init time variables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Relocate definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up definitions of cpuidle callbacks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Simplify LAPIC timer reliability checks (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'states_off' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Introduce 'use_acpi' module parameter (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Clean up irtl_2_usec() (Rafael J. Wysocki) [Orabug: 34081688] \n- Documentation: admin-guide: PM: Add intel_idle document (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move 3 functions closer to their callers (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Annotate initialization code and data structures (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Move and clean up intel_idle_cpuidle_devices_uninit() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Rearrange intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Fold intel_idle_probe() into intel_idle_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Eliminate __setup_broadcast_timer() (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Add module parameter to prevent ACPI _CST from being used (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Allow ACPI _CST to be used for selected known processors (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Allow idle states to be disabled by default (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Use ACPI _CST for processor models without C-state tables (Rafael J. Wysocki) [Orabug: 34081688] \n- intel_idle: Refactor intel_idle_cpuidle_driver_init() (Rafael J. Wysocki) [Orabug: 34081688] \n- cpuidle: Drop disabled field from struct cpuidle_state (Thomas Tai) [Orabug: 34081688] \n- cpuidle: Consolidate disabled state checks (Rafael J. Wysocki) [Orabug: 34081688] \n- Revert 'intel_idle: Use ACPI _CST for processor models without C-state tables' (Thomas Tai) [Orabug: 34081688]", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-08-15T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-21505", "CVE-2022-2153", "CVE-2022-23816", "CVE-2022-2588", "CVE-2022-29901"], "modified": "2022-08-15T00:00:00", "id": "ELSA-2022-9709", "href": "http://linux.oracle.com/errata/ELSA-2022-9709.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-04-11T23:30:28", "description": "[5.4.17-2136.306.1.3]\n- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo Bonzini) [Orabug: 34053807] {CVE-2022-1158}\n[5.4.17-2136.306.1.2]\n- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair) [Orabug: 34045203]\n[5.4.17-2136.306.1.1]\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34035701] {CVE-2022-1016}\n- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34035682]\n[5.4.17-2136.306.1]\n- sr9700: sanity check for packet length (Brian Maly) [Orabug: 33962705] {CVE-2022-26966}\n- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) [Orabug: 33835787] {CVE-2021-22600}\n- KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains (Krish Sadhukhan) [Orabug: 33921125] \n- x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains (Krish Sadhukhan) [Orabug: 33921125] \n- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940519] \n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958154] {CVE-2022-24448}\n- Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug: 33958240] \n- Revert 'btrfs: fix metadata reservation for fallocate that leads to transaction aborts' (Srikanth C S) [Orabug: 33958240] \n- ovl: fix WARN_ON nlink drop to zero (Miklos Szeredi) [Orabug: 33687076] \n- panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33740420] \n- printk: Drop console_sem during panic (Stephen Brennan) [Orabug: 33740420] \n- printk: Avoid livelock with heavy printk during panic (Stephen Brennan) [Orabug: 33740420] \n- printk: disable optimistic spin during panic (Stephen Brennan) [Orabug: 33740420] \n- printk: Add panic_in_progress helper (Stephen Brennan) [Orabug: 33740420] \n- sched: Put vcpu preemption idle check into a SCHED_FEAT. (chris hyser) [Orabug: 33806261] \n- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820776] \n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840432] {CVE-2022-22942}\n- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}\n- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}\n- ACPI: sysfs: copy ACPI data using io memory copying (Colin Ian King) [Orabug: 33876016] \n- Enable CONFIG_DM_DUST and nano for UEK6 (Gulam Mohamed) [Orabug: 33897851] \n- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33900748] \n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910799] \n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}\n- bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33919430] \n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925471] \n- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921736] {CVE-2022-23960}\n- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33941936] {CVE-2021-26401}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33917127] \n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- ovl: fix WARN_ON nlink drop to zero (Miklos Szeredi) [Orabug: 33687076] \n- panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33740420] \n- printk: Drop console_sem during panic (Stephen Brennan) [Orabug: 33740420] \n- printk: Avoid livelock with heavy printk during panic (Stephen Brennan) [Orabug: 33740420] \n- printk: disable optimistic spin during panic (Stephen Brennan) [Orabug: 33740420] \n- printk: Add panic_in_progress helper (Stephen Brennan) [Orabug: 33740420] \n- sched: Put vcpu preemption idle check into a SCHED_FEAT. (chris hyser) [Orabug: 33806261] \n- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820776] \n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840432] {CVE-2022-22942}\n- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}\n- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}\n- ACPI: sysfs: copy ACPI data using io memory copying (Colin Ian King) [Orabug: 33876016] \n- Enable CONFIG_DM_DUST and nano for UEK6 (Gulam Mohamed) [Orabug: 33897851] \n- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33900748] \n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910799] \n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}\n- bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33919430] \n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925471] \n- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921736] \n- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921736] \n- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921736] \n- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921736] \n- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921736] \n- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921736] \n- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921736] \n- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921736] \n- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921736] \n- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921736] \n- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921736] \n- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921736] \n- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921736] \n- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921736] \n- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921736] \n- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921736] \n- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921736] \n- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921736] \n- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921736] \n- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921736] \n- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921736] \n- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921736] \n- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921736] \n- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736] \n- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921736] \n- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921736] \n- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921736] \n- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921736] \n- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921736] \n- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921736] \n- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921736] \n- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921736] \n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33941936] {CVE-2021-26341}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33917127] \n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341}\n- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33941936] {CVE-2021-26341}\n- rds/ib: handle posted ACK during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820760] \n- rds/ib: reap tx completions during connection shutdown (Nagappan Ramasamy Palaniappan) [Orabug: 33820760] \n- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820760]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-22600", "CVE-2021-26341", "CVE-2021-26401", "CVE-2022-0617", "CVE-2022-1016", "CVE-2022-1158", "CVE-2022-22942", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-26966"], "modified": "2022-04-11T00:00:00", "id": "ELSA-2022-9273", "href": "http://linux.oracle.com/errata/ELSA-2022-9273.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-11T23:30:40", "description": "[5.4.17-2136.306.1.3]\n- KVM: x86/mmu: do compare-and-exchange of gPTE via the user address (Paolo\n Bonzini) [Orabug: 34053807] {CVE-2022-1158}\n[5.4.17-2136.306.1.2]\n- Revert 'rds/ib: recover rds connection from stuck rx path' (Rohit Nair)\n [Orabug: 34045203]\n[5.4.17-2136.306.1.1]\n- netfilter: nf_tables: initialize registers in nft_do_chain() (Pablo Neira Ayuso) [Orabug: 34035701] {CVE-2022-1016}\n- exec, elf: ignore invalid note data (Anthony Yznaga) [Orabug: 34035682]\n[5.4.17-2136.306.1]\n- sr9700: sanity check for packet length (Brian Maly) [Orabug: 33962705] {CVE-2022-26966}\n- net/packet: rx_owner_map depends on pg_vec (Willem de Bruijn) [Orabug: 33835787] {CVE-2021-22600}\n- KVM: SVM: Don't flush cache if hardware enforces cache coherency across encryption domains (Krish Sadhukhan) [Orabug: 33921125]\n- x86/mm/pat: Don't flush cache if hardware enforces cache coherency across encryption domnains (Krish Sadhukhan) [Orabug: 33921125]\n- rds/ib: Resize CQ if send-/recv-ring-size are changed (Hans Westgaard Ry) [Orabug: 33940519]\n- NFSv4: Handle case where the lookup of a directory fails (Trond Myklebust) [Orabug: 33958154] {CVE-2022-24448}\n- Revert 'btrfs: inode: refactor the parameters of insert_reserved_file_extent()' (Srikanth C S) [Orabug: 33958240]\n- Revert 'btrfs: fix metadata reservation for fallocate that leads to transaction aborts' (Srikanth C S) [Orabug: 33958240]\n- ovl: fix WARN_ON nlink drop to zero (Miklos Szeredi) [Orabug: 33687076]\n- panic: reinitialize logbuf locks before notifiers (Stephen Brennan) [Orabug: 33740420]\n- printk: Drop console_sem during panic (Stephen Brennan) [Orabug: 33740420]\n- printk: Avoid livelock with heavy printk during panic (Stephen Brennan) [Orabug: 33740420]\n- printk: disable optimistic spin during panic (Stephen Brennan) [Orabug: 33740420]\n- printk: Add panic_in_progress helper (Stephen Brennan) [Orabug: 33740420]\n- sched: Put vcpu preemption idle check into a SCHED_FEAT. (chris hyser) [Orabug: 33806261]\n- rds/ib: recover rds connection from stuck rx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820776]\n- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Mathias Krause) [Orabug: 33840432] {CVE-2022-22942}\n- udf: Restore i_lenAlloc when inode expansion fails (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}\n- udf: Fix NULL ptr deref when converting from inline format (Jan Kara) [Orabug: 33870266] {CVE-2022-0617}\n- ACPI: sysfs: copy ACPI data using io memory copying (Colin Ian King) [Orabug: 33876016]\n- Enable CONFIG_DM_DUST and nano for UEK6 (Gulam Mohamed) [Orabug: 33897851]\n- arm64/efi: remove spurious WARN_ON for !4K kernels (Mark Rutland) [Orabug: 33900748]\n- lib/iov_iter: initialize 'flags' in new pipe_buffer (Max Kellermann) [Orabug: 33910799]\n- ipv4: tcp: send zero IPID in SYNACK messages (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}\n- ipv4: avoid using shared IP generator for connected sockets (Eric Dumazet) [Orabug: 33917056] {CVE-2020-36516}\n- bpf: fix out-of-tree module build (Alan Maguire) [Orabug: 33919430]\n- ACPICA: Enable sleep button on ACPI legacy wake (Anchal Agarwal) [Orabug: 33925471]\n- arm64: Use the clearbhb instruction in mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: add ID_AA64ISAR2_EL1 sys register (Joey Gouly) [Orabug: 33921736] {CVE-2022-23960}\n- KVM: arm64: Allow SMCCC_ARCH_WORKAROUND_3 to be discovered and migrated (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Mitigate spectre style branch history side channels (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- KVM: arm64: Add templates for BHB mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add Cortex-X2 CPU part definition (Anshuman Khandual) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add Neoverse-N2, Cortex-A710 CPU part definition (Suzuki K Poulose) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add part number for Arm Cortex-A77 (Rob Herring) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: proton-pack: Report Spectre-BHB vulnerabilities as part of Spectre-v2 (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: Add percpu vectors for EL1 (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Add macro for reading symbol addresses from the trampoline (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Add vectors that have the bhb mitigation sequences (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Add non-kpti __bp_harden_el1_vectors for mitigations (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Allow the trampoline text to occupy multiple pages (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Make the kpti trampoline's kpti sequence optional (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Move trampoline macros out of ifdef'd section (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Don't assume tramp_vectors is the start of the vectors (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Allow tramp_alias to access symbols after the 4K boundary (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Move the trampoline data page before the text page (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Free up another register on kpti's tramp_exit path (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry: Make the trampoline cleanup optional (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- arm64: entry.S: Add ventry overflow sanity checks (James Morse) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: Add initial retpoline support' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: Add MIDR_APM_POTENZA.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: insn: Add offset getter/setter for adr.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: alternatives: Add support for adr/adrp with offset in alt block.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'BACKPORT: VARIANT 2: arm64: Use alternative framework for retpoline.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'Arm64: add retpoline to cpu_show_spectre_v2' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'arm64: retpoline: Don't use retpoline in KVM's HYP part.' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'uek-rpm: aarch64 config enable RETPOLINE' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- Revert 'uek-rpm: aarch64 config enable RETPOLINE OL8' (Russell King) [Orabug: 33921736] {CVE-2022-23960}\n- x86/speculation: Add knob for eibrs_retpoline_enabled (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Extend our code to properly support eibrs+lfence and eibrs+retpoline (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Update link to AMD speculation whitepaper (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Use generic retpoline by default on AMD (Kim Phillips) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Include unprivileged eBPF status in Spectre v2 mitigation reporting (Josh Poimboeuf) [Orabug: 33941936] {CVE-2021-26401}\n- Documentation/hw-vuln: Update spectre doc (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Add eIBRS + Retpoline options (Peter Zijlstra) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE (Peter Zijlstra (Intel)) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: The choice of retpoline mode is sometimes ignored (Patrick Colp) [Orabug: 33917127]\n- x86/speculation: Merge one test in spectre_v2_user_select_mitigation() (Borislav Petkov) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Update ALTERNATIVEs to (more closely) match upstream (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- x86/speculation: Fix bug in retpoline mode on AMD with (Patrick Colp) [Orabug: 33941936] {CVE-2021-26401}\n- Revert 'BACKPORT: VARIANT 2: arm64: asm: Use *_nospec variants for blr and br.' (Russell King) [Orabug: 33921736]\n- rds/ib: recover rds connection from stuck tx path (Nagappan Ramasamy Palaniappan) [Orabug: 33820760]", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-11T00:00:00", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel-container security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-22600", "CVE-2021-26341", "CVE-2021-26401", "CVE-2022-0617", "CVE-2022-1016", "CVE-2022-1158", "CVE-2022-22942", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-26966"], "modified": "2022-04-11T00:00:00", "id": "ELSA-2022-9274", "href": "http://linux.oracle.com/errata/ELSA-2022-9274.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-03-03T10:37:58", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:8267 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-18T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : kernel (ALSA-2022:8267)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-devel-matched", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-devel-matched", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump", "p-cpe:/a:alma:linux:kernel-zfcpdump-core", "p-cpe:/a:alma:linux:kernel-zfcpdump-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump-devel-matched", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::appstream", "cpe:/o:alma:linux:9::baseos", "cpe:/o:alma:linux:9::crb"], "id": "ALMA_LINUX_ALSA-2022-8267.NASL", "href": "https://www.tenable.com/plugins/nessus/167835", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:8267.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167835);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-3640\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1184\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1679\",\n \"CVE-2022-1852\",\n \"CVE-2022-1998\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-20368\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-21499\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36946\",\n \"CVE-2022-39190\"\n );\n script_xref(name:\"ALSA\", value:\"2022:8267\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"AlmaLinux 9 : kernel (ALSA-2022:8267)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:8267 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A use after free in the Linux kernel File System notify functionality was found in the way user triggers\n copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to\n crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of\n service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-8267.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(192, 200, 212, 267, 290, 362, 392, 401, 415, 416, 459, 476, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::crb\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2021-3640', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1184', 'CVE-2022-1280', 'CVE-2022-1353', 'CVE-2022-1679', 'CVE-2022-1852', 'CVE-2022-1998', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-20368', 'CVE-2022-21123', 'CVE-2022-21125', 'CVE-2022-21166', 'CVE-2022-21499', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-29900', 'CVE-2022-29901', 'CVE-2022-36946', 'CVE-2022-39190');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:8267');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-04T02:56:37", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7933 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n - kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n - kernel: nf_tables disallow binding to already bound chain (CVE-2022-39190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-15T00:00:00", "type": "nessus", "title": "RHEL 9 : kernel-rt (RHSA-2022:7933)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2022-7933.NASL", "href": "https://www.tenable.com/plugins/nessus/167544", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7933. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167544);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-3640\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1184\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1679\",\n \"CVE-2022-1852\",\n \"CVE-2022-1998\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-20368\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-21499\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36946\",\n \"CVE-2022-39190\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7933\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 9 : kernel-rt (RHSA-2022:7933)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7933 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM\n (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image\n (CVE-2022-1184)\n\n - kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n - kernel: nf_tables disallow binding to already bound chain (CVE-2022-39190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-39190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7933\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2052312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2053632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2058395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2059928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2071022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2088021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2089815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2123695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129152\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(192, 200, 212, 267, 290, 362, 392, 401, 415, 416, 459, 476, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2021-3640', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1184', 'CVE-2022-1280', 'CVE-2022-1353', 'CVE-2022-1679', 'CVE-2022-1852', 'CVE-2022-1998', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-20368', 'CVE-2022-21123', 'CVE-2022-21125', 'CVE-2022-21166', 'CVE-2022-21499', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-29900', 'CVE-2022-29901', 'CVE-2022-36946', 'CVE-2022-39190');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7933');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T14:02:51", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8267 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n - kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n - kernel: nf_tables disallow binding to already bound chain (CVE-2022-39190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "RHEL 9 : kernel (RHSA-2022:8267)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:9", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2022-8267.NASL", "href": "https://www.tenable.com/plugins/nessus/167620", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:8267. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167620);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-3640\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1184\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1679\",\n \"CVE-2022-1852\",\n \"CVE-2022-1998\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-20368\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-21499\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36946\",\n \"CVE-2022-39190\"\n );\n script_xref(name:\"RHSA\", value:\"2022:8267\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 9 : kernel (RHSA-2022:8267)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:8267 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM\n (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image\n (CVE-2022-1184)\n\n - kernel: concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources (CVE-2022-1280)\n\n - kernel: kernel info leak issue in pfkey_register (CVE-2022-1353)\n\n - kernel: use-after-free in ath9k_htc_probe_device() could cause an escalation of privileges (CVE-2022-1679)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: fanotify misuses fd_install() which could lead to use-after-free (CVE-2022-1998)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\n - kernel: nf_tables disallow binding to already bound chain (CVE-2022-39190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1280\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1353\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1679\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1998\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-39190\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:8267\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2052312\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2053632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2058395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2059928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066819\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2071022\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2088021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2089815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2123695\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2129152\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(192, 200, 212, 267, 290, 362, 392, 401, 415, 416, 459, 476, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '9')) audit(AUDIT_OS_NOT, 'Red Hat 9.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2021-3640', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1184', 'CVE-2022-1280', 'CVE-2022-1353', 'CVE-2022-1679', 'CVE-2022-1852', 'CVE-2022-1998', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-20368', 'CVE-2022-21123', 'CVE-2022-21125', 'CVE-2022-21166', 'CVE-2022-21499', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-29900', 'CVE-2022-29901', 'CVE-2022-36946', 'CVE-2022-39190');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:8267');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel9/9/aarch64/appstream/debug',\n 'content/dist/rhel9/9/aarch64/appstream/os',\n 'content/dist/rhel9/9/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/baseos/debug',\n 'content/dist/rhel9/9/aarch64/baseos/os',\n 'content/dist/rhel9/9/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/codeready-builder/debug',\n 'content/dist/rhel9/9/aarch64/codeready-builder/os',\n 'content/dist/rhel9/9/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/highavailability/debug',\n 'content/dist/rhel9/9/aarch64/highavailability/os',\n 'content/dist/rhel9/9/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/aarch64/supplementary/debug',\n 'content/dist/rhel9/9/aarch64/supplementary/os',\n 'content/dist/rhel9/9/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/s390x/appstream/debug',\n 'content/dist/rhel9/9/s390x/appstream/os',\n 'content/dist/rhel9/9/s390x/appstream/source/SRPMS',\n 'content/dist/rhel9/9/s390x/baseos/debug',\n 'content/dist/rhel9/9/s390x/baseos/os',\n 'content/dist/rhel9/9/s390x/baseos/source/SRPMS',\n 'content/dist/rhel9/9/s390x/codeready-builder/debug',\n 'content/dist/rhel9/9/s390x/codeready-builder/os',\n 'content/dist/rhel9/9/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/s390x/highavailability/debug',\n 'content/dist/rhel9/9/s390x/highavailability/os',\n 'content/dist/rhel9/9/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/s390x/resilientstorage/debug',\n 'content/dist/rhel9/9/s390x/resilientstorage/os',\n 'content/dist/rhel9/9/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/s390x/sap/debug',\n 'content/dist/rhel9/9/s390x/sap/os',\n 'content/dist/rhel9/9/s390x/sap/source/SRPMS',\n 'content/dist/rhel9/9/s390x/supplementary/debug',\n 'content/dist/rhel9/9/s390x/supplementary/os',\n 'content/dist/rhel9/9/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/appstream/debug',\n 'content/dist/rhel9/9/x86_64/appstream/os',\n 'content/dist/rhel9/9/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/baseos/debug',\n 'content/dist/rhel9/9/x86_64/baseos/os',\n 'content/dist/rhel9/9/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/codeready-builder/debug',\n 'content/dist/rhel9/9/x86_64/codeready-builder/os',\n 'content/dist/rhel9/9/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/highavailability/debug',\n 'content/dist/rhel9/9/x86_64/highavailability/os',\n 'content/dist/rhel9/9/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/nfv/debug',\n 'content/dist/rhel9/9/x86_64/nfv/os',\n 'content/dist/rhel9/9/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/resilientstorage/debug',\n 'content/dist/rhel9/9/x86_64/resilientstorage/os',\n 'content/dist/rhel9/9/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/rt/debug',\n 'content/dist/rhel9/9/x86_64/rt/os',\n 'content/dist/rhel9/9/x86_64/rt/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap-solutions/debug',\n 'content/dist/rhel9/9/x86_64/sap-solutions/os',\n 'content/dist/rhel9/9/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/sap/debug',\n 'content/dist/rhel9/9/x86_64/sap/os',\n 'content/dist/rhel9/9/x86_64/sap/source/SRPMS',\n 'content/dist/rhel9/9/x86_64/supplementary/debug',\n 'content/dist/rhel9/9/x86_64/supplementary/os',\n 'content/dist/rhel9/9/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-matched-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-matched-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-5.14.0-162.6.1.el9_1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-5.14.0-162.6.1.el9_1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-5.14.0-162.6.1.el9_1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-5.14.0-162.6.1.el9_1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T10:36:51", "description": "The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-8267 advisory.\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-22T00:00:00", "type": "nessus", "title": "Oracle Linux 9 : kernel (ELSA-2022-8267)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-12-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:9", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-devel-matched", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-devel-matched", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2022-8267.NASL", "href": "https://www.tenable.com/plugins/nessus/168085", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-8267.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168085);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-3640\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1184\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1679\",\n \"CVE-2022-1852\",\n \"CVE-2022-1998\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-20368\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-21499\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36946\",\n \"CVE-2022-39190\"\n );\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"Oracle Linux 9 : kernel (ELSA-2022-8267)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-8267 advisory.\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of\n service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A use after free in the Linux kernel File System notify functionality was found in the way user triggers\n copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to\n crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-8267.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 9', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['5.14.0-162.6.1.el9_1'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-8267');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '5.14';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-5.14.0'},\n {'reference':'kernel-abi-stablelists-5.14.0-162.6.1.el9_1', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-5.14.0'},\n {'reference':'kernel-core-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-5.14.0'},\n {'reference':'kernel-cross-headers-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-5.14.0'},\n {'reference':'kernel-cross-headers-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-5.14.0'},\n {'reference':'kernel-debug-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-5.14.0'},\n {'reference':'kernel-debug-core-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-5.14.0'},\n {'reference':'kernel-debug-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-5.14.0'},\n {'reference':'kernel-debug-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-matched-5.14.0'},\n {'reference':'kernel-debug-modules-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-5.14.0'},\n {'reference':'kernel-debug-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-5.14.0'},\n {'reference':'kernel-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-5.14.0'},\n {'reference':'kernel-devel-matched-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-matched-5.14.0'},\n {'reference':'kernel-headers-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-5.14.0'},\n {'reference':'kernel-headers-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-5.14.0'},\n {'reference':'kernel-modules-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-5.14.0'},\n {'reference':'kernel-modules-extra-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-5.14.0'},\n {'reference':'kernel-tools-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-5.14.0'},\n {'reference':'kernel-tools-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-5.14.0'},\n {'reference':'kernel-tools-libs-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-5.14.0'},\n {'reference':'kernel-tools-libs-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-5.14.0'},\n {'reference':'kernel-tools-libs-devel-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-5.14.0'},\n {'reference':'kernel-tools-libs-devel-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-5.14.0'},\n {'reference':'perf-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.14.0-162.6.1.el9_1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.14.0-162.6.1.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T14:02:50", "description": "The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7933 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. (CVE-2022-1353)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-19T00:00:00", "type": "nessus", "title": "AlmaLinux 9 : kernel-rt (ALSA-2022:7933)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1184", "CVE-2022-1280", "CVE-2022-1353", "CVE-2022-1679", "CVE-2022-1852", "CVE-2022-1998", "CVE-2022-20368", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-21499", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-29581", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-36946", "CVE-2022-39190"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:kernel-rt", "p-cpe:/a:alma:linux:kernel-rt-core", "p-cpe:/a:alma:linux:kernel-rt-debug", "p-cpe:/a:alma:linux:kernel-rt-debug-core", "p-cpe:/a:alma:linux:kernel-rt-debug-devel", "p-cpe:/a:alma:linux:kernel-rt-debug-kvm", "p-cpe:/a:alma:linux:kernel-rt-debug-modules", "p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-rt-devel", "p-cpe:/a:alma:linux:kernel-rt-kvm", "p-cpe:/a:alma:linux:kernel-rt-modules", "p-cpe:/a:alma:linux:kernel-rt-modules-extra", "cpe:/o:alma:linux:9", "cpe:/o:alma:linux:9::nfv", "cpe:/o:alma:linux:9::realtime"], "id": "ALMA_LINUX_ALSA-2022-7933.NASL", "href": "https://www.tenable.com/plugins/nessus/167989", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7933.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167989);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2021-3640\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1184\",\n \"CVE-2022-1280\",\n \"CVE-2022-1353\",\n \"CVE-2022-1679\",\n \"CVE-2022-1852\",\n \"CVE-2022-1998\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-20368\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-21499\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-36946\",\n \"CVE-2022-39190\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7933\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"AlmaLinux 9 : kernel-rt (ALSA-2022:7933)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7933 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux\n kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of\n service (DoS) or a kernel information leak. (CVE-2022-1280)\n\n - A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This\n flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a\n leak of internal kernel information. (CVE-2022-1353)\n\n - A use-after-free flaw was found in the Linux kernel's Atheros wireless adapter driver in the way a user\n forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local\n user to crash or potentially escalate their privileges on the system. (CVE-2022-1679)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A use after free in the Linux kernel File System notify functionality was found in the way user triggers\n copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to\n crash the system or potentially escalate their privileges on the system. (CVE-2022-1998)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated\n user to potentially enable information disclosure via local access. (CVE-2022-21123)\n\n - Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21125)\n\n - Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an\n authenticated user to potentially enable information disclosure via local access. (CVE-2022-21166)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - AMD: CVE-2022-23816 AMD CPU Branch Type Confusion (CVE-2022-23816)\n\n - Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially\n leading to information disclosure. (CVE-2022-23825)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution\n under certain microarchitecture-dependent conditions. (CVE-2022-29900)\n\n - Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their\n retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can\n hijack return instructions to achieve arbitrary speculative code execution under certain\n microarchitecture-dependent conditions. (CVE-2022-29901)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of\n service can occur upon binding to an already bound chain. (CVE-2022-39190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/9/ALSA-2022-7933.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(192, 200, 212, 267, 290, 362, 392, 401, 415, 416, 459, 476, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:9::realtime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^9([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2021-3640', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1184', 'CVE-2022-1280', 'CVE-2022-1353', 'CVE-2022-1679', 'CVE-2022-1852', 'CVE-2022-1998', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-20368', 'CVE-2022-21123', 'CVE-2022-21125', 'CVE-2022-21166', 'CVE-2022-21499', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-29900', 'CVE-2022-29901', 'CVE-2022-36946', 'CVE-2022-39190');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7933');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-rt-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-5.14.0-162.6.1.rt21.168.el9_1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T14:04:03", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7444 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. (CVE-2022-27950)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-12T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel-rt (ALSA-2022:7444)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:kernel-rt", "p-cpe:/a:alma:linux:kernel-rt-core", "p-cpe:/a:alma:linux:kernel-rt-debug", "p-cpe:/a:alma:linux:kernel-rt-debug-core", "p-cpe:/a:alma:linux:kernel-rt-debug-devel", "p-cpe:/a:alma:linux:kernel-rt-debug-kvm", "p-cpe:/a:alma:linux:kernel-rt-debug-modules", "p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-rt-devel", "p-cpe:/a:alma:linux:kernel-rt-kvm", "p-cpe:/a:alma:linux:kernel-rt-modules", "p-cpe:/a:alma:linux:kernel-rt-modules-extra", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::nfv", "cpe:/o:alma:linux:8::realtime"], "id": "ALMA_LINUX_ALSA-2022-7444.NASL", "href": "https://www.tenable.com/plugins/nessus/167311", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7444.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167311);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7444\");\n\n script_name(english:\"AlmaLinux 8 : kernel-rt (ALSA-2022:7444)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7444 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is\n disabled by default, it could allow an attacker to crash the system or have other memory-corruption side\n effects. (CVE-2022-2938)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse\n error condition. (CVE-2022-27950)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7444.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(120, 192, 200, 267, 290, 362, 401, 415, 416, 476, 772, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::realtime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2020-36558', 'CVE-2021-3640', 'CVE-2021-30002', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1055', 'CVE-2022-1184', 'CVE-2022-1852', 'CVE-2022-2078', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-2938', 'CVE-2022-20368', 'CVE-2022-21499', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-27950', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7444');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'kernel-rt-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T07:10:38", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7444 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n - kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-08T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel-rt (RHSA-2022:7444)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:kernel-rt", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra"], "id": "REDHAT-RHSA-2022-7444.NASL", "href": "https://www.tenable.com/plugins/nessus/167095", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7444. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167095);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7444\");\n\n script_name(english:\"RHEL 8 : kernel-rt (RHSA-2022:7444)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7444 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer\n dereference (CVE-2020-36558)\n\n - kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c\n (CVE-2021-30002)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM\n (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image\n (CVE-2022-1184)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2053632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2058395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2059928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2088021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2089815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2096178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2112693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2120175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2123695\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(120, 192, 200, 267, 290, 362, 401, 415, 416, 476, 772, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-rt-modules-extra\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2020-36558', 'CVE-2021-3640', 'CVE-2021-30002', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1055', 'CVE-2022-1184', 'CVE-2022-1852', 'CVE-2022-2078', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-2938', 'CVE-2022-20368', 'CVE-2022-21499', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-27950', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7444');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'kernel-rt-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-core-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-core-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-devel-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-kvm-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-debug-modules-extra-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-devel-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-kvm-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-rt-modules-extra-4.18.0-425.3.1.rt7.213.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kernel-rt / kernel-rt-core / kernel-rt-debug / kernel-rt-debug-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-04T02:55:48", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7683 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer dereference (CVE-2020-36558)\n\n - kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c (CVE-2021-30002)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image (CVE-2022-1184)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - hw: cpu: arm64: Spectre-BHB (CVE-2022-23960)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-09T00:00:00", "type": "nessus", "title": "RHEL 8 : kernel (RHSA-2022:7683)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2022-7683.NASL", "href": "https://www.tenable.com/plugins/nessus/167155", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:7683. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167155);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"RHSA\", value:\"2022:7683\");\n\n script_name(english:\"RHEL 8 : kernel (RHSA-2022:7683)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:7683 advisory.\n\n - kernel: off-path attacker may inject data or terminate victim's TCP session (CVE-2020-36516)\n\n - kernel: race condition in VT_RESIZEX ioctl when vc_cons[i].d is already NULL leading to NULL pointer\n dereference (CVE-2020-36558)\n\n - kernel: memory leak for large arguments in video_usercopy function in drivers/media/v4l2-core/v4l2-ioctl.c\n (CVE-2021-30002)\n\n - kernel: use-after-free vulnerability in function sco_sock_sendmsg() (CVE-2021-3640)\n\n - kernel: smb2_ioctl_query_info NULL pointer dereference (CVE-2022-0168)\n\n - kernel: NULL pointer dereference in udf_expand_file_adinicbdue() during writeback (CVE-2022-0617)\n\n - kernel: swiotlb information leak with DMA_FROM_DEVICE (CVE-2022-0854)\n\n - kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM\n (CVE-2022-1016)\n\n - kernel: race condition in snd_pcm_hw_free leading to use-after-free (CVE-2022-1048)\n\n - kernel: use-after-free in tc_new_tfilter() in net/sched/cls_api.c (CVE-2022-1055)\n\n - kernel: use-after-free and memory errors in ext4 when mounting and operating on a corrupted image\n (CVE-2022-1184)\n\n - kernel: NULL pointer dereference in x86_emulate_insn may lead to DoS (CVE-2022-1852)\n\n - kernel: net/packet: slab-out-of-bounds access in packet_recvmsg() (CVE-2022-20368)\n\n - kernel: buffer overflow in nft_set_desc_concat_parse() (CVE-2022-2078)\n\n - kernel: possible to use the debugger to write zero into a location of choice (CVE-2022-21499)\n\n - hw: cpu: arm64: Spectre-BHB (CVE-2022-23960)\n\n - kernel: nfs_atomic_open() returns uninitialized data instead of ENOTDIR (CVE-2022-24448)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: memory leak in drivers/hid/hid-elo.c (CVE-2022-27950)\n\n - kernel: double free in ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c (CVE-2022-28390)\n\n - kernel: use after free in SUNRPC subsystem (CVE-2022-28893)\n\n - kernel: use-after-free when psi trigger is destroyed while being polled (CVE-2022-2938)\n\n - kernel: use-after-free due to improper update of reference count in net/sched/cls_u32.c (CVE-2022-29581)\n\n - kernel: DoS in nfqnl_mangle in net/netfilter/nfnetlink_queue.c (CVE-2022-36946)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36516\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-36558\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3640\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-30002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0168\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-0854\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1016\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1184\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1852\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2078\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2586\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2938\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-20368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21499\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23960\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-24448\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-27950\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-28893\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29581\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-36946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:7683\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1946279\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1980646\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2037386\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2051444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2053632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2058395\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2059928\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2062284\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066614\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2066706\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070205\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2070220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2073064\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2074208\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084183\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2088021\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2089815\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2096178\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2112693\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2114878\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115278\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2120175\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2123695\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(120, 192, 200, 267, 290, 362, 401, 415, 416, 476, 772, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2020-36558', 'CVE-2021-3640', 'CVE-2021-30002', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1055', 'CVE-2022-1184', 'CVE-2022-1852', 'CVE-2022-2078', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-2938', 'CVE-2022-20368', 'CVE-2022-21499', 'CVE-2022-23960', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-27950', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:7683');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-425.3.1.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-03T22:37:54", "description": "The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2022:7683 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. (CVE-2022-27950)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-14T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : kernel (ALSA-2022:7683)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:alma:linux:bpftool", "p-cpe:/a:alma:linux:kernel", "p-cpe:/a:alma:linux:kernel-abi-stablelists", "p-cpe:/a:alma:linux:kernel-core", "p-cpe:/a:alma:linux:kernel-cross-headers", "p-cpe:/a:alma:linux:kernel-debug", "p-cpe:/a:alma:linux:kernel-debug-core", "p-cpe:/a:alma:linux:kernel-debug-devel", "p-cpe:/a:alma:linux:kernel-debug-modules", "p-cpe:/a:alma:linux:kernel-debug-modules-extra", "p-cpe:/a:alma:linux:kernel-devel", "p-cpe:/a:alma:linux:kernel-headers", "p-cpe:/a:alma:linux:kernel-modules", "p-cpe:/a:alma:linux:kernel-modules-extra", "p-cpe:/a:alma:linux:kernel-tools", "p-cpe:/a:alma:linux:kernel-tools-libs", "p-cpe:/a:alma:linux:kernel-tools-libs-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump", "p-cpe:/a:alma:linux:kernel-zfcpdump-core", "p-cpe:/a:alma:linux:kernel-zfcpdump-devel", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules", "p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:alma:linux:perf", "p-cpe:/a:alma:linux:python3-perf", "cpe:/o:alma:linux:8", "cpe:/o:alma:linux:8::baseos", "cpe:/o:alma:linux:8::powertools"], "id": "ALMA_LINUX_ALSA-2022-7683.NASL", "href": "https://www.tenable.com/plugins/nessus/167447", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:7683.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167447);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n script_xref(name:\"ALSA\", value:\"2022:7683\");\n\n script_name(english:\"AlmaLinux 8 : kernel (ALSA-2022:7683)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nALSA-2022:7683 advisory.\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is\n disabled by default, it could allow an attacker to crash the system or have other memory-corruption side\n effects. (CVE-2022-2938)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse\n error condition. (CVE-2022-27950)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-7683.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(120, 192, 200, 267, 290, 362, 401, 415, 416, 476, 772, 787, 824, 908);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8::powertools\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2020-36516', 'CVE-2020-36558', 'CVE-2021-3640', 'CVE-2021-30002', 'CVE-2022-0168', 'CVE-2022-0617', 'CVE-2022-0854', 'CVE-2022-1016', 'CVE-2022-1048', 'CVE-2022-1055', 'CVE-2022-1184', 'CVE-2022-1852', 'CVE-2022-2078', 'CVE-2022-2586', 'CVE-2022-2639', 'CVE-2022-2938', 'CVE-2022-20368', 'CVE-2022-21499', 'CVE-2022-23960', 'CVE-2022-24448', 'CVE-2022-26373', 'CVE-2022-27950', 'CVE-2022-28390', 'CVE-2022-28893', 'CVE-2022-29581', 'CVE-2022-36946');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ALSA-2022:7683');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\nvar pkgs = [\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-02T22:41:01", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-7683 advisory.\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. (CVE-2022-23960)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session or terminate that session. (CVE-2020-36516)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel (CVE-2022-20368)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse error condition. (CVE-2022-27950)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state. (CVE-2022-28893)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. (CVE-2022-2938)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-1048)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub- component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14 and later versions. (CVE-2022-29581)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer dereference and general protection fault. (CVE-2020-36558)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation (CVE-2022-2586)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and possibly to run code. (CVE-2022-2078)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. (CVE-2022-24448)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU. (CVE-2022-1852)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-16T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : kernel (ELSA-2022-7683)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-36516", "CVE-2020-36558", "CVE-2021-30002", "CVE-2021-3640", "CVE-2022-0168", "CVE-2022-0617", "CVE-2022-0854", "CVE-2022-1016", "CVE-2022-1048", "CVE-2022-1055", "CVE-2022-1184", "CVE-2022-1852", "CVE-2022-20368", "CVE-2022-2078", "CVE-2022-21499", "CVE-2022-23960", "CVE-2022-24448", "CVE-2022-2586", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-27950", "CVE-2022-28390", "CVE-2022-28893", "CVE-2022-2938", "CVE-2022-29581", "CVE-2022-36946"], "modified": "2022-12-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:bpftool", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-abi-stablelists", "p-cpe:/a:oracle:linux:kernel-core", "p-cpe:/a:oracle:linux:kernel-cross-headers", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-debug-core", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-debug-modules", "p-cpe:/a:oracle:linux:kernel-debug-modules-extra", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-modules", "p-cpe:/a:oracle:linux:kernel-modules-extra", "p-cpe:/a:oracle:linux:kernel-tools", "p-cpe:/a:oracle:linux:kernel-tools-libs", "p-cpe:/a:oracle:linux:kernel-tools-libs-devel", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:python3-perf"], "id": "ORACLELINUX_ELSA-2022-7683.NASL", "href": "https://www.tenable.com/plugins/nessus/167577", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-7683.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167577);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\n \"CVE-2020-36516\",\n \"CVE-2020-36558\",\n \"CVE-2021-3640\",\n \"CVE-2021-30002\",\n \"CVE-2022-0168\",\n \"CVE-2022-0617\",\n \"CVE-2022-0854\",\n \"CVE-2022-1016\",\n \"CVE-2022-1048\",\n \"CVE-2022-1055\",\n \"CVE-2022-1184\",\n \"CVE-2022-1852\",\n \"CVE-2022-2078\",\n \"CVE-2022-2586\",\n \"CVE-2022-2639\",\n \"CVE-2022-2938\",\n \"CVE-2022-20368\",\n \"CVE-2022-21499\",\n \"CVE-2022-23960\",\n \"CVE-2022-24448\",\n \"CVE-2022-26373\",\n \"CVE-2022-27950\",\n \"CVE-2022-28390\",\n \"CVE-2022-28893\",\n \"CVE-2022-29581\",\n \"CVE-2022-36946\"\n );\n\n script_name(english:\"Oracle Linux 8 : kernel (ELSA-2022-7683)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2022-7683 advisory.\n\n - Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation,\n aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to\n influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive\n information. (CVE-2022-23960)\n\n - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the\n hash-based IPID assignment policy allows an off-path attacker to inject data into a victim's TCP session\n or terminate that session. (CVE-2020-36516)\n\n - A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a\n use-after-free. This issue needs to handle 'return' with proper preconditions, as it can lead to a kernel\n information leak problem caused by a local, unprivileged attacker. (CVE-2022-1016)\n\n - An issue was discovered in the Linux kernel before 5.11.3 when a webcam device exists. video_usercopy in\n drivers/media/v4l2-core/v4l2-ioctl.c has a memory leak for large arguments, aka CID-fb18802a338b.\n (CVE-2021-30002)\n\n - Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow\n an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373)\n\n - A denial of service (DOS) issue was found in the Linux kernel's smb2_ioctl_query_info function in the\n fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user\n function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system.\n (CVE-2022-0168)\n\n - A memory leak flaw was found in the Linux kernel's DMA subsystem, in the way a user calls DMA_FROM_DEVICE.\n This flaw allows a local user to read random memory from the kernel space. (CVE-2022-0854)\n\n - Product: AndroidVersions: Android kernelAndroid ID: A-224546354References: Upstream kernel\n (CVE-2022-20368)\n\n - In drivers/hid/hid-elo.c in the Linux kernel before 5.16.11, a memory leak exists for a certain hid_parse\n error condition. (CVE-2022-27950)\n\n - The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets\n are in the intended state. (CVE-2022-28893)\n\n - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is\n disabled by default, it could allow an attacker to crash the system or have other memory-corruption side\n effects. (CVE-2022-2938)\n\n - nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote\n attackers to cause a denial of service (panic) because, in the case of an nf_queue verdict with a one-byte\n nfta_payload attribute, an skb_pull can encounter a negative skb->len. (CVE-2022-36946)\n\n - A use-after-free flaw was found in the Linux kernel's sound subsystem in the way a user triggers\n concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM\n for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the\n system. (CVE-2022-1048)\n\n - ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.\n (CVE-2022-28390)\n\n - A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the\n way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del()\n together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A\n privileged local user could use this flaw to crash the system or escalate their privileges on the system.\n (CVE-2021-3640)\n\n - A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel's filesystem sub-\n component. This flaw allows a local attacker with a user privilege to cause a denial of service.\n (CVE-2022-1184)\n\n - An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of\n actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size()\n function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This\n flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639)\n\n - Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local attacker to\n cause privilege escalation to root. This issue affects: Linux Kernel versions prior to 5.18; version 4.14\n and later versions. (CVE-2022-29581)\n\n - A race condition in the Linux kernel before 5.5.7 involving VT_RESIZEX could lead to a NULL pointer\n dereference and general protection fault. (CVE-2020-36558)\n\n - kernel: nf_tables cross-table potential use-after-free may lead to local privilege escalation\n (CVE-2022-2586)\n\n - A vulnerability was found in the Linux kernel's nft_set_desc_concat_parse() function .This flaw allows an\n attacker to trigger a buffer overflow via nft_set_desc_concat_parse() , causing a denial of service and\n possibly to run code. (CVE-2022-2078)\n\n - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way\n user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw\n to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)\n\n - An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the\n O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a\n regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file\n descriptor. (CVE-2022-24448)\n\n - A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain\n privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past\n commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 (CVE-2022-1055)\n\n - KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown.\n An attacker with access to a serial port could trigger the debugger so it is important that the debugger\n respect the lockdown mode when/if it is triggered. (CVE-2022-21499)\n\n - A NULL pointer dereference flaw was found in the Linux kernel's KVM module, which can lead to a denial of\n service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal\n instruction in guest in the Intel CPU. (CVE-2022-1852)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-7683.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29581\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/04/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-perf\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"linux_alt_patch_detect.nasl\", \"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('ksplice.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');\nif (machine_uptrack_level)\n{\n var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:\"\\.(x86_64|i[3-6]86|aarch64)$\", replace:'');\n var fixed_uptrack_levels = ['4.18.0-425.3.1.el8'];\n foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {\n if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2022-7683');\n }\n }\n __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\\n\\n';\n}\n\nvar kernel_major_minor = get_kb_item('Host/uname/major_minor');\nif (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');\nvar expected_kernel_major_minor = '4.18';\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);\n\nvar pkgs = [\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'bpftool-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-4.18.0'},\n {'reference':'kernel-abi-stablelists-4.18.0-425.3.1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-abi-stablelists-4.18.0'},\n {'reference':'kernel-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-core-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-cross-headers-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-cross-headers-4.18.0'},\n {'reference':'kernel-debug-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-4.18.0'},\n {'reference':'kernel-debug-core-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-core-4.18.0'},\n {'reference':'kernel-debug-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-devel-4.18.0'},\n {'reference':'kernel-debug-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-4.18.0'},\n {'reference':'kernel-debug-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-debug-modules-extra-4.18.0'},\n {'reference':'kernel-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-devel-4.18.0'},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-headers-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-headers-4.18.0'},\n {'reference':'kernel-modules-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-4.18.0'},\n {'reference':'kernel-modules-extra-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-modules-extra-4.18.0'},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'kernel-tools-libs-devel-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-tools-libs-devel-4.18.0'},\n {'reference':'perf-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-4.18.0-425.3.1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / etc');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-28T17:13:27", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8973 advisory.\n\n - kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n - kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-12-13T00:00:00", "type": "nessus", "title": "RHEL 9 : kernel (RHSA-2022:8973)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-1158", "CVE-2022-21123", "CVE-2022-21125", "CVE-2022-21166", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-26373", "CVE-2022-2639", "CVE-2022-2959", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-43945"], "modified": "2023-02-02T00:00:00", "cpe": ["cpe:/o:redhat:rhel_e4s:9.0", "cpe:/o:redhat:rhel_eus:9.0", "p-cpe:/a:redhat:enterprise_linux:bpftool", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists", "p-cpe:/a:redhat:enterprise_linux:kernel-core", "p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-core", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra", "p-cpe:/a:redhat:enterprise_linux:kernel-tools", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs", "p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules", "p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:python3-perf"], "id": "REDHAT-RHSA-2022-8973.NASL", "href": "https://www.tenable.com/plugins/nessus/168713", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:8973. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168713);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/02\");\n\n script_cve_id(\n \"CVE-2022-1158\",\n \"CVE-2022-2639\",\n \"CVE-2022-2959\",\n \"CVE-2022-21123\",\n \"CVE-2022-21125\",\n \"CVE-2022-21166\",\n \"CVE-2022-23816\",\n \"CVE-2022-23825\",\n \"CVE-2022-26373\",\n \"CVE-2022-29900\",\n \"CVE-2022-29901\",\n \"CVE-2022-43945\"\n );\n script_xref(name:\"RHSA\", value:\"2022:8973\");\n script_xref(name:\"CEA-ID\", value:\"CEA-2022-0026\");\n\n script_name(english:\"RHEL 9 : kernel (RHSA-2022:8973)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2022:8973 advisory.\n\n - kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions\n (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n - kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-1158\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2639\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-2959\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21123\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21125\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-21166\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23816\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-23825\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-26373\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29900\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-29901\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2022-43945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:8973\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2069793\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2084479\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090226\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090237\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090240\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2090241\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103153\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2103681\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2115065\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2141752\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-29900\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2022-2639\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(192, 200, 416, 459, 667, 770, 787);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/06/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:bpftool\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-stablelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-cross-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-tools-libs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-devel-matched\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-zfcpdump-modules-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-perf\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\ninclude('ksplice.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '9.0')) audit(AUDIT_OS_NOT, 'Red Hat 9.0', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nif (get_one_kb_item('Host/ksplice/kernel-cves'))\n{\n rm_kb_item(name:'Host/uptrack-uname-r');\n var cve_list = make_list('CVE-2022-1158', 'CVE-2022-2639', 'CVE-2022-2959', 'CVE-2022-21123', 'CVE-2022-21125', 'CVE-2022-21166', 'CVE-2022-23816', 'CVE-2022-23825', 'CVE-2022-26373', 'CVE-2022-29900', 'CVE-2022-29901', 'CVE-2022-43945');\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for RHSA-2022:8973');\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/e4s/rhel9/9.0/aarch64/appstream/debug',\n 'content/e4s/rhel9/9.0/aarch64/appstream/os',\n 'content/e4s/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/baseos/debug',\n 'content/e4s/rhel9/9.0/aarch64/baseos/os',\n 'content/e4s/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/debug',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/os',\n 'content/e4s/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/appstream/debug',\n 'content/e4s/rhel9/9.0/s390x/appstream/os',\n 'content/e4s/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/baseos/debug',\n 'content/e4s/rhel9/9.0/s390x/baseos/os',\n 'content/e4s/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/highavailability/debug',\n 'content/e4s/rhel9/9.0/s390x/highavailability/os',\n 'content/e4s/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/os',\n 'content/e4s/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/s390x/sap/debug',\n 'content/e4s/rhel9/9.0/s390x/sap/os',\n 'content/e4s/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/appstream/debug',\n 'content/e4s/rhel9/9.0/x86_64/appstream/os',\n 'content/e4s/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/baseos/debug',\n 'content/e4s/rhel9/9.0/x86_64/baseos/os',\n 'content/e4s/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/debug',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/os',\n 'content/e4s/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/nfv/debug',\n 'content/e4s/rhel9/9.0/x86_64/nfv/os',\n 'content/e4s/rhel9/9.0/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/e4s/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/rt/debug',\n 'content/e4s/rhel9/9.0/x86_64/rt/os',\n 'content/e4s/rhel9/9.0/x86_64/rt/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/e4s/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel9/9.0/x86_64/sap/debug',\n 'content/e4s/rhel9/9.0/x86_64/sap/os',\n 'content/e4s/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/appstream/debug',\n 'content/eus/rhel9/9.0/aarch64/appstream/os',\n 'content/eus/rhel9/9.0/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/baseos/debug',\n 'content/eus/rhel9/9.0/aarch64/baseos/os',\n 'content/eus/rhel9/9.0/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/os',\n 'content/eus/rhel9/9.0/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/highavailability/debug',\n 'content/eus/rhel9/9.0/aarch64/highavailability/os',\n 'content/eus/rhel9/9.0/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/aarch64/supplementary/debug',\n 'content/eus/rhel9/9.0/aarch64/supplementary/os',\n 'content/eus/rhel9/9.0/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/appstream/debug',\n 'content/eus/rhel9/9.0/s390x/appstream/os',\n 'content/eus/rhel9/9.0/s390x/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/baseos/debug',\n 'content/eus/rhel9/9.0/s390x/baseos/os',\n 'content/eus/rhel9/9.0/s390x/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/debug',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/os',\n 'content/eus/rhel9/9.0/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/highavailability/debug',\n 'content/eus/rhel9/9.0/s390x/highavailability/os',\n 'content/eus/rhel9/9.0/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/debug',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/os',\n 'content/eus/rhel9/9.0/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/sap/debug',\n 'content/eus/rhel9/9.0/s390x/sap/os',\n 'content/eus/rhel9/9.0/s390x/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/s390x/supplementary/debug',\n 'content/eus/rhel9/9.0/s390x/supplementary/os',\n 'content/eus/rhel9/9.0/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/appstream/debug',\n 'content/eus/rhel9/9.0/x86_64/appstream/os',\n 'content/eus/rhel9/9.0/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/baseos/debug',\n 'content/eus/rhel9/9.0/x86_64/baseos/os',\n 'content/eus/rhel9/9.0/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/debug',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/os',\n 'content/eus/rhel9/9.0/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/highavailability/debug',\n 'content/eus/rhel9/9.0/x86_64/highavailability/os',\n 'content/eus/rhel9/9.0/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/debug',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/os',\n 'content/eus/rhel9/9.0/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/debug',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/os',\n 'content/eus/rhel9/9.0/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/sap/debug',\n 'content/eus/rhel9/9.0/x86_64/sap/os',\n 'content/eus/rhel9/9.0/x86_64/sap/source/SRPMS',\n 'content/eus/rhel9/9.0/x86_64/supplementary/debug',\n 'content/eus/rhel9/9.0/x86_64/supplementary/os',\n 'content/eus/rhel9/9.0/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'bpftool-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-abi-stablelists-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-core-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-cross-headers-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-core-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-devel-matched-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-debug-modules-extra-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-devel-matched-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-headers-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-modules-extra-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-5.14.0-70.36.1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-5.14.0-70.36.1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-5.14.0-70.36.1.el9_0', 'sp':'0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-tools-libs-devel-5.14.0-70.36.1.el9_0', 'sp':'0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-5.14.0-70.36.1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-core-5.14.0-70.36.1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-5.14.0-70.36.1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-devel-matched-5.14.0-70.36.1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-5.14.0-70.36.1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'kernel-zfcpdump-modules-extra-5.14.0-70.36.1.el9_0', 'sp':'0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'perf-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-perf-5.14.0-70.36.1.el9_0', 'sp':'0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bpftool / kernel / kernel-abi-stablelists / kernel-core / etc');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-02-28T18:38:13", "description": "The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:8974 advisory.\n\n - kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)\n\n - hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123)\n\n - hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125)\n\n - hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166)\n\n - CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816)\n\n - hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825)\n\n - hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373)\n\n - kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)\n\n - kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)\n\n - CVE-2022-23816 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29900)\n\n - hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901)\n\n - kernel: nfsd buffer overflow by RPC message o
(RHSA-2022:7933) Moderate: kernel-rt security and bug fix update
