EUVD-2022-54622

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...

EUVD-2023-12148

Malicious code in bioql PyPI...

CVE-2022-49610

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...

CVE-2022-49610

In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Prevent RSB underflow before vmenter On VMX, there are some balanced returns between the time the guest's SPECCTRL value is written, and the vmenter. Balanced returns matched by a preceding call are usually ok, but it's...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.323.8.el7 - vhost-scsi: Fix alignment handling with windows Mike Christie Orabug: 35769318 - Revert 'vhost/scsi: support non zerocopy iovecs' Rajan Shanmugavelu Orabug: 35769318 5.4.17-2136.323.7.el7 - x86: change default to specstorebypassdisable=prctl spectrev2user=prctl Andrea...

CVE-2023-0045

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ibprctlset function updates the Thread Information Flags TIFs for the task and updates the SPECCTRL MSR on the function speculationctrlupdate, but the IBPB is only issued on the next...

CVE-2023-0045

The CVE-2023-0045 entry concerns the Linux kernel Spectre v2 mitigation for prctl-based task toggling. The underlying issue is that IBPB is not issued immediately during the prctl syscall; ib_prctl_set updates TIFs and SPEC_CTRL MSR, but IBPB is only emitted on the next schedule after TIF checks....

Unbreakable Enterprise kernel-container security update

5.15.0-0.30.20 - floppy: use a statically allocated error counter Willy Tarreau Orabug: 34218638 CVE-2022-1652 - x86: Disable RET on kexec Konrad Rzeszutek Wilk Orabug: 34335631 CVE-2022-23816 CVE-2022-29901 - x86/bugs: do not enable IBPB-on-entry when IBPB is not supported Thadeu Lima de Souza...

kernel security and bug fix update

2.6.32-754.24.2.OL6 - Update genkey bug 25599697 2.6.32-754.24.2 - documentation Documentation: Add ITLBMULTIHIT documentation Paolo Bonzini 1692385 CVE-2018-12207 - kvm KVM: introduce nohugepages module parameter Paolo Bonzini 1692385 CVE-2018-12207 - x86 x86: Add ITLBMULTIHIT bug infrastructure...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2019-0007) (Spectre)

The remote OracleVM system is missing necessary patches to address critical security updates : - x86/bugs: Fix the AMD SSBD usage of the SPECCTRL MSR Tom Lendacky Orabug: 28870524 CVE-2018-3639 - x86/bugs: Add AMD's SPECCTRL MSR usage Konrad Rzeszutek Wilk Orabug: 28870524 CVE-2018-3639 -...

Unbreakable Enterprise kernel security update

4.1.12-124.25.1 - x86/bugs: Fix the AMD SSBD usage of the SPECCTRL MSR Tom Lendacky Orabug: 28870524 CVE-2018-3639 - x86/bugs: Add AMD's SPECCTRL MSR usage Konrad Rzeszutek Wilk Orabug: 28870524 CVE-2018-3639 - x86/cpufeatures: rename X86FEATUREAMDSSBD to X86FEATURELSCFGSSBD Mihai Carabas Orabug:...

kernel security and bug fix update

2.6.32-754.2.1.OL6 - Update genkey bug 25599697 2.6.32-754.2.1 - x86 entry/64: Don't use IST entry for BP stack Waiman Long 1596113 CVE-2018-10872 - fs gfs2: Flush delayed work earlier in gfs2inodelookup Andreas Grunbacher 1506281 - mm mempolicy: fix use after free when calling getmempolicy Augus...

kernel security and bug fix update

2.6.32-696.30.1.OL6 - Update genkey bug 25599697 2.6.32-696.30.1 - x86 x86/kvm: fix CPUID7EDX word 18 mask Jan Stancek 1566893 1566899 CVE-2018-3639 2.6.32-696.29.1 - x86 x86/specctrl: Fix late microcode problem with AMD Waiman Long 1566893 1566899 CVE-2018-3639 - x86 x86/specctrl: Clean up entry...

kernel security and bug fix update

2.6.32-696.28.1.OL6 - Update genkey bug 25599697 2.6.32-696.28.1 - x86 entry/64: Don't use IST entry for BP stack Waiman Long 1567078 1567079 CVE-2018-8897 - x86 xen: do not use xeninfo on HVM, set pvinfo name to 'Xen HVM' Vitaly Kuznetsov 1569141 1568241 2.6.32-696.27.1 - mm account skipped...

Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2018-4020)

The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4020 advisory. - x86: Use PREDCMD MSR when ibpb is enabled Konrad Rzeszutek Wilk Orabug: 27369777 CVE-2017-5715 CVE-2017-5753 - x86/spec: Dont print the Missing...

kernel security and bug fix update

3.10.0-693.17.1.OL7 - Oracle Linux certificates Alexey Petrenko - Oracle Linux RHCK Module Signing Key was compiled into kernel [email protected] - Update x509.genkey bug 24817676 3.10.0-693.17.1 - s390 locking/barriers: remove old gmb macro definition Denys Vlasenko...

Unbreakable Enterprise kernel security update

2.6.39-400.298.2 - x86: Use PREDCMD MSR when ibpb is enabled Konrad Rzeszutek Wilk Orabug: 27369777 CVE-2017-5715 CVE-2017-5753 - x86/spec: Dont print the Missing arguments for option spectrev2 Konrad Rzeszutek Wilk Orabug: 27369777 CVE-2017-5715 CVE-2017-5753 - x86: Move ENABLEIBRS in the...

Oracle Linux 6 : kernel (ELSA-2018-0008)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0008 advisory. - x86 specctrl: svm: specctrl at vmexit needs per-cpu areas functional Waiman Long 1519797 1519796 CVE-2017-5715 - x86 specctrl: Eliminate redundnat...

Oracle Linux 7 : kernel (ELSA-2018-0007)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-0007 advisory. - x86 specctrl: Eliminate redundant FEATURE Not Present messages Andrea Arcangeli 1519795 1519798 CVE-2017-5715 - x86 mm/kaiser: inittss is supposed to...

kernel security update

2.6.32-696.18.7.OL6 - Update genkey bug 25599697 2.6.32-696.18.7 - x86 specctrl: svm: specctrl at vmexit needs per-cpu areas functional Waiman Long 1519797 1519796 CVE-2017-5715 - x86 specctrl: Eliminate redundnat FEATURE Not Present messages Waiman Long 1519797 1519796 CVE-2017-5715 - x86...