ID

VAR-202206-1157

CVE

CVE-2022-21166

TITLE

plural  Intel(R)  Incomplete cleanup vulnerability in processor

DESCRIPTION

Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. plural Intel(R) Processors contain an incomplete cleanup vulnerability.Information may be obtained. Description: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Bug Fix(es): * update RT source tree to the RHEL-8.4.z12 source tree (BZ#2119160) * using __this_cpu_add() in preemptible [00000000] - caller is __mod_memcg_lruvec_state+0x69/0x1c0 [None8.4.0.z] (BZ#2124454) 4. Software Description: - intel-microcode: Processor microcode for Intel CPUs Details: It was discovered that some Intel processors did not implement sufficient control flow management. (CVE-2021-0145) Mark Ermolov, Dmitry Sklyarov and Maxim Goryachy discovered that some Intel processors did not prevent test and debug logic from being activated at runtime. (CVE-2022-21123, CVE-2022-21127) Alysa Milburn, Jason Brandt, Avishai Redelman and Nir Lavi discovered that some Intel processors improperly optimised security-critical code. In addition this updates provides mitigations for the "Retbleed" speculative execution attack and the "MMIO stale data" vulnerabilities. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: kernel security and bug fix update Advisory ID: RHSA-2022:8973-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:8973 Issue date: 2022-12-13 CVE Names: CVE-2022-1158 CVE-2022-2639 CVE-2022-2959 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-23816 CVE-2022-23825 CVE-2022-26373 CVE-2022-29900 CVE-2022-29901 CVE-2022-43945 ===================================================================== 1. Summary: An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158) * kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639) * kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959) * kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945) * hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) (CVE-2022-21123) * hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) (CVE-2022-21125) * hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) (CVE-2022-21166) * hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-23816, CVE-2022-29900) * hw: cpu: AMD: Branch Type Confusion (non-retbleed) (CVE-2022-23825) * hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions (CVE-2022-26373) * hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions (CVE-2022-29901) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * sched/pelt: Fix attach_entity_load_avg() corner case (BZ#2105360) * RHEL9[fleetwood][P9]:kdump fails to capture vmcore when crash is triggered while running forkoff. (BZ#2109144) * ISST-LTE:[P10 Everest] [5.14.0-70.9.1.el9_0.ppc64le] HPT:RHEL9.0:ecolp95: lpar crashed at __list_del_entry_valid+0x90/0x100 and LPM failed (BZ#2112823) * [rhel9] livepatch panic: RIP: 0010:0xffffffffc0e070c4 seq_read_iter+0x124/0x4b0 (BZ#2122625) * System crashes due to list_add double add at iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2123315) * [Dell EMC 9.0 BUG] Any process performing I/O doesn't fail on degraded LVM RAID and IO process hangs (BZ#2126215) * [HPEMC RHEL 9.0 REGRESSION] net, e810, ice: not enough device MSI-X vectors (BZ#2126491) * RHEL9.0 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127874) * Enable check-kabi (BZ#2132372) * Add symbols to stablelist (BZ#2132373) * Update RHEL9.1 kabi tooling (BZ#2132380) * kABI: Prepare the MM subsystem for kABI lockdown (BZ#2133464) * [Dell Storage 9.1 BUG] NVME command hang during storage array node reboot (BZ#2133553) * WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134589) * crypto/testmgr.c should not list dh, ecdh-nist-p256, ecdh-nist-p384 as .fips_allowed = 1 (BZ#2136523) * FIPS self-tests for RSA pkcs7 signature verification (BZ#2136552) * [ovs-tc] Bad length in dpctl/dump-flows (BZ#2137354) * [RHEL9] s_pf0vf2: hw csum failure for mlx5 (BZ#2137355) * kernel memory leak while freeing nested actions (BZ#2137356) * ovs: backports from upstream (BZ#2137358) * kernel should conform to FIPS-140-3 requirements (both parts) (BZ#2139095) * [DELL EMC 9.0-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139214) * Fix panic in nbd/004 test (BZ#2139535) * Nested KVM is not working on RHEL 8.6 with hardware error 0x7 (BZ#2140141) * [RHEL9] Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142169) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 The system must be rebooted for this update to take effect. 5. Bugs fixed (https://bugzilla.redhat.com/): 2069793 - CVE-2022-1158 kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region 2084479 - CVE-2022-2639 kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() 2090226 - CVE-2022-23816 CVE-2022-29900 hw: cpu: AMD: RetBleed Arbitrary Speculative Code Execution with Return Instructions 2090237 - CVE-2022-21123 hw: cpu: incomplete clean-up of multi-core shared buffers (aka SBDR) 2090240 - CVE-2022-21125 hw: cpu: incomplete clean-up of microarchitectural fill buffers (aka SBDS) 2090241 - CVE-2022-21166 hw: cpu: incomplete clean-up in specific special register write operations (aka DRPW) 2103148 - CVE-2022-29901 hw: cpu: Intel: RetBleed Arbitrary Speculative Code Execution with Return Instructions 2103153 - CVE-2022-23825 hw: cpu: AMD: Branch Type Confusion (non-retbleed) 2103681 - CVE-2022-2959 kernel: watch queue race condition can lead to privilege escalation 2115065 - CVE-2022-26373 hw: cpu: Intel: Post-barrier Return Stack Buffer Predictions 2141752 - CVE-2022-43945 kernel: nfsd buffer overflow by RPC message over TCP with garbage data 6. Package List: Red Hat Enterprise Linux AppStream EUS (v.9.0): aarch64: bpftool-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debug-devel-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debug-devel-matched-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debuginfo-common-aarch64-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-devel-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-devel-matched-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-headers-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm perf-5.14.0-70.36.1.el9_0.aarch64.rpm perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm python3-perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm noarch: kernel-doc-5.14.0-70.36.1.el9_0.noarch.rpm ppc64le: bpftool-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debug-devel-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debug-devel-matched-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-devel-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-devel-matched-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-headers-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm perf-5.14.0-70.36.1.el9_0.ppc64le.rpm perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm python3-perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm s390x: bpftool-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debug-devel-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debug-devel-matched-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debuginfo-common-s390x-5.14.0-70.36.1.el9_0.s390x.rpm kernel-devel-5.14.0-70.36.1.el9_0.s390x.rpm kernel-devel-matched-5.14.0-70.36.1.el9_0.s390x.rpm kernel-headers-5.14.0-70.36.1.el9_0.s390x.rpm kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-zfcpdump-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-zfcpdump-devel-5.14.0-70.36.1.el9_0.s390x.rpm kernel-zfcpdump-devel-matched-5.14.0-70.36.1.el9_0.s390x.rpm perf-5.14.0-70.36.1.el9_0.s390x.rpm perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm python3-perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm x86_64: bpftool-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debug-devel-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debug-devel-matched-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debuginfo-common-x86_64-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-devel-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-devel-matched-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-headers-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm perf-5.14.0-70.36.1.el9_0.x86_64.rpm perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm python3-perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm Red Hat Enterprise Linux BaseOS EUS (v.9.0): Source: kernel-5.14.0-70.36.1.el9_0.src.rpm aarch64: bpftool-5.14.0-70.36.1.el9_0.aarch64.rpm bpftool-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-core-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debug-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debug-core-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debug-modules-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debug-modules-extra-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debuginfo-common-aarch64-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-modules-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-modules-extra-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-tools-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-tools-libs-5.14.0-70.36.1.el9_0.aarch64.rpm perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm python3-perf-5.14.0-70.36.1.el9_0.aarch64.rpm python3-perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm noarch: kernel-abi-stablelists-5.14.0-70.36.1.el9_0.noarch.rpm ppc64le: bpftool-5.14.0-70.36.1.el9_0.ppc64le.rpm bpftool-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-core-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debug-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debug-core-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debug-modules-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debug-modules-extra-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-modules-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-modules-extra-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-tools-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-tools-libs-5.14.0-70.36.1.el9_0.ppc64le.rpm perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm python3-perf-5.14.0-70.36.1.el9_0.ppc64le.rpm python3-perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm s390x: bpftool-5.14.0-70.36.1.el9_0.s390x.rpm bpftool-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-5.14.0-70.36.1.el9_0.s390x.rpm kernel-core-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debug-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debug-core-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debug-modules-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debug-modules-extra-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debuginfo-common-s390x-5.14.0-70.36.1.el9_0.s390x.rpm kernel-modules-5.14.0-70.36.1.el9_0.s390x.rpm kernel-modules-extra-5.14.0-70.36.1.el9_0.s390x.rpm kernel-tools-5.14.0-70.36.1.el9_0.s390x.rpm kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-zfcpdump-5.14.0-70.36.1.el9_0.s390x.rpm kernel-zfcpdump-core-5.14.0-70.36.1.el9_0.s390x.rpm kernel-zfcpdump-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-zfcpdump-modules-5.14.0-70.36.1.el9_0.s390x.rpm kernel-zfcpdump-modules-extra-5.14.0-70.36.1.el9_0.s390x.rpm perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm python3-perf-5.14.0-70.36.1.el9_0.s390x.rpm python3-perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm x86_64: bpftool-5.14.0-70.36.1.el9_0.x86_64.rpm bpftool-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-core-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debug-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debug-core-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debug-modules-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debug-modules-extra-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debuginfo-common-x86_64-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-modules-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-modules-extra-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-tools-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-tools-libs-5.14.0-70.36.1.el9_0.x86_64.rpm perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm python3-perf-5.14.0-70.36.1.el9_0.x86_64.rpm python3-perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm Red Hat CodeReady Linux Builder EUS (v.9.0): aarch64: bpftool-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-cross-headers-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-debuginfo-common-aarch64-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm kernel-tools-libs-devel-5.14.0-70.36.1.el9_0.aarch64.rpm perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm python3-perf-debuginfo-5.14.0-70.36.1.el9_0.aarch64.rpm ppc64le: bpftool-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-cross-headers-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-debuginfo-common-ppc64le-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm kernel-tools-libs-devel-5.14.0-70.36.1.el9_0.ppc64le.rpm perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm python3-perf-debuginfo-5.14.0-70.36.1.el9_0.ppc64le.rpm s390x: bpftool-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-cross-headers-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-debuginfo-common-s390x-5.14.0-70.36.1.el9_0.s390x.rpm kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm kernel-zfcpdump-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm python3-perf-debuginfo-5.14.0-70.36.1.el9_0.s390x.rpm x86_64: bpftool-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-cross-headers-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debug-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-debuginfo-common-x86_64-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-tools-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm kernel-tools-libs-devel-5.14.0-70.36.1.el9_0.x86_64.rpm perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm python3-perf-debuginfo-5.14.0-70.36.1.el9_0.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY5j9+dzjgjWX9erEAQjSXxAAhEihoM+2Y0PUAdnoM55yPu0hNbruEYor /a+0kD2hhj9jeHm0ixX7bEa6g4dFRRVHxCGjPkvCuxmwB2+z27XWyDssyGP6NHG9 z4hKa2yFVG0QCNDxum2FjF8GVhHELESuuGm+9ouJ6y18YUSkbmVts08PBa2pA79v 0HLCMg7lHqdVIpgJ1eUIWBxU9t9yd09NZazyQEx4nKuAw44tJvljw96xpxp1Nnhe pIMsceSrmT3HYuhkhqaScT5gy0MHKSbLC8iJeX54UFJeY/tD2XX7DwdAB1jdxEv3 8+vkmkgNFmCcxQlryjANle7URr/Z2i5An0ejRTN9tL1fWxB6UJbsU55x2zjQQBRs u90Yingm1b5vwEQp7+J0R1tSW34MnXwBcP8lU0ZTeZ6c7gaRkHArJpEfDXndJUDy OjGf5OI93n1ixyLUgCAF6/jwUNRy+yGWiqvvaHD4pJb79O/IESotOFxNWZ3vYPfL QElAENKuEF0SiS3gTe/2RZ5I+wIpnrdGmTkS4as4kyb1zvSERJY2eTC6UDQgMi15 8u8yxMqpdtYO8+4knYwSDxYaplH+cC6Ktxso8cpskOdOstSChWC6plblOvGfRFTA VeDwyTZ3bG0v7WKZJ0Xl3L3ZR9yDz3XSUBADx2PN8VdyoetCFX7xgDPK7fL2rhvV jBvWwm6iwuc= =qCP1 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================= Ubuntu Security Notice USN-5529-1 July 21, 2022 linux-oem-5.17 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS Summary: Several security issues were fixed in the Linux kernel. Software Description: - linux-oem-5.17: Linux kernel for OEM systems Details: It was discovered that the Atheros ath9k wireless device driver in the Linux kernel did not properly handle some error conditions, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-1679) Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle guest TLB mapping invalidation requests in some situations. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2022-1789) Qiuhao Li, Gaoning Pan, and Yongkang Jia discovered that the KVM hypervisor implementation in the Linux kernel did not properly handle an illegal instruction in a guest, resulting in a null pointer dereference. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2022-1852) Gerald Lee discovered that the NTFS file system implementation in the Linux kernel did not properly handle certain error conditions, leading to a use- after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly expose sensitive information. (CVE-2022-1973) It was discovered that the netfilter subsystem in the Linux kernel contained a buffer overflow in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-2078) It was discovered that some Intel processors did not completely perform cleanup actions on multi-core shared buffers. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21123) It was discovered that some Intel processors did not completely perform cleanup actions on microarchitectural fill buffers. A local attacker could possibly use this to expose sensitive information. A local attacker could possibly use this to expose sensitive information. (CVE-2022-21166) It was discovered that the virtio RPMSG bus driver in the Linux kernel contained a double-free vulnerability in certain error conditions. A local attacker could possibly use this to cause a denial of service (system crash). (CVE-2022-34494, CVE-2022-34495) Minh Yuan discovered that the floppy disk driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. A local attacker could possibly use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2022-1652) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: linux-image-5.17.0-1013-oem 5.17.0-1013.14 linux-image-oem-22.04 5.17.0.1013.12 linux-image-oem-22.04a 5.17.0.1013.12 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well. References: https://ubuntu.com/security/notices/USN-5529-1 CVE-2022-1652, CVE-2022-1679, CVE-2022-1789, CVE-2022-1852, CVE-2022-1973, CVE-2022-2078, CVE-2022-21123, CVE-2022-21125, CVE-2022-21166, CVE-2022-34494, CVE-2022-34495 Package Information: https://launchpad.net/ubuntu/+source/linux-oem-5.17/5.17.0-1013.14 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Xen: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #810341, #812485, #816882, #825354, #832039, #835401, #850802 ID: 202208-23 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Xen, the worst of which could result in remote code execution (guest sandbox escape). Background ========= Xen is a bare-metal hypervisor. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/xen < 4.15.3 >= 4.15.3 2 app-emulation/xen-tools < 4.15.3 >= 4.15.3 Description ========== Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Xen users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-4.15.3" All Xen tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/xen-tools-4.15.3" References ========= [ 1 ] CVE-2021-28694 https://nvd.nist.gov/vuln/detail/CVE-2021-28694 [ 2 ] CVE-2021-28695 https://nvd.nist.gov/vuln/detail/CVE-2021-28695 [ 3 ] CVE-2021-28696 https://nvd.nist.gov/vuln/detail/CVE-2021-28696 [ 4 ] CVE-2021-28697 https://nvd.nist.gov/vuln/detail/CVE-2021-28697 [ 5 ] CVE-2021-28698 https://nvd.nist.gov/vuln/detail/CVE-2021-28698 [ 6 ] CVE-2021-28699 https://nvd.nist.gov/vuln/detail/CVE-2021-28699 [ 7 ] CVE-2021-28700 https://nvd.nist.gov/vuln/detail/CVE-2021-28700 [ 8 ] CVE-2021-28701 https://nvd.nist.gov/vuln/detail/CVE-2021-28701 [ 9 ] CVE-2021-28702 https://nvd.nist.gov/vuln/detail/CVE-2021-28702 [ 10 ] CVE-2021-28710 https://nvd.nist.gov/vuln/detail/CVE-2021-28710 [ 11 ] CVE-2022-21123 https://nvd.nist.gov/vuln/detail/CVE-2022-21123 [ 12 ] CVE-2022-21125 https://nvd.nist.gov/vuln/detail/CVE-2022-21125 [ 13 ] CVE-2022-21166 https://nvd.nist.gov/vuln/detail/CVE-2022-21166 [ 14 ] CVE-2022-23033 https://nvd.nist.gov/vuln/detail/CVE-2022-23033 [ 15 ] CVE-2022-23034 https://nvd.nist.gov/vuln/detail/CVE-2022-23034 [ 16 ] CVE-2022-23035 https://nvd.nist.gov/vuln/detail/CVE-2022-23035 [ 17 ] CVE-2022-26362 https://nvd.nist.gov/vuln/detail/CVE-2022-26362 [ 18 ] CVE-2022-26363 https://nvd.nist.gov/vuln/detail/CVE-2022-26363 [ 19 ] CVE-2022-26364 https://nvd.nist.gov/vuln/detail/CVE-2022-26364 [ 20 ] XSA-378 [ 21 ] XSA-379 [ 22 ] XSA-380 [ 23 ] XSA-382 [ 24 ] XSA-383 [ 25 ] XSA-384 [ 26 ] XSA-386 [ 27 ] XSA-390 [ 28 ] XSA-401 [ 29 ] XSA-402 [ 30 ] XSA-404 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-23 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . CVE-2022-21123, CVE-2022-21125, CVE-2022-21127, CVE-2022-21166 Various researchers discovered flaws in Intel processors, collectively referred to as MMIO Stale Data vulnerabilities, which may result in information leak to local users. For the oldstable distribution (buster), these problems have been fixed in version 3.20220510.1~deb10u1. For the stable distribution (bullseye), these problems have been fixed in version 3.20220510.1~deb11u1. We recommend that you upgrade your intel-microcode packages. For the detailed security status of intel-microcode please refer to its security tracker page at: https://security-tracker.debian.org/tracker/intel-microcode Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmLFiNRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0QsfQ/7BFnYhmBMr5u1iyXJY79QkOuBFij/I7N5doGb/5m/LTbUOKgHKlI3XKqr NHbWZWQZVO7gexkZIdGSY2RnCtVS1oNkKxNzuFVxkPjbsRpJJBAyPqoY6JogDjhM 18jXAyZqB5tfZdGohiHBeVDsQwP5M3IPTdG2USoLOwcwd5+BK8ZgdrLrREDHo9mA +VJU8fhGRpdminz5MR2NPenu5jgG2JVKAhFRC8ioy92umF/5c/C6wRAyQsRid4lZ i+lzWAOQbUzvUGlomDrjqtSEn0fVQR2A0VoU+5AQnln8fODQmSLOHo/Ti00RuUUL 8WLfrKnfimXvTWnUeWKLCnHIRCbzLBfPa1EPbCagkD7XDkcYd+MWLm0C6RhUvBPN p3U9AbWstO4z2RjldX1DYUVeCR5zQqBT6pAY6G14MqIvuqrAodi9p0jgjOchdCUZ Hv4H6b0F7QusCZrj1onfe4//CG5AmN0D8E/QKCKNBplJmciVg2o/8R0hTfaKDK8v NhUYBkEWnG0zUlo93Qkapqc00j5i7cbXKbzRV3zPa42WtypoS8yd/tftZ6y7yBpa lHZOAVcfdDcN7jm9U9ZV3tVCCs3Cu5wb3ZYoYyhfEZBpEgCQ7YEEPQffTq9Y3LMN 4IUiKp8LINReMEEfV8My7PB2fX8dvti2lEQ/pJfAC/XKNoassd0= =8N2y -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

local

TYPE

overflow, code execution, memory leak

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Red Hat

SOURCES

LAST UPDATE DATE

2025-06-26T22:52:13.202000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE