[ol9_baseos_latest] kernel-debug-core-5.14.0-362.18.1.el9_3.x86_64

Name:	kernel-debug-core
Version:	5.14.0
Release:	362.18.1.el9_3
Architecture:	x86_64
Group:	Unspecified
Size:	94459751
License:	GPLv2 and Redistributable, no modification permitted
RPM:	kernel-debug-core-5.14.0-362.18.1.el9_3.x86_64.rpm
Source RPM:	kernel-5.14.0-362.18.1.el9_3.src.rpm
Build Date:	Wed Mar 06 2024
Build Host:	build-ol9-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://www.kernel.org/
Summary:	The Linux kernel compiled with PREEMPT_RT enabled
Description:	The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. This variant of the kernel has numerous debugging options enabled. It should only be installed when trying to gather additional information on kernel bugs, as some of these options impact performance noticably.

Changelog (Show File list) (Show related packages)

Tue Mar 05 2024 Alan Steinberg <alan.steinberg@oracle.com> - [5.14.0-362.18.1.el9_3.OL9]

- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Disable unified kernel image package build
- Add Oracle Linux IMA certificates

Tue Mar 05 2024 Release Engineering <releng@openela.org> - 5.14.0

- Debranding patches copied from Rocky Linux (Louis Abel and Sherif Nagy from RESF)

Wed Jan 03 2024 Jan Stancek <jstancek@redhat.com> [5.14.0-362.18.1.el9_3]

- nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19456 RHEL-19536 RHEL-6566 RHEL-7241] {CVE-2022-3545}
- rtla: Fix uninitialized variable found (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat: Do not stop user-space if a cpu is offline (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat_aa: Fix previous IRQ delay for IRQs that happens after thread sample (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat_aa: Fix negative IRQ delay (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat_aa: Zero thread sum after every sample analysis (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat_hist: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat_top: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/hwnoise: Reduce runtime to 75% (John Kacur) [RHEL-18360 RHEL-10079]
- rtla: Start the tracers after creating all instances (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat_hist: Add auto-analysis support (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat: Give timerlat auto analysis its own instance (John Kacur) [RHEL-18360 RHEL-10079]
- rtla: Automatically move rtla to a house-keeping cpu (John Kacur) [RHEL-18360 RHEL-10079]
- rtla: Change monitored_cpus from char * to cpu_set_t (John Kacur) [RHEL-18360 RHEL-10079]
- rtla: Add --house-keeping option (John Kacur) [RHEL-18360 RHEL-10079]
- rtla: Add -C cgroup support (John Kacur) [RHEL-18360 RHEL-10079]
- ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list (Tomas Henzl) [RHEL-19394 RHEL-10941]
- fbcon: set_con2fb_map needs to set con2fb_map! (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409}
- fbcon: Fix error paths in set_con2fb_map (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409}
- net: tun: fix bugs for oversize packet when napi frags enabled (Ricardo Robaina) [RHEL-12495 RHEL-12496 RHEL-7186 RHEL-7264] {CVE-2023-3812}
- netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR (Florian Westphal) [RHEL-10536 RHEL-10538 RHEL-10537 RHEL-10539] {CVE-2023-4015}
- md: Put the right device in md_seq_next (Nigel Croxon) [RHEL-16363 RHEL-12455]
- dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set() (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679}
- dpll: Fix potential msg memleak when genlmsg_put_reply failed (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679}
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Bastien Nocera) [RHEL-19003 RHEL-2717] {CVE-2023-40283}
- tcp: enforce receive buffer memory limits by allowing the tcp window to shrink (Felix Maurer) [RHEL-16129 RHEL-11592]
- tcp: adjust rcv_ssthresh according to sk_reserved_mem (Felix Maurer) [RHEL-16129 RHEL-11592]
- md: raid0: account for split bio in iostat accounting (Nigel Croxon) [RHEL-4082 RHEL-2718]
- can: af_can: fix NULL pointer dereference in can_rcv_filter (Ricardo Robaina) [RHEL-19465 RHEL-19526 RHEL-6428 RHEL-7052] {CVE-2023-2166}

Wed Dec 20 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.17.1.el9_3]

- netfilter: nf_tables: skip bound chain on rule flush (Florian Westphal) [RHEL-10111 RHEL-10113 RHEL-10112 RHEL-10114] {CVE-2023-3777}
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (Michal Schmidt) [RHEL-18553 RHEL-18968 RHEL-6654 RHEL-7239] {CVE-2022-41858}
- RDMA/core: Update CMA destination address on rdma_resolve_addr (Kamal Heib) [RHEL-19358 RHEL-19400 RHEL-6832 RHEL-7244] {CVE-2023-2176}
- RDMA/core: Refactor rdma_bind_addr (Kamal Heib) [RHEL-19358 RHEL-19400 RHEL-6832 RHEL-7244] {CVE-2023-2176}
- af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-17263 RHEL-17265 RHEL-17264 RHEL-17266] {CVE-2023-4622}

Thu Dec 14 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.16.1.el9_3]

- tracing/timerlat: Add user-space interface (Chris White) [RHEL-18927 RHEL-14932]
- tracing/osnoise: Skip running osnoise if all instances are off (Chris White) [RHEL-18927 RHEL-14932]
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (Chris White) [RHEL-18927 RHEL-14932]
- tracing/timerlat: Always wakeup the timerlat thread (John Kacur) [RHEL-18356 RHEL-16305]
- tracing: Rename kvfree_rcu() to kvfree_rcu_mightsleep() (John Kacur) [RHEL-18356 RHEL-16305]
- tracing/osnoise: Fix notify new tracing_max_latency (John Kacur) [RHEL-18356 RHEL-16305]
- tracing/timerlat: Notify new max thread latency (John Kacur) [RHEL-18356 RHEL-16305]
- tracing/osnoise: set several trace_osnoise.c variables storage-class-specifier to static (John Kacur) [RHEL-18356 RHEL-16305]
- trace/osnoise: make use of the helper function kthread_run_on_cpu() (John Kacur) [RHEL-18356 RHEL-16305]
- tracing: Switch to kvfree_rcu() API (John Kacur) [RHEL-18356 RHEL-16305]
- rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep() (Waiman Long) [RHEL-18356 RHEL-16305]
- x86/sev: Check for user-space IOIO pointing to kernel space (Paolo Bonzini) [RHEL-18089 RHEL-18090 RHEL-14980 RHEL-14981] {CVE-2023-46813}
- x86/sev: Check IOBM for IOIO exceptions from user-space (Paolo Bonzini) [RHEL-18089 RHEL-18090 RHEL-14980 RHEL-14981] {CVE-2023-46813}
- x86/sev: Disable MMIO emulation from user mode (Paolo Bonzini) [RHEL-18089 RHEL-18090 RHEL-14980 RHEL-14981] {CVE-2023-46813}
- hwmon: (ina3221) Add support for channel summation disable (Steve Best) [RHEL-17898 RHEL-1899]
- ice: reset first in crash dump kernels (Petr Oros) [RHEL-17613 RHEL-15698]
- bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire (Tomas Glozar) [RHEL-17571 2229975]
- net: fix net device address assign type (Michal Schmidt) [RHEL-17279 RHEL-6368]
- net: add check for current MAC address in dev_set_mac_address (Michal Schmidt) [RHEL-17279 RHEL-6368]
- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Keep a gem reference to user bos in surfaces (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: fix typo of sizeof argument (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Fix possible invalid drm gem put calls (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Fix shader stage validation (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: remove unused vmw_overlay function (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Fix Legacy Display Unit atomic drm support (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Print errors when running on broken/unsupported configs (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Drop mksstat_init_record fn as currently unused (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Fix src/dst_pitch confusion (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Replace one-element array with flexible-array member (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Do not drop the reference to the handle too soon (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Stop accessing buffer objects which failed init (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Make the driver work without the dummy resources (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Stop using raw ttm_buffer_object's (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Abstract placement selection (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Rename dummy to is_iomem (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Cleanup the vmw bo usage in the cursor paths (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Simplify fb pinning (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Remove the duplicate bo_free function (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Use the common gem mmap instead of the custom code (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/radeon: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/qxl: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/gem-vram: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/ttm: prevent moving of pinned BOs (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/ttm: stop allocating a dummy resource for pipelined gutting (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/ttm: stop allocating dummy resources during BO creation (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/ttm: clear the ttm_tt when bo->resource is NULL (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/i915/ttm: audit remaining bo->resource (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- Revert "drm/vmwgfx: Stop accessing buffer objects which failed init" (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- Revert "drm/vmwgfx: Do not drop the reference to the handle too soon" (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- Revert "drm/vmwgfx: Fix Legacy Display Unit atomic drm support" (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}

Thu Dec 07 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.15.1.el9_3]

- drm/mgag200: Flush the cache to improve latency (Jocelyn Falempe) [RHEL-16560]
- sched/fair: Make the BW replenish timer expire in hardirq context for PREEMPT_RT (Valentin Schneider) [RHEL-16842 RHEL-7232]
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16893 RHEL-16894 RHEL-14233 RHEL-16617] {CVE-2023-4623}
- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16893 RHEL-16894 RHEL-14233 RHEL-16617] {CVE-2023-4623}

Fri Dec 01 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.14.1.el9_3]

- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Florian Westphal) [RHEL-8436 RHEL-8454 RHEL-8437 RHEL-8455] {CVE-2023-42753}
- sctp: update hb timer immediately after users change hb_interval (Xin Long) [RHEL-14301 RHEL-14179]
- sctp: update transport state when processing a dupcook packet (Xin Long) [RHEL-14301 RHEL-14179]
- netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (Xin Long) [RHEL-14301 RHEL-14179]
- sctp: annotate data-races around sk->sk_wmem_queued (Xin Long) [RHEL-14301 RHEL-14179]
- cifs: fix missing unload_nls() in smb2_reconnect() (Scott Mayhew) [RHEL-16477 RHEL-11577]
- cifs: avoid race conditions with parallel reconnects (Scott Mayhew) [RHEL-16477 RHEL-11577]
- cifs: update ip_addr for ses only for primary chan setup (Scott Mayhew) [RHEL-16477 RHEL-11577]
- cifs: prevent data race in cifs_reconnect_tcon() (Scott Mayhew) [RHEL-16477 RHEL-11577]
- cifs: prevent data race in smb2_reconnect() (Scott Mayhew) [RHEL-16477 RHEL-11577]
- nvmet-tcp: Fix a possible UAF in queue intialization setup (John Meneghini) [RHEL-11487 RHEL-11491 RHEL-11488 RHEL-11492] {CVE-2023-5178}
- Enable CONFIG_DPLL (Petr Oros) [RHEL-15800 2232515]
- ice: implement dpll interface to control cgu (Petr Oros) [RHEL-15800 2232515]
- ice: add admin commands to access cgu configuration (Petr Oros) [RHEL-15800 2232515]
- netdev: expose DPLL pin handle for netdevice (Petr Oros) [RHEL-15800 2232515]
- dpll: netlink: Add DPLL framework base functions (Petr Oros) [RHEL-15800 2232515]
- dpll: core: Add DPLL framework base functions (Petr Oros) [RHEL-15800 2232515]
- dpll: spec: Add Netlink spec in YAML (Petr Oros) [RHEL-15800 2232515]
- dpll: documentation on DPLL subsystem interface (Petr Oros) [RHEL-15800 2232515]
- ice: do not re-enable miscellaneous interrupt until thread_fn completes (Petr Oros) [RHEL-15806 2229762]
- ice: trigger PFINT_OICR_TSYN_TX interrupt instead of polling (Petr Oros) [RHEL-15806 2229762]
- ice: introduce ICE_TX_TSTAMP_WORK enumeration (Petr Oros) [RHEL-15806 2229762]
- mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() (Rafael Aquini) [RHEL-11589 RHEL-2466]
- sched/fair: Block nohz tick_stop when cfs bandwidth in use (Phil Auld) [RHEL-8701 2208016]
- sched, cgroup: Restore meaning to hierarchical_quota (Phil Auld) [RHEL-8701 2208016]

Fri Nov 24 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.13.1.el9_3]

- cifs: Fix UAF in cifs_demultiplex_thread() (Scott Mayhew) [RHEL-15169 RHEL-15173 RHEL-15170 RHEL-15174] {CVE-2023-1192}
- iommu: Optimise PCI SAC address trick (Jerry Snitselaar) [RHEL-15381 RHEL-11705]
- igb: set max size RX buffer when store bad packet is enabled (Wander Lairson Costa) [RHEL-15191 RHEL-15202 RHEL-15192 RHEL-15203] {CVE-2023-45871}
- bio-integrity: create multi-page bvecs in bio_integrity_add_page() (Ming Lei) [RHEL-15107 RHEL-13714]
- bio-integrity: cleanup adding integrity pages to bip's bvec. (Ming Lei) [RHEL-15107 RHEL-13714]
- bio-integrity: update the payload size in bio_integrity_add_page() (Ming Lei) [RHEL-15107 RHEL-13714]
- block: make bvec_try_merge_hw_page() non-static (Ming Lei) [RHEL-15107 RHEL-13714]
- block: don't pass a bio to bio_try_merge_hw_seg (Ming Lei) [RHEL-15107 RHEL-13714]
- block: move the bi_size update out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: downgrade a bio_full call in bio_add_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: move the bi_size overflow check in __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: move the bi_vcnt check out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: move the BIO_CLONED checks out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: use SECTOR_SHIFT bio_add_hw_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: tidy up the bio full checks in bio_add_hw_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: kmsan: skip bio block merging logic for KMSAN (Ming Lei) [RHEL-15107 RHEL-13714]
- redhat: change builder image to rhel-9.3 (Michael Hofmann)
- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- objtool: Fix return thunk patching in retpolines (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/nospec: Refactor UNTRAIN_RET[_*] (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix unret validation dependencies (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86,static_call: Fix static-call vs return-thunk (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/static_call: Fix __static_call_fixup() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- objtool/x86: Fixup frame-pointer vs rethunk (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86,objtool: Separate unret validation from unwind hints (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- objtool: Add objtool_types.h (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- objtool: Union instruction::{call_dest,jump_table} (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- objtool: Fix SEGFAULT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- vmlinux.lds.h: add BOUNDED_SECTION* macros (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- ice: Don't tx before switchdev is fully configured (Michal Schmidt) [RHEL-15799 2241234]
- wifi: rtw89: Fix loading of compressed firmware (Jose Ignacio Tornos Martinez) [RHEL-14353 RHEL-13881]
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (Vitaly Kuznetsov) [RHEL-5757 RHEL-3904]

Thu Nov 16 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.12.1.el9_3]

- fs/smb/client: Reset password pointer to NULL (Scott Mayhew) [RHEL-11804 RHEL-11808 RHEL-11805 RHEL-11809] {CVE-2023-5345}

Thu Nov 09 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-362.11.1.el9_3]

- mm, mremap: fix mremap() expanding for vma's with vm_ops->close() (Donald Dutile) [RHEL-15277 RHEL-9198]
- qed: fix LL2 RX buffer allocation (Chris Leech) [RHEL-14496 RHEL-8466]
- fs/buffer.c: disable per-CPU buffer_head cache for isolated CPUs (Marcelo Tosatti) [RHEL-12101 2158709]