Rapid7 Vulnerability & Exploit Database

Oracle Linux: (CVE-2022-23816) (Multiple Advisories): Unbreakable Enterprise kernel-container security update

Back to Search

Oracle Linux: (CVE-2022-23816) (Multiple Advisories): Unbreakable Enterprise kernel-container security update

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
07/12/2022
Created
07/16/2022
Added
07/13/2022
Modified
07/13/2022

Description

Details for this vulnerability have not been published by NIST at this point. Descriptions from software vendor advisories for this issue are provided below.

From ELSA-2022-9591:

[5.15.0-0.30.20] - floppy: use a statically allocated error counter (Willy Tarreau) [Orabug: 34218638] {CVE-2022-1652} - x86: Disable RET on kexec (Konrad Rzeszutek Wilk) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: do not enable IBPB-on-entry when IBPB is not supported (Thadeu Lima de Souza Cascardo) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - arm64: proton-pack: provide vulnerability file value for RETBleed (James Morse) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/cpu/amd: Enumerate BTC_NO (Andrew Cooper) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/common: Stamp out the stepping madness (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Prevent RSB underflow before vmenter (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Fill RSB on vmexit for IBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Fix IBRS handling after vmexit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Prevent guest RSB poisoning attacks with eIBRS (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Convert launched argument to flags (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - KVM: VMX: Flatten __vmx_vcpu_run() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - objtool: Re-add UNWIND_HINT_{SAVE_RESTORE} (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Remove x86_spec_ctrl_mask (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Use cached host SPEC_CTRL value for guest entry/exit (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Fix SPEC_CTRL write on SMT state change (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Fix firmware entry SPEC_CTRL handling (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Fix RSB filling with CONFIG_RETPOLINE=n (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/cpu/amd: Add Spectral Chicken (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add entry UNRET validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Do IBPB fallback check only once (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Add retbleed=ibpb (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/xen: Rename SYS* entry points (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - objtool: Update Retpoline validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - intel_idle: Disable IBRS during long idle (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Report Intel retbleed vulnerability (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Split spectre_v2_select_mitigation() and spectre_v2_user_select_mitigation() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/speculation: Add spectre_v2=ibrs option to support Kernel IBRS (Pawan Gupta) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Optimize SPEC_CTRL MSR writes (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/entry: Add kernel IBRS implementation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Keep a per-CPU IA32_SPEC_CTRL value (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Enable STIBP for JMP2RET (Kim Phillips) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Add AMD retbleed= boot parameter (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bugs: Report AMD retbleed vulnerability (Alexandre Chartre) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86: Add magic AMD return-thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - objtool: Treat .text.__x86.* as noinstr (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86: Use return-thunk in asm code (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/sev: Avoid using __x86_return_thunk (Kim Phillips) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/vsyscall_emu/64: Don't use RET in vsyscall emulation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/kvm: Fix SETcc emulation for return thunks (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/bpf: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/ftrace: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86,static_call: Use alternative RET encoding (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86,objtool: Create .return_sites (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86: Undo return-thunk damage (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/retpoline: Use -mfunction-return (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/retpoline: Swizzle retpoline thunk (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/retpoline: Cleanup some #ifdefery (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/cpufeatures: Move RETPOLINE flags to word 11 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/kvm/vmx: Make noinstr clean (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/entry: Remove skip_r11rcx (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/entry: Fix register corruption in compat syscall (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/entry: Use PUSH_AND_CLEAR_REGS for compat (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/entry: Simplify entry_INT80_compat() (Linus Torvalds) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/mm: Simplify RESERVE_BRK() (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - crypto: x86/poly1305 - Fixup SLS (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86,static_call: Fix __static_call_return0 for i386 (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - kvm/emulate: Fix SETcc emulation function offsets with SLS (Borislav Petkov) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - objtool: Default ignore INT3 for unreachable (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/ibt,paravirt: Use text_gen_insn() for paravirt_patch() (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86: Add straight-line-speculation mitigation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - objtool: Add straight-line-speculation validation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86: Prepare inline-asm for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86: Prepare asm files for straight-line-speculation (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/lib/atomic64_386_32: Rename things (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/alternative: Relax text_poke_bp() constraint (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - static_call,x86: Robustify trampoline patching (Peter Zijlstra) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901} - x86/xen: Move hypercall_page to top of the file (Josh Poimboeuf) [Orabug: 34335631] {CVE-2022-23816} {CVE-2022-29901}

Solution(s)

  • oracle-linux-upgrade-bpftool
  • oracle-linux-upgrade-kernel-uek
  • oracle-linux-upgrade-kernel-uek-container
  • oracle-linux-upgrade-kernel-uek-container-debug
  • oracle-linux-upgrade-kernel-uek-core
  • oracle-linux-upgrade-kernel-uek-debug
  • oracle-linux-upgrade-kernel-uek-debug-core
  • oracle-linux-upgrade-kernel-uek-debug-devel
  • oracle-linux-upgrade-kernel-uek-debug-modules
  • oracle-linux-upgrade-kernel-uek-debug-modules-extra
  • oracle-linux-upgrade-kernel-uek-devel
  • oracle-linux-upgrade-kernel-uek-doc
  • oracle-linux-upgrade-kernel-uek-modules
  • oracle-linux-upgrade-kernel-uek-modules-extra

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;