[ol9_baseos_latest] kernel-modules-extra-5.14.0-362.18.1.el9_3.x86_64

Name:	kernel-modules-extra
Version:	5.14.0
Release:	362.18.1.el9_3
Architecture:	x86_64
Group:	Unspecified
Size:	457287
License:	GPLv2 and Redistributable, no modification permitted
RPM:	kernel-modules-extra-5.14.0-362.18.1.el9_3.x86_64.rpm
Source RPM:	kernel-5.14.0-362.18.1.el9_3.src.rpm
Build Date:	Wed Mar 06 2024
Build Host:	build-ol9-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://www.kernel.org/
Summary:	Extra kernel modules to match the kernel
Description:	This package provides less commonly used kernel modules for the kernel package.

Changelog (Show File list) (Show related packages)

Tue Mar 05 2024 Alan Steinberg <alan.steinberg@oracle.com> - [5.14.0-362.18.1.el9_3.OL9]

- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.5.el9
- Remove nmap references from kernel (Mridula Shastry) [Orabug: 34313944]
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34729535]
- Disable unified kernel image package build
- Add Oracle Linux IMA certificates

Tue Mar 05 2024 Release Engineering <releng@openela.org> - 5.14.0

- Debranding patches copied from Rocky Linux (Louis Abel and Sherif Nagy from RESF)

Wed Jan 03 2024 Jan Stancek <jstancek@redhat.com> [5.14.0-362.18.1.el9_3]

- nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19456 RHEL-19536 RHEL-6566 RHEL-7241] {CVE-2022-3545}
- rtla: Fix uninitialized variable found (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat: Do not stop user-space if a cpu is offline (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat_aa: Fix previous IRQ delay for IRQs that happens after thread sample (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat_aa: Fix negative IRQ delay (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat_aa: Zero thread sum after every sample analysis (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat_hist: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat_top: Add timerlat user-space support (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/hwnoise: Reduce runtime to 75% (John Kacur) [RHEL-18360 RHEL-10079]
- rtla: Start the tracers after creating all instances (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat_hist: Add auto-analysis support (John Kacur) [RHEL-18360 RHEL-10079]
- rtla/timerlat: Give timerlat auto analysis its own instance (John Kacur) [RHEL-18360 RHEL-10079]
- rtla: Automatically move rtla to a house-keeping cpu (John Kacur) [RHEL-18360 RHEL-10079]
- rtla: Change monitored_cpus from char * to cpu_set_t (John Kacur) [RHEL-18360 RHEL-10079]
- rtla: Add --house-keeping option (John Kacur) [RHEL-18360 RHEL-10079]
- rtla: Add -C cgroup support (John Kacur) [RHEL-18360 RHEL-10079]
- ata: ahci: Add Intel Alder Lake-P AHCI controller to low power chipsets list (Tomas Henzl) [RHEL-19394 RHEL-10941]
- fbcon: set_con2fb_map needs to set con2fb_map! (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409}
- fbcon: Fix error paths in set_con2fb_map (Jocelyn Falempe) [RHEL-1106 RHEL-1109 RHEL-12930 RHEL-13899] {CVE-2023-38409}
- net: tun: fix bugs for oversize packet when napi frags enabled (Ricardo Robaina) [RHEL-12495 RHEL-12496 RHEL-7186 RHEL-7264] {CVE-2023-3812}
- netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR (Florian Westphal) [RHEL-10536 RHEL-10538 RHEL-10537 RHEL-10539] {CVE-2023-4015}
- md: Put the right device in md_seq_next (Nigel Croxon) [RHEL-16363 RHEL-12455]
- dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set() (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679}
- dpll: Fix potential msg memleak when genlmsg_put_reply failed (Michal Schmidt) [RHEL-19677 RHEL-19095] {CVE-2023-6679}
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Bastien Nocera) [RHEL-19003 RHEL-2717] {CVE-2023-40283}
- tcp: enforce receive buffer memory limits by allowing the tcp window to shrink (Felix Maurer) [RHEL-16129 RHEL-11592]
- tcp: adjust rcv_ssthresh according to sk_reserved_mem (Felix Maurer) [RHEL-16129 RHEL-11592]
- md: raid0: account for split bio in iostat accounting (Nigel Croxon) [RHEL-4082 RHEL-2718]
- can: af_can: fix NULL pointer dereference in can_rcv_filter (Ricardo Robaina) [RHEL-19465 RHEL-19526 RHEL-6428 RHEL-7052] {CVE-2023-2166}

Wed Dec 20 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.17.1.el9_3]

- netfilter: nf_tables: skip bound chain on rule flush (Florian Westphal) [RHEL-10111 RHEL-10113 RHEL-10112 RHEL-10114] {CVE-2023-3777}
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (Michal Schmidt) [RHEL-18553 RHEL-18968 RHEL-6654 RHEL-7239] {CVE-2022-41858}
- RDMA/core: Update CMA destination address on rdma_resolve_addr (Kamal Heib) [RHEL-19358 RHEL-19400 RHEL-6832 RHEL-7244] {CVE-2023-2176}
- RDMA/core: Refactor rdma_bind_addr (Kamal Heib) [RHEL-19358 RHEL-19400 RHEL-6832 RHEL-7244] {CVE-2023-2176}
- af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-17263 RHEL-17265 RHEL-17264 RHEL-17266] {CVE-2023-4622}

Thu Dec 14 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.16.1.el9_3]

- tracing/timerlat: Add user-space interface (Chris White) [RHEL-18927 RHEL-14932]
- tracing/osnoise: Skip running osnoise if all instances are off (Chris White) [RHEL-18927 RHEL-14932]
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (Chris White) [RHEL-18927 RHEL-14932]
- tracing/timerlat: Always wakeup the timerlat thread (John Kacur) [RHEL-18356 RHEL-16305]
- tracing: Rename kvfree_rcu() to kvfree_rcu_mightsleep() (John Kacur) [RHEL-18356 RHEL-16305]
- tracing/osnoise: Fix notify new tracing_max_latency (John Kacur) [RHEL-18356 RHEL-16305]
- tracing/timerlat: Notify new max thread latency (John Kacur) [RHEL-18356 RHEL-16305]
- tracing/osnoise: set several trace_osnoise.c variables storage-class-specifier to static (John Kacur) [RHEL-18356 RHEL-16305]
- trace/osnoise: make use of the helper function kthread_run_on_cpu() (John Kacur) [RHEL-18356 RHEL-16305]
- tracing: Switch to kvfree_rcu() API (John Kacur) [RHEL-18356 RHEL-16305]
- rcu/kvfree: Add kvfree_rcu_mightsleep() and kfree_rcu_mightsleep() (Waiman Long) [RHEL-18356 RHEL-16305]
- x86/sev: Check for user-space IOIO pointing to kernel space (Paolo Bonzini) [RHEL-18089 RHEL-18090 RHEL-14980 RHEL-14981] {CVE-2023-46813}
- x86/sev: Check IOBM for IOIO exceptions from user-space (Paolo Bonzini) [RHEL-18089 RHEL-18090 RHEL-14980 RHEL-14981] {CVE-2023-46813}
- x86/sev: Disable MMIO emulation from user mode (Paolo Bonzini) [RHEL-18089 RHEL-18090 RHEL-14980 RHEL-14981] {CVE-2023-46813}
- hwmon: (ina3221) Add support for channel summation disable (Steve Best) [RHEL-17898 RHEL-1899]
- ice: reset first in crash dump kernels (Petr Oros) [RHEL-17613 RHEL-15698]
- bpf: sockmap: Remove preempt_disable in sock_map_sk_acquire (Tomas Glozar) [RHEL-17571 2229975]
- net: fix net device address assign type (Michal Schmidt) [RHEL-17279 RHEL-6368]
- net: add check for current MAC address in dev_set_mac_address (Michal Schmidt) [RHEL-17279 RHEL-6368]
- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Keep a gem reference to user bos in surfaces (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: fix typo of sizeof argument (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Fix possible invalid drm gem put calls (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Fix shader stage validation (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: remove unused vmw_overlay function (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Fix Legacy Display Unit atomic drm support (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Print errors when running on broken/unsupported configs (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Drop mksstat_init_record fn as currently unused (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Fix src/dst_pitch confusion (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Replace one-element array with flexible-array member (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Do not drop the reference to the handle too soon (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Stop accessing buffer objects which failed init (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Make the driver work without the dummy resources (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Stop using raw ttm_buffer_object's (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Abstract placement selection (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Rename dummy to is_iomem (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Cleanup the vmw bo usage in the cursor paths (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Simplify fb pinning (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Remove the duplicate bo_free function (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/vmwgfx: Use the common gem mmap instead of the custom code (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/radeon: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/qxl: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/gem-vram: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/ttm: prevent moving of pinned BOs (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/ttm: stop allocating a dummy resource for pipelined gutting (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/ttm: stop allocating dummy resources during BO creation (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/ttm: clear the ttm_tt when bo->resource is NULL (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- drm/i915/ttm: audit remaining bo->resource (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- Revert "drm/vmwgfx: Stop accessing buffer objects which failed init" (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- Revert "drm/vmwgfx: Do not drop the reference to the handle too soon" (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}
- Revert "drm/vmwgfx: Fix Legacy Display Unit atomic drm support" (Jocelyn Falempe) [RHEL-14511 RHEL-14515 RHEL-14512 RHEL-14516] {CVE-2023-5633}

Thu Dec 07 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.15.1.el9_3]

- drm/mgag200: Flush the cache to improve latency (Jocelyn Falempe) [RHEL-16560]
- sched/fair: Make the BW replenish timer expire in hardirq context for PREEMPT_RT (Valentin Schneider) [RHEL-16842 RHEL-7232]
- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16893 RHEL-16894 RHEL-14233 RHEL-16617] {CVE-2023-4623}
- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16893 RHEL-16894 RHEL-14233 RHEL-16617] {CVE-2023-4623}

Fri Dec 01 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.14.1.el9_3]

- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Florian Westphal) [RHEL-8436 RHEL-8454 RHEL-8437 RHEL-8455] {CVE-2023-42753}
- sctp: update hb timer immediately after users change hb_interval (Xin Long) [RHEL-14301 RHEL-14179]
- sctp: update transport state when processing a dupcook packet (Xin Long) [RHEL-14301 RHEL-14179]
- netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp (Xin Long) [RHEL-14301 RHEL-14179]
- sctp: annotate data-races around sk->sk_wmem_queued (Xin Long) [RHEL-14301 RHEL-14179]
- cifs: fix missing unload_nls() in smb2_reconnect() (Scott Mayhew) [RHEL-16477 RHEL-11577]
- cifs: avoid race conditions with parallel reconnects (Scott Mayhew) [RHEL-16477 RHEL-11577]
- cifs: update ip_addr for ses only for primary chan setup (Scott Mayhew) [RHEL-16477 RHEL-11577]
- cifs: prevent data race in cifs_reconnect_tcon() (Scott Mayhew) [RHEL-16477 RHEL-11577]
- cifs: prevent data race in smb2_reconnect() (Scott Mayhew) [RHEL-16477 RHEL-11577]
- nvmet-tcp: Fix a possible UAF in queue intialization setup (John Meneghini) [RHEL-11487 RHEL-11491 RHEL-11488 RHEL-11492] {CVE-2023-5178}
- Enable CONFIG_DPLL (Petr Oros) [RHEL-15800 2232515]
- ice: implement dpll interface to control cgu (Petr Oros) [RHEL-15800 2232515]
- ice: add admin commands to access cgu configuration (Petr Oros) [RHEL-15800 2232515]
- netdev: expose DPLL pin handle for netdevice (Petr Oros) [RHEL-15800 2232515]
- dpll: netlink: Add DPLL framework base functions (Petr Oros) [RHEL-15800 2232515]
- dpll: core: Add DPLL framework base functions (Petr Oros) [RHEL-15800 2232515]
- dpll: spec: Add Netlink spec in YAML (Petr Oros) [RHEL-15800 2232515]
- dpll: documentation on DPLL subsystem interface (Petr Oros) [RHEL-15800 2232515]
- ice: do not re-enable miscellaneous interrupt until thread_fn completes (Petr Oros) [RHEL-15806 2229762]
- ice: trigger PFINT_OICR_TSYN_TX interrupt instead of polling (Petr Oros) [RHEL-15806 2229762]
- ice: introduce ICE_TX_TSTAMP_WORK enumeration (Petr Oros) [RHEL-15806 2229762]
- mm/slab_common: fix slab_caches list corruption after kmem_cache_destroy() (Rafael Aquini) [RHEL-11589 RHEL-2466]
- sched/fair: Block nohz tick_stop when cfs bandwidth in use (Phil Auld) [RHEL-8701 2208016]
- sched, cgroup: Restore meaning to hierarchical_quota (Phil Auld) [RHEL-8701 2208016]

Fri Nov 24 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.13.1.el9_3]

- cifs: Fix UAF in cifs_demultiplex_thread() (Scott Mayhew) [RHEL-15169 RHEL-15173 RHEL-15170 RHEL-15174] {CVE-2023-1192}
- iommu: Optimise PCI SAC address trick (Jerry Snitselaar) [RHEL-15381 RHEL-11705]
- igb: set max size RX buffer when store bad packet is enabled (Wander Lairson Costa) [RHEL-15191 RHEL-15202 RHEL-15192 RHEL-15203] {CVE-2023-45871}
- bio-integrity: create multi-page bvecs in bio_integrity_add_page() (Ming Lei) [RHEL-15107 RHEL-13714]
- bio-integrity: cleanup adding integrity pages to bip's bvec. (Ming Lei) [RHEL-15107 RHEL-13714]
- bio-integrity: update the payload size in bio_integrity_add_page() (Ming Lei) [RHEL-15107 RHEL-13714]
- block: make bvec_try_merge_hw_page() non-static (Ming Lei) [RHEL-15107 RHEL-13714]
- block: don't pass a bio to bio_try_merge_hw_seg (Ming Lei) [RHEL-15107 RHEL-13714]
- block: move the bi_size update out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: downgrade a bio_full call in bio_add_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: move the bi_size overflow check in __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: move the bi_vcnt check out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: move the BIO_CLONED checks out of __bio_try_merge_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: use SECTOR_SHIFT bio_add_hw_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: tidy up the bio full checks in bio_add_hw_page (Ming Lei) [RHEL-15107 RHEL-13714]
- block: kmsan: skip bio block merging logic for KMSAN (Ming Lei) [RHEL-15107 RHEL-13714]
- redhat: change builder image to rhel-9.3 (Michael Hofmann)
- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- objtool: Fix return thunk patching in retpolines (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/nospec: Refactor UNTRAIN_RET[_*] (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix unret validation dependencies (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86,static_call: Fix static-call vs return-thunk (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/static_call: Fix __static_call_fixup() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- objtool/x86: Fixup frame-pointer vs rethunk (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/retpoline,kprobes: Skip optprobe check for indirect jumps with retpolines and IBT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- redhat/configs/x86: Enable CONFIG_CPU_SRSO (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86,objtool: Separate unret validation from unwind hints (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- objtool: Add objtool_types.h (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- objtool: Union instruction::{call_dest,jump_table} (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- x86/kprobes: Fix optprobe optimization check with CONFIG_RETHUNK (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- objtool: Fix SEGFAULT (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- vmlinux.lds.h: add BOUNDED_SECTION* macros (Waiman Long) [RHEL-13879 RHEL-13880 RHEL-14114 RHEL-8594] {CVE-2023-20569}
- ice: Don't tx before switchdev is fully configured (Michal Schmidt) [RHEL-15799 2241234]
- wifi: rtw89: Fix loading of compressed firmware (Jose Ignacio Tornos Martinez) [RHEL-14353 RHEL-13881]
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (Vitaly Kuznetsov) [RHEL-5757 RHEL-3904]

Thu Nov 16 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.12.1.el9_3]

- fs/smb/client: Reset password pointer to NULL (Scott Mayhew) [RHEL-11804 RHEL-11808 RHEL-11805 RHEL-11809] {CVE-2023-5345}

Thu Nov 09 2023 Herton R. Krzesinski <herton@redhat.com> [5.14.0-362.11.1.el9_3]

- mm, mremap: fix mremap() expanding for vma's with vm_ops->close() (Donald Dutile) [RHEL-15277 RHEL-9198]
- qed: fix LL2 RX buffer allocation (Chris Leech) [RHEL-14496 RHEL-8466]
- fs/buffer.c: disable per-CPU buffer_head cache for isolated CPUs (Marcelo Tosatti) [RHEL-12101 2158709]