Download
| Alert*
oval:org.secpod.oval:def:1700863
Amazon Linux has been made aware of a potential Branch Target Injection issue . This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction. Generally, actors who attempt transient ... oval:org.secpod.oval:def:206003 Security Fix: kernel: memory corruption in AX88179_178A based USB ethernet device. hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in ... oval:org.secpod.oval:def:1506389 [3.10.0-1160.83.1.0.1.el7.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.83.1.el7.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 15- ... oval:org.secpod.oval:def:706543 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for clo ... oval:org.secpod.oval:def:1505580 [4.14.35-2047.512.6.el7uek] - Revert rds/ib: recover rds connection from stuck rx path [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols [Orabug: 33993774] [4.14.35-2047.512.5.el7uek] - netfilter: nf_tables: initialize registers in nft_do_chain [Orabug: 34012925] {CVE-2022-1016} - r ... oval:org.secpod.oval:def:88526 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud sys ... oval:org.secpod.oval:def:88527 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure-4.15: Linux kernel for Microsoft Azure Cloud systems - linux-dell300x: Linux kernel for Dell 300x platforms - linux-gcp-4.15: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for clo ... oval:org.secpod.oval:def:88524 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-azure-fde: Linux kernel for Microsoft Azure cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Go ... oval:org.secpod.oval:def:706526 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-azure-fde: Linux kernel for Microsoft Azure cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-gke: Linux kernel for Go ... oval:org.secpod.oval:def:1507185 [2.6.32-754.49.1.OL6] - x86/speculation: Use generic retpoline by default on AMD {CVE-2021-26401} [Orabug: 34986011] oval:org.secpod.oval:def:1505561 [5.4.17-2136.306.1.3.el8] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address [Orabug: 34053807] {CVE-2022-1158} [5.4.17-2136.306.1.2.el8] - Revert rds/ib: recover rds connection from stuck rx path [Orabug: 34045203] [5.4.17-2136.306.1.1.el8] - netfilter: nf_tables: initialize reg ... oval:org.secpod.oval:def:1505566 [5.4.17-2136.306.1.3.el8uek] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address [Orabug: 34053807] {CVE-2022-1158} [5.4.17-2136.306.1.2.el8uek] - Revert rds/ib: recover rds connection from stuck rx path [Orabug: 34045203] [5.4.17-2136.306.1.1.el8uek] - netfilter: nf_tables: initi ... oval:org.secpod.oval:def:1505565 [5.4.17-2136.306.1.3.el7uek] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address [Orabug: 34053807] {CVE-2022-1158} [5.4.17-2136.306.1.2.el7uek] - Revert rds/ib: recover rds connection from stuck rx path [Orabug: 34045203] [5.4.17-2136.306.1.1.el7uek] - netfilter: nf_tables: initi ... oval:org.secpod.oval:def:1505567 [5.4.17-2136.306.1.3] - KVM: x86/mmu: do compare-and-exchange of gPTE via the user address [Orabug: 34053807] {CVE-2022-1158} [5.4.17-2136.306.1.2] - Revert "rds/ib: recover rds connection from stuck rx path" [Orabug: 34045203] [5.4.17-2136.306.1.1] - netfilter: nf_tables: initialize registers in ... oval:org.secpod.oval:def:1505613 [4.14.35-2047.513.2.el7uek] - Revert rds/ib: recover rds connection from stuck tx path [Orabug: 34124234] - Revert rds/ib: reap tx completions during connection shutdown [Orabug: 34124234] - Revert rds/ib: handle posted ACK during connection shutdown [Orabug: 34124234] [4.14.35-2047.513.1.el7uek] ... oval:org.secpod.oval:def:706498 linux: Linux kernel - linux-aws: Linux kernel for Amazon Web Services systems - linux-azure: Linux kernel for Microsoft Azure Cloud systems - linux-gcp: Linux kernel for Google Cloud Platform systems - linux-kvm: Linux kernel for cloud environments - linux-oracle: Linux kernel for Oracle Cloud sys ... oval:org.secpod.oval:def:89046268 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host . - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to ... oval:org.secpod.oval:def:89046267 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host . - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to ... oval:org.secpod.oval:def:1505628 [4.14.35-2047.512.6.el7] - Revert "rds/ib: recover rds connection from stuck rx path" [Orabug: 34039271] - uek-rpm: update kABI lists for new symbols [Orabug: 33993774] oval:org.secpod.oval:def:1505764 [5.4.17-2136.308.7.el8] - uek-rpm: Update OL7/8 Secureboot certificate and shim versions. oval:org.secpod.oval:def:89046169 This update for xen fixes the following issues: Transient execution side-channel attacks attacking the Branch History Buffer , named Branch Target Injection and Intra-Mode Branch History Injection are now mitigated. - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues . Special Ins ... oval:org.secpod.oval:def:1505768 [5.4.17-2136.308.7.el7] - uek-rpm: Update OL7/8 Secureboot certificate and shim versions. oval:org.secpod.oval:def:89046163 This update for xen fixes the following issues: Transient execution side-channel attacks attacking the Branch History Buffer , named Branch Target Injection and Intra-Mode Branch History Injection are now mitigated. - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues . Special Ins ... oval:org.secpod.oval:def:89047553 This update for xen fixes the following issues: Update Xen to version 4.14.4 Transient execution side-channel attacks attacking the Branch History Buffer , named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. Security issues fixed: - CVE-2022-0001, CVE-2022-0 ... oval:org.secpod.oval:def:89046259 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host . - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to ... oval:org.secpod.oval:def:89046248 This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host . - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to ... oval:org.secpod.oval:def:506895 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: fget: check that the fd still exists after getting a ref to it * kernel: avoid cyclic entity chains due to malformed USB descriptors * kernel: speculation on incompletely validated data on ... oval:org.secpod.oval:def:2500747 The kernel packages contain the Linux kernel, the core of any Linux operating system. oval:org.secpod.oval:def:4500964 The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix: * kernel: fget: check that the fd still exists after getting a ref to it * kernel: avoid cyclic entity chains due to malformed USB descriptors ... oval:org.secpod.oval:def:1505650 [4.18.0-372.9.1.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 [4.18.0-372.9.1] - scsi: qedi: F ... oval:org.secpod.oval:def:4501055 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: fget: check that the fd still exists after getting a ref to it * kernel: avoid cyclic entity chains due to malformed USB descriptors * kernel: speculation on incompletely validated data on ... oval:org.secpod.oval:def:1700867 Amazon Linux has been made aware of a potential Branch Target Injection issue . This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction. Generally, actors who attempt transient ... oval:org.secpod.oval:def:1601520 Amazon Linux has been made aware of a potential Branch Target Injection issue . This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction. Generally, actors who attempt transient ... oval:org.secpod.oval:def:1505511 [5.4.17-2136.305.5.3.el7] - bpf: fix out-of-tree module build oval:org.secpod.oval:def:1505514 [5.4.17-2136.305.5.3.el8] - bpf: fix out-of-tree module build oval:org.secpod.oval:def:1505512 [5.4.17-2136.305.5.3.el7uek] - bpf: fix out-of-tree module build oval:org.secpod.oval:def:1505516 [5.4.17-2136.305.5.3.el8uek] - bpf: fix out-of-tree module build oval:org.secpod.oval:def:507501 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * kernel: memory corruption in AX88179_178A based USB ethernet device. * hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 For more details about the security issue, including the impact, a CV ... oval:org.secpod.oval:def:507466 The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * hw: cpu: LFENCE/JMP Mitigation Update for CVE-2017-5715 For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the C ... oval:org.secpod.oval:def:1700859 Amazon Linux has been made aware of a potential Branch Target Injection issue . This is a known cross-domain transient execution attack where a third party may seek to cause a disclosure gadget to be speculatively executed after an indirect branch prediction. Generally, actors who attempt transient ... oval:org.secpod.oval:def:19500119 2023-05-11: CVE-2023-2019 was added to this advisory.A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system ... oval:org.secpod.oval:def:1507165 [5.4.17-2136.325.5.el7] - perf symbols: Symbol lookup with kcore can fail if multiple segments match stext [Orabug: 35905508] - char: misc: Increase the maximum number of dynamic misc devices to 1048448 [Orabug: 35905508] - perf/arm-cmn: Fix invalid pointer when access dtc object sharing the same ... |