[3.10.0-1160.80.1.0.1.el7.OL7] - debug: lock down kgdb [Orabug: 34270798] {CVE-2022-21499} [3.10.0-1160.80.1.el7.OL7] - Update Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 15-2.0.9] - Update oracle value to match new certificate [3.10.0-1160.80.1.el7] - scsi: lpfc: Fix FCP I/O flush functionality for TMF routines [1969988] - scsi: lpfc: Fix illegal memory access on Abort IOCBs [1969988] - NFS: Fix extra call to dput in nfs_prime_dcache [2117856] [3.10.0-1160.79.1.el7] - x86/speculation: Add LFENCE to RSB fill sequence [2115073] {CVE-2022-26373} - x86/speculation: Protect against userspace-userspace spectreRSB [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/speculation: cope with spectre_v2=retpoline cmdline on retbleed-affected Intel CPUs [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - KVM: emulate: do not adjust size of fastop and setcc subroutines [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/kvm: fix FASTOP_SIZE when return thunks are enabled [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/speculation: Disable RRSBA behavior [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/kexec: Disable RET on kexec [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Do not enable IBPB-on-entry when IBPB is not supported [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Add Cannon lake to RETBleed affected CPU list [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpu/amd: Enumerate BTC_NO [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/common: Stamp out the stepping madness [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpu/amd: Add Spectral Chicken [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Do IBPB fallback check only once [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Add retbleed=ibpb [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Report Intel retbleed vulnerability [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Enable STIBP for JMP2RET [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Add AMD retbleed= boot parameter [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/bugs: Report AMD retbleed vulnerability [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86: Add magic AMD return-thunk [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86: Use return-thunk in asm code [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/sev: Avoid using __x86_return_thunk [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/vsyscall_emu/64: Don"t use RET in vsyscall emulation [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/kvm: Fix SETcc emulation for return thunks [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86,objtool: Create .return_sites [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86: Undo return-thunk damage [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/retpoline: Use -mfunction-return [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpufeatures: Move RETPOLINE flags to word 11 [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - objtool: Add ELF writing capability [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86: Prepare asm files for straight-line-speculation [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86: Prepare inline-asm for straight-line-speculation [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/kvm: Fix fastop function ELF metadata [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/kvm: Move kvm_fastop_exception to .fixup section [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/vdso: Fix vDSO build if a retpoline is emitted [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpufeatures: Combine word 11 and 12 into a new scattered features word [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpufeatures: Carve out CQM features retrieval [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpufeatures: Re-tabulate the X86_FEATURE definitions [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpufeature: Move processor tracing out of scattered features [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/cpu: Probe CPUID leaf 6 even when cpuid_level == 6 [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} - x86/alternatives: Cleanup DPRINTK macro [2090227] {CVE-2022-23816 CVE-2022-23825 CVE-2022-29900 CVE-2022-29901} [3.10.0-1160.78.1.el7] - net_sched: cls_route: remove from list when handle is 0 [2121809] {CVE-2022-2588} [3.10.0-1160.77.1.el7] - net/mlx5: Add Fast teardown support [2077711] - net/mlx5: Free IRQs in shutdown path [2077711] - net/mlx5: Change teardown with force mode failure message to warning [2077711] - net/mlx5: Cancel health poll before sending panic teardown command [2077711] - net/mlx5: Add fast unload support in shutdown flow [2077711] - net/mlx5: Expose command polling interface [2077711] - posix-timers: Remove remaining uses of tasklist_lock [2115147] - posix-timers: Use sighand lock instead of tasklist_lock on timer deletion [2115147] - posix-cpu-timers: remove tasklist_lock in posix_cpu_clock_get [2115147]