Описание
ELSA-2025-20323: Unbreakable Enterprise kernel security update (IMPORTANT)
[5.15.0-308.179.6.2]
- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (Pawan Gupta) [Orabug: 37920681]
- x86/bpf: Add IBHF call at end of classic BPF (Daniel Sneddon) [Orabug: 37920681]
- x86/bpf: Call branch history clearing sequence on exit (Daniel Sneddon) [Orabug: 37920681]
- selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 37863726] {CVE-2024-28956}
- x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 37863726] {CVE-2024-28956}
- x86/its: Add 'vmexit' option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 37863726] {CVE-2024-28956}
- x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 37863726] {CVE-2024-28956}
- x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 37863726] {CVE-2024-28956}
- x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 37863726] {CVE-2024-28956}
- x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 37863726] {CVE-2024-28956}
- Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 37863726] {CVE-2024-28956}
- x86/alternatives: Remove faulty optimization (Josh Poimboeuf) [Orabug: 37863726] {CVE-2024-28956}
- x86/alternative: Optimize returns patching (Borislav Petkov (AMD)) [Orabug: 37863726] {CVE-2024-28956}
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
bpftool
5.15.0-308.179.6.2.el9uek
kernel-uek
5.15.0-308.179.6.2.el9uek
kernel-uek-container
5.15.0-308.179.6.2.el9uek
kernel-uek-container-debug
5.15.0-308.179.6.2.el9uek
kernel-uek-core
5.15.0-308.179.6.2.el9uek
kernel-uek-debug
5.15.0-308.179.6.2.el9uek
kernel-uek-debug-core
5.15.0-308.179.6.2.el9uek
kernel-uek-debug-devel
5.15.0-308.179.6.2.el9uek
kernel-uek-debug-modules
5.15.0-308.179.6.2.el9uek
kernel-uek-debug-modules-extra
5.15.0-308.179.6.2.el9uek
kernel-uek-devel
5.15.0-308.179.6.2.el9uek
kernel-uek-doc
5.15.0-308.179.6.2.el9uek
kernel-uek-modules
5.15.0-308.179.6.2.el9uek
kernel-uek-modules-extra
5.15.0-308.179.6.2.el9uek
kernel-uek64k
5.15.0-308.179.6.2.el9uek
kernel-uek64k-core
5.15.0-308.179.6.2.el9uek
kernel-uek64k-modules
5.15.0-308.179.6.2.el9uek
kernel-uek64k-modules-extra
5.15.0-308.179.6.2.el9uek
Oracle Linux x86_64
bpftool
5.15.0-308.179.6.2.el9uek
kernel-uek
5.15.0-308.179.6.2.el9uek
kernel-uek-container
5.15.0-308.179.6.2.el9uek
kernel-uek-container-debug
5.15.0-308.179.6.2.el9uek
kernel-uek-core
5.15.0-308.179.6.2.el9uek
kernel-uek-debug
5.15.0-308.179.6.2.el9uek
kernel-uek-debug-core
5.15.0-308.179.6.2.el9uek
kernel-uek-debug-devel
5.15.0-308.179.6.2.el9uek
kernel-uek-debug-modules
5.15.0-308.179.6.2.el9uek
kernel-uek-debug-modules-extra
5.15.0-308.179.6.2.el9uek
kernel-uek-devel
5.15.0-308.179.6.2.el9uek
kernel-uek-doc
5.15.0-308.179.6.2.el9uek
kernel-uek-modules
5.15.0-308.179.6.2.el9uek
kernel-uek-modules-extra
5.15.0-308.179.6.2.el9uek
Oracle Linux 8
Oracle Linux aarch64
bpftool
5.15.0-308.179.6.2.el8uek
kernel-uek
5.15.0-308.179.6.2.el8uek
kernel-uek-container
5.15.0-308.179.6.2.el8uek
kernel-uek-container-debug
5.15.0-308.179.6.2.el8uek
kernel-uek-core
5.15.0-308.179.6.2.el8uek
kernel-uek-debug
5.15.0-308.179.6.2.el8uek
kernel-uek-debug-core
5.15.0-308.179.6.2.el8uek
kernel-uek-debug-devel
5.15.0-308.179.6.2.el8uek
kernel-uek-debug-modules
5.15.0-308.179.6.2.el8uek
kernel-uek-debug-modules-extra
5.15.0-308.179.6.2.el8uek
kernel-uek-devel
5.15.0-308.179.6.2.el8uek
kernel-uek-doc
5.15.0-308.179.6.2.el8uek
kernel-uek-modules
5.15.0-308.179.6.2.el8uek
kernel-uek-modules-extra
5.15.0-308.179.6.2.el8uek
Oracle Linux x86_64
bpftool
5.15.0-308.179.6.2.el8uek
kernel-uek
5.15.0-308.179.6.2.el8uek
kernel-uek-container
5.15.0-308.179.6.2.el8uek
kernel-uek-container-debug
5.15.0-308.179.6.2.el8uek
kernel-uek-core
5.15.0-308.179.6.2.el8uek
kernel-uek-debug
5.15.0-308.179.6.2.el8uek
kernel-uek-debug-core
5.15.0-308.179.6.2.el8uek
kernel-uek-debug-devel
5.15.0-308.179.6.2.el8uek
kernel-uek-debug-modules
5.15.0-308.179.6.2.el8uek
kernel-uek-debug-modules-extra
5.15.0-308.179.6.2.el8uek
kernel-uek-devel
5.15.0-308.179.6.2.el8uek
kernel-uek-doc
5.15.0-308.179.6.2.el8uek
kernel-uek-modules
5.15.0-308.179.6.2.el8uek
kernel-uek-modules-extra
5.15.0-308.179.6.2.el8uek
Связанные CVE
Связанные уязвимости
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Exposure of Sensitive Information in Shared Microarchitectural Structu ...
