Описание
ELSA-2025-20406: Unbreakable Enterprise kernel security update (MODERATE)
[5.4.17-2136.344.4.3]
- Add Zen34 clients (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- x86/process: Move the buffer clearing before MONITOR (Kim Phillips) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- KVM: SVM: Advertize TSA CPUID bits to guests (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Add a Transient Scheduler Attacks mitigation (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- KVM: x86: add support for CPUID leaf 0x80000021 (Paolo Bonzini) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Rename MDS machinery to something more generic (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- x86/CPU/AMD: Add ZenX generations flags (Borislav Petkov (AMD)) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits (Boris Ostrovsky) [Orabug: 38129026] {CVE-2024-36350} {CVE-2024-36357}
- x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel (Alexandre Chartre) [Orabug: 38129010]
- selftest/x86/bugs: Add selftests for ITS (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- x86/its: Align RETs in BHB clear sequence to avoid thunking (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- x86/its: Add 'vmexit' option to skip mitigation on some CPUs (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- x86/its: Enable Indirect Target Selection mitigation (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- x86/its: Add support for ITS-safe return thunk (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- x86/its: Add support for ITS-safe indirect thunk (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- x86/its: Enumerate Indirect Target Selection (ITS) bug (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
- Documentation: x86/bugs/its: Add ITS documentation (Pawan Gupta) [Orabug: 38128642] {CVE-2024-28956}
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
kernel-uek
5.4.17-2136.344.4.3.el8uek
kernel-uek-debug
5.4.17-2136.344.4.3.el8uek
kernel-uek-debug-devel
5.4.17-2136.344.4.3.el8uek
kernel-uek-devel
5.4.17-2136.344.4.3.el8uek
kernel-uek-doc
5.4.17-2136.344.4.3.el8uek
Oracle Linux x86_64
kernel-uek
5.4.17-2136.344.4.3.el8uek
kernel-uek-container
5.4.17-2136.344.4.3.el8uek
kernel-uek-container-debug
5.4.17-2136.344.4.3.el8uek
kernel-uek-debug
5.4.17-2136.344.4.3.el8uek
kernel-uek-debug-devel
5.4.17-2136.344.4.3.el8uek
kernel-uek-devel
5.4.17-2136.344.4.3.el8uek
kernel-uek-doc
5.4.17-2136.344.4.3.el8uek
Oracle Linux 7
Oracle Linux x86_64
kernel-uek
5.4.17-2136.344.4.3.el7uek
kernel-uek-container
5.4.17-2136.344.4.3.el7uek
kernel-uek-container-debug
5.4.17-2136.344.4.3.el7uek
kernel-uek-debug
5.4.17-2136.344.4.3.el7uek
kernel-uek-debug-devel
5.4.17-2136.344.4.3.el7uek
kernel-uek-devel
5.4.17-2136.344.4.3.el7uek
kernel-uek-doc
5.4.17-2136.344.4.3.el7uek
kernel-uek-tools
5.4.17-2136.344.4.3.el7uek
Связанные CVE
Связанные уязвимости
ELSA-2025-20405: Unbreakable Enterprise kernel security update (MODERATE)
ELSA-2025-20404: Unbreakable Enterprise kernel security update (MODERATE)
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.