HCE1-SA-2023-0075 Important HCE 1.1 Security Fix(es): A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e (CVE-2023-0266) Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. (CVE-2022-26373) LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. (CVE-2021-26401) A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files for the XFS file-system with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not. This vulnerability is similar to the previous CVE-2018-13405 and adds the missed fix for the XFS. (CVE-2021-4037) An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. (CVE-2022-2639) A flaw was found in hw. Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. This vulnerability only affects AMD platform. This fix causes severe performance degradation, so the mitigation was disabled by default. You can set the kernel boot parameter retbleed=auto in grub2.conf and restart the OS for the modification to take effect. (CVE-2022-23816) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (CVE-2022-4378) mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse. (CVE-2022-42703) Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. (CVE-2022-23825) Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions. This vulnerability only affects AMD platform. This fix causes severe performance degradation, so the mitigation was disabled by default. You can set the kernel boot parameter retbleed=auto in grub2.conf and restart the OS for the modification to take effect. (CVE-2022-29900) A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes. (CVE-2022-2964) Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. This vulnerability only affects Intel platform. This fix causes severe performance degradation, so mitigation was disabled by default. You can set the kernel boot parameter retbleed=auto in grub2.conf and restart the OS for the modification to take effect. (CVE-2022-29901) HCE 1.1 bpftool-3.10.0-1160.88.1.hce1c.x86_64.rpm kernel-3.10.0-1160.88.1.hce1c.x86_64.rpm kernel-abi-whitelists-3.10.0-1160.88.1.hce1c.noarch.rpm kernel-debug-devel-3.10.0-1160.88.1.hce1c.x86_64.rpm kernel-devel-3.10.0-1160.88.1.hce1c.x86_64.rpm kernel-headers-3.10.0-1160.88.1.hce1c.x86_64.rpm kernel-tools-3.10.0-1160.88.1.hce1c.x86_64.rpm kernel-tools-libs-3.10.0-1160.88.1.hce1c.x86_64.rpm perf-3.10.0-1160.88.1.hce1c.x86_64.rpm python-perf-3.10.0-1160.88.1.hce1c.x86_64.rpm