From 2edc2be0a4de385de79446f454500873116c92e7 Mon Sep 17 00:00:00 2001
From: anolis-bot <zy_chao@163.com>
Date: Mon, 13 Jan 2025 09:57:09 +0800
Subject: [PATCH] update errata ANSA-2022:0699

---
 data/errata/ANSA-2022:0699.json | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/data/errata/ANSA-2022:0699.json b/data/errata/ANSA-2022:0699.json
index 5cf606aff9..5311ffa6e0 100644
--- a/data/errata/ANSA-2022:0699.json
+++ b/data/errata/ANSA-2022:0699.json
@@ -183,7 +183,7 @@
                 ],
                 "src": [
                     {
-                        "rpm_name": "kernel (RHCK)",
+                        "rpm_name": "kernel",
                         "rpm_filename": "kernel-4.18.0-372.26.1.an8_6.src.rpm",
                         "rpm_url": "https://mirrors.openanolis.cn/anolis/8.6/BaseOS/source/Packages/kernel-4.18.0-372.26.1.an8_6.src.rpm"
                     }
@@ -199,23 +199,25 @@
                         "rpm_filename": "kernel-doc-4.18.0-372.26.1.an8_6.noarch.rpm",
                         "rpm_url": "https://mirrors.openanolis.cn/anolis/8.6/BaseOS/x86_64/os/Packages/kernel-doc-4.18.0-372.26.1.an8_6.noarch.rpm"
                     }
-                ]
+                ],
+                "loongarch64": []
             }
         }
     ],
     "publisher": "distro-team",
     "affected_packages": [
-        "kernel (RHCK)"
+        "kernel"
     ],
     "advisory_type": "Security Advisory",
     "severity": "Moderate",
     "is_publish": true,
     "synpopsis": "kernel security, bug fix, and enhancement update",
-    "description": "Package updates are available for Anolis 8 that fix the following vulnerabilities:\n\nCVE-2022-21123:\nIncomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.\n\nCVE-2022-21125:\nIncomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.\n\nCVE-2022-21166:\nIncomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
+    "description": "Package updates are available for Anolis 8 that fix the following vulnerabilities:\n\nCVE-2022-21123:\nIncomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.\n\nCVE-2022-21125:\nIncomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.\n\nCVE-2022-21166:\nIncomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.\n\nCVE-2022-48943:\nIn the Linux kernel, the following vulnerability has been resolved:\nKVM: x86/mmu: make apf token non-zero to fix bug\nIn current async pagefault logic, when a page is ready, KVM relies on\nkvm_arch_can_dequeue_async_page_present() to determine whether to deliver\na READY event to the Guest. This function test token value of struct\nkvm_vcpu_pv_apf_data, which must be reset to zero by Guest kernel when a\nREADY event is finished by Guest. If value is zero meaning that a READY\nevent is done, so the KVM can deliver another.\nBut the kvm_arch_setup_async_pf() may produce a valid token with zero\nvalue, which is confused with previous mention and may lead the loss of\nthis READY event.\nThis bug may cause task blocked forever in Guest:\nINFO: task stress:7532 blocked for more than 1254 seconds.\nNot tainted 5.10.0 #16\n\"echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\ntask:stress          state:D stack:    0 pid: 7532 ppid:  1409\nflags:0x00000080\nCall Trace:\n__schedule+0x1e7/0x650\nschedule+0x46/0xb0\nkvm_async_pf_task_wait_schedule+0xad/0xe0\n? exit_to_user_mode_prepare+0x60/0x70\n__kvm_handle_async_pf+0x4f/0xb0\n? asm_exc_page_fault+0x8/0x30\nexc_page_fault+0x6f/0x110\n? asm_exc_page_fault+0x8/0x30\nasm_exc_page_fault+0x1e/0x30\nRIP: 0033:0x402d00\nRSP: 002b:00007ffd31912500 EFLAGS: 00010206\nRAX: 0000000000071000 RBX: ffffffffffffffff RCX: 00000000021a32b0\nRDX: 000000000007d011 RSI: 000000000007d000 RDI: 00000000021262b0\nRBP: 00000000021262b0 R08: 0000000000000003 R09: 0000000000000086\nR10: 00000000000000eb R11: 00007fefbdf2baa0 R12: 0000000000000000\nR13: 0000000000000002 R14: 000000000007d000 R15: 0000000000001000",
     "solution": "\u8bf7\u60a8\u5c3d\u5feb\u5c06\u5347\u7ea7\u5230\u4fee\u590d\u540e\u7684\u7248\u672c\u3002\u4fee\u590d\u547d\u4ee4\u5982\u4e0b\uff1a\nyum update --advisory ANSA-2022:0699",
     "issue": null,
     "source": "distro-team",
     "modules": [],
+    "update_user": "distro-team",
     "cve": [
         {
             "id": 16048,
@@ -228,6 +230,10 @@
         {
             "id": 16050,
             "cve_id": "CVE-2022-21166"
+        },
+        {
+            "id": 24764,
+            "cve_id": "CVE-2022-48943"
         }
     ]
 }
\ No newline at end of file
-- 
Gitee