RXSA-2023:0101
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux SIG Cloud8.4 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127849)
* vfio zero page mappings fail after 2M instances (BZ#2128515)
* ice: Driver Update up to 5.19 (BZ#2130992)
* atlantic: missing hybernate/resume fixes (BZ#2131935)
* Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084)
* Fix issue that enables STABLE_WRITES by default and causes performance regressions (BZ#2135813)
* ice: Intel E810 PTP clock glitching (BZ#2136036)
* ice: configure link-down-on-close on and change interface mtu to 9000,the interface can't up (BZ#2136216)
* ice: dump additional CSRs for Tx hang debugging (BZ#2136513)
* ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing (BZ#2137270)
* After upgrading to ocp4.11.1, our dpdk application using vlan strip offload is not working (BZ#2138157)
* i40e: orphaned-leaky memory when interacting with driver memory parameters (BZ#2138205)
* WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953)
* DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12. (BZ#2139216)
* Lenovo 8.7: The VGA display shows no signal when install Rocky Linux SIG Cloud8.7 (BZ#2140152)
* Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow Iperf Cannot Pass Traffic (BZ#2141878)
* mlx5_core: mlx5_cmd_check messages scrolling with hardware offload enabled (BZ#2141957)
* net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with in-tree driver (BZ#2142017)
* Rocky Linux SIG Cloud:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing hangs in scsi eh, this bug was cloned for Rocky Linux SIG Cloud8.6 and need this patch in 8.6+ (BZ#2144583)
* AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working properly (BZ#2145218)
* Path loss during Volume Ownership Change on Rocky Linux SIG Cloud 8.7 SAS (BZ#2147374)
* net/ice: OP_SET_RSS_HENA command not supported with in-tree driver (BZ#2148130)
* iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081)
* Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742)
* Azure Rocky Linux SIG Cloud-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150912)
* Rocky Linux SIG Cloud-8.7: System fails to boot with soft lockup while loading/unloading an unsigned (E) kernel module. (BZ#2152206)
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 8
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux SIG Cloud8.4 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127849)
* vfio zero page mappings fail after 2M instances (BZ#2128515)
* ice: Driver Update up to 5.19 (BZ#2130992)
* atlantic: missing hybernate/resume fixes (BZ#2131935)
* Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084)
* Fix issue that enables STABLE_WRITES by default and causes performance regressions (BZ#2135813)
* ice: Intel E810 PTP clock glitching (BZ#2136036)
* ice: configure link-down-on-close on and change interface mtu to 9000,the interface can't up (BZ#2136216)
* ice: dump additional CSRs for Tx hang debugging (BZ#2136513)
* ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing (BZ#2137270)
* After upgrading to ocp4.11.1, our dpdk application using vlan strip offload is not working (BZ#2138157)
* i40e: orphaned-leaky memory when interacting with driver memory parameters (BZ#2138205)
* WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953)
* DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12. (BZ#2139216)
* Lenovo 8.7: The VGA display shows no signal when install Rocky Linux SIG Cloud8.7 (BZ#2140152)
* Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow Iperf Cannot Pass Traffic (BZ#2141878)
* mlx5_core: mlx5_cmd_check messages scrolling with hardware offload enabled (BZ#2141957)
* net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with in-tree driver (BZ#2142017)
* Rocky Linux SIG Cloud:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing hangs in scsi eh, this bug was cloned for Rocky Linux SIG Cloud8.6 and need this patch in 8.6+ (BZ#2144583)
* AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working properly (BZ#2145218)
* Path loss during Volume Ownership Change on Rocky Linux SIG Cloud 8.7 SAS (BZ#2147374)
* net/ice: OP_SET_RSS_HENA command not supported with in-tree driver (BZ#2148130)
* iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081)
* Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742)
* Azure Rocky Linux SIG Cloud-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150912)
* Rocky Linux SIG Cloud-8.7: System fails to boot with soft lockup while loading/unloading an unsigned (E) kernel module. (BZ#2152206)
rocky-linux-8-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
2290d99dfed03401ef0e5cec03720d42430bad082d00f9923376a40c3dfea13e
kernel-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
40427e453ec9c3f6d7bc02dbf501d5e2a52c9723263904763d31382a49957ae7
kernel-abi-stablelists-4.18.0-425.10.1el8_7.cloud.noarch.rpm
50c416ad2c551faf230e841de4f0bbfd0174d00986d0187e7dcc3cd46d79b891
kernel-core-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
9ff8404906b11c7f852ac6d180eb8f4f80fc58b39a6393cd8124e6558a312712
kernel-cross-headers-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
b7923c7209128b0c9e5500cc83baea92e48a5cd37c8f7a3788fd34469b323f08
kernel-debug-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
5b5ccc555bcbc723216529b6c9874993c7fc9e874260463d9a9d5f095384ada7
kernel-debug-core-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
8c6e63dbbf3323d04e3d196330c3c2ffafb16326d03c73dc3ff7a2e95798b78c
kernel-debug-devel-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
4a348bd1064fa863a13c63f2469aa9aaebaeaf01a4fbcd9743a5919b90c469b2
kernel-debug-modules-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
f98d592de3a08d1a42be511c36e7203218e3bb7081c18897130d2356184b596a
kernel-debug-modules-extra-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
ab7a140cb69faa0bcc824de62c86e6b97c65a4a7ccfc601852178aa3eac25f76
kernel-devel-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
c4fa65f613c36bc0b0cc7eab66e89862a6a16c644159c8f460bfe9d19d39d59d
kernel-doc-4.18.0-425.10.1el8_7.cloud.noarch.rpm
ac3d3acc02359dc75e64b53bd00c61b686c76a77fc5ee23ebec4767f663d07c6
kernel-headers-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
623739bceef44b48e67d49de4bdc14c28d06bb25f87328ed7b473b871eedc32d
kernel-modules-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
ed86dbc54b02c1c2720b7a673f02e393cba6ec9332f56821ecea6f6c7305b30f
kernel-modules-extra-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
56887dedf57de9449026894cca296f119bd5422c2895515f55f0eada711a953b
kernel-tools-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
60161579812c9bb1c80c8d0e0b78102eb873160a1bf019abf5f31a5748becb3c
kernel-tools-libs-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
d53fd6ae91db7bf552a498fab53bf8054cb59550a5438d375521ce08780141de
kernel-tools-libs-devel-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
12009e08bfe10277a2bdee843e5ddee072a72bbe6a55f5fef30147812e78b41d
perf-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
efac762f9de14f714f0264d8232689ac430f2fc8bef7f9d629a57f03fe9d8a71
python3-perf-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
59271d6965b70d57d996cd2030117b8b76bc4e2af988ddc8e2755c17ccc57a18
RXSA-2023:0832
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586)
* Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592)
* Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580)
* MEI support for Alder Lake-S (BZ#2141783)
* Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959)
* Rocky Linux SIG Cloud8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287)
* Intel 8.7 Bug: OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2149474)
* i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745)
* Rocky Linux SIG Cloud8.4 - boot: Add secure boot trailer (BZ#2151530)
* error 524 from seccomp(2) when trying to load filter (BZ#2152138)
* Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734)
* Connectivity issue with vDPA driver (BZ#2152912)
* High Load average due to cfs cpu throttling (BZ#2153108)
* The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on rhel-8.5 (BZ#2153230)
* Rocky Linux SIG Cloud8: tick storm on nohz (isolated) CPU cores (BZ#2153653)
* kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460)
* Azure Rocky Linux SIG Cloud 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272)
* Azure: VM Deployment Failures Patch Request (BZ#2155280)
* Azure vPCI Rocky Linux SIG Cloud-8: add the support of multi-MSI (BZ#2155289)
* MSFT MANA NET Patch Rocky Linux SIG Cloud-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437)
* GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797)
* Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905)
* Rocky Linux SIG Cloud8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922)
* The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158813)
* ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182)
* (Redhat OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221)
* i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout per VF (BZ#2160460)
* iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257)
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 8
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586)
* Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592)
* Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580)
* MEI support for Alder Lake-S (BZ#2141783)
* Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959)
* Rocky Linux SIG Cloud8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287)
* Intel 8.7 Bug: OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2149474)
* i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745)
* Rocky Linux SIG Cloud8.4 - boot: Add secure boot trailer (BZ#2151530)
* error 524 from seccomp(2) when trying to load filter (BZ#2152138)
* Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734)
* Connectivity issue with vDPA driver (BZ#2152912)
* High Load average due to cfs cpu throttling (BZ#2153108)
* The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on rhel-8.5 (BZ#2153230)
* Rocky Linux SIG Cloud8: tick storm on nohz (isolated) CPU cores (BZ#2153653)
* kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460)
* Azure Rocky Linux SIG Cloud 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272)
* Azure: VM Deployment Failures Patch Request (BZ#2155280)
* Azure vPCI Rocky Linux SIG Cloud-8: add the support of multi-MSI (BZ#2155289)
* MSFT MANA NET Patch Rocky Linux SIG Cloud-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437)
* GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797)
* Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905)
* Rocky Linux SIG Cloud8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922)
* The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158813)
* ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182)
* (Redhat OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221)
* i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout per VF (BZ#2160460)
* iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257)
rocky-linux-8-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
68976251848484a8242e013244ff8088d266c6a643c54ffd57ad4c2eeb907e36
kernel-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
d84eaa6921838e02667ea7ff8d1880a6c5439f54108db1ce1cde6cda5694e80c
kernel-abi-stablelists-4.18.0-425.13.1.el8_7.cloud.noarch.rpm
66fb90df164cb6fdbe1d87d399e712063d52066910d4ca5898a9b3e4bdfabdae
kernel-core-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
f4d8a5af050276fb1fe58a87b206befe84480b84e784d21c4b70e50c3330d162
kernel-cross-headers-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
dca9274f96098dc0e1953ea6860969b21d1369350c2b4bb91d7145af0dadd056
kernel-debug-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
7e319bec5a24f8d10f0bbe99f794dc25fbb50bf7fbfb443891d66277a43d2650
kernel-debug-core-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
d5f4a5569b6ddd0f901a9703251cf8362fa5aa75b6dc5cfffdfb00e7b834dcb3
kernel-debug-devel-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
c5c2bbead03e72ab706763a8b956cb197f551cc59ae5d2eeab09bb66ec9d4f27
kernel-debug-modules-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
48cc2d3db12ec73c9fe763805f257df275ae79b5e6750f441fa8ffb27909db16
kernel-debug-modules-extra-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
9fa0b262b7d7853a21bf9d43915b16daed711e714c46880add634295d6eade53
kernel-devel-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
4ed5fe7f942f2745d3974b2f6988d98d105bb811a749c423aab406352a37d2f0
kernel-doc-4.18.0-425.13.1.el8_7.cloud.noarch.rpm
75fe2e90c86f423480752d00f5334f62225704a4e56389fd37db14af4a5d8806
kernel-headers-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
8cb657d169e68c5243453bda8b21bf7b4871eee51731d6e866559b9e4f8deb26
kernel-modules-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
bce529e68f845d2b889545f3b629b7b8081871a2e96041a6f49fdc45c50e61cb
kernel-modules-extra-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
1d42a94ca46edfdb167fb1ed39370278788436d791c6bd27b36916d08324b637
kernel-tools-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
2e4cfc1213267483cb4010017278be3b72a3cb363e58ff24ffeb6c027133543d
kernel-tools-libs-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
f915fb900e121c02ecc4b8dd5139bc5204f38c9fb6df84987698a5037e6f9fbc
kernel-tools-libs-devel-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
3520a20e45a2df58a483f4594faf18515cf1b4f22cdafab1da4060cc810705eb
perf-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
3935b7f32ffc57f776383449662b53a06204274527f9a4b40097c2c373fb84aa
python3-perf-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
81be8857589a671afd6fdbd6d6e8b452abbe68188022d6d43ed2544eeb1434a5
RXSA-2023:1566
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
* kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770)
* Rocky Linux SIG Cloud8: Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142170)
* AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275)
* Rocky Linux SIG Cloud-8.8: Update RDMA core to Linux v6.0 (BZ#2161750)
* Kernel panic observed during VxFS module unload (BZ#2162763)
* Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587)
* Rocky Linux SIG Cloud8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296)
* kvm-unit-test reports unhandled exception on AMD (BZ#2166362)
* Windows Server 2019 guest randomly pauses with "KVM: entry failed, hardware error 0x80000021" (BZ#2166368)
* Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665)
* panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602)
* net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640)
* Rocky Linux SIG Cloud 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645)
* mlx5: lag and sriov fixes (BZ#2167647)
* Rocky Linux SIG Cloud8.4: dasd: fix no record found for raw_track_access (BZ#2167776)
* GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896)
* Azure Rocky Linux SIG Cloud8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228)
* fast_isolate_freepages scans out of target zone (BZ#2170576)
* Backport Request for locking/rwsem commits (BZ#2170939)
* ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550)
* Hyper-V Rocky Linux SIG Cloud8.8: Update MANA driver (BZ#2173103)
Enhancement(s):
* Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384)
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 8
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
* kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770)
* Rocky Linux SIG Cloud8: Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142170)
* AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275)
* Rocky Linux SIG Cloud-8.8: Update RDMA core to Linux v6.0 (BZ#2161750)
* Kernel panic observed during VxFS module unload (BZ#2162763)
* Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587)
* Rocky Linux SIG Cloud8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296)
* kvm-unit-test reports unhandled exception on AMD (BZ#2166362)
* Windows Server 2019 guest randomly pauses with "KVM: entry failed, hardware error 0x80000021" (BZ#2166368)
* Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665)
* panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602)
* net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640)
* Rocky Linux SIG Cloud 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645)
* mlx5: lag and sriov fixes (BZ#2167647)
* Rocky Linux SIG Cloud8.4: dasd: fix no record found for raw_track_access (BZ#2167776)
* GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896)
* Azure Rocky Linux SIG Cloud8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228)
* fast_isolate_freepages scans out of target zone (BZ#2170576)
* Backport Request for locking/rwsem commits (BZ#2170939)
* ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550)
* Hyper-V Rocky Linux SIG Cloud8.8: Update MANA driver (BZ#2173103)
Enhancement(s):
* Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384)
rocky-linux-8-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
ae90e1ade5d7d68191df2a7385f0e922f47f775d03602ff27fd26f76938f196a
kernel-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
df9b25b9ad8f6538188f43cc90700664e9f6ffca96feaecf2b544619fe8b8315
kernel-abi-stablelists-4.18.0-425.19.2.el8_7.cloud.noarch.rpm
466a32771b64200a453e50f38131dae8a096435039022816a9d8f402a1b30ec8
kernel-core-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
80872bde989f9fae7d98f1f236fe74f21421fc091b20dbc17b01628f788ec892
kernel-cross-headers-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
c376c1052864b5bdd4b0c2f652f629eb1b471acf573cc0485a1d414f0a67fa54
kernel-debug-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
a9fb93d81df501838b8c8cbd4707f5837e4b7b1d11fac8b48257cabe86f055b4
kernel-debug-core-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
eb17efb7990f417e9e59e03cfe8686d3dd9c6ff38a642420960d5d944c4ad9ee
kernel-debug-devel-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
51d0bb683f20d97f24a25196ec41b9dc4436a1c387298c7084fe4f3a90d0b171
kernel-debug-modules-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
7341cbfe55ef4ada1aaafa9968a9643a29211ed7f2c6f17c9285acde551d1817
kernel-debug-modules-extra-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
eb06fd6b23f16940b688d0ae6fca57cadbf0e81acfc765c9c86706e52c5788f4
kernel-devel-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
77ace6f6a9ead3ac2da0e630caec072e8586389785ffab80d03cee6480f468c3
kernel-doc-4.18.0-425.19.2.el8_7.cloud.noarch.rpm
dbfe4eb4caa91803a69ec1834ef80a82b53e35e0e4dc4fd4aaff5d6ef57c68f4
kernel-headers-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
04c50637e75e7a6e6f7c22c68108aa0def278761e6291434a5c7600882fe2054
kernel-modules-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
c117fc857b7a51881fe0c636b412b08914bc9686280f0d283f2a54c5e5296bd4
kernel-modules-extra-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
f6a9dc3d29b197a0dca4494bfe7fa47518a6824ae1efd84f88a89c30267e7335
kernel-tools-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
4b87809d111c645b89d5b7f45a8a6d60e077ef7fd9e4169460f69c4c80a3b1f0
kernel-tools-libs-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
615bcf3c82ec0cf34fe5f8f062944423d4a41da5257eaf70312efd624b8d91a0
kernel-tools-libs-devel-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
efcb21fa55dc2ccbb169015001c1958493a61abe986dcd6dc520333feb9c1d58
perf-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
38c14ad425778cc24f66d4a4e3e7f8150f4dfec094e7f542559b6c96de30542a
python3-perf-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
da46fb708f0a635c7d0f93884e48d3518df50e2f8abd960df25abf9a7c7b0824