RXSA-2023:0101
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux SIG Cloud8.4 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127849)
* vfio zero page mappings fail after 2M instances (BZ#2128515)
* ice: Driver Update up to 5.19 (BZ#2130992)
* atlantic: missing hybernate/resume fixes (BZ#2131935)
* Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084)
* Fix issue that enables STABLE_WRITES by default and causes performance regressions (BZ#2135813)
* ice: Intel E810 PTP clock glitching (BZ#2136036)
* ice: configure link-down-on-close on and change interface mtu to 9000,the interface can't up (BZ#2136216)
* ice: dump additional CSRs for Tx hang debugging (BZ#2136513)
* ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing (BZ#2137270)
* After upgrading to ocp4.11.1, our dpdk application using vlan strip offload is not working (BZ#2138157)
* i40e: orphaned-leaky memory when interacting with driver memory parameters (BZ#2138205)
* WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953)
* DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12. (BZ#2139216)
* Lenovo 8.7: The VGA display shows no signal when install Rocky Linux SIG Cloud8.7 (BZ#2140152)
* Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow Iperf Cannot Pass Traffic (BZ#2141878)
* mlx5_core: mlx5_cmd_check messages scrolling with hardware offload enabled (BZ#2141957)
* net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with in-tree driver (BZ#2142017)
* Rocky Linux SIG Cloud:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing hangs in scsi eh, this bug was cloned for Rocky Linux SIG Cloud8.6 and need this patch in 8.6+ (BZ#2144583)
* AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working properly (BZ#2145218)
* Path loss during Volume Ownership Change on Rocky Linux SIG Cloud 8.7 SAS (BZ#2147374)
* net/ice: OP_SET_RSS_HENA command not supported with in-tree driver (BZ#2148130)
* iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081)
* Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742)
* Azure Rocky Linux SIG Cloud-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150912)
* Rocky Linux SIG Cloud-8.7: System fails to boot with soft lockup while loading/unloading an unsigned (E) kernel module. (BZ#2152206)
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 8
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux SIG Cloud8.4 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127849)
* vfio zero page mappings fail after 2M instances (BZ#2128515)
* ice: Driver Update up to 5.19 (BZ#2130992)
* atlantic: missing hybernate/resume fixes (BZ#2131935)
* Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084)
* Fix issue that enables STABLE_WRITES by default and causes performance regressions (BZ#2135813)
* ice: Intel E810 PTP clock glitching (BZ#2136036)
* ice: configure link-down-on-close on and change interface mtu to 9000,the interface can't up (BZ#2136216)
* ice: dump additional CSRs for Tx hang debugging (BZ#2136513)
* ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing (BZ#2137270)
* After upgrading to ocp4.11.1, our dpdk application using vlan strip offload is not working (BZ#2138157)
* i40e: orphaned-leaky memory when interacting with driver memory parameters (BZ#2138205)
* WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953)
* DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12. (BZ#2139216)
* Lenovo 8.7: The VGA display shows no signal when install Rocky Linux SIG Cloud8.7 (BZ#2140152)
* Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow Iperf Cannot Pass Traffic (BZ#2141878)
* mlx5_core: mlx5_cmd_check messages scrolling with hardware offload enabled (BZ#2141957)
* net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with in-tree driver (BZ#2142017)
* Rocky Linux SIG Cloud:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing hangs in scsi eh, this bug was cloned for Rocky Linux SIG Cloud8.6 and need this patch in 8.6+ (BZ#2144583)
* AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working properly (BZ#2145218)
* Path loss during Volume Ownership Change on Rocky Linux SIG Cloud 8.7 SAS (BZ#2147374)
* net/ice: OP_SET_RSS_HENA command not supported with in-tree driver (BZ#2148130)
* iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081)
* Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742)
* Azure Rocky Linux SIG Cloud-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150912)
* Rocky Linux SIG Cloud-8.7: System fails to boot with soft lockup while loading/unloading an unsigned (E) kernel module. (BZ#2152206)
rocky-linux-8-sig-cloud-aarch64-cloud-kernel-rpms
bpftool-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
4830ceb4606be092802cab0beb5dc5aaf28bc31bb1aa41c7dcde88704daebb93
kernel-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
c292a6e1d8133eb41cb4a7f420325f2932fb2a13846b6f0c1e1004d06a26c45b
kernel-abi-stablelists-4.18.0-425.10.1el8_7.cloud.noarch.rpm
50c416ad2c551faf230e841de4f0bbfd0174d00986d0187e7dcc3cd46d79b891
kernel-core-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
1b2cf091c6b40acda27c24ca73148469637e09afd7a7bb113a3672789890b408
kernel-cross-headers-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
2796ad4a60b68be23c74d1d5061cf6a77b6d3092a5004c5c9087460a911119bc
kernel-debug-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
ba338ba6711e7a69b83a87086e11ef544f356dcbf02d206131779a15f4adb792
kernel-debug-core-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
b9c07d167f17bf18189a20eb96ded4688010c8469222447fcfbf5b8879cf8cfb
kernel-debug-devel-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
08b3d301c290320b754803dc9447ba684e094464292d6ec119671c9c66d62503
kernel-debug-modules-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
f5145c0363985dea8d5bc16ee79dc1830b1e5e87739e5533acdeb469d0b6dd6d
kernel-debug-modules-extra-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
38d2309367a36c1c24faf31e07fa2d3b76d819447d404d8f1002ccfb90395de1
kernel-devel-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
1b23cfb36a327ddd57d3188f3f1c723ca514b534d378c97134608e859ee8a866
kernel-doc-4.18.0-425.10.1el8_7.cloud.noarch.rpm
ac3d3acc02359dc75e64b53bd00c61b686c76a77fc5ee23ebec4767f663d07c6
kernel-headers-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
3b5ddad5d557269abef80e047aa22cdeea03944855c396ef6a63db345d96dbae
kernel-modules-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
72c55af0f742c8507bba970a21c4d9724fdd97f6d6249bba33c3cb8dfcfdb376
kernel-modules-extra-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
089613e1fdd57519d627fbf9d13b856972aa8a7001e54993481c46f2428c2bd0
kernel-tools-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
b75e6e2ce45d18d36989ee0393095bf2982c7d7f850c3ab1d9fc145787c46682
kernel-tools-libs-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
4c7f3428366bb3dbc945c3d6b6bfb0982f7311d5ea8631c55b45717455b75ff4
kernel-tools-libs-devel-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
2ff1584f65cabe7055f2b6143693bc430559dbfc42f74c5dc8c05f0424bbd497
perf-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
00133c5085ddfce11cad9dfa49a5600cb7b981d44fe594903bd6e6e84b24afdd
python3-perf-4.18.0-425.10.1.el8_7.cloud.aarch64.rpm
0c3669607b7f36e5f321c7b77b81b607b291e458bdf81513bf46bde332f2bd45
RXSA-2023:0832
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586)
* Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592)
* Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580)
* MEI support for Alder Lake-S (BZ#2141783)
* Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959)
* Rocky Linux SIG Cloud8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287)
* Intel 8.7 Bug: OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2149474)
* i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745)
* Rocky Linux SIG Cloud8.4 - boot: Add secure boot trailer (BZ#2151530)
* error 524 from seccomp(2) when trying to load filter (BZ#2152138)
* Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734)
* Connectivity issue with vDPA driver (BZ#2152912)
* High Load average due to cfs cpu throttling (BZ#2153108)
* The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on rhel-8.5 (BZ#2153230)
* Rocky Linux SIG Cloud8: tick storm on nohz (isolated) CPU cores (BZ#2153653)
* kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460)
* Azure Rocky Linux SIG Cloud 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272)
* Azure: VM Deployment Failures Patch Request (BZ#2155280)
* Azure vPCI Rocky Linux SIG Cloud-8: add the support of multi-MSI (BZ#2155289)
* MSFT MANA NET Patch Rocky Linux SIG Cloud-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437)
* GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797)
* Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905)
* Rocky Linux SIG Cloud8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922)
* The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158813)
* ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182)
* (Redhat OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221)
* i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout per VF (BZ#2160460)
* iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257)
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 8
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586)
* Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592)
* Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580)
* MEI support for Alder Lake-S (BZ#2141783)
* Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959)
* Rocky Linux SIG Cloud8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287)
* Intel 8.7 Bug: OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2149474)
* i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745)
* Rocky Linux SIG Cloud8.4 - boot: Add secure boot trailer (BZ#2151530)
* error 524 from seccomp(2) when trying to load filter (BZ#2152138)
* Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734)
* Connectivity issue with vDPA driver (BZ#2152912)
* High Load average due to cfs cpu throttling (BZ#2153108)
* The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on rhel-8.5 (BZ#2153230)
* Rocky Linux SIG Cloud8: tick storm on nohz (isolated) CPU cores (BZ#2153653)
* kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460)
* Azure Rocky Linux SIG Cloud 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272)
* Azure: VM Deployment Failures Patch Request (BZ#2155280)
* Azure vPCI Rocky Linux SIG Cloud-8: add the support of multi-MSI (BZ#2155289)
* MSFT MANA NET Patch Rocky Linux SIG Cloud-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437)
* GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797)
* Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905)
* Rocky Linux SIG Cloud8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922)
* The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158813)
* ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182)
* (Redhat OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221)
* i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout per VF (BZ#2160460)
* iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257)
rocky-linux-8-sig-cloud-aarch64-cloud-kernel-rpms
bpftool-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
217b4b35dbea48c3ab7aa7e6ab237d1d624a30043c93ea19015816ab3dd4ca63
kernel-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
1ddf9bb68e708c7a849e05c14e7dcd08bda4aeb524bbfb91838f40bb99fd2f3a
kernel-abi-stablelists-4.18.0-425.13.1.el8_7.cloud.noarch.rpm
66fb90df164cb6fdbe1d87d399e712063d52066910d4ca5898a9b3e4bdfabdae
kernel-core-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
f616cb99116bc5e01bad89ff5b46c33f87876cb0f7ab775d16762e6d67badecf
kernel-cross-headers-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
1d519ae7ecca1d707a332233d39a3ce8094711c7c1cd2c1db0c3e0185d287de3
kernel-debug-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
e602086e871544df6df4139f495468109e578941d586c347d3159355c3b29fb5
kernel-debug-core-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
5e7dc469aa020456866318e31bbe429af745532d643d84420189d7b2fc81631e
kernel-debug-devel-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
9e919f8445b345bce34bb5a866d6c0d245cd2c07328a330abd3c42e99bbc1f74
kernel-debug-modules-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
41cc0be841a007cee5963ec7e4d620120a3b68cbbc28bc3c513b7505191a2037
kernel-debug-modules-extra-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
0d5ad9cbbd5afbf0935874000bf5233fe1595c7174bca71778a97477e9de34b2
kernel-devel-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
0c13b6639a6dfe1ff98a0ec38288b3ea7b34a4fdd0dac093ed0a235222136fd6
kernel-doc-4.18.0-425.13.1.el8_7.cloud.noarch.rpm
75fe2e90c86f423480752d00f5334f62225704a4e56389fd37db14af4a5d8806
kernel-headers-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
d1990383b37da489970a490aaa8ad201ceabfe1fbd74672e37c857b328b1dc62
kernel-modules-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
3061aa021e1729ae254fb59441d1aa94596a4c2de9150c7d1e3dbc0bfc600da5
kernel-modules-extra-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
dab765b58ff6b6f36ca717fbf2a20b9ba090b897edb6c7f1259b975bc699b4f0
kernel-tools-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
48155525c74ae3df86b793e4451d560022f5b61f6804d10945b440e157b6d89c
kernel-tools-libs-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
37fade4c24b24ad047571b321bb1f0bbac6dce3ad122aea0cd16c852042c4e6b
kernel-tools-libs-devel-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
5066906bbf88dc45515055d08008cf396f497e2cc2536204e50725b29a3006c0
perf-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
dac5c8a8cee141af4b3def0259ae46b2c51aeba65c38924c4a7c87675816b7fe
python3-perf-4.18.0-425.13.1.el8_7.cloud.aarch64.rpm
fbb176f98cbd78de72e64469ed9c018d51b972929819293588696c4afd9e5db6
RXSA-2023:1566
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
* kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770)
* Rocky Linux SIG Cloud8: Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142170)
* AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275)
* Rocky Linux SIG Cloud-8.8: Update RDMA core to Linux v6.0 (BZ#2161750)
* Kernel panic observed during VxFS module unload (BZ#2162763)
* Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587)
* Rocky Linux SIG Cloud8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296)
* kvm-unit-test reports unhandled exception on AMD (BZ#2166362)
* Windows Server 2019 guest randomly pauses with "KVM: entry failed, hardware error 0x80000021" (BZ#2166368)
* Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665)
* panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602)
* net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640)
* Rocky Linux SIG Cloud 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645)
* mlx5: lag and sriov fixes (BZ#2167647)
* Rocky Linux SIG Cloud8.4: dasd: fix no record found for raw_track_access (BZ#2167776)
* GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896)
* Azure Rocky Linux SIG Cloud8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228)
* fast_isolate_freepages scans out of target zone (BZ#2170576)
* Backport Request for locking/rwsem commits (BZ#2170939)
* ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550)
* Hyper-V Rocky Linux SIG Cloud8.8: Update MANA driver (BZ#2173103)
Enhancement(s):
* Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384)
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 8
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
* kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770)
* Rocky Linux SIG Cloud8: Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142170)
* AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275)
* Rocky Linux SIG Cloud-8.8: Update RDMA core to Linux v6.0 (BZ#2161750)
* Kernel panic observed during VxFS module unload (BZ#2162763)
* Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587)
* Rocky Linux SIG Cloud8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296)
* kvm-unit-test reports unhandled exception on AMD (BZ#2166362)
* Windows Server 2019 guest randomly pauses with "KVM: entry failed, hardware error 0x80000021" (BZ#2166368)
* Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665)
* panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602)
* net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640)
* Rocky Linux SIG Cloud 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645)
* mlx5: lag and sriov fixes (BZ#2167647)
* Rocky Linux SIG Cloud8.4: dasd: fix no record found for raw_track_access (BZ#2167776)
* GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896)
* Azure Rocky Linux SIG Cloud8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228)
* fast_isolate_freepages scans out of target zone (BZ#2170576)
* Backport Request for locking/rwsem commits (BZ#2170939)
* ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550)
* Hyper-V Rocky Linux SIG Cloud8.8: Update MANA driver (BZ#2173103)
Enhancement(s):
* Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384)
rocky-linux-8-sig-cloud-aarch64-cloud-kernel-rpms
bpftool-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
8b4461887030c82caccbcc1d6f14b183822516df11221e7b36b2e93b3e750b5f
kernel-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
feb0e6a59f3827180b8133a226e54911a85bddf1c32592b0e2b7763692eb712c
kernel-abi-stablelists-4.18.0-425.19.2.el8_7.cloud.noarch.rpm
466a32771b64200a453e50f38131dae8a096435039022816a9d8f402a1b30ec8
kernel-core-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
595cb678c0bb17871b9208c83b0da705da989ee1d8b1758de06c647af191bb3f
kernel-cross-headers-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
5caf5400b4432ea45bf73d30019015d00efe008ccc0fb6b4d03a77f00e1ef207
kernel-debug-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
45a90a4a8c5ab964d18f57c808829978f85a16fe2d7fc31c0f32cad969bdfba4
kernel-debug-core-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
c596280279c51e0e4bf9ffbd0a31826e9b18964ea0b4ba170a49beba2dac2430
kernel-debug-devel-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
6c11b08a65e933ada9d3acd0b421db3229ca92cf2c1a9cb24ceaecbea8b57f00
kernel-debug-modules-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
be54e96746ecf78845071485917379ebd26c1a73c2dcd4dfbf350d404e5559ed
kernel-debug-modules-extra-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
82e6ba58b574b12e5a3e25d28c004a270f3787a93545c51f8fc1cf73e4189b8a
kernel-devel-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
50e657797b5e8a4628cf54ff0066ef11a3844cdedd4b43018393b70543318418
kernel-doc-4.18.0-425.19.2.el8_7.cloud.noarch.rpm
dbfe4eb4caa91803a69ec1834ef80a82b53e35e0e4dc4fd4aaff5d6ef57c68f4
kernel-headers-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
2f238fc5ec0a3f17a69b4dccde1f724efa967610493160900341a897c31fc183
kernel-modules-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
2e2fbad8324189e5716e8c8f957e30f514669f2c551c854c5b6062008d37fb00
kernel-modules-extra-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
33dc2dfdd512de90fc679b9928a84931443e097cabce773a036a359dafd73986
kernel-tools-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
6d30bf884d7e17bd4ee084461ca9cfeace43ca4df063ee31c05fbbe0db8b3394
kernel-tools-libs-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
d4d8f53ad9a6a6c0325939b173b863df17c0fa0fcb9ce3b8e826702050a3db04
kernel-tools-libs-devel-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
00167c83c271dd2b0059da86b2888f1602a45203931738c9dc5c5cd745bebec6
perf-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
636acb6c5cf6949e2deee3c5e0d70b77af94c20269ecc03ff4671af3c8a4c17e
python3-perf-4.18.0-425.19.2.el8_7.cloud.aarch64.rpm
5a6f509548a0f78a9e98b90f3d927af2a0029ee233685c620be8d7736f6e3782